From fdeb34eb2c2f287258a9e547418f4dd981d3c345 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 27 Jan 2025 11:09:17 -0800 Subject: [PATCH 1/8] wolfssl 5.7.6 Release for Arduino --- ChangeLog.md | 126 + README | 278 +- README.md | 322 +-- examples/wolfssl_client/wolfssl_client.ino | 11 +- examples/wolfssl_server/wolfssl_server.ino | 9 + examples/wolfssl_version/wolfssl_version.ino | 79 +- library.properties | 2 +- src/src/bio.c | 91 +- src/src/conf.c | 19 +- src/src/crl.c | 158 +- src/src/dtls.c | 81 +- src/src/dtls13.c | 8 +- src/src/internal.c | 1041 +++++--- src/src/keys.c | 154 +- src/src/ocsp.c | 10 +- src/src/pk.c | 414 +-- src/src/quic.c | 20 +- src/src/sniffer.c | 216 +- src/src/ssl.c | 2301 +++++++++++------ src/src/ssl_asn1.c | 158 +- src/src/ssl_bn.c | 2 +- src/src/ssl_certman.c | 38 +- src/src/ssl_crypto.c | 143 +- src/src/ssl_load.c | 109 +- src/src/ssl_p7p12.c | 6 +- src/src/ssl_sess.c | 70 +- src/src/tls.c | 212 +- src/src/tls13.c | 135 +- src/src/wolfio.c | 154 +- src/src/x509.c | 1947 +++++++------- src/src/x509_str.c | 196 +- src/wolfcrypt/src/aes.c | 1827 +++++++------ src/wolfcrypt/src/asn.c | 614 +++-- src/wolfcrypt/src/bio.c | 91 +- src/wolfcrypt/src/camellia.c | 44 +- src/wolfcrypt/src/chacha.c | 2 +- src/wolfcrypt/src/cmac.c | 34 +- src/wolfcrypt/src/coding.c | 20 +- src/wolfcrypt/src/cpuid.c | 207 +- src/wolfcrypt/src/cryptocb.c | 46 +- src/wolfcrypt/src/curve25519.c | 2 +- src/wolfcrypt/src/des3.c | 18 +- src/wolfcrypt/src/dh.c | 2 +- src/wolfcrypt/src/dilithium.c | 93 +- src/wolfcrypt/src/dsa.c | 16 +- src/wolfcrypt/src/ecc.c | 127 +- src/wolfcrypt/src/eccsi.c | 2 +- src/wolfcrypt/src/ed25519.c | 57 +- src/wolfcrypt/src/error.c | 9 +- src/wolfcrypt/src/evp.c | 2014 ++++++++------- src/wolfcrypt/src/ext_kyber.c | 59 +- src/wolfcrypt/src/fe_448.c | 19 +- src/wolfcrypt/src/ge_448.c | 797 +++--- src/wolfcrypt/src/ge_low_mem.c | 37 + src/wolfcrypt/src/ge_operations.c | 22 +- src/wolfcrypt/src/hash.c | 8 +- src/wolfcrypt/src/hmac.c | 8 + src/wolfcrypt/src/hpke.c | 4 +- src/wolfcrypt/src/kdf.c | 27 +- src/wolfcrypt/src/md2.c | 40 +- src/wolfcrypt/src/md4.c | 38 +- src/wolfcrypt/src/md5.c | 2 +- src/wolfcrypt/src/memory.c | 85 +- src/wolfcrypt/src/misc.c | 73 +- src/wolfcrypt/src/pkcs12.c | 16 +- src/wolfcrypt/src/pkcs7.c | 274 +- src/wolfcrypt/src/port/Espressif/esp32_aes.c | 24 +- src/wolfcrypt/src/port/Espressif/esp32_mp.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_sha.c | 145 +- src/wolfcrypt/src/port/Espressif/esp32_util.c | 4 +- src/wolfcrypt/src/pwdbased.c | 4 +- src/wolfcrypt/src/random.c | 9 +- src/wolfcrypt/src/rsa.c | 55 +- src/wolfcrypt/src/sakke.c | 2 +- src/wolfcrypt/src/sha3.c | 161 +- src/wolfcrypt/src/sha512.c | 251 +- src/wolfcrypt/src/signature.c | 13 +- src/wolfcrypt/src/siphash.c | 14 +- src/wolfcrypt/src/sp_arm32.c | 451 ++-- src/wolfcrypt/src/sp_arm64.c | 154 +- src/wolfcrypt/src/sp_armthumb.c | 397 +-- src/wolfcrypt/src/sp_c32.c | 106 +- src/wolfcrypt/src/sp_c64.c | 106 +- src/wolfcrypt/src/sp_cortexm.c | 427 +-- src/wolfcrypt/src/sp_dsp32.c | 38 +- src/wolfcrypt/src/sp_int.c | 185 +- src/wolfcrypt/src/sp_x86_64.c | 150 +- src/wolfcrypt/src/tfm.c | 4 +- src/wolfcrypt/src/wc_kyber.c | 431 ++- src/wolfcrypt/src/wc_kyber_poly.c | 119 +- src/wolfcrypt/src/wc_lms.c | 8 +- src/wolfcrypt/src/wc_lms_impl.c | 25 +- src/wolfcrypt/src/wc_pkcs11.c | 110 +- src/wolfcrypt/src/wc_port.c | 78 +- src/wolfcrypt/src/wc_xmss.c | 6 +- src/wolfcrypt/src/wolfmath.c | 27 +- src/wolfssl.h | 10 +- src/wolfssl/bio.c | 91 +- src/wolfssl/callbacks.h | 2 +- src/wolfssl/certs_test.h | 1759 ++++++------- src/wolfssl/crl.h | 5 +- src/wolfssl/error-ssl.h | 21 +- src/wolfssl/evp.c | 2014 ++++++++------- src/wolfssl/internal.h | 171 +- src/wolfssl/openssl/aes.h | 33 +- src/wolfssl/openssl/asn1.h | 113 +- src/wolfssl/openssl/bio.h | 125 +- src/wolfssl/openssl/bn.h | 4 +- src/wolfssl/openssl/buffer.h | 3 + src/wolfssl/openssl/cmac.h | 8 +- src/wolfssl/openssl/compat_types.h | 4 +- src/wolfssl/openssl/conf.h | 6 +- src/wolfssl/openssl/crypto.h | 15 +- src/wolfssl/openssl/des.h | 13 +- src/wolfssl/openssl/dh.h | 4 +- src/wolfssl/openssl/dsa.h | 10 +- src/wolfssl/openssl/ec.h | 146 +- src/wolfssl/openssl/ecdsa.h | 6 + src/wolfssl/openssl/err.h | 45 +- src/wolfssl/openssl/evp.h | 665 +++-- src/wolfssl/openssl/hmac.h | 3 + src/wolfssl/openssl/kdf.h | 14 +- src/wolfssl/openssl/md4.h | 3 + src/wolfssl/openssl/md5.h | 4 + src/wolfssl/openssl/obj_mac.h | 47 +- src/wolfssl/openssl/objects.h | 10 +- src/wolfssl/openssl/ocsp.h | 4 + src/wolfssl/openssl/pem.h | 10 +- src/wolfssl/openssl/pkcs12.h | 15 +- src/wolfssl/openssl/rand.h | 9 + src/wolfssl/openssl/rc4.h | 7 +- src/wolfssl/openssl/rsa.h | 37 +- src/wolfssl/openssl/sha.h | 28 +- src/wolfssl/openssl/srp.h | 4 + src/wolfssl/openssl/ssl.h | 178 +- src/wolfssl/openssl/tls1.h | 12 +- src/wolfssl/openssl/x509.h | 325 +-- src/wolfssl/openssl/x509v3.h | 172 +- src/wolfssl/ssl.h | 1254 +++++---- src/wolfssl/test.h | 32 +- src/wolfssl/version.h | 4 +- src/wolfssl/wolfcrypt/aes.h | 101 +- src/wolfssl/wolfcrypt/asn.h | 300 ++- src/wolfssl/wolfcrypt/asn_public.h | 4 + src/wolfssl/wolfcrypt/camellia.h | 45 +- src/wolfssl/wolfcrypt/cmac.h | 12 +- src/wolfssl/wolfcrypt/cpuid.h | 25 + src/wolfssl/wolfcrypt/cryptocb.h | 37 +- src/wolfssl/wolfcrypt/dilithium.h | 48 +- src/wolfssl/wolfcrypt/error-crypt.h | 33 +- src/wolfssl/wolfcrypt/ge_448.h | 1 + src/wolfssl/wolfcrypt/hash.h | 1 + src/wolfssl/wolfcrypt/hpke.h | 6 +- src/wolfssl/wolfcrypt/integer.h | 4 +- src/wolfssl/wolfcrypt/kyber.h | 49 +- src/wolfssl/wolfcrypt/logging.h | 30 +- src/wolfssl/wolfcrypt/md2.h | 40 +- src/wolfssl/wolfcrypt/md4.h | 34 +- src/wolfssl/wolfcrypt/md5.h | 4 +- src/wolfssl/wolfcrypt/mem_track.h | 26 +- src/wolfssl/wolfcrypt/memory.h | 15 +- src/wolfssl/wolfcrypt/misc.h | 11 +- src/wolfssl/wolfcrypt/pkcs11.h | 2 + src/wolfssl/wolfcrypt/pkcs7.h | 129 +- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 2 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 2 +- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 2 +- src/wolfssl/wolfcrypt/rsa.h | 10 +- src/wolfssl/wolfcrypt/settings.h | 281 +- src/wolfssl/wolfcrypt/sha3.h | 14 +- src/wolfssl/wolfcrypt/sha512.h | 12 +- src/wolfssl/wolfcrypt/sp_int.h | 27 +- src/wolfssl/wolfcrypt/tfm.h | 4 +- src/wolfssl/wolfcrypt/types.h | 233 +- src/wolfssl/wolfcrypt/wc_lms.h | 2 + src/wolfssl/wolfcrypt/wc_port.h | 156 +- src/wolfssl/wolfio.h | 14 +- 177 files changed, 17104 insertions(+), 10807 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index a0585b3..0b32346 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,129 @@ +# wolfSSL Release 5.7.6 (Dec 31, 2024) + +Release 5.7.6 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: + * --enable-heapmath is deprecated. + * In this release, the default cipher suite preference is updated to prioritize + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. + * This release adds a sanity check for including wolfssl/options.h or + user_settings.h. + + +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + +## Vulnerabilities +* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 + when performing OCSP requests for intermediate certificates in a certificate + chain. This affects only TLS 1.3 connections on the server side. It would not + impact other TLS protocol versions or connections that are not using the + traditional OCSP implementation. (Fix in pull request 8115) + + +## New Feature Additions +* Add support for RP2350 and improve RP2040 support, both with RNG optimizations + (PR 8153) +* Add support for STM32MP135F, including STM32CubeIDE support and HAL support + for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) +* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) +* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) +* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and + wc_Curve25519KeyDecode (PR 8129) +* CRL improvements and update callback, added the functions + wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) +* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) + + +## Enhancements and Optimizations +* Add a CMake dependency check for pthreads when required. (PR 8162) +* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary + not affected). (PR 8170) +* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) +* Change the default cipher suite preference, prioritizing + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) +* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling + (PR 8215) +* Make library build when no hardware crypto available for Aarch64 (PR 8293) +* Update assembly code to avoid `uint*_t` types for better compatibility with + older C standards. (PR 8133) +* Add initial documentation for writing ASN template code to decode BER/DER. + (PR 8120) +* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) +* Allow SHA-3 hardware cryptography instructions to be explicitly not used in + MacOS builds (PR 8282) +* Make Kyber and ML-KEM available individually and together. (PR 8143) +* Update configuration options to include Kyber/ML-KEM and fix defines used in + wolfSSL_get_curve_name. (PR 8183) +* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) +* Improved test coverage and minor improvements of X509 (PR 8176) +* Add sanity checks for configuration methods, ensuring the inclusion of + wolfssl/options.h or user_settings.h. (PR 8262) +* Enable support for building without TLS (NO_TLS). Provides reduced code size + option for non-TLS users who want features like the certificate manager or + compatibility layer. (PR 8273) +* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) +* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) +* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) +* Add support for the RFC822 Mailbox attribute (PR 8280) +* Initialize variables and adjust types resolve warnings with Visual Studio in + Windows builds. (PR 8181) +* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) +* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests + (PR 8261, 8255, 8245) +* Remove trailing error exit code in wolfSSL install setup script (PR 8189) +* Update Arduino files for wolfssl 5.7.4 (PR 8219) +* Improve Espressif SHA HW/SW mutex messages (PR 8225) +* Apply post-5.7.4 release updates for Espressif Managed Component examples + (PR 8251) +* Expansion of c89 conformance (PR 8164) +* Added configure option for additional sanity checks with --enable-faultharden + (PR 8289) +* Aarch64 ASM additions to check CPU features before hardware crypto instruction + use (PR 8314) + + +## Fixes +* Fix a memory issue when using the compatibility layer with + WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) +* Fix a build issue with signature fault hardening when using public key + callbacks (HAVE_PK_CALLBACKS). (PR 8287) +* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX + objects and free’ing one of them (PR 8180) +* Fix potential memory leak in error case with Aria. (PR 8268) +* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) +* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) +* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) +* Fix incorrect version setting in CSRs. (PR 8136) +* Correct debugging output for cryptodev. (PR 8202) +* Fix for benchmark application use with /dev/crypto GMAC auth error due to size + of AAD (PR 8210) +* Add missing checks for the initialization of sp_int/mp_int with DSA to free + memory properly in error cases. (PR 8209) +* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) +* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) +* Prevent adding a certificate to the CA cache for Renesas builds if it does not + set CA:TRUE in basic constraints. (PR 8060) +* Fix attribute certificate holder entityName parsing. (PR 8166) +* Resolve build issues for configurations without any wolfSSL/openssl + compatibility layer headers. (PR 8182) +* Fix for building SP RSA small and RSA public only (PR 8235) +* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) +* Fix to ensure all files have settings.h included (like wc_lms.c) and guards + for building all `*.c` files (PR 8257 and PR 8140) +* Fix x86 target build issues in Visual Studio for non-Windows operating + systems. (PR 8098) +* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) +* Properly handle reference counting when adding to the X509 store. (PR 8233) +* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas + example. Thanks to Hongbo for the report on example issues. (PR 7537) +* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. + Thanks to Peter for the issue reported. (PR 8139) + + # wolfSSL Release 5.7.4 (Oct 24, 2024) Release 5.7.4 has been developed according to wolfSSL's development and QA diff --git a/README b/README index 2b462bc..47579ee 100644 --- a/README +++ b/README @@ -70,198 +70,130 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.4 (Oct 24, 2024) +# wolfSSL Release 5.7.6 (Dec 31, 2024) -Release 5.7.4 has been developed according to wolfSSL's development and QA +Release 5.7.6 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 +NOTE: + * --enable-heapmath is deprecated. + * In this release, the default cipher suite preference is updated to prioritize + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. + * This release adds a sanity check for including wolfssl/options.h or + user_settings.h. + PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities -* [Low] When the OpenSSL compatibility layer is enabled, certificate - verification behaved differently in wolfSSL than OpenSSL, in the - X509_STORE_add_cert() and X509_STORE_load_locations() implementations. - Previously, in cases where an application explicitly loaded an intermediate - certificate, wolfSSL was verifying only up to that intermediate certificate, - rather than verifying up to the root CA. This only affects use cases where the - API is called directly, and does not affect TLS connections. Users that call - the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their - applications are recommended to update the version of wolfSSL used or to have - additional sanity checks on certificates loaded into the X509_STORE when - verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) - - -## PQC TLS Experimental Build Fix -* When using TLS with post quantum algorithms enabled, the connection uses a - smaller EC curve than agreed on. Users building with --enable-experimental and - enabling PQC cipher suites with TLS connections are recommended to update the - version of wolfSSL used. Thanks to Daniel Correa for the report. - (https://github.com/wolfSSL/wolfssl/pull/8084) +* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 + when performing OCSP requests for intermediate certificates in a certificate + chain. This affects only TLS 1.3 connections on the server side. It would not + impact other TLS protocol versions or connections that are not using the + traditional OCSP implementation. (Fix in pull request 8115) ## New Feature Additions -* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, - Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) -* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) -* Add support for (DevkitPro)libnds (PR 7990) -* Add port for Mosquitto OSP (Open Source Project) (PR 6460) -* Add port for init sssd (PR 7781) -* Add port for eXosip2 (PR 7648) -* Add support for STM32G4 (PR 7997) -* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback - Support (PR 7777) -* Add support for building wolfSSL to be used in libspdm (PR 7869) -* Add port for use with Nucleus Plus 2.3 (PR 7732) -* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with - --enable-acert (PR 7926) -* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS - (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). - (PR 7750) -* Added “new” and “delete” style functions for heap/pool allocation and freeing - of low level crypto structures (PR 3166 and 8089) +* Add support for RP2350 and improve RP2040 support, both with RNG optimizations + (PR 8153) +* Add support for STM32MP135F, including STM32CubeIDE support and HAL support + for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) +* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) +* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) +* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and + wc_Curve25519KeyDecode (PR 8129) +* CRL improvements and update callback, added the functions + wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) +* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) ## Enhancements and Optimizations -* Increase default max alt. names from 128 to 1024 (PR 7762) -* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) -* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) -* Add option to disable cryptocb test software test using - --disable-cryptocb-sw-test (PR 7862) -* Add a call to certificate verify callback before checking certificate dates - (PR 7895) -* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding - support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and - Hashing (PR 3166) -* Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) -* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) -* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) -* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) -* Added support for wolfSSL to be used as the default TLS in the zephyr kernel - (PR 7731) -* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) -* Renesas RX TSIP ECDSA support (PR 7685) -* Support DTLS1.3 downgrade when the server supports CID (PR 7841) -* Server-side checks OCSP even if it uses v2 multi (PR 7828) -* Add handling of absent hash params in PKCS7 bundle parsing and creation - (PR 7845) -* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in - environments that do not have a word64 type (PR 7759) -* Update to the maxq10xx support (PR 7824) -* Add support for parsing over optional PKCS8 attributes (PR 7944) -* Add support for either side method with DTLS 1.3 (PR 8012) -* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) -* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) -* Add left-most wildcard matching support to X509_check_host() (PR 7966) -* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) -* Building wolfSSL as a library with Ada and corrections to Alire manifest - (PR 7303,7940) -* Renesas RX72N support updated (PR 7849) -* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object - (PR 8005) -* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each - SSL object (PR 7867) -* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. - Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) -* Memory usage improvements in wc_PRF, sha256 (for small code when many - registers are available) and sp_int objects (PR 7901) -* Change in the configure script to work around ">>" with no command. In older - /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) -* Don't attempt to include system headers when not required (PR 7813) -* Certificates: DER encoding of ECC signature algorithm parameter is now - allowed to be NULL with a define (PR 7903) -* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) -* Update rx64n support on gr-rose (PR 7889) -* Update FSP version to v5.4.0 for RA6M4 (PR 7994) -* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) -* Add a new crypto callback for RSA with padding (PR 7907) -* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA - (PR 7924) -* Modernized memory fence support for C11 and clang (PR 7938) -* Add a CRL error override callback (PR 7986) -* Extend the X509 unknown extension callback for use with a user context - (PR 7730) -* Additional debug error tracing added with TLS (PR 7917) -* Added runtime support for library call stack traces with - –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) -* Expanded C89 conformance (PR 8077) -* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) -* Added support for cross-compilation of Linux kernel module (PR 7746) -* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) -* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a - serial number of 0 (PR 7893) -* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) - -### Espressif / Arduino Updates -* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) -* Update Espressif sha, util, mem, time helpers (PR 7955) -* Espressif _thread_local_start and _thread_local_end fix (PR 8030) -* Improve benchmark for Espressif devices (PR 8037) -* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) -* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF - (PR 7936) -* Update wolfssl Release for Arduino (PR 7775) - -### Post Quantum Crypto Updates -* Dilithium: support fixed size arrays in dilithium_key (PR 7727) -* Dilithium: add option to use precalc with small sign (PR 7744) -* Allow Kyber to be built with FIPS (PR 7788) -* Allow Kyber asm to be used in the Linux kernel module (PR 7872) -* Dilithium, Kyber: Update to final specification (PR 7877) -* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) - -### ARM Assembly Optimizations -* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) -* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) -* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) -* Adding ARM ASM build option to STM32CubePack (PR 7747) -* Add ARM64 to Visual Studio Project (PR 8010) -* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) -* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) +* Add a CMake dependency check for pthreads when required. (PR 8162) +* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary + not affected). (PR 8170) +* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) +* Change the default cipher suite preference, prioritizing + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) +* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling + (PR 8215) +* Make library build when no hardware crypto available for Aarch64 (PR 8293) +* Update assembly code to avoid `uint*_t` types for better compatibility with + older C standards. (PR 8133) +* Add initial documentation for writing ASN template code to decode BER/DER. + (PR 8120) +* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) +* Allow SHA-3 hardware cryptography instructions to be explicitly not used in + MacOS builds (PR 8282) +* Make Kyber and ML-KEM available individually and together. (PR 8143) +* Update configuration options to include Kyber/ML-KEM and fix defines used in + wolfSSL_get_curve_name. (PR 8183) +* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) +* Improved test coverage and minor improvements of X509 (PR 8176) +* Add sanity checks for configuration methods, ensuring the inclusion of + wolfssl/options.h or user_settings.h. (PR 8262) +* Enable support for building without TLS (NO_TLS). Provides reduced code size + option for non-TLS users who want features like the certificate manager or + compatibility layer. (PR 8273) +* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) +* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) +* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) +* Add support for the RFC822 Mailbox attribute (PR 8280) +* Initialize variables and adjust types resolve warnings with Visual Studio in + Windows builds. (PR 8181) +* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) +* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests + (PR 8261, 8255, 8245) +* Remove trailing error exit code in wolfSSL install setup script (PR 8189) +* Update Arduino files for wolfssl 5.7.4 (PR 8219) +* Improve Espressif SHA HW/SW mutex messages (PR 8225) +* Apply post-5.7.4 release updates for Espressif Managed Component examples + (PR 8251) +* Expansion of c89 conformance (PR 8164) +* Added configure option for additional sanity checks with --enable-faultharden + (PR 8289) +* Aarch64 ASM additions to check CPU features before hardware crypto instruction + use (PR 8314) ## Fixes -* ECC key load: fixes for certificates with parameters that are not default for - size (PR 7751) -* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) -* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret - (PR 7812) -* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) -* Fix for detecting older versions of Mac OS when trying to link with - libdispatch (PR 7932) -* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake - packets combined into a single transmission. (PR 7840) -* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest - (PR 7779) -* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) -* Fix for staticmemory and singlethreaded build (PR 7737) -* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) -* Fix to support PKCS11 without RSA key generation (PR 7738) -* Fix not calling the signing callback when using PK callbacks + TLS 1.3 - (PR 7761) -* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) -* Fix with PKCS11 to iterate correctly over slotId (PR 7736) -* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) -* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value - (PR 7742) -* Use max key length for PSK encrypt buffer size (PR 7707) -* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) -* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) -* Fix CMake build error for curl builds (PR 8021) -* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) -* SSL loading of keys/certs: testing and fixes (PR 7789) -* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) -* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) -* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) -* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) -* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member - (PR 8099) - +* Fix a memory issue when using the compatibility layer with + WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) +* Fix a build issue with signature fault hardening when using public key + callbacks (HAVE_PK_CALLBACKS). (PR 8287) +* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX + objects and free’ing one of them (PR 8180) +* Fix potential memory leak in error case with Aria. (PR 8268) +* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) +* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) +* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) +* Fix incorrect version setting in CSRs. (PR 8136) +* Correct debugging output for cryptodev. (PR 8202) +* Fix for benchmark application use with /dev/crypto GMAC auth error due to size + of AAD (PR 8210) +* Add missing checks for the initialization of sp_int/mp_int with DSA to free + memory properly in error cases. (PR 8209) +* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) +* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) +* Prevent adding a certificate to the CA cache for Renesas builds if it does not + set CA:TRUE in basic constraints. (PR 8060) +* Fix attribute certificate holder entityName parsing. (PR 8166) +* Resolve build issues for configurations without any wolfSSL/openssl + compatibility layer headers. (PR 8182) +* Fix for building SP RSA small and RSA public only (PR 8235) +* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) +* Fix to ensure all files have settings.h included (like wc_lms.c) and guards + for building all `*.c` files (PR 8257 and PR 8140) +* Fix x86 target build issues in Visual Studio for non-Windows operating + systems. (PR 8098) +* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) +* Properly handle reference counting when adding to the X509 store. (PR 8233) +* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas + example. Thanks to Hongbo for the report on example issues. (PR 7537) +* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. + Thanks to Peter for the issue reported. (PR 8139) For additional vulnerability information visit the vulnerability page at: diff --git a/README.md b/README.md index 2deaa8c..b75d0d5 100644 --- a/README.md +++ b/README.md @@ -1,22 +1,52 @@ # Arduino wolfSSL Library -This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.7.4 for the Arduino platform. +This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.7.6 for the Arduino platform. The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json). -See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/). +See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status. -## Arduino Releases +Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/). + +## wolfSSL Configuration + +As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file. + +The `user_settings.h` file is found in the `/libraries/wolfssl/src` directory. + +For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src` + +For Mac: `~/Documents/Arduino/libraries/wolfssl/src` + +For Linux: `~/Arduino/libraries/wolfssl/src` + +Tips for success: + +- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h)) +- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files. +- Do not explicitly include `user_settings.h` in any source file. +- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`. +- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros. -This release of wolfSSL is version [5.7.4](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.4-stable). +## wolfSSL Examples -Version [5.7.2](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable) of the Arduino wolfSSL was published August 3, 2024. +Additional wolfSSL examples can be found at: -The next Official wolfSSL Arduino Library was [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable) +- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO + +- https://github.com/wolfSSL/wolfssl/tree/master/examples + +- https://github.com/wolfSSL/wolfssl-examples/ + +## Arduino Releases + +This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable). + +See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases). The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. -See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. +The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. # wolfSSL Embedded SSL/TLS Library The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) @@ -94,197 +124,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.4 (Oct 24, 2024) +# wolfSSL Release 5.7.6 (Dec 31, 2024) -Release 5.7.4 has been developed according to wolfSSL's development and QA +Release 5.7.6 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 +NOTE: + * --enable-heapmath is deprecated. + * In this release, the default cipher suite preference is updated to prioritize + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. + * This release adds a sanity check for including wolfssl/options.h or + user_settings.h. + PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities -* [Low] When the OpenSSL compatibility layer is enabled, certificate - verification behaved differently in wolfSSL than OpenSSL, in the - X509_STORE_add_cert() and X509_STORE_load_locations() implementations. - Previously, in cases where an application explicitly loaded an intermediate - certificate, wolfSSL was verifying only up to that intermediate certificate, - rather than verifying up to the root CA. This only affects use cases where the - API is called directly, and does not affect TLS connections. Users that call - the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their - applications are recommended to update the version of wolfSSL used or to have - additional sanity checks on certificates loaded into the X509_STORE when - verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) - - -## PQC TLS Experimental Build Fix -* When using TLS with post quantum algorithms enabled, the connection uses a - smaller EC curve than agreed on. Users building with --enable-experimental and - enabling PQC cipher suites with TLS connections are recommended to update the - version of wolfSSL used. Thanks to Daniel Correa for the report. - (https://github.com/wolfSSL/wolfssl/pull/8084) +* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 + when performing OCSP requests for intermediate certificates in a certificate + chain. This affects only TLS 1.3 connections on the server side. It would not + impact other TLS protocol versions or connections that are not using the + traditional OCSP implementation. (Fix in pull request 8115) ## New Feature Additions -* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, - Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) -* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) -* Add support for (DevkitPro)libnds (PR 7990) -* Add port for Mosquitto OSP (Open Source Project) (PR 6460) -* Add port for init sssd (PR 7781) -* Add port for eXosip2 (PR 7648) -* Add support for STM32G4 (PR 7997) -* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback - Support (PR 7777) -* Add support for building wolfSSL to be used in libspdm (PR 7869) -* Add port for use with Nucleus Plus 2.3 (PR 7732) -* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with - --enable-acert (PR 7926) -* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS - (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). - (PR 7750) -* Added “new” and “delete” style functions for heap/pool allocation and freeing - of low level crypto structures (PR 3166 and 8089) +* Add support for RP2350 and improve RP2040 support, both with RNG optimizations + (PR 8153) +* Add support for STM32MP135F, including STM32CubeIDE support and HAL support + for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) +* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) +* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) +* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and + wc_Curve25519KeyDecode (PR 8129) +* CRL improvements and update callback, added the functions + wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) +* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) ## Enhancements and Optimizations -* Increase default max alt. names from 128 to 1024 (PR 7762) -* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) -* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) -* Add option to disable cryptocb test software test using - --disable-cryptocb-sw-test (PR 7862) -* Add a call to certificate verify callback before checking certificate dates - (PR 7895) -* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding - support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and - Hashing (PR 3166) -* Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) -* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) -* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) -* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) -* Added support for wolfSSL to be used as the default TLS in the zephyr kernel - (PR 7731) -* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) -* Renesas RX TSIP ECDSA support (PR 7685) -* Support DTLS1.3 downgrade when the server supports CID (PR 7841) -* Server-side checks OCSP even if it uses v2 multi (PR 7828) -* Add handling of absent hash params in PKCS7 bundle parsing and creation - (PR 7845) -* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in - environments that do not have a word64 type (PR 7759) -* Update to the maxq10xx support (PR 7824) -* Add support for parsing over optional PKCS8 attributes (PR 7944) -* Add support for either side method with DTLS 1.3 (PR 8012) -* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) -* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) -* Add left-most wildcard matching support to X509_check_host() (PR 7966) -* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) -* Building wolfSSL as a library with Ada and corrections to Alire manifest - (PR 7303,7940) -* Renesas RX72N support updated (PR 7849) -* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object - (PR 8005) -* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each - SSL object (PR 7867) -* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. - Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) -* Memory usage improvements in wc_PRF, sha256 (for small code when many - registers are available) and sp_int objects (PR 7901) -* Change in the configure script to work around ">>" with no command. In older - /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) -* Don't attempt to include system headers when not required (PR 7813) -* Certificates: DER encoding of ECC signature algorithm parameter is now - allowed to be NULL with a define (PR 7903) -* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) -* Update rx64n support on gr-rose (PR 7889) -* Update FSP version to v5.4.0 for RA6M4 (PR 7994) -* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) -* Add a new crypto callback for RSA with padding (PR 7907) -* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA - (PR 7924) -* Modernized memory fence support for C11 and clang (PR 7938) -* Add a CRL error override callback (PR 7986) -* Extend the X509 unknown extension callback for use with a user context - (PR 7730) -* Additional debug error tracing added with TLS (PR 7917) -* Added runtime support for library call stack traces with - –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) -* Expanded C89 conformance (PR 8077) -* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) -* Added support for cross-compilation of Linux kernel module (PR 7746) -* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) -* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a - serial number of 0 (PR 7893) -* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) - -### Espressif / Arduino Updates -* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) -* Update Espressif sha, util, mem, time helpers (PR 7955) -* Espressif _thread_local_start and _thread_local_end fix (PR 8030) -* Improve benchmark for Espressif devices (PR 8037) -* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) -* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF - (PR 7936) -* Update wolfssl Release for Arduino (PR 7775) - -### Post Quantum Crypto Updates -* Dilithium: support fixed size arrays in dilithium_key (PR 7727) -* Dilithium: add option to use precalc with small sign (PR 7744) -* Allow Kyber to be built with FIPS (PR 7788) -* Allow Kyber asm to be used in the Linux kernel module (PR 7872) -* Dilithium, Kyber: Update to final specification (PR 7877) -* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) - -### ARM Assembly Optimizations -* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) -* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) -* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) -* Adding ARM ASM build option to STM32CubePack (PR 7747) -* Add ARM64 to Visual Studio Project (PR 8010) -* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) -* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) +* Add a CMake dependency check for pthreads when required. (PR 8162) +* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary + not affected). (PR 8170) +* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) +* Change the default cipher suite preference, prioritizing + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) +* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling + (PR 8215) +* Make library build when no hardware crypto available for Aarch64 (PR 8293) +* Update assembly code to avoid `uint*_t` types for better compatibility with + older C standards. (PR 8133) +* Add initial documentation for writing ASN template code to decode BER/DER. + (PR 8120) +* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) +* Allow SHA-3 hardware cryptography instructions to be explicitly not used in + MacOS builds (PR 8282) +* Make Kyber and ML-KEM available individually and together. (PR 8143) +* Update configuration options to include Kyber/ML-KEM and fix defines used in + wolfSSL_get_curve_name. (PR 8183) +* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) +* Improved test coverage and minor improvements of X509 (PR 8176) +* Add sanity checks for configuration methods, ensuring the inclusion of + wolfssl/options.h or user_settings.h. (PR 8262) +* Enable support for building without TLS (NO_TLS). Provides reduced code size + option for non-TLS users who want features like the certificate manager or + compatibility layer. (PR 8273) +* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) +* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) +* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) +* Add support for the RFC822 Mailbox attribute (PR 8280) +* Initialize variables and adjust types resolve warnings with Visual Studio in + Windows builds. (PR 8181) +* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) +* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests + (PR 8261, 8255, 8245) +* Remove trailing error exit code in wolfSSL install setup script (PR 8189) +* Update Arduino files for wolfssl 5.7.4 (PR 8219) +* Improve Espressif SHA HW/SW mutex messages (PR 8225) +* Apply post-5.7.4 release updates for Espressif Managed Component examples + (PR 8251) +* Expansion of c89 conformance (PR 8164) +* Added configure option for additional sanity checks with --enable-faultharden + (PR 8289) +* Aarch64 ASM additions to check CPU features before hardware crypto instruction + use (PR 8314) ## Fixes -* ECC key load: fixes for certificates with parameters that are not default for - size (PR 7751) -* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) -* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret - (PR 7812) -* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) -* Fix for detecting older versions of Mac OS when trying to link with - libdispatch (PR 7932) -* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake - packets combined into a single transmission. (PR 7840) -* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest - (PR 7779) -* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) -* Fix for staticmemory and singlethreaded build (PR 7737) -* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) -* Fix to support PKCS11 without RSA key generation (PR 7738) -* Fix not calling the signing callback when using PK callbacks + TLS 1.3 - (PR 7761) -* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) -* Fix with PKCS11 to iterate correctly over slotId (PR 7736) -* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) -* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value - (PR 7742) -* Use max key length for PSK encrypt buffer size (PR 7707) -* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) -* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) -* Fix CMake build error for curl builds (PR 8021) -* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) -* SSL loading of keys/certs: testing and fixes (PR 7789) -* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) -* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) -* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) -* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) -* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member - (PR 8099) +* Fix a memory issue when using the compatibility layer with + WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) +* Fix a build issue with signature fault hardening when using public key + callbacks (HAVE_PK_CALLBACKS). (PR 8287) +* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX + objects and free’ing one of them (PR 8180) +* Fix potential memory leak in error case with Aria. (PR 8268) +* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) +* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) +* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) +* Fix incorrect version setting in CSRs. (PR 8136) +* Correct debugging output for cryptodev. (PR 8202) +* Fix for benchmark application use with /dev/crypto GMAC auth error due to size + of AAD (PR 8210) +* Add missing checks for the initialization of sp_int/mp_int with DSA to free + memory properly in error cases. (PR 8209) +* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) +* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) +* Prevent adding a certificate to the CA cache for Renesas builds if it does not + set CA:TRUE in basic constraints. (PR 8060) +* Fix attribute certificate holder entityName parsing. (PR 8166) +* Resolve build issues for configurations without any wolfSSL/openssl + compatibility layer headers. (PR 8182) +* Fix for building SP RSA small and RSA public only (PR 8235) +* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) +* Fix to ensure all files have settings.h included (like wc_lms.c) and guards + for building all `*.c` files (PR 8257 and PR 8140) +* Fix x86 target build issues in Visual Studio for non-Windows operating + systems. (PR 8098) +* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) +* Properly handle reference counting when adding to the X509 store. (PR 8233) +* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas + example. Thanks to Hongbo for the report on example issues. (PR 7537) +* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. + Thanks to Peter for the issue reported. (PR 8139) + For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/examples/wolfssl_client/wolfssl_client.ino b/examples/wolfssl_client/wolfssl_client.ino index e4727dc..d6ef702 100644 --- a/examples/wolfssl_client/wolfssl_client.ino +++ b/examples/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -85,6 +85,15 @@ Tested with: #include #endif +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ #include /* Important: make sure settings.h appears before any other wolfSSL headers */ #include diff --git a/examples/wolfssl_server/wolfssl_server.ino b/examples/wolfssl_server/wolfssl_server.ino index 387052c..c3820df 100644 --- a/examples/wolfssl_server/wolfssl_server.ino +++ b/examples/wolfssl_server/wolfssl_server.ino @@ -85,6 +85,15 @@ Tested with: #include #endif +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ #include /* Important: make sure settings.h appears before any other wolfSSL headers */ #include diff --git a/examples/wolfssl_version/wolfssl_version.ino b/examples/wolfssl_version/wolfssl_version.ino index ba34efb..a2f13fe 100644 --- a/examples/wolfssl_version/wolfssl_version.ino +++ b/examples/wolfssl_version/wolfssl_version.ino @@ -1,24 +1,55 @@ -#include -#include -#include - -/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ -#define SERIAL_BAUD 115200 - -/* Arduino setup */ -void setup() { - Serial.begin(SERIAL_BAUD); - while (!Serial) { - /* wait for serial port to connect. Needed for native USB port only */ - } - Serial.println(F("")); - Serial.println(F("")); - Serial.println(F("wolfSSL setup complete!")); -} - -/* Arduino main application loop. */ -void loop() { - Serial.print("wolfSSL Version: "); - Serial.println(LIBWOLFSSL_VERSION_STRING); - delay(60000); -} +/* wolfssl_server.ino + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + + /* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ +#include +#include + +/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ +#define SERIAL_BAUD 115200 + +/* Arduino setup */ +void setup() { + Serial.begin(SERIAL_BAUD); + while (!Serial) { + /* wait for serial port to connect. Needed for native USB port only */ + } + Serial.println(F("")); + Serial.println(F("")); + Serial.println(F("wolfSSL setup complete!")); +} + +/* Arduino main application loop. */ +void loop() { + Serial.print("wolfSSL Version: "); + Serial.println(LIBWOLFSSL_VERSION_STRING); + delay(60000); +} diff --git a/library.properties b/library.properties index d90b539..1f9456b 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=wolfssl -version=5.7.4 +version=5.7.6 author=wolfSSL Inc. maintainer=wolfSSL inc sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. diff --git a/src/src/bio.c b/src/src/bio.c index ac4eb03..b265456 100644 --- a/src/src/bio.c +++ b/src/src/bio.c @@ -146,7 +146,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { bio->wrSz = bio->wrSzReset; } else { @@ -163,7 +163,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && - !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { + !(bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY)) { /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, @@ -200,6 +200,7 @@ int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b) } #ifndef WOLFCRYPT_ONLY +#ifndef NO_TLS /* Helper function to read from WOLFSSL_BIO_SSL type * * returns the number of bytes read on success @@ -231,10 +232,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return ret; } +#endif /* !NO_TLS */ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, (unsigned int)sz) != WOLFSSL_SUCCESS) { @@ -249,7 +251,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) } return sz; } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY */ /* Used to read data from a WOLFSSL_BIO structure @@ -331,7 +333,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif /* !NO_FILESYSTEM */ break; case WOLFSSL_BIO_SSL: - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) ret = wolfSSL_BIO_SSL_read(bio, buf, len, front); #else WOLFSSL_MSG("WOLFSSL_BIO_SSL used with WOLFCRYPT_ONLY"); @@ -500,7 +502,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } #endif /* WOLFSSL_BASE64_ENCODE */ -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) /* Helper function for writing to a WOLFSSL_BIO_SSL type * * returns the amount written in bytes on success @@ -531,7 +533,7 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, } return ret; } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY && !NO_TLS */ /* Writes to a WOLFSSL_BIO_BIO type. * @@ -601,7 +603,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("one of input parameters is null"); return WOLFSSL_FAILURE; } - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { return WOLFSSL_FAILURE; } @@ -642,7 +644,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; @@ -746,7 +748,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif /* !NO_FILESYSTEM */ break; case WOLFSSL_BIO_SSL: - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) /* already got eof, again is error */ if (front->eof) { ret = WOLFSSL_FATAL_ERROR; @@ -823,7 +825,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) bio = bio->next; } -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) exit_chain: #endif @@ -866,23 +868,23 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) } switch(cmd) { - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: + case WOLFSSL_BIO_CTRL_PENDING: + case WOLFSSL_BIO_CTRL_WPENDING: ret = (long)wolfSSL_BIO_ctrl_pending(bio); break; - case BIO_CTRL_INFO: + case WOLFSSL_BIO_CTRL_INFO: ret = (long)wolfSSL_BIO_get_mem_data(bio, parg); break; - case BIO_CTRL_FLUSH: + case WOLFSSL_BIO_CTRL_FLUSH: ret = (long)wolfSSL_BIO_flush(bio); break; - case BIO_CTRL_RESET: + case WOLFSSL_BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; #ifdef WOLFSSL_HAVE_BIO_ADDR - case BIO_CTRL_DGRAM_CONNECT: - case BIO_CTRL_DGRAM_SET_PEER: + case WOLFSSL_BIO_CTRL_DGRAM_CONNECT: + case WOLFSSL_BIO_CTRL_DGRAM_SET_PEER: { socklen_t addr_size; if (parg == NULL) { @@ -899,7 +901,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) break; } - case BIO_CTRL_DGRAM_SET_CONNECTED: + case WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED: if (parg == NULL) { wolfSSL_BIO_ADDR_clear(&bio->peer_addr); bio->connected = 0; @@ -916,7 +918,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) ret = WOLFSSL_SUCCESS; break; - case BIO_CTRL_DGRAM_QUERY_MTU: + case WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU: ret = 0; /* not implemented */ break; @@ -1371,7 +1373,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) int closeFlag) { if (!bio || !bufMem || - (closeFlag != BIO_NOCLOSE && closeFlag != BIO_CLOSE)) + (closeFlag != WOLFSSL_BIO_NOCLOSE && closeFlag != WOLFSSL_BIO_CLOSE)) return BAD_FUNC_ARG; if (bio->mem_buf) @@ -1379,7 +1381,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) wolfSSL_BUF_MEM_free(bio->mem_buf); bio->mem_buf = bufMem; - bio->shutdown = closeFlag; + bio->shutdown = closeFlag ? WOLFSSL_BIO_CLOSE : WOLFSSL_BIO_NOCLOSE; bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; @@ -1717,7 +1719,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) case WOLFSSL_BIO_MEMORY: bio->rdIdx = 0; - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { bio->wrIdx = bio->wrSzReset; bio->wrSz = bio->wrSzReset; } @@ -1826,7 +1828,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + if (bio->ptr.fh != XBADFILE && bio->shutdown == WOLFSSL_BIO_CLOSE) { XFCLOSE(bio->ptr.fh); } @@ -1839,7 +1841,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } - bio->shutdown = BIO_CLOSE; + bio->shutdown = WOLFSSL_BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2201,7 +2203,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio->method != NULL && bio->method->ctrlCb != NULL) { WOLFSSL_MSG("Calling custom BIO flush callback"); - return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL); + return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_FLUSH, 0, NULL); } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) @@ -2387,7 +2389,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->type = WOLFSSL_BIO_SOCKET; } else { - BIO_free(bio); + wolfSSL_BIO_free(bio); bio = NULL; } } @@ -2477,7 +2479,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } b->num.fd = sfd; - b->shutdown = BIO_CLOSE; + b->shutdown = WOLFSSL_BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2506,7 +2508,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } b->num.fd = sfd; - b->shutdown = BIO_CLOSE; + b->shutdown = WOLFSSL_BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; @@ -2516,7 +2518,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } /* Create a socket BIO for using the accept'ed connection */ - new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE); + new_bio = wolfSSL_BIO_new_socket(newfd, WOLFSSL_BIO_CLOSE); if (new_bio == NULL) { WOLFSSL_MSG("wolfSSL_BIO_new_socket error"); CloseSocket(newfd); @@ -2560,6 +2562,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return ret; } +#ifndef NO_TLS long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b) { WOLFSSL_ENTER("wolfSSL_BIO_do_handshake"); @@ -2595,7 +2598,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (b->ptr.ssl != NULL) { int rc = wolfSSL_shutdown(b->ptr.ssl); - if (rc == SSL_SHUTDOWN_NOT_DONE) { + if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ wolfSSL_shutdown(b->ptr.ssl); @@ -2605,6 +2608,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("BIO has no SSL pointer set."); } } +#endif long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { @@ -2682,7 +2686,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else wolfSSL_set_connect_state(ssl); } - if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) != + if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to set SSL pointer in BIO."); err = 1; @@ -2831,13 +2835,20 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) #else bio->method = method; #endif - bio->shutdown = BIO_CLOSE; /* default to close things */ + bio->shutdown = WOLFSSL_BIO_CLOSE; /* default to close things */ if ((bio->type == WOLFSSL_BIO_SOCKET) || (bio->type == WOLFSSL_BIO_DGRAM)) { bio->num.fd = SOCKET_INVALID; - } else { + } + else if (bio->type == WOLFSSL_BIO_FILE) { +#ifndef NO_FILESYSTEM + bio->ptr.fh = XBADFILE; +#endif + bio->num.fd = SOCKET_INVALID; + } + else { bio->num.length = 0; } bio->init = 1; @@ -2916,7 +2927,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { XMEMCPY(bio->ptr.mem_buf_data, buf, len); - bio->flags |= BIO_FLAGS_MEM_RDONLY; + bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2994,7 +3005,9 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } #ifndef NO_FILESYSTEM - if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { + if (bio->type == WOLFSSL_BIO_FILE && + bio->shutdown == WOLFSSL_BIO_CLOSE) + { if (bio->ptr.fh) { XFCLOSE(bio->ptr.fh); } @@ -3007,7 +3020,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } #endif - if (bio->shutdown != BIO_NOCLOSE) { + if (bio->shutdown != WOLFSSL_BIO_NOCLOSE) { if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr.mem_buf_data != NULL) { @@ -3409,7 +3422,7 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) if (fp == XBADFILE) return WOLFSSL_BAD_FILE; - if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(b, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { XFCLOSE(fp); return WOLFSSL_BAD_FILE; } @@ -3446,7 +3459,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) return bio; } - if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { XFCLOSE(fp); wolfSSL_BIO_free(bio); bio = NULL; diff --git a/src/src/conf.c b/src/src/conf.c index c9a35c1..b614148 100644 --- a/src/src/conf.c +++ b/src/src/conf.c @@ -202,7 +202,10 @@ long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db) return WOLFSSL_FAILURE; } } - idx[-1] = '\n'; + if (idx > buf) + idx[-1] = '\n'; + else + return WOLFSSL_FAILURE; sz = (int)(idx - buf); if (wolfSSL_BIO_write(out, buf, sz) != sz) { @@ -603,7 +606,7 @@ char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf, return NULL; } -int wolfSSL_NCONF_get_number(const CONF *conf, const char *group, +int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group, const char *name, long *result) { char *str; @@ -1582,7 +1585,7 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd) confcmd = wolfssl_conf_find_cmd(cctx, cmd); if (confcmd == NULL) - return SSL_CONF_TYPE_UNKNOWN; + return WOLFSSL_CONF_TYPE_UNKNOWN; return (int)confcmd->data_type; } @@ -1594,21 +1597,21 @@ int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd) ******************************************************************************/ #if defined(OPENSSL_EXTRA) -OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void) +WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void) { - OPENSSL_INIT_SETTINGS* init = (OPENSSL_INIT_SETTINGS*)XMALLOC( - sizeof(OPENSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL); + WOLFSSL_INIT_SETTINGS* init = (WOLFSSL_INIT_SETTINGS*)XMALLOC( + sizeof(WOLFSSL_INIT_SETTINGS), NULL, DYNAMIC_TYPE_OPENSSL); return init; } -void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init) +void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init) { XFREE(init, NULL, DYNAMIC_TYPE_OPENSSL); } #ifndef NO_WOLFSSL_STUB -int wolfSSL_OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS* init, +int wolfSSL_OPENSSL_INIT_set_config_appname(WOLFSSL_INIT_SETTINGS* init, char* appname) { (void)init; diff --git a/src/src/crl.c b/src/src/crl.c index 5e359c7..b78002c 100644 --- a/src/src/crl.c +++ b/src/src/crl.c @@ -311,7 +311,6 @@ static int FindRevokedSerial(RevokedCert* rc, byte* serial, int serialSz, #else (void)totalCerts; /* search in the linked list*/ - while (rc) { if (serialHash == NULL) { if (rc->serialSz == serialSz && @@ -560,12 +559,45 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) NULL, cert->extCrlInfo, cert->extCrlInfoSz, issuerName); } +#ifdef HAVE_CRL_UPDATE_CB +static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info) +{ + info->issuerHash = (byte *)entry->issuerHash; + info->issuerHashLen = CRL_DIGEST_SIZE; + info->lastDate = (byte *)entry->lastDate; + info->lastDateMaxLen = MAX_DATE_SIZE; + info->lastDateFormat = entry->lastDateFormat; + info->nextDate = (byte *)entry->nextDate; + info->nextDateMaxLen = MAX_DATE_SIZE; + info->nextDateFormat = entry->nextDateFormat; + info->crlNumber = (sword32)entry->crlNumber; +} + +static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info) +{ + info->issuerHash = (byte *)entry->issuerHash; + info->issuerHashLen = SIGNER_DIGEST_SIZE; + info->lastDate = (byte *)entry->lastDate; + info->lastDateMaxLen = MAX_DATE_SIZE; + info->lastDateFormat = entry->lastDateFormat; + info->nextDate = (byte *)entry->nextDate; + info->nextDateMaxLen = MAX_DATE_SIZE; + info->nextDateFormat = entry->nextDateFormat; + info->crlNumber = (sword32)entry->crlNumber; +} +#endif /* Add Decoded CRL, 0 on success */ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, int verified) { CRL_Entry* crle = NULL; + CRL_Entry* curr = NULL; + CRL_Entry* prev = NULL; +#ifdef HAVE_CRL_UPDATE_CB + CrlInfo old; + CrlInfo cnew; +#endif WOLFSSL_ENTER("AddCRL"); @@ -594,8 +626,43 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, return BAD_MUTEX_E; } - crle->next = crl->crlList; - crl->crlList = crle; + for (curr = crl->crlList; curr != NULL; curr = curr->next) { + if (XMEMCMP(curr->issuerHash, crle->issuerHash, CRL_DIGEST_SIZE) == 0) { + if (crle->crlNumber <= curr->crlNumber) { + WOLFSSL_MSG("Same or newer CRL entry already exists"); + CRL_Entry_free(crle, crl->heap); + wc_UnLockRwLock(&crl->crlLock); + return BAD_FUNC_ARG; + } + + crle->next = curr->next; + if (prev != NULL) { + prev->next = crle; + } + else { + crl->crlList = crle; + } + +#ifdef HAVE_CRL_UPDATE_CB + if (crl->cm && crl->cm->cbUpdateCRL != NULL) { + SetCrlInfo(curr, &old); + SetCrlInfo(crle, &cnew); + crl->cm->cbUpdateCRL(&old, &cnew); + } +#endif + + break; + } + prev = curr; + } + + if (curr != NULL) { + CRL_Entry_free(curr, crl->heap); + } + else { + crle->next = crl->crlList; + crl->crlList = crle; + } wc_UnLockRwLock(&crl->crlLock); /* Avoid heap-use-after-free after crl->crlList is released */ crl->currentEntry = NULL; @@ -686,6 +753,87 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ } +#ifdef HAVE_CRL_UPDATE_CB +/* Fill out CRL info structure, WOLFSSL_SUCCESS on ok */ +int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, + long sz, int type) +{ + int ret = WOLFSSL_SUCCESS; + const byte* myBuffer = buff; /* if DER ok, otherwise switch */ + DerBuffer* der = NULL; + CRL_Entry* crle = NULL; +#ifdef WOLFSSL_SMALL_STACK + DecodedCRL* dcrl; +#else + DecodedCRL dcrl[1]; +#endif + + WOLFSSL_ENTER("GetCRLInfo"); + + if (crl == NULL || info == NULL || buff == NULL || sz == 0) + return BAD_FUNC_ARG; + + if (type == WOLFSSL_FILETYPE_PEM) { + #ifdef WOLFSSL_PEM_TO_DER + ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL); + if (ret == 0) { + myBuffer = der->buffer; + sz = der->length; + } + else { + WOLFSSL_MSG("Pem to Der failed"); + FreeDer(&der); + return -1; + } + #else + ret = NOT_COMPILED_IN; + #endif + } + +#ifdef WOLFSSL_SMALL_STACK + dcrl = (DecodedCRL*)XMALLOC(sizeof(DecodedCRL), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (dcrl == NULL) { + FreeDer(&der); + return MEMORY_E; + } +#endif + + crle = CRL_Entry_new(crl->heap); + if (crle == NULL) { + WOLFSSL_MSG("alloc CRL Entry failed"); + #ifdef WOLFSSL_SMALL_STACK + XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif + FreeDer(&der); + return MEMORY_E; + } + + InitDecodedCRL(dcrl, crl->heap); + ret = ParseCRL(crle->certs, dcrl, myBuffer, (word32)sz, + 0, crl->cm); + if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E))) { + WOLFSSL_MSG("ParseCRL error"); + CRL_Entry_free(crle, crl->heap); + crle = NULL; + } + else { + SetCrlInfoFromDecoded((DecodedCRL*)dcrl, info); + } + + FreeDecodedCRL(dcrl); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + FreeDer(&der); + CRL_Entry_free(crle, crl->heap); + + return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ +} +#endif + #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) /* helper function to create a new dynamic WOLFSSL_X509_CRL structure */ static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm) @@ -784,7 +932,7 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) #endif if (dupl->toBeSigned == NULL || dupl->signature == NULL #ifdef WC_RSA_PSS - /* allow sigParamsSz is zero and malloc(0) to return NULL */ + /* allow sigParamsSz is zero and XMALLOC(0) to return NULL */ || (dupl->sigParams == NULL && dupl->sigParamsSz != 0) #endif ) { @@ -954,7 +1102,7 @@ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newc } if (crl != newcrl && wc_LockRwLock_Rd(&newcrl->crlLock) != 0) { - WOLFSSL_MSG("wc_LockRwLock_Wr failed"); + WOLFSSL_MSG("wc_LockRwLock_Rd failed"); wc_UnLockRwLock(&crl->crlLock); return BAD_MUTEX_E; } diff --git a/src/src/dtls.c b/src/src/dtls.c index 5b2356a..ae27804 100644 --- a/src/src/dtls.c +++ b/src/src/dtls.c @@ -101,6 +101,15 @@ void DtlsResetState(WOLFSSL* ssl) ssl->options.tls = 0; ssl->options.tls1_1 = 0; ssl->options.tls1_3 = 0; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + ssl->buffers.dtlsCtx.processingPendingRecord = 0; + /* Clear the pending peer in case user set */ + XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap, + DYNAMIC_TYPE_SOCKADDR); + ssl->buffers.dtlsCtx.pendingPeer.sa = NULL; + ssl->buffers.dtlsCtx.pendingPeer.sz = 0; + ssl->buffers.dtlsCtx.pendingPeer.bufSz = 0; +#endif } int DtlsIgnoreError(int err) @@ -221,6 +230,7 @@ static int CreateDtls12Cookie(const WOLFSSL* ssl, const WolfSSL_CH* ch, ssl->buffers.dtlsCookieSecret.buffer, ssl->buffers.dtlsCookieSecret.length); if (ret == 0) { + /* peerLock not necessary. Still in handshake phase. */ ret = wc_HmacUpdate(&cookieHmac, (const byte*)ssl->buffers.dtlsCtx.peer.sa, ssl->buffers.dtlsCtx.peer.sz); @@ -716,9 +726,14 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) * and if they don't match we will error out there anyway. */ byte modes; + /* TLSX_PreSharedKey_Parse_ClientHello uses word16 length */ + if (tlsx.size > WOLFSSL_MAX_16BIT) { + ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); + } + /* Ask the user for the ciphersuite matching this identity */ if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts, - tlsx.elements, tlsx.size, ssl->heap) == 0) + tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites); /* Revert to full handshake if PSK parsing failed */ @@ -729,8 +744,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) goto dtls13_cleanup; if (!tlsxFound) ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); - ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, tlsx.size, - client_hello, &modes); + ret = TLSX_PskKeyModes_Parse_Modes(tlsx.elements, (word16)tlsx.size, + client_hello, &modes); if (ret != 0) goto dtls13_cleanup; if ((modes & (1 << PSK_DHE_KE)) && @@ -1103,6 +1118,26 @@ static int DtlsCidGet(WOLFSSL* ssl, unsigned char* buf, int bufferSz, int rx) return WOLFSSL_SUCCESS; } +static int DtlsCidGet0(WOLFSSL* ssl, unsigned char** cid, int rx) +{ + ConnectionID* id; + CIDInfo* info; + + if (ssl == NULL || cid == NULL) + return BAD_FUNC_ARG; + + info = DtlsCidGetInfo(ssl); + if (info == NULL) + return WOLFSSL_FAILURE; + + id = rx ? info->rx : info->tx; + if (id == NULL || id->length == 0) + return WOLFSSL_SUCCESS; + + *cid = id->id; + return WOLFSSL_SUCCESS; +} + static CIDInfo* DtlsCidGetInfoFromExt(byte* ext) { WOLFSSL** sslPtr; @@ -1361,6 +1396,11 @@ int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buf, return DtlsCidGet(ssl, buf, bufferSz, 1); } +int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid) +{ + return DtlsCidGet0(ssl, cid, 1); +} + int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size) { return DtlsCidGetSize(ssl, size, 0); @@ -1372,10 +1412,40 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf, return DtlsCidGet(ssl, buf, bufferSz, 0); } +int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid) +{ + return DtlsCidGet0(ssl, cid, 0); +} + int wolfSSL_dtls_cid_max_size(void) { return DTLS_CID_MAX_SIZE; } + +const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg, + unsigned int msgSz, unsigned int cidSz) +{ + /* we need at least the first byte to check version */ + if (msg == NULL || cidSz == 0 || msgSz < OPAQUE8_LEN + cidSz) + return NULL; + if (msg[0] == dtls12_cid) { + /* DTLS 1.2 CID packet */ + if (msgSz < DTLS_RECORD_HEADER_SZ + cidSz) + return NULL; + /* content type(1) + version(2) + epoch(2) + sequence(6) */ + return msg + ENUM_LEN + VERSION_SZ + OPAQUE16_LEN + OPAQUE16_LEN + + OPAQUE32_LEN; + } +#ifdef WOLFSSL_DTLS13 + else if (Dtls13UnifiedHeaderCIDPresent(msg[0])) { + /* DTLS 1.3 CID packet */ + if (msgSz < OPAQUE8_LEN + cidSz) + return NULL; + return msg + OPAQUE8_LEN; + } +#endif + return NULL; +} #endif /* WOLFSSL_DTLS_CID */ byte DtlsGetCidTxSize(WOLFSSL* ssl) @@ -1408,6 +1478,11 @@ byte DtlsGetCidRxSize(WOLFSSL* ssl) #endif } +byte wolfSSL_is_stateful(WOLFSSL* ssl) +{ + return (byte)(ssl != NULL ? ssl->options.dtlsStateful : 0); +} + #endif /* WOLFSSL_DTLS */ #endif /* WOLFCRYPT_ONLY */ diff --git a/src/src/dtls13.c b/src/src/dtls13.c index 6f2f014..161ce4f 100644 --- a/src/src/dtls13.c +++ b/src/src/dtls13.c @@ -260,7 +260,8 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, if (c->aes == NULL) return BAD_STATE_E; #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ + || defined(WOLFSSL_LINUXKM)) return wc_AesEncryptDirect(c->aes, mask, ciphertext); #else wc_AesEncryptDirect(c->aes, mask, ciphertext); @@ -1150,6 +1151,11 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags, return 0; } +int Dtls13UnifiedHeaderCIDPresent(byte flags) +{ + return Dtls13IsUnifiedHeader(flags) && (flags & DTLS13_CID_BIT); +} + #else #define Dtls13AddCID(a, b, c, d) 0 #define Dtls13UnifiedHeaderParseCID(a, b, c, d, e) 0 diff --git a/src/src/internal.c b/src/src/internal.c index a152022..666de86 100644 --- a/src/src/internal.c +++ b/src/src/internal.c @@ -92,12 +92,6 @@ * pair */ - -#ifdef EXTERNAL_OPTS_OPENVPN -#error EXTERNAL_OPTS_OPENVPN should not be defined\ - when building wolfSSL -#endif - #ifndef WOLFCRYPT_ONLY #include @@ -197,7 +191,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #else #define SSL_TICKET_CTX(ssl) ssl->ctx->ticketEncCtx #endif - #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS) static int TicketEncCbCtx_Init(WOLFSSL_CTX* ctx, TicketEncCbCtx* keyCtx); static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx); @@ -796,16 +790,16 @@ static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver, ssl->specs.bulk_cipher_algorithm == wolfssl_aes) { byte *pt = (byte*)ssl->encrypt.aes->reg; - if ((idx + 2*AES_BLOCK_SIZE) > len) { + if ((idx + 2*WC_AES_BLOCK_SIZE) > len) { WOLFSSL_MSG("Can not fit AES state into buffer"); return BUFFER_E; } - XMEMCPY(exp + idx, pt, AES_BLOCK_SIZE); - idx += AES_BLOCK_SIZE; + XMEMCPY(exp + idx, pt, WC_AES_BLOCK_SIZE); + idx += WC_AES_BLOCK_SIZE; pt = (byte*)ssl->decrypt.aes->reg; - XMEMCPY(exp + idx, pt, AES_BLOCK_SIZE); - idx += AES_BLOCK_SIZE; + XMEMCPY(exp + idx, pt, WC_AES_BLOCK_SIZE); + idx += WC_AES_BLOCK_SIZE; } WOLFSSL_LEAVE("ExportCipherSpecState", idx); @@ -1048,12 +1042,12 @@ static int ImportCipherSpecState(WOLFSSL* ssl, const byte* exp, word32 len, if (type == WOLFSSL_EXPORT_TLS && ssl->specs.bulk_cipher_algorithm == wolfssl_aes) { byte *pt = (byte*)ssl->encrypt.aes->reg; - XMEMCPY(pt, exp + idx, AES_BLOCK_SIZE); - idx += AES_BLOCK_SIZE; + XMEMCPY(pt, exp + idx, WC_AES_BLOCK_SIZE); + idx += WC_AES_BLOCK_SIZE; pt = (byte*)ssl->decrypt.aes->reg; - XMEMCPY(pt, exp + idx, AES_BLOCK_SIZE); - idx += AES_BLOCK_SIZE; + XMEMCPY(pt, exp + idx, WC_AES_BLOCK_SIZE); + idx += WC_AES_BLOCK_SIZE; } WOLFSSL_LEAVE("ImportCipherSpecState", idx); @@ -2108,7 +2102,7 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz, /* possible AES state needed */ if (type == WOLFSSL_EXPORT_TLS) { - *sz += AES_BLOCK_SIZE*2; + *sz += WC_AES_BLOCK_SIZE*2; } ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } @@ -2270,6 +2264,225 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) } #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) +/* Check the wolfssl method meets minimum requirements for + * the given security level. + * + * Returns 0 if method meets security level. + * Returns CRYPTO_POLICY_FORBIDDEN otherwise. + * */ +static int wolfSSL_crypto_policy_method_allowed(WOLFSSL_METHOD * method, + int level) +{ + if (level == 0) { + /* permissive, no restrictions. */ + return 0; + } + + #ifdef WOLFSSL_DTLS + if (method->version.major == DTLS_MAJOR) { + if (method->version.minor == DTLS_MINOR) { + /* sec level must be 1 or lower. */ + if (level > 1) { + return CRYPTO_POLICY_FORBIDDEN; + } + } + } + else + #endif /* WOLFSSL_DTLS */ + { + if (method->version.minor == SSLv3_MINOR) { + /* sec level must be 0. */ + if (level > 0) { + return CRYPTO_POLICY_FORBIDDEN; + } + } + else if (method->version.minor == TLSv1_MINOR || + method->version.minor == TLSv1_1_MINOR) { + /* sec level must be 1 or lower. */ + if (level > 1) { + return CRYPTO_POLICY_FORBIDDEN; + } + } + } + + /* nothing else to check, all other combinations ok. */ + + return 0; +} + +/* Configure the CTX to conform to the security policy. + * + * Also, check the WOLFSSL_METHOD against the supplied security + * level. + * + * Returns CRYPTO_POLICY_FORBIDDEN if not allowed per policy. + * Returns BAD_FUNC_ARG on null args. + * Returns 0 if ok. + * */ +int wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx, + WOLFSSL_METHOD * method) +{ + byte minDowngrade = 0x00; + #ifdef WOLFSSL_DTLS + int dtls = 0; + #endif /* WOLFSSL_DTLS */ + int level = 0; + #if !defined(NO_DH) || !defined(NO_RSA) + word16 minKeySz = 0; /* minimum DH or RSA key size */ + #endif /* !NO_DH || !NO_RSA*/ + #ifdef HAVE_ECC + short minEccKeySz = 0; /* minimum allowed ECC key size */ + #endif /* HAVE_ECC */ + + + if (ctx == NULL || method == NULL) { + return BAD_FUNC_ARG; + } + + #ifdef WOLFSSL_DTLS + dtls = (method->version.major == DTLS_MAJOR); + #endif /* WOLFSSL_DTLS */ + + /* get the crypto policy security level. */ + level = wolfSSL_crypto_policy_get_level(); + + if (level < 0 || level > 5) { + WOLFSSL_MSG_EX("crypto_policy_init_ctx: invalid level: %d", level); + return BAD_FUNC_ARG; + } + + /* Check requested method per security level. */ + if (wolfSSL_crypto_policy_method_allowed(method, level) != 0) { + WOLFSSL_MSG_EX("crypto_policy_init_ctx: " + "method=%d, SECLEVEL=%d combination not allowed", + method->version.minor, level); + return CRYPTO_POLICY_FORBIDDEN; + } + + /* Set appropriate min downgrade per security level. */ + #ifdef WOLFSSL_DTLS + if (dtls) { + switch (level) { + case 1: + minDowngrade = DTLS_MINOR; + break; + case 2: + case 3: + case 4: + case 5: + minDowngrade = DTLSv1_2_MINOR; + break; + case 0: + default: + /* Permissive, no restrictions. Allow defaults. */ + minDowngrade = WOLFSSL_MIN_DTLS_DOWNGRADE; + break; + } + } + else + #endif /* WOLFSSL_DTLS */ + { + switch (level) { + case 1: + /* prohibit SSLv3 and lower. */ + minDowngrade = TLSv1_MINOR; + break; + case 2: + case 3: + case 4: + case 5: + /* prohibit TLSv1_1 and lower. */ + minDowngrade = TLSv1_2_MINOR; + break; + case 0: + default: + ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE; + break; + } + } + + /* Set min RSA and DH key size. */ + #if !defined(NO_DH) || !defined(NO_RSA) + switch (level) { + case 1: + minKeySz = 128; /* 1024 bits / 8 */ + break; + case 2: + minKeySz = 256; /* 2048 bits / 8 */ + break; + case 3: + minKeySz = 384; /* 3072 bits / 8 */ + break; + case 4: + minKeySz = 960; /* 7680 bits / 8 */ + break; + case 5: + minKeySz = 1920; /* 15360 bits / 8 */ + break; + case 0: + default: + break; + } + #endif /* !NO_DH || !NO_RSA*/ + + /* Set min ECC key size. */ + #ifdef HAVE_ECC + switch (level) { + case 1: + minEccKeySz = 20; /* 160 bits / 8 */ + break; + case 2: + minEccKeySz = 28; /* 224 bits / 8 */ + break; + case 3: + minEccKeySz = 32; /* 256 bits / 8 */ + break; + case 4: + minEccKeySz = 48; /* 384 bits / 8 */ + break; + case 5: + minEccKeySz = 64; /* 512 bits / 8 */ + break; + default: + case 0: + break; + } + #endif /* HAVE_ECC */ + + /* Finally set the ctx values. */ + ctx->minDowngrade = minDowngrade; + ctx->secLevel = level; + ctx->method = method; + + #if !defined(NO_DH) || !defined(NO_RSA) + if (minKeySz > 0) { + #ifndef NO_DH + if (minKeySz > MAX_DHKEY_SZ) { + WOLFSSL_MSG_EX("crypto_policy_init_ctx: minKeySz=%d, " + "but MAX_DHKEY_SZ=%d", + minKeySz, MAX_DHKEY_SZ); + return CRYPTO_POLICY_FORBIDDEN; + } + ctx->minDhKeySz = minKeySz; + ctx->maxDhKeySz = MAX_DHKEY_SZ; + #endif /* NO_DH */ + #ifndef NO_RSA + ctx->minRsaKeySz = minKeySz; + #endif /* NO_RSA */ + } + #endif /* !NO_DH || !NO_RSA*/ + + #ifdef HAVE_ECC + if (minEccKeySz > 0) { + ctx->minEccKeySz = minEccKeySz; + } + #endif /* HAVE_ECC */ + + return 0; +} +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + /* Initialize SSL context, return 0 on success */ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) { @@ -2297,7 +2510,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE; } - wolfSSL_RefInit(&ctx->ref, &ret); + wolfSSL_RefWithMutexInit(&ctx->ref, &ret); #ifdef WOLFSSL_REFCNT_ERROR_RETURN if (ret < 0) { WOLFSSL_MSG("Mutex error on CTX init"); @@ -2323,6 +2536,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) #ifndef NO_RSA ctx->minRsaKeySz = MIN_RSAKEY_SZ; #endif + #ifdef HAVE_ECC ctx->minEccKeySz = MIN_ECCKEY_SZ; ctx->eccTempKeySz = ECDHE_SIZE; @@ -2499,7 +2713,7 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */ #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) -#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB +#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS) ret = TicketEncCbCtx_Init(ctx, &ctx->ticketKeyCtx); if (ret != 0) return ret; ctx->ticketEncCb = DefTicketEncCb; @@ -2547,6 +2761,14 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap) ctx->doAppleNativeCertValidationFlag = 0; #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + ret = wolfSSL_crypto_policy_init_ctx(ctx, method); + if (ret != 0) { + WOLFSSL_MSG_EX("crypto_policy_init_ctx returned %d", ret); + return ret; + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + return ret; } @@ -2620,7 +2842,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) wolfEventQueue_Free(&ctx->event_queue); #endif /* HAVE_WOLF_EVENT */ +#ifndef NO_TLS /* its a static global see ssl.c "gNoTlsMethod" */ XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD); +#endif ctx->method = NULL; XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); @@ -2769,25 +2993,6 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) (void)heapAtCTXInit; } -#ifdef WOLFSSL_STATIC_MEMORY -static void SSL_CtxResourceFreeStaticMem(void* heap) -{ -#ifndef SINGLE_THREADED - if (heap != NULL - #ifdef WOLFSSL_HEAP_TEST - /* avoid dereferencing a test value */ - && heap != (void*)WOLFSSL_HEAP_TEST - #endif - ) { - WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)heap; - WOLFSSL_HEAP* mem = hint->memory; - wc_FreeMutex(&mem->memory_mutex); - } -#else - (void)heap; -#endif -} -#endif /* WOLFSSL_STATIC_MEMORY */ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) { @@ -2801,7 +3006,7 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) #endif /* decrement CTX reference count */ - wolfSSL_RefDec(&ctx->ref, &isZero, &ret); + wolfSSL_RefWithMutexDec(&ctx->ref, &isZero, &ret); #ifdef WOLFSSL_REFCNT_ERROR_RETURN if (ret < 0) { /* check error state, if mutex error code then mutex init failed but @@ -2809,9 +3014,6 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) if (ctx->err == WC_NO_ERR_TRACE(CTX_INIT_MUTEX_E)) { SSL_CtxResourceFree(ctx); XFREE(ctx, heap, DYNAMIC_TYPE_CTX); - #ifdef WOLFSSL_STATIC_MEMORY - SSL_CtxResourceFreeStaticMem(heap); - #endif } return; } @@ -2824,14 +3026,11 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) SSL_CtxResourceFree(ctx); #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ - !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS) TicketEncCbCtx_Free(&ctx->ticketKeyCtx); #endif wolfSSL_RefFree(&ctx->ref); XFREE(ctx, heap, DYNAMIC_TYPE_CTX); - #ifdef WOLFSSL_STATIC_MEMORY - SSL_CtxResourceFreeStaticMem(heap); - #endif } else { WOLFSSL_MSG("CTX ref count not 0 yet, no free"); @@ -3249,8 +3448,8 @@ int AllocateSuites(WOLFSSL* ssl) void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig, word16 haveECC, word16 haveStaticRSA, word16 haveStaticECC, - word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon, - word16 haveNull, int side) + word16 haveAnon, word16 haveNull, word16 haveAES128, + word16 haveSHA1, word16 haveRC4, int side) { word16 idx = 0; int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; @@ -3286,8 +3485,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, (void)haveRSAsig; /* non ecc builds won't read */ (void)haveAnon; /* anon ciphers optional */ (void)haveNull; - (void)haveFalconSig; - (void)haveDilithiumSig; + (void)haveAES128; + (void)haveSHA1; + (void)haveRC4; if (suites == NULL) { WOLFSSL_MSG("InitSuites pointer error"); @@ -3298,17 +3498,17 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, return; /* trust user settings, don't override */ #ifdef WOLFSSL_TLS13 -#ifdef BUILD_TLS_AES_128_GCM_SHA256 +#ifdef BUILD_TLS_AES_256_GCM_SHA384 if (tls1_3) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_128_GCM_SHA256; + suites->suites[idx++] = TLS_AES_256_GCM_SHA384; } #endif -#ifdef BUILD_TLS_AES_256_GCM_SHA384 - if (tls1_3) { +#ifdef BUILD_TLS_AES_128_GCM_SHA256 + if (tls1_3 && haveAES128) { suites->suites[idx++] = TLS13_BYTE; - suites->suites[idx++] = TLS_AES_256_GCM_SHA384; + suites->suites[idx++] = TLS_AES_128_GCM_SHA256; } #endif @@ -3320,14 +3520,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_AES_128_CCM_SHA256 - if (tls1_3) { + if (tls1_3 && haveAES128) { suites->suites[idx++] = TLS13_BYTE; suites->suites[idx++] = TLS_AES_128_CCM_SHA256; } #endif #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - if (tls1_3) { + if (tls1_3 && haveAES128) { suites->suites[idx++] = TLS13_BYTE; suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256; } @@ -3394,7 +3594,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveECC) { + if (tls1_2 && haveECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256; } @@ -3414,9 +3614,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 #ifdef OPENSSL_EXTRA - if ((tls1_2 && haveRSA) || (tls1_2 && haveECDSAsig)) { + if ((tls1_2 && haveRSA && haveAES128) || + (tls1_2 && haveECDSAsig && haveAES128)) { #else - if (tls1_2 && haveRSA) { + if (tls1_2 && haveRSA && haveAES128) { #endif suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256; @@ -3431,7 +3632,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveDH && haveRSA) { + if (tls1_2 && haveDH && haveRSA && haveAES128) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; } @@ -3445,7 +3646,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveRSA && haveStaticRSA) { + if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256; } @@ -3459,7 +3660,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveECC && haveStaticECC) { + if (tls1_2 && haveECC && haveStaticECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256; } @@ -3473,7 +3674,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveRSAsig && haveStaticECC) { + if (tls1_2 && haveRSAsig && haveStaticECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256; } @@ -3487,7 +3688,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 - if (tls1_2 && haveECC) { + if (tls1_2 && haveECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256; } @@ -3501,7 +3702,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - if (tls1_2 && haveDH && haveAnon) { + if (tls1_2 && haveDH && haveAnon && haveAES128 && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA; } @@ -3515,7 +3716,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - if (tls1_2 && haveDH && havePSK) { + if (tls1_2 && haveDH && havePSK && haveAES128) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; } @@ -3529,7 +3730,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - if (tls1_2 && havePSK) { + if (tls1_2 && havePSK && haveAES128) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; } @@ -3563,7 +3764,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, /* Place as higher priority for MYSQL */ #if defined(WOLFSSL_MYSQL_COMPATIBLE) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - if (tls && haveDH && haveRSA) { + if (tls && haveDH && haveRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } @@ -3572,9 +3773,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #ifdef OPENSSL_EXTRA - if ((tls1_2 && haveRSA) || (tls1_2 && haveECDSAsig)) { + if ((tls1_2 && haveRSA && haveAES128) || + (tls1_2 && haveECDSAsig && haveAES128)) { #else - if (tls1_2 && haveRSA) { + if (tls1_2 && haveRSA && haveAES128) { #endif suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256; @@ -3582,21 +3784,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - if (tls1_2 && haveECC) { + if (tls1_2 && haveECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - if (tls1_2 && haveRSAsig && haveStaticECC) { + if (tls1_2 && haveRSAsig && haveStaticECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - if (tls1_2 && haveECC && haveStaticECC) { + if (tls1_2 && haveECC && haveStaticECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256; } @@ -3635,56 +3837,56 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - if (tls && haveECC) { + if (tls && haveECC && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - if (tls && haveECC && haveStaticECC) { + if (tls && haveECC && haveStaticECC && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - if (tls && haveECC) { + if (tls && haveECC && haveAES128 && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - if (tls && haveECC && haveStaticECC) { + if (tls && haveECC && haveStaticECC && haveAES128 && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - if (!dtls && tls && haveECC) { + if (!dtls && tls && haveECC && haveSHA1 && haveRC4) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - if (!dtls && tls && haveECC && haveStaticECC) { + if (!dtls && tls && haveECC && haveStaticECC && haveSHA1 && haveRC4) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveECC) { + if (tls && haveECC && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveECC && haveStaticECC) { + if (tls && haveECC && haveStaticECC && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA; } @@ -3692,9 +3894,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA #ifdef OPENSSL_EXTRA - if ((tls && haveRSA) || (tls && haveECDSAsig)) { + if ((tls && haveRSA && haveSHA1) || (tls && haveECDSAsig && haveSHA1)) { #else - if (tls && haveRSA) { + if (tls && haveRSA && haveSHA1) { #endif suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA; @@ -3702,7 +3904,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - if (tls && haveRSAsig && haveStaticECC) { + if (tls && haveRSAsig && haveStaticECC && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA; } @@ -3710,9 +3912,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA #ifdef OPENSSL_EXTRA - if ((tls && haveRSA) || (tls && haveECDSAsig)) { + if ((tls && haveRSA && haveAES128 && haveSHA1) || + (tls && haveECDSAsig && haveAES128 && haveSHA1)) { #else - if (tls && haveRSA) { + if (tls && haveRSA && haveAES128 && haveSHA1) { #endif suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA; @@ -3720,21 +3923,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - if (tls && haveRSAsig && haveStaticECC) { + if (tls && haveRSAsig && haveStaticECC && haveAES128 && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - if (!dtls && tls && haveRSA) { + if (!dtls && tls && haveRSA && haveSHA1 && haveRC4) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - if (!dtls && tls && haveRSAsig && haveStaticECC) { + if (!dtls && tls && haveRSAsig && haveStaticECC && haveSHA1 && haveRC4) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA; } @@ -3742,9 +3945,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA #ifdef OPENSSL_EXTRA - if ((tls && haveRSA) || (tls && haveECDSAsig)) { + if ((tls && haveRSA && haveSHA1) || (tls && haveECDSAsig && haveSHA1)) { #else - if (tls && haveRSA) { + if (tls && haveRSA && haveSHA1) { #endif suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA; @@ -3752,21 +3955,21 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveRSAsig && haveStaticECC) { + if (tls && haveRSAsig && haveStaticECC && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - if (tls1_2 && haveECC) { + if (tls1_2 && haveECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM; } #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - if (tls1_2 && haveECC) { + if (tls1_2 && haveECC && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8; } @@ -3780,7 +3983,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - if (tls1_2 && haveRSA && haveStaticRSA) { + if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8; } @@ -3807,9 +4010,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES - if (tls1_2 && haveDH && haveRSA) + if (tls1_2 && haveDH && haveRSA && haveAES128) #else - if (tls && haveDH && haveRSA) + if (tls && haveDH && haveRSA && haveAES128) #endif { suites->suites[idx++] = CIPHER_BYTE; @@ -3820,7 +4023,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, /* Place as higher priority for MYSQL testing */ #if !defined(WOLFSSL_MYSQL_COMPATIBLE) #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - if (tls && haveDH && haveRSA) { + if (tls && haveDH && haveRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } @@ -3828,14 +4031,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - if (tls && haveDH && haveRSA) { + if (tls && haveDH && haveRSA && haveAES128 && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - if (tls && haveDH && haveRSA) { + if (tls && haveDH && haveRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; } @@ -3855,9 +4058,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES - if (tls1_2 && haveRSA && haveStaticRSA) + if (tls1_2 && haveRSA && haveStaticRSA && haveAES128) #else - if (tls && haveRSA && haveStaticRSA) + if (tls && haveRSA && haveStaticRSA && haveAES128) #endif { suites->suites[idx++] = CIPHER_BYTE; @@ -3866,14 +4069,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - if (tls && haveRSA && haveStaticRSA) { + if (tls && haveRSA && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - if (tls && haveRSA && haveStaticRSA) { + if (tls && haveRSA && haveStaticRSA && haveAES128 && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA; } @@ -3910,7 +4113,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - if (tls && haveECC && haveNull) { + if (tls && haveECC && haveNull && haveSHA1) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA; } @@ -3924,7 +4127,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA - if (tls && haveRSA && haveNull && haveStaticRSA) { + if (tls && haveRSA && haveNull && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA; } @@ -3943,7 +4146,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - if (tls && havePSK) { + if (tls && havePSK && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA; } @@ -3975,9 +4178,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES - if (tls1_2 && haveDH && havePSK) + if (tls1_2 && haveDH && havePSK && haveAES128) #else - if (tls && haveDH && havePSK) + if (tls && haveDH && havePSK && haveAES128) #endif { suites->suites[idx++] = CIPHER_BYTE; @@ -3987,9 +4190,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES - if (tls1_2 && havePSK) + if (tls1_2 && havePSK && haveAES128) #else - if (tls1 && havePSK) + if (tls1 && havePSK && haveAES128) #endif { suites->suites[idx++] = CIPHER_BYTE; @@ -3998,14 +4201,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - if (tls && havePSK) { + if (tls && havePSK && haveAES128 && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - if (tls && haveDH && havePSK) { + if (tls && haveDH && havePSK && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM; } @@ -4056,9 +4259,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES - if (tls1_2 && havePSK) + if (tls1_2 && havePSK && haveAES128) #else - if (tls && havePSK) + if (tls && havePSK && haveAES128) #endif { suites->suites[idx++] = ECC_BYTE; @@ -4068,9 +4271,9 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES - if (tls1_2 && havePSK) + if (tls1_2 && havePSK && haveAES128) #else - if (tls && havePSK) + if (tls && havePSK && haveAES128) #endif { suites->suites[idx++] = ECDHE_PSK_BYTE; @@ -4079,7 +4282,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - if (tls && havePSK) { + if (tls && havePSK && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM; } @@ -4093,7 +4296,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - if (tls && havePSK) { + if (tls && havePSK && haveAES128) { suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8; } @@ -4174,49 +4377,49 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - if (!dtls && haveRSA && haveStaticRSA) { + if (!dtls && haveRSA && haveStaticRSA && haveSHA1 && haveRC4) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; } #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - if (!dtls && haveRSA && haveStaticRSA) { + if (!dtls && haveRSA && haveStaticRSA && haveRC4) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; } #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - if (haveRSA && haveStaticRSA) { + if (haveRSA && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - if (tls && haveRSA && haveStaticRSA) { + if (tls && haveRSA && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - if (tls && haveDH && haveRSA && haveStaticRSA) { + if (tls && haveDH && haveRSA && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; } #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - if (tls && haveRSA && haveStaticRSA) { + if (tls && haveRSA && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; } #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - if (tls && haveDH && haveRSA && haveStaticRSA) { + if (tls && haveDH && haveRSA && haveStaticRSA && haveSHA1) { suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; } @@ -4313,8 +4516,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, (void)haveRSAsig; /* non ecc builds won't read */ (void)haveAnon; /* anon ciphers optional */ (void)haveNull; - (void)haveFalconSig; - (void)haveDilithiumSig; } #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) || \ @@ -4941,7 +5142,7 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, #endif #if defined(WC_RSA_PSS) - if (sigAlgo == rsa_pss_sa_algo) { + if (sigAlgo == rsa_pss_sa_algo || sigAlgo == rsa_pss_pss_algo) { enum wc_HashType hashType = WC_HASH_TYPE_NONE; int mgf = 0; @@ -6422,19 +6623,19 @@ int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx) static void InitSuites_EitherSide(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig, word16 haveECC, word16 haveStaticECC, - word16 haveFalconSig, word16 haveDilithiumSig, word16 haveAnon, + word16 haveAnon, int side) { /* make sure server has DH params, and add PSK if there */ if (side == WOLFSSL_SERVER_END) { InitSuites(suites, pv, keySz, haveRSA, havePSK, haveDH, haveECDSAsig, - haveECC, TRUE, haveStaticECC, haveFalconSig, - haveDilithiumSig, haveAnon, TRUE, side); + haveECC, TRUE, haveStaticECC, + haveAnon, TRUE, TRUE, TRUE, TRUE, side); } else { InitSuites(suites, pv, keySz, haveRSA, havePSK, TRUE, haveECDSAsig, - haveECC, TRUE, haveStaticECC, haveFalconSig, - haveDilithiumSig, haveAnon, TRUE, side); + haveECC, TRUE, haveStaticECC, + haveAnon, TRUE, TRUE, TRUE, TRUE, side); } } @@ -6458,7 +6659,7 @@ void InitSSL_CTX_Suites(WOLFSSL_CTX* ctx) #endif InitSuites_EitherSide(ctx->suites, ctx->method->version, keySz, haveRSA, havePSK, ctx->haveDH, ctx->haveECDSAsig, ctx->haveECC, - ctx->haveStaticECC, ctx->haveFalconSig, ctx->haveDilithiumSig, + ctx->haveStaticECC, haveAnon, ctx->method->side); } @@ -6513,7 +6714,6 @@ int InitSSL_Suites(WOLFSSL* ssl) InitSuites_EitherSide(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, ssl->options.useAnon, ssl->options.side); } @@ -6627,7 +6827,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef OPENSSL_EXTRA #ifdef WOLFSSL_TLS13 if (ssl->version.minor == TLSv1_3_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { + (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) { if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.3 set but not " "allowed and downgrading disabled."); @@ -6639,7 +6839,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) } #endif if (ssl->version.minor == TLSv1_2_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) { if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.2 set but not " "allowed and downgrading disabled."); @@ -6650,7 +6850,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->version.minor = TLSv1_1_MINOR; } if (ssl->version.minor == TLSv1_1_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) { if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1.1 set but not " "allowed and downgrading disabled."); @@ -6662,7 +6862,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->version.minor = TLSv1_MINOR; } if (ssl->version.minor == TLSv1_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) { if (!ctx->method->downgrade) { WOLFSSL_MSG("\tInconsistent protocol options. TLS 1 set but not " "allowed and downgrading disabled."); @@ -6675,7 +6875,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->version.minor = SSLv3_MINOR; } if (ssl->version.minor == SSLv3_MINOR && - (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { + (ssl->options.mask & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) { WOLFSSL_MSG("\tError, option set to not allow SSLv3"); WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; @@ -7421,6 +7621,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.dtlsCtx.rfd = -1; ssl->buffers.dtlsCtx.wfd = -1; +#ifdef WOLFSSL_RW_THREADED + if (wc_InitRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + return BAD_MUTEX_E; +#endif + ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx; /* prevent invalid pointer access if not */ ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx; /* correctly set */ #else @@ -7754,6 +7959,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->response_idx = 0; #endif #endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + ssl->secLevel = ctx->secLevel; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */ WOLFSSL_MSG_EX("InitSSL done. return 0 (success)"); return 0; @@ -8163,7 +8371,7 @@ void FreeSuites(WOLFSSL* ssl) /* In case holding SSL object in array and don't want to free actual ssl */ -void SSL_ResourceFree(WOLFSSL* ssl) +void wolfSSL_ResourceFree(WOLFSSL* ssl) { /* Note: any resources used during the handshake should be released in the * function FreeHandshakeResources(). Be careful with the special cases @@ -8248,10 +8456,12 @@ void SSL_ResourceFree(WOLFSSL* ssl) XFREE(ssl->peerSceTsipEncRsaKeyIndex, ssl->heap, DYNAMIC_TYPE_RSA); Renesas_cmn_Cleanup(ssl); #endif +#ifndef NO_TLS if (ssl->buffers.inputBuffer.dynamicFlag) ShrinkInputBuffer(ssl, FORCED_FREE); if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); +#endif #ifdef WOLFSSL_THREADED_CRYPT { int i; @@ -8288,6 +8498,14 @@ void SSL_ResourceFree(WOLFSSL* ssl) } XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR); ssl->buffers.dtlsCtx.peer.sa = NULL; +#ifdef WOLFSSL_RW_THREADED + wc_FreeRwLock(&ssl->buffers.dtlsCtx.peerLock); +#endif +#ifdef WOLFSSL_DTLS_CID + XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap, + DYNAMIC_TYPE_SOCKADDR); + ssl->buffers.dtlsCtx.pendingPeer.sa = NULL; +#endif #ifndef NO_WOLFSSL_SERVER if (ssl->buffers.dtlsCookieSecret.buffer != NULL) { ForceZero(ssl->buffers.dtlsCookieSecret.buffer, @@ -8571,9 +8789,11 @@ void FreeHandshakeResources(WOLFSSL* ssl) } #endif +#ifndef NO_TLS /* input buffer */ if (ssl->buffers.inputBuffer.dynamicFlag) ShrinkInputBuffer(ssl, NO_FORCED_FREE); +#endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (!ssl->options.tls1_3) @@ -8799,7 +9019,7 @@ void FreeHandshakeResources(WOLFSSL* ssl) void FreeSSL(WOLFSSL* ssl, void* heap) { WOLFSSL_CTX* ctx = ssl->ctx; - SSL_ResourceFree(ssl); + wolfSSL_ResourceFree(ssl); XFREE(ssl, heap, DYNAMIC_TYPE_SSL); if (ctx) FreeSSL_Ctx(ctx); /* will decrement and free underlying CTX if 0 */ @@ -10024,6 +10244,8 @@ ProtocolVersion MakeDTLSv1_3(void) */ #endif /* !NO_ASN_TIME */ + +#ifndef NO_TLS #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \ (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ @@ -10604,7 +10826,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) } } #endif - goto retry; + return WOLFSSL_FATAL_ERROR; case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): ssl->options.isClosed = 1; @@ -11545,15 +11767,14 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, #ifdef WOLFSSL_DTLS_CID if (rh->type == dtls12_cid) { - byte cid[DTLS_CID_MAX_SIZE]; + byte* ourCid = NULL; if (ssl->buffers.inputBuffer.length - *inOutIdx < (word32)cidSz + LENGTH_SZ) return LENGTH_ERROR; - if (cidSz > DTLS_CID_MAX_SIZE || - wolfSSL_dtls_cid_get_rx(ssl, cid, cidSz) != WOLFSSL_SUCCESS) + if (wolfSSL_dtls_cid_get0_rx(ssl, &ourCid) != WOLFSSL_SUCCESS) return DTLS_CID_ERROR; - if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, - cid, cidSz) != 0) + if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, ourCid, cidSz) + != 0) return DTLS_CID_ERROR; *inOutIdx += cidSz; } @@ -11763,7 +11984,7 @@ int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input, { word32 idx = *inOutIdx; - *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA; + *inOutIdx += DTLS_HANDSHAKE_HEADER_SZ; if (*inOutIdx > totalSz) { WOLFSSL_ERROR(BUFFER_E); return BUFFER_E; @@ -11927,14 +12148,9 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) if (ssl == NULL) return BAD_FUNC_ARG; -#ifndef NO_TLS if (ssl->options.tls) { ret = BuildTlsFinished(ssl, hashes, sender); } -#else - (void)hashes; - (void)sender; -#endif #ifndef NO_OLD_TLS if (!ssl->options.tls) { ret = BuildMD5(ssl, hashes, sender); @@ -11958,6 +12174,8 @@ int CipherRequires(byte first, byte second, int requirement) { (void)requirement; + (void)first; + (void)second; #ifndef WOLFSSL_NO_TLS12 @@ -12599,7 +12817,7 @@ int CipherRequires(byte first, byte second, int requirement) } #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ - +#endif /* !NO_TLS */ #ifndef NO_CERTS @@ -12917,7 +13135,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) x509->challengePw[dCert->cPwdLen] = '\0'; #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_pkcs9_challengePassword, + WC_NID_pkcs9_challengePassword, MBSTRING_ASC, (const byte*)dCert->cPwd, dCert->cPwdLen) != WOLFSSL_SUCCESS) { @@ -12939,7 +13157,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_pkcs9_contentType, + WC_NID_pkcs9_contentType, MBSTRING_ASC, (const byte*)dCert->contentType, dCert->contentTypeLen) != @@ -12953,7 +13171,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) if (dCert->sNum) { if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_serialNumber, + WC_NID_serialNumber, MBSTRING_ASC, (const byte*)dCert->sNum, dCert->sNumLen) != WOLFSSL_SUCCESS) { @@ -12963,7 +13181,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } if (dCert->unstructuredName) { if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_pkcs9_unstructuredName, + WC_NID_pkcs9_unstructuredName, MBSTRING_ASC, (const byte*)dCert->unstructuredName, dCert->unstructuredNameLen) @@ -12974,7 +13192,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } if (dCert->surname) { if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_surname, + WC_NID_surname, MBSTRING_ASC, (const byte*)dCert->surname, dCert->surnameLen) != WOLFSSL_SUCCESS) { @@ -12984,7 +13202,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } if (dCert->givenName) { if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_givenName, + WC_NID_givenName, MBSTRING_ASC, (const byte*)dCert->givenName, dCert->givenNameLen) != WOLFSSL_SUCCESS) { @@ -12994,7 +13212,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } if (dCert->dnQualifier) { if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_dnQualifier, + WC_NID_dnQualifier, MBSTRING_ASC, (const byte*)dCert->dnQualifier, dCert->dnQualifierLen) != WOLFSSL_SUCCESS) { @@ -13004,7 +13222,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) } if (dCert->initials) { if (wolfSSL_X509_REQ_add1_attr_by_NID(x509, - NID_initials, + WC_NID_initials, MBSTRING_ASC, (const byte*)dCert->initials, dCert->initialsLen) != WOLFSSL_SUCCESS) { @@ -13528,8 +13746,8 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert) #endif /* WOLFSSL_ACERT */ -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ - (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12)) +#if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && !defined(WOLFSSL_NO_TLS12) static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 status_length, int idx) { @@ -13725,7 +13943,6 @@ int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx) #endif /* HAVE_PK_CALLBACKS */ - #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) void DoCertFatalAlert(WOLFSSL* ssl, int ret) { @@ -13768,12 +13985,15 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret) } } +#ifndef NO_TLS /* send fatal alert and mark connection closed */ SendAlert(ssl, alert_fatal, alertWhy); /* try to send */ +#else + (void)alertWhy; +#endif ssl->options.isClosed = 1; } - int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, WOLFSSL* ssl, WOLFSSL_CERT_MANAGER* cm, ProcPeerCertArgs* args, int cert_err, void* heap, int* x509Free) @@ -14817,7 +15037,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { /* Re-entry after non-blocking OCSP */ #ifdef WOLFSSL_ASYNC_CRYPT - /* if async operationg not pending, reset error code */ + /* if async operations not pending, reset error code */ if (ret == WC_NO_ERR_TRACE(WC_NO_PENDING_E)) ret = 0; #endif @@ -15232,7 +15452,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, else /* skips OCSP and force CRL check */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + ssl->options.side == WOLFSSL_CLIENT_END && + ssl->status_request) { + /* We check CSR in Certificate message sent from + * Server. Server side will check client + * certificates by traditional OCSP if enabled + */ ret = TLSX_CSR_InitRequest_ex(ssl->extensions, args->dCert, ssl->heap, args->certIdx); } @@ -16827,13 +17053,13 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, if (ssl->options.side == WOLFSSL_CLIENT_END) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; #ifdef OPENSSL_EXTRA - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; ssl->options.clientState = CLIENT_FINISHED_COMPLETE; #endif if (!ssl->options.resuming) { #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); } #endif ssl->options.handShakeState = HANDSHAKE_DONE; @@ -16846,13 +17072,13 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, else { ssl->options.clientState = CLIENT_FINISHED_COMPLETE; #ifdef OPENSSL_EXTRA - ssl->cbmode = SSL_CB_MODE_READ; + ssl->cbmode = WOLFSSL_CB_MODE_READ; ssl->options.serverState = SERVER_FINISHED_COMPLETE; #endif if (ssl->options.resuming) { #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS); } #endif ssl->options.handShakeState = HANDSHAKE_DONE; @@ -17476,7 +17702,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* The server's decision to resume isn't known until after the * "server_hello". If subsequent handshake messages like - * "certificate" or "server_key_exchange" are recevied then we + * "certificate" or "server_key_exchange" are received then we * are doing a full handshake */ /* If the server included a session id then we @@ -17513,9 +17739,9 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL){ - ssl->cbmode = SSL_CB_MODE_READ; + ssl->cbmode = WOLFSSL_CB_MODE_READ; ssl->cbtype = type; - ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS); } #endif @@ -18651,6 +18877,7 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ +#ifndef NO_TLS #ifndef WOLFSSL_NO_TLS12 #ifdef HAVE_AEAD @@ -20223,7 +20450,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) #ifndef WOLFSSL_AEAD_ONLY -#ifdef WOLSSL_OLD_TIMINGPADVERIFY +#ifdef WOLFSSL_OLD_TIMINGPADVERIFY #define COMPRESS_LOWER 64 #define COMPRESS_UPPER 55 #define COMPRESS_CONSTANT 13 @@ -20629,7 +20856,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, return ret; } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ -#endif /* WOLSSL_OLD_TIMINGPADVERIFY */ +#endif /* WOLFSSL_OLD_TIMINGPADVERIFY */ #endif /* WOLFSSL_AEAD_ONLY */ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) @@ -20641,33 +20868,54 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) #ifdef HAVE_LIBZ byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif - #ifdef WOLFSSL_EARLY_DATA - if (ssl->options.tls1_3 && ssl->options.handShakeDone == 0) { - int process = 0; + int isEarlyData = ssl->options.tls1_3 && + ssl->options.handShakeDone == 0 && + ssl->options.side == WOLFSSL_SERVER_END; + int acceptEarlyData = ssl->earlyData != no_early_data && + ssl->options.clientState == CLIENT_HELLO_COMPLETE; +#endif - if (ssl->options.side == WOLFSSL_SERVER_END) { - if ((ssl->earlyData != no_early_data) && - (ssl->options.clientState == CLIENT_HELLO_COMPLETE)) { - process = 1; - } - if (!process) { - WOLFSSL_MSG("Ignoring EarlyData!"); - *inOutIdx += ssl->curSize; - if (*inOutIdx > ssl->buffers.inputBuffer.length) - return BUFFER_E; +#if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_DTLS13) + if (ssl->options.tls1_3 && ssl->options.dtls) + isEarlyData = isEarlyData && w64Equal(ssl->keys.curEpoch64, + w64From32(0x0, DTLS13_EPOCH_EARLYDATA)); +#endif - return 0; - } - } - if (!process) { - WOLFSSL_MSG("Received App data before a handshake completed"); - if (sniff == NO_SNIFF) { - SendAlert(ssl, alert_fatal, unexpected_message); - } - WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); - return OUT_OF_ORDER_E; - } +#ifdef WOLFSSL_EARLY_DATA + if (isEarlyData && acceptEarlyData) { + WOLFSSL_MSG("Processing EarlyData"); + } + else if (isEarlyData && !acceptEarlyData) { + WOLFSSL_MSG("Ignoring EarlyData!"); + *inOutIdx += ssl->curSize; + if (*inOutIdx > ssl->buffers.inputBuffer.length) + return BUFFER_E; +#ifdef WOLFSSL_DTLS13 + /* Receiving app data from the traffic epoch before the handshake is + * done means that there was a disruption. */ + if (ssl->options.dtls && !w64Equal(ssl->keys.curEpoch64, + w64From32(0x0, DTLS13_EPOCH_EARLYDATA))) + ssl->dtls13Rtx.sendAcks = 1; +#endif + return 0; + } + else +#endif +#ifdef WOLFSSL_DTLS + if (ssl->options.handShakeDone == 0 && ssl->options.dtls) { + WOLFSSL_MSG("Dropping app data received before handshake complete"); + *inOutIdx += ssl->curSize; + if (*inOutIdx > ssl->buffers.inputBuffer.length) + return BUFFER_E; +#ifdef WOLFSSL_DTLS13 + /* Receiving app data from the traffic epoch before the handshake is + * done means that there was a disruption. */ + if (ssl->options.tls1_3 && !w64Equal(ssl->keys.curEpoch64, + w64From32(0x0, DTLS13_EPOCH_EARLYDATA))) + ssl->dtls13Rtx.sendAcks = 1; +#endif + return 0; } else #endif @@ -21041,11 +21289,14 @@ static int GetInputData(WOLFSSL *ssl, word32 size) int usedLength; int dtlsExtra = 0; + if (ssl->options.disableRead) + return WC_NO_ERR_TRACE(WANT_READ); /* check max input length */ - usedLength = (int)(ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx); - maxLength = (int)(ssl->buffers.inputBuffer.bufferSize - (word32)usedLength); - inSz = (int)(size - (word32)usedLength); /* from last partial read */ + usedLength = (int)(ssl->buffers.inputBuffer.length - + ssl->buffers.inputBuffer.idx); + maxLength = (int)(ssl->buffers.inputBuffer.bufferSize - + (word32)usedLength); #ifdef WOLFSSL_DTLS if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) { @@ -21059,11 +21310,20 @@ static int GetInputData(WOLFSSL *ssl, word32 size) if (size < (word32)inSz) dtlsExtra = (int)(inSz - size); } + else #endif + { + /* check that no lengths or size values are negative */ + if (usedLength < 0 || maxLength < 0) { + return BUFFER_ERROR; + } - /* check that no lengths or size values are negative */ - if (usedLength < 0 || maxLength < 0 || inSz <= 0) { - return BUFFER_ERROR; + /* Return if we have enough data already in the buffer */ + if (size <= (word32)usedLength) { + return 0; + } + + inSz = (int)(size - (word32)usedLength); /* from last partial read */ } if (inSz > maxLength) { @@ -21297,7 +21557,8 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode) } #endif /* WOLFSSL_DTLS */ -#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#if defined(WOLFSSL_TLS13) || \ + (defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)) static int removeMsgInnerPadding(WOLFSSL* ssl) { word32 i = ssl->buffers.inputBuffer.idx + @@ -21329,16 +21590,58 @@ static int removeMsgInnerPadding(WOLFSSL* ssl) } #endif -int ProcessReply(WOLFSSL* ssl) +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +static void dtlsClearPeer(WOLFSSL_SOCKADDR* peer) { - return ProcessReplyEx(ssl, 0); + XFREE(peer->sa, NULL, DYNAMIC_TYPE_SOCKADDR); + peer->sa = NULL; + peer->sz = 0; + peer->bufSz = 0; } + +/** + * @brief Handle pending peer during record processing. + * @param ssl WOLFSSL object. + * @param deprotected 0 when we have not decrypted the record yet + * 1 when we have decrypted and verified the record + */ +static void dtlsProcessPendingPeer(WOLFSSL* ssl, int deprotected) +{ + if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) { + if (!deprotected) { + /* Here we have just read an entire record from the network. It is + * still encrypted. If processingPendingRecord is set then that + * means that an error occurred when processing the previous record. + * In that case we should clear the pendingPeer because we only + * want to allow it to be valid for one record. */ + if (ssl->buffers.dtlsCtx.processingPendingRecord) { + /* Clear the pending peer. */ + dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer); + } + ssl->buffers.dtlsCtx.processingPendingRecord = + !ssl->buffers.dtlsCtx.processingPendingRecord; + } + else { + /* Pending peer present and record deprotected. Update the peer. */ + (void)wolfSSL_dtls_set_peer(ssl, + &ssl->buffers.dtlsCtx.pendingPeer.sa, + ssl->buffers.dtlsCtx.pendingPeer.sz); + ssl->buffers.dtlsCtx.processingPendingRecord = 0; + dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer); + } + } + else { + ssl->buffers.dtlsCtx.processingPendingRecord = 0; + } +} +#endif + /* Process input requests. Return 0 is done, 1 is call again to complete, and negative number is error. If allowSocketErr is set, SOCKET_ERROR_E in ssl->error will be whitelisted. This is useful when the connection has been closed and the endpoint wants to check for an alert sent by the other end. */ -int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) +static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) { int ret = 0, type = internal_error, readSz; int atomicUser = 0; @@ -21537,6 +21840,10 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) &ssl->curRL, &ssl->curSize); #ifdef WOLFSSL_DTLS +#ifdef WOLFSSL_DTLS_CID + if (ssl->options.dtls) + dtlsProcessPendingPeer(ssl, 0); +#endif if (ssl->options.dtls && DtlsShouldDrop(ssl, ret)) { ssl->options.processReply = doProcessInit; ssl->buffers.inputBuffer.length = 0; @@ -21916,7 +22223,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 1) { -#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#if defined(WOLFSSL_TLS13) || \ + (defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID)) int removePadding = 0; if (ssl->options.tls1_3) removePadding = 1; @@ -21961,8 +22269,9 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* the record layer is here */ case runProcessingOneRecord: -#ifdef WOLFSSL_DTLS13 +#ifdef WOLFSSL_DTLS if (ssl->options.dtls) { +#ifdef WOLFSSL_DTLS13 if (IsAtLeastTLSv1_3(ssl->version)) { if (!Dtls13CheckWindow(ssl)) { /* drop packet */ @@ -21986,11 +22295,18 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } } } - else if (IsDtlsNotSctpMode(ssl)) { + else +#endif /* WOLFSSL_DTLS13 */ + if (IsDtlsNotSctpMode(ssl)) { DtlsUpdateWindow(ssl); } +#ifdef WOLFSSL_DTLS_CID + /* Update the peer if we were able to de-protect the message */ + if (IsEncryptionOn(ssl, 0)) + dtlsProcessPendingPeer(ssl, 1); +#endif } -#endif /* WOLFSSL_DTLS13 */ +#endif /* WOLFSSL_DTLS */ ssl->options.processReply = runProcessingOneMessage; FALL_THROUGH; @@ -22458,6 +22774,35 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } } +int ProcessReply(WOLFSSL* ssl) +{ + return ProcessReplyEx(ssl, 0); +} + +int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) +{ + int ret; + + ret = DoProcessReplyEx(ssl, allowSocketErr); + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls) { + /* Don't clear pending peer if we are going to re-enter + * DoProcessReplyEx */ + if (ret != WC_NO_ERR_TRACE(WANT_READ) +#ifdef WOLFSSL_ASYNC_CRYPT + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) +#endif + ) { + dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer); + ssl->buffers.dtlsCtx.processingPendingRecord = 0; + } + } +#endif + + return ret; +} + #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \ (defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)) int SendChangeCipher(WOLFSSL* ssl) @@ -22468,17 +22813,17 @@ int SendChangeCipher(WOLFSSL* ssl) int ret; #ifdef OPENSSL_EXTRA - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; if (ssl->options.side == WOLFSSL_SERVER_END){ ssl->options.serverState = SERVER_CHANGECIPHERSPEC_COMPLETE; if (ssl->CBIS != NULL) - ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_ACCEPT_LOOP, WOLFSSL_SUCCESS); } - else{ + else { ssl->options.clientState = CLIENT_CHANGECIPHERSPEC_COMPLETE; if (ssl->CBIS != NULL) - ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); } #endif @@ -22915,11 +23260,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, (void)epochOrder; -#ifndef NO_TLS #if defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13) + /* TLS v1.3 only */ return BuildTls13Message(ssl, output, outSz, input, inSz, type, hashOutput, sizeOnly, asyncOkay); #else + /* TLS v1.2 or v1.3 */ #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { return BuildTls13Message(ssl, output, outSz, input, inSz, type, @@ -22927,6 +23273,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } #endif +#ifndef WOLFSSL_NO_TLS12 #ifdef WOLFSSL_ASYNC_CRYPT ret = WC_NO_PENDING_E; if (asyncOkay) { @@ -23439,9 +23786,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* Final cleanup */ FreeBuildMsgArgs(ssl, args); - return ret; -#endif /* !WOLFSSL_NO_TLS12 */ #else (void)outSz; (void)inSz; @@ -23449,8 +23794,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, (void)hashOutput; (void)asyncOkay; return NOT_COMPILED_IN; -#endif /* NO_TLS */ - +#endif /* !WOLFSSL_NO_TLS12 */ +#endif } #ifndef WOLFSSL_NO_TLS12 @@ -23557,9 +23902,9 @@ int SendFinished(WOLFSSL* ssl) if (ssl->options.side == WOLFSSL_SERVER_END) { #ifdef OPENSSL_EXTRA ssl->options.serverState = SERVER_FINISHED_COMPLETE; - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; if (ssl->CBIS != NULL) - ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS); #endif ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeDone = 1; @@ -23572,9 +23917,9 @@ int SendFinished(WOLFSSL* ssl) if (ssl->options.side == WOLFSSL_CLIENT_END) { #ifdef OPENSSL_EXTRA ssl->options.clientState = CLIENT_FINISHED_COMPLETE; - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; if (ssl->CBIS != NULL) - ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_DONE, WOLFSSL_SUCCESS); #endif ssl->options.handShakeState = HANDSHAKE_DONE; ssl->options.handShakeDone = 1; @@ -23616,6 +23961,7 @@ int SendFinished(WOLFSSL* ssl) return ret; } #endif /* WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS */ #ifndef NO_WOLFSSL_SERVER #if (!defined(WOLFSSL_NO_TLS12) && \ @@ -24806,6 +25152,8 @@ int SendAsyncData(WOLFSSL* ssl) } #endif +#ifndef NO_TLS + /** * ssl_in_handshake(): * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is @@ -24898,15 +25246,15 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) groupMsgs = 1; #endif } - else if (IsAtLeastTLSv1_3(ssl->version) && + else +#endif + if (IsAtLeastTLSv1_3(ssl->version) && ssl->options.side == WOLFSSL_SERVER_END && ssl->options.acceptState >= TLS13_ACCEPT_FINISHED_SENT) { /* We can send data without waiting on peer finished msg */ WOLFSSL_MSG("server sending data before receiving client finished"); } - else -#endif - if (ssl_in_handshake(ssl, 1)) { + else if (ssl_in_handshake(ssl, 1)) { int err; WOLFSSL_MSG("handshake not complete, trying to finish"); if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { @@ -25458,7 +25806,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_ALERT, type); + ssl->CBIS(ssl, WOLFSSL_CB_ALERT, type); } #endif #ifdef WOLFSSL_DTLS @@ -25596,8 +25944,11 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) return ret; } +#endif /* !NO_TLS */ + int RetrySendAlert(WOLFSSL* ssl) { + int ret = 0; int type; int severity; WOLFSSL_ENTER("RetrySendAlert"); @@ -25615,12 +25966,18 @@ int RetrySendAlert(WOLFSSL* ssl) ssl->pendingAlert.code = 0; ssl->pendingAlert.level = alert_none; - return SendAlert_ex(ssl, severity, type); +#ifndef NO_TLS + ret = SendAlert_ex(ssl, severity, type); +#else + (void)type; +#endif + return ret; } /* send alert message */ int SendAlert(WOLFSSL* ssl, int severity, int type) { + int ret = 0; WOLFSSL_ENTER("SendAlert"); if (ssl == NULL) { @@ -25628,7 +25985,7 @@ int SendAlert(WOLFSSL* ssl, int severity, int type) } if (ssl->pendingAlert.level != alert_none) { - int ret = RetrySendAlert(ssl); + ret = RetrySendAlert(ssl); if (ret != 0) { if (ssl->pendingAlert.level == alert_none || (ssl->pendingAlert.level != alert_fatal && @@ -25641,10 +25998,13 @@ int SendAlert(WOLFSSL* ssl, int severity, int type) return ret; } } - - return SendAlert_ex(ssl, severity, type); +#ifndef NO_TLS + ret = SendAlert_ex(ssl, severity, type); +#endif /* !NO_TLS */ + return ret; } + #ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H #include #endif @@ -25666,7 +26026,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) } /* pass to wolfCrypt */ - if (error <= WC_FIRST_E && error >= WC_LAST_E) { + if ((error <= WC_SPAN1_FIRST_E && error >= WC_SPAN1_MIN_CODE_E) || + (error <= WC_SPAN2_FIRST_E && error >= WC_SPAN2_MIN_CODE_E)) + { return wc_GetErrorString(error); } @@ -25678,7 +26040,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) #endif } - switch ((enum wolfSSL_ErrorCodes)error) { + switch ((enum wolfSSL_ErrorCodes)error) { /* // NOLINT(clang-analyzer-optin.core.EnumCastOutOfRange) */ case UNSUPPORTED_SUITE : return "unsupported cipher suite"; @@ -25865,6 +26227,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case CRL_MISSING: return "CRL missing, not loaded"; + case CRYPTO_POLICY_FORBIDDEN: + return "Operation forbidden by system crypto-policy"; + case MONITOR_SETUP_E: return "CRL monitor setup error"; @@ -26189,6 +26554,33 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case WOLFSSL_FATAL_ERROR: return "fatal error"; + + case WOLFSSL_PEM_R_NO_START_LINE_E: + return "No more matching objects found (PEM)"; + + case WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E: + return "Error getting password (PEM)"; + + case WOLFSSL_PEM_R_BAD_PASSWORD_READ_E: + return "Bad password (PEM)"; + + case WOLFSSL_PEM_R_BAD_DECRYPT_E : + return "Decryption failed (PEM)"; + + case WOLFSSL_ASN1_R_HEADER_TOO_LONG_E: + return "ASN header too long (compat)"; + + case WOLFSSL_EVP_R_BAD_DECRYPT_E : + return "Decryption failed (EVP)"; + + case WOLFSSL_EVP_R_BN_DECODE_ERROR: + return "Bignum decode error (EVP)"; + + case WOLFSSL_EVP_R_DECODE_ERROR : + return "Decode error (EVP)"; + + case WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR: + return "Private key decode error (EVP)"; } #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ @@ -26273,9 +26665,9 @@ const char* wolfSSL_ERR_lib_error_string(unsigned long e) #if defined(OPENSSL_EXTRA) libe = wolfSSL_ERR_GET_LIB(e); switch (libe) { - case ERR_LIB_PEM: + case WOLFSSL_ERR_LIB_PEM: return "wolfSSL PEM routines"; - case ERR_LIB_EVP: + case WOLFSSL_ERR_LIB_EVP: return "wolfSSL digital envelope routines"; default: return ""; @@ -27265,6 +27657,9 @@ static int ParseCipherList(Suites* suites, word16 haveNull = 1; /* allowed by default if compiled in */ int callInitSuites = 0; word16 havePSK = 0; + word16 haveAES128 = 1; /* allowed by default if compiled in */ + word16 haveSHA1 = 1; /* allowed by default if compiled in */ + word16 haveRC4 = 1; /* allowed by default if compiled in */ #endif const int suiteSz = GetCipherNamesSize(); const char* next = list; @@ -27289,8 +27684,8 @@ static int ParseCipherList(Suites* suites, #else 0, #endif - haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 1, 1, 0, 0, - side + haveRSA, 1, 1, !haveRSA, 1, haveRSA, !haveRSA, 0, 0, 1, + 1, 1, side ); return 1; /* wolfSSL default */ } @@ -27491,6 +27886,29 @@ static int ParseCipherList(Suites* suites, continue; } + #if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (XSTRCMP(name, "AES128") == 0) { + haveAES128 = allowing; + callInitSuites = 1; + ret = 1; + continue; + } + + if (XSTRCMP(name, "SHA1") == 0) { + haveSHA1 = allowing; + callInitSuites = 1; + ret = 1; + continue; + } + + if (XSTRCMP(name, "RC4") == 0) { + haveRC4 = allowing; + callInitSuites = 1; + ret = 1; + continue; + } + #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + if (XSTRCMP(name, "LOW") == 0 || XSTRCMP(name, "MEDIUM") == 0) { /* No way to limit or allow low bit sizes */ if (allowing) { @@ -27512,6 +27930,14 @@ static int ParseCipherList(Suites* suites, /* wolfSSL doesn't support "export" ciphers. We can skip this */ continue; } + + #if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (XSTRNCMP(name, WOLFSSL_SECLEVEL_STR, + strlen(WOLFSSL_SECLEVEL_STR)) == 0) { + /* Skip the "@SECLEVEL=N" string, we'll process it elsewhere. */ + continue; + } + #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ #endif /* OPENSSL_EXTRA */ for (i = 0; i < suiteSz; i++) { @@ -27651,10 +28077,9 @@ static int ParseCipherList(Suites* suites, (word16)((haveSig & SIG_ECDSA) != 0), (word16)haveECC, (word16)haveStaticRSA, (word16)haveStaticECC, - (word16)((haveSig & SIG_FALCON) != 0), - (word16)((haveSig & SIG_DILITHIUM) != 0), (word16)((haveSig & SIG_ANON) != 0), - (word16)haveNull, side); + (word16)haveNull, (word16)haveAES128, + (word16)haveSHA1, (word16)haveRC4, side); /* Restore user ciphers ahead of defaults */ XMEMMOVE(suites->suites + idx, suites->suites, min(suites->suiteSz, WOLFSSL_MAX_SUITE_SZ-idx)); @@ -27665,7 +28090,7 @@ static int ParseCipherList(Suites* suites, { suites->suiteSz = (word16)idx; InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz, - &suites->hashSigAlgoSz); + &suites->hashSigAlgoSz); } #ifdef HAVE_RENEGOTIATION_INDICATION @@ -29820,11 +30245,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->buffers.digest.length = (unsigned int)digest_sz; /* buffer for hash */ - if (!ssl->buffers.digest.buffer) { - if (!ssl->options.dontFreeDigest) { - XFREE(ssl->buffers.digest.buffer, ssl->heap, - DYNAMIC_TYPE_DIGEST); - } + if (!ssl->options.dontFreeDigest) { + XFREE(ssl->buffers.digest.buffer, ssl->heap, + DYNAMIC_TYPE_DIGEST); } ssl->options.dontFreeDigest = 0; @@ -29856,7 +30279,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif /* !WOLFSSL_NO_TLS12 */ /* client only parts */ -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) int HaveUniqueSessionObj(WOLFSSL* ssl) { @@ -30144,9 +30567,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.clientState = CLIENT_HELLO_COMPLETE; #ifdef OPENSSL_EXTRA - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; if (ssl->CBIS != NULL) - ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); #endif #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) @@ -30257,8 +30680,10 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif ret = ret || - (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID, - ssl->session->sessionID, ID_LEN) == 0); + (ssl->options.haveSessionId && ssl->arrays->sessionIDSz == ID_LEN + && ssl->session->sessionIDSz == ID_LEN + && XMEMCMP(ssl->arrays->sessionID, + ssl->session->sessionID, ID_LEN) == 0); return ret; } @@ -30282,7 +30707,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS); } #endif @@ -31867,6 +32292,13 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, } else #endif + #ifdef WC_RSA_PSS + if (sigAlgo == rsa_pss_pss_algo && + ssl->options.peerSigAlgo == rsa_sa_algo) { + ssl->options.peerSigAlgo = sigAlgo; + } + else + #endif #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (sigAlgo == sm2_sa_algo && ssl->options.peerSigAlgo == ecc_dsa_sa_algo) { @@ -31933,6 +32365,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: + case rsa_pss_pss_algo: #endif case rsa_sa_algo: { @@ -32033,6 +32466,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: + case rsa_pss_pss_algo: #endif case rsa_sa_algo: { @@ -32244,6 +32678,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, #ifndef NO_RSA #ifdef WC_RSA_PSS case rsa_pss_sa_algo: + case rsa_pss_pss_algo: #ifdef HAVE_SELFTEST ret = wc_RsaPSS_CheckPadding( ssl->buffers.digest.buffer, @@ -32449,9 +32884,9 @@ int SendClientKeyExchange(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; if (ssl->CBIS != NULL) - ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); + ssl->CBIS(ssl, WOLFSSL_CB_CONNECT_LOOP, WOLFSSL_SUCCESS); #endif #ifdef WOLFSSL_ASYNC_IO @@ -33775,7 +34210,7 @@ int SendCertificateVerify(WOLFSSL* ssl) return 0; /* sent blank cert, can't verify */ } - args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA; + args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA; if (IsEncryptionOn(ssl, 1)) { args->sendSz += MAX_MSG_EXTRA; } @@ -34054,13 +34489,20 @@ int SendCertificateVerify(WOLFSSL* ssl) #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (ssl->buffers.keyType == sm2_sa_algo) { + #ifdef HAVE_PK_CALLBACKS + buffer tmp; + + tmp.length = ssl->buffers.key->length; + tmp.buffer = ssl->buffers.key->buffer; + #endif + ret = Sm3wSm2Verify(ssl, TLS12_SM2_SIG_ID, TLS12_SM2_SIG_ID_SZ, ssl->buffers.sig.buffer, ssl->buffers.sig.length, ssl->buffers.digest.buffer, ssl->buffers.digest.length, key, #ifdef HAVE_PK_CALLBACKS - ssl->buffers.key + &tmp #else NULL #endif @@ -34069,12 +34511,19 @@ int SendCertificateVerify(WOLFSSL* ssl) else #endif { + #ifdef HAVE_PK_CALLBACKS + buffer tmp; + + tmp.length = ssl->buffers.key->length; + tmp.buffer = ssl->buffers.key->buffer; + #endif + ret = EccVerify(ssl, ssl->buffers.sig.buffer, ssl->buffers.sig.length, ssl->buffers.digest.buffer, ssl->buffers.digest.length, key, #ifdef HAVE_PK_CALLBACKS - ssl->buffers.key + &tmp #else NULL #endif @@ -34339,7 +34788,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* HAVE_SESSION_TICKET */ -#endif /* NO_WOLFSSL_CLIENT */ +#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */ +/* end client only parts */ + #ifndef NO_CERTS @@ -34518,7 +34969,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return MATCH_SUITE_ERROR; } -#ifndef NO_WOLFSSL_SERVER +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) #ifndef WOLFSSL_NO_TLS12 @@ -34938,7 +35389,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto exit_sske; if (ssl->buffers.serverDH_Pub.buffer == NULL) { - /* Free'd in SSL_ResourceFree and + /* Free'd in wolfSSL_ResourceFree and * FreeHandshakeResources */ ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -34952,7 +35403,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, pSz = wc_DhGetNamedKeyMinSize(ssl->namedGroup); if (ssl->buffers.serverDH_Priv.buffer == NULL) { - /* Free'd in SSL_ResourceFree and + /* Free'd in wolfSSL_ResourceFree and * FreeHandshakeResources */ ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( pSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); @@ -35021,7 +35472,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } if (ssl->buffers.serverDH_Pub.buffer == NULL) { - /* Free'd in SSL_ResourceFree and FreeHandshakeResources */ + /* Free'd in wolfSSL_ResourceFree + * and FreeHandshakeResources + */ ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -35033,7 +35486,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } if (ssl->buffers.serverDH_Priv.buffer == NULL) { - /* Free'd in SSL_ResourceFree and FreeHandshakeResources */ + /* Free'd in wolfSSL_ResourceFree + * and FreeHandshakeResources + */ ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC( ssl->buffers.serverDH_P.length, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); @@ -36258,6 +36713,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else #endif /* WOLFSSL_SM2 */ { + #ifdef HAVE_PK_CALLBACKS + buffer tmp; + + tmp.length = ssl->buffers.key->length; + tmp.buffer = ssl->buffers.key->buffer; + #endif + ret = EccVerify(ssl, args->output + LENGTH_SZ + args->idx, args->sigSz, @@ -36265,7 +36727,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->buffers.digest.length, key, #ifdef HAVE_PK_CALLBACKS - ssl->buffers.key + &tmp #else NULL #endif @@ -36277,7 +36739,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto exit_sske; } } - #if defined(HAVE_E25519) || defined(HAVE_ED448) + #if defined(HAVE_ED25519) || defined(HAVE_ED448) FALL_THROUGH; #endif #endif /* WOLFSSL_CHECK_SIG_FAULTS */ @@ -36810,9 +37272,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.useAnon, - TRUE, ssl->options.side); + ssl->options.useAnon, + TRUE, TRUE, TRUE, TRUE, ssl->options.side); } /* suite size */ @@ -36870,7 +37331,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.usingCompression = 0; /* turn off */ ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->cbmode = SSL_CB_MODE_WRITE; + ssl->cbmode = WOLFSSL_CB_MODE_WRITE; *inOutIdx = idx; ssl->options.haveSessionId = 1; @@ -37242,9 +37703,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.useAnon, - TRUE, ssl->options.side); + ssl->options.useAnon, + TRUE, TRUE, TRUE, TRUE, ssl->options.side); } /* check if option is set to not allow the current version @@ -37320,9 +37780,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.useAnon, - TRUE, ssl->options.side); + ssl->options.useAnon, + TRUE, TRUE, TRUE, TRUE, ssl->options.side); } } @@ -38468,7 +38927,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->ctx->ticketEncCb == NULL #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) || - /* SSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces + /* WOLFSSL_OP_NO_TICKET turns off tickets in <= 1.2. Forces * "stateful" tickets for 1.3 so just use the regular * stateless ones. */ (!IsAtLeastTLSv1_3(ssl->version) && @@ -38592,7 +39051,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->ctx->ticketEncCb == NULL #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) || - /* SSL_OP_NO_TICKET turns off tickets in < 1.2. Forces + /* WOLFSSL_OP_NO_TICKET turns off tickets in < 1.2. Forces * "stateful" tickets for 1.3 so just use the regular * stateless ones. */ (!IsAtLeastTLSv1_3(ssl->version) && @@ -39217,7 +39676,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; } -#ifndef WOLFSSL_NO_DEF_TICKET_ENC_CB +#if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS) /* Initialize the context for session ticket encryption. * @@ -39519,7 +39978,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz, } if (ret == 0) { ret = wc_AesGcmEncrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ, - tag, AES_BLOCK_SIZE, aad, aadSz); + tag, WC_AES_BLOCK_SIZE, aad, aadSz); } wc_AesFree(aes); } @@ -39530,7 +39989,7 @@ static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz, } if (ret == 0) { ret = wc_AesGcmDecrypt(aes, in, out, inLen, iv, GCM_NONCE_MID_SZ, - tag, AES_BLOCK_SIZE, aad, aadSz); + tag, WC_AES_BLOCK_SIZE, aad, aadSz); } wc_AesFree(aes); } @@ -41303,7 +41762,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_EXTRA_ALERTS is defined, indicating user is OK with potential information disclosure from alerts. */ #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EXTRA_ALERTS) - ad = SSL_AD_UNRECOGNIZED_NAME; + ad = WOLFSSL_AD_UNRECOGNIZED_NAME; #endif /* Stunnel supports a custom sni callback to switch an SSL's ctx * when SNI is received. Call it now if exists */ @@ -41330,7 +41789,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], } #endif /* HAVE_SNI */ -#endif /* NO_WOLFSSL_SERVER */ +#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */ #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/src/src/keys.c b/src/src/keys.c index b5b982c..4ff687e 100644 --- a/src/src/keys.c +++ b/src/src/keys.c @@ -28,7 +28,7 @@ #include -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) #include #include @@ -341,7 +341,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -358,7 +358,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -374,7 +374,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -431,7 +431,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -448,7 +448,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -466,7 +466,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -503,7 +503,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -530,7 +530,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -547,7 +547,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -601,7 +601,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -618,7 +618,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -635,7 +635,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -653,7 +653,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -671,7 +671,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; @@ -689,7 +689,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -707,7 +707,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -747,7 +747,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 1; specs->key_size = AES_128_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -764,7 +764,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 1; specs->key_size = AES_128_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -781,7 +781,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 1; specs->key_size = AES_256_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -798,7 +798,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->static_ecdh = 1; specs->key_size = AES_256_KEY_SIZE; specs->iv_size = AES_IV_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; break; #endif @@ -814,7 +814,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -907,7 +907,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -924,7 +924,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -941,7 +941,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -958,7 +958,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -976,7 +976,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -994,7 +994,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1012,7 +1012,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 1; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1068,7 +1068,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -1086,7 +1086,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -1104,7 +1104,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -1124,7 +1124,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -1144,7 +1144,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; @@ -1164,7 +1164,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; @@ -1184,7 +1184,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; @@ -1204,7 +1204,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_IMP_IV_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; @@ -1273,7 +1273,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_NONCE_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1291,7 +1291,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_NONCE_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1329,7 +1329,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_NONCE_SZ; specs->aead_mac_size = AES_CCM_16_AUTH_SZ; @@ -1347,7 +1347,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESCCM_NONCE_SZ; specs->aead_mac_size = AES_CCM_8_AUTH_SZ; @@ -1375,7 +1375,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1564,7 +1564,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -1581,7 +1581,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -1649,7 +1649,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -1666,7 +1666,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -1683,7 +1683,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1703,7 +1703,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1723,7 +1723,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1743,7 +1743,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1763,7 +1763,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -1783,7 +1783,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -1802,7 +1802,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -1821,7 +1821,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -1840,7 +1840,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -1859,7 +1859,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -1878,7 +1878,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -1992,7 +1992,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -2026,7 +2026,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -2043,7 +2043,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -2060,7 +2060,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; break; @@ -2077,7 +2077,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -2095,7 +2095,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -2113,7 +2113,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -2131,7 +2131,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_256_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AESGCM_IMP_IV_SZ; specs->aead_mac_size = AES_GCM_AUTH_SZ; @@ -2149,7 +2149,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_128_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2166,7 +2166,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_256_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2183,7 +2183,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_128_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2200,7 +2200,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_256_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2217,7 +2217,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_128_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2234,7 +2234,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_256_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2251,7 +2251,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_128_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2268,7 +2268,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = CAMELLIA_256_KEY_SIZE; - specs->block_size = CAMELLIA_BLOCK_SIZE; + specs->block_size = WC_CAMELLIA_BLOCK_SIZE; specs->iv_size = CAMELLIA_IV_SIZE; break; @@ -2285,7 +2285,7 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, specs->pad_size = PAD_SHA; specs->static_ecdh = 0; specs->key_size = AES_128_KEY_SIZE; - specs->block_size = AES_BLOCK_SIZE; + specs->block_size = WC_AES_BLOCK_SIZE; specs->iv_size = AES_IV_SIZE; if (opts != NULL) @@ -2976,13 +2976,13 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, if (enc && enc->cam == NULL) enc->cam = - (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); + (wc_Camellia*)XMALLOC(sizeof(wc_Camellia), heap, DYNAMIC_TYPE_CIPHER); if (enc && enc->cam == NULL) return MEMORY_E; if (dec && dec->cam == NULL) dec->cam = - (Camellia*)XMALLOC(sizeof(Camellia), heap, DYNAMIC_TYPE_CIPHER); + (wc_Camellia*)XMALLOC(sizeof(wc_Camellia), heap, DYNAMIC_TYPE_CIPHER); if (dec && dec->cam == NULL) return MEMORY_E; @@ -4109,4 +4109,4 @@ int MakeMasterSecret(WOLFSSL* ssl) #endif } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY && !NO_TLS */ diff --git a/src/src/ocsp.c b/src/src/ocsp.c index 493d826..cf824f6 100644 --- a/src/src/ocsp.c +++ b/src/src/ocsp.c @@ -866,7 +866,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, (void)certs; - if (flags & OCSP_NOVERIFY) + if (flags & WOLFSSL_OCSP_NOVERIFY) return WOLFSSL_SUCCESS; #ifdef WOLFSSL_SMALL_STACK @@ -880,7 +880,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, if (bs->verifyError != OCSP_VERIFY_ERROR_NONE) goto out; - if (flags & OCSP_TRUSTOTHER) { + if (flags & WOLFSSL_OCSP_TRUSTOTHER) { for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) { WOLFSSL_X509* x = wolfSSL_sk_X509_value(certs, idx); int derSz = 0; @@ -898,7 +898,7 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0) goto out; - if (!(flags & OCSP_NOCHECKS)) { + if (!(flags & WOLFSSL_OCSP_NOCHECKS)) { if (CheckOcspResponder(bs, cert, st->cm) != 0) goto out; } @@ -1634,7 +1634,7 @@ int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx) case ORIOS_WRITE: { const unsigned char *req; - int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, &req); + int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&req); if (reqLen <= 0) { WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error"); return WOLFSSL_FAILURE; @@ -1710,7 +1710,7 @@ int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx) if (ret != WOLFSSL_SUCCESS) return ret; - len = wolfSSL_BIO_get_mem_data(ctx->reqResp, &resp); + len = wolfSSL_BIO_get_mem_data(ctx->reqResp, (void*)&resp); if (len <= 0) return WOLFSSL_FAILURE; return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL diff --git a/src/src/pk.c b/src/src/pk.c index 42468bf..6c55bee 100644 --- a/src/src/pk.c +++ b/src/src/pk.c @@ -165,7 +165,26 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb, /* Write left over data back to BIO if not a file BIO */ if ((ret > 0) && ((memSz - ret) > 0) && (bio->type != WOLFSSL_BIO_FILE)) { - int res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret); + int res; + if (!alloced) { + /* If wolfssl_read_bio() points mem at the buffer internal to + * bio, we need to dup it before calling wolfSSL_BIO_write(), + * because the latter may reallocate the bio, invalidating the + * mem pointer before reading from it. + */ + char *mem_dup = (char *)XMALLOC((size_t)(memSz - ret), + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (mem_dup != NULL) { + XMEMCPY(mem_dup, mem + ret, (size_t)(memSz - ret)); + res = wolfSSL_BIO_write(bio, mem_dup, memSz - ret); + mem = mem_dup; + alloced = 1; + } + else + res = MEMORY_E; + } + else + res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret); if (res != memSz - ret) { WOLFSSL_ERROR_MSG("Unable to write back excess data"); if (res < 0) { @@ -348,7 +367,7 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz, * @return 1 on success. * @return 0 on error. */ -int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, +int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz) { int ret = 0; @@ -482,8 +501,8 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, * @return 0 on failure. */ static int der_to_enc_pem_alloc(unsigned char* der, int derSz, - const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type, - void* heap, byte** out, int* outSz) + const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, + int type, void* heap, byte** out, int* outSz) { int ret = 1; byte* tmp = NULL; @@ -2155,8 +2174,9 @@ WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa, * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, - unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen) +int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + unsigned char **pem, int *pLen) { int ret = 1; byte* derBuf = NULL; @@ -2261,7 +2281,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, * @return 0 on failure. */ int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa, - const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, + const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, wc_pem_password_cb *cb, void *arg) { int ret = 1; @@ -3542,7 +3562,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) { int ret = 1; - enum wc_HashType hashType; + enum wc_HashType hashType = WC_HASH_TYPE_NONE; int hashLen = 0; int emLen = 0; int mgf = 0; @@ -3857,15 +3877,15 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash, ret = 0; } - if ((ret == 1) && (hashAlg != NID_undef) && - (padding == RSA_PKCS1_PADDING)) { + if ((ret == 1) && (hashAlg != WC_NID_undef) && + (padding == WC_RSA_PKCS1_PADDING)) { /* Convert hash algorithm to hash type for PKCS#1.5 padding. */ hType = (int)nid2oid(hashAlg, oidHashType); if (hType == -1) { ret = 0; } } - if ((ret == 1) && (padding == RSA_PKCS1_PADDING)) { + if ((ret == 1) && (padding == WC_RSA_PKCS1_PADDING)) { /* PKCS#1.5 encoding. */ word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType); if (encSz == 0) { @@ -3877,7 +3897,7 @@ static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash, } } /* Other padding schemes require the hash as is. */ - if ((ret == 1) && (padding != RSA_PKCS1_PADDING)) { + if ((ret == 1) && (padding != WC_RSA_PKCS1_PADDING)) { XMEMCPY(enc, hash, hLen); *encLen = hLen; } @@ -3905,7 +3925,7 @@ int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen, } /* flag is 1: output complete signature. */ return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet, - sigLen, rsa, 1, RSA_PKCS1_PADDING); + sigLen, rsa, 1, WC_RSA_PKCS1_PADDING); } /* Sign the message hash using hash algorithm and RSA key. @@ -3935,7 +3955,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash, *sigLen = RSA_MAX_SIZE / CHAR_BIT; } ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet, - sigLen, rsa, flag, RSA_PKCS1_PADDING); + sigLen, rsa, flag, WC_RSA_PKCS1_PADDING); } return ret; @@ -3957,7 +3977,7 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash, * 0: Output the value that the unpadded signature * should be compared to. * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and - * RSA_PKCS1_PADDING are currently supported for + * WC_RSA_PKCS1_PADDING are currently supported for * signing. * @return 1 on success. * @return 0 on failure. @@ -4046,7 +4066,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, if (ret == 1) { switch (padding) { #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) - case RSA_NO_PADDING: + case WC_RSA_NO_PAD: if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen, (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) { WOLFSSL_ERROR_MSG("Bad Rsa Sign no pad"); @@ -4056,7 +4076,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, #endif #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) - case RSA_PKCS1_PSS_PADDING: + case WC_RSA_PKCS1_PSS_PADDING: { enum wc_HashType hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); @@ -4075,14 +4095,14 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, } #endif #ifndef WC_NO_RSA_OAEP - case RSA_PKCS1_OAEP_PADDING: + case WC_RSA_PKCS1_OAEP_PADDING: /* Not a signature padding scheme. */ WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for " "signing"); ret = 0; break; #endif - case RSA_PKCS1_PADDING: + case WC_RSA_PKCS1_PADDING: { /* Sign (private encrypt) PKCS#1 encoded signature. */ if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen, @@ -4135,7 +4155,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash, WOLFSSL_RSA* rsa) { return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa, - RSA_PKCS1_PADDING); + WC_RSA_PKCS1_PADDING); } /** @@ -4150,7 +4170,7 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash, * @param [in] sigLen Length of signature data. * @param [in] rsa RSA key used to sign the input * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and - * RSA_PKCS1_PADDING are currently supported for + * WC_RSA_PKCS1_PADDING are currently supported for * signing. * @return 1 on success. * @return 0 on failure. @@ -4190,7 +4210,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, } } #ifdef WOLFSSL_SMALL_STACK - if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) { + if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) { /* Allocate memory for encoded signature. */ encodedSig = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -4200,7 +4220,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, } } #endif - if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) { + if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) { /* Make encoded signature to compare with decrypted signature. */ if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len, padding) <= 0) { @@ -4229,7 +4249,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, if (ret == 1) { #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) - if (padding == RSA_PKCS1_PSS_PADDING) { + if (padding == WC_RSA_PKCS1_PSS_PADDING) { /* Check PSS padding is valid. */ if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen, hType, DEF_PSS_SALT_LEN, @@ -4305,15 +4325,15 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, #if !defined(HAVE_FIPS) /* Convert to wolfCrypt padding, hash and MGF. */ switch (padding) { - case RSA_PKCS1_PADDING: + case WC_RSA_PKCS1_PADDING: pad_type = WC_RSA_PKCSV15_PAD; break; - case RSA_PKCS1_OAEP_PADDING: + case WC_RSA_PKCS1_OAEP_PADDING: pad_type = WC_RSA_OAEP_PAD; hash = WC_HASH_TYPE_SHA; mgf = WC_MGF1SHA1; break; - case RSA_NO_PADDING: + case WC_RSA_NO_PAD: pad_type = WC_RSA_NO_PAD; break; default: @@ -4324,7 +4344,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, #else /* Check for supported padding schemes in FIPS. */ /* TODO: Do we support more schemes in later versions of FIPS? */ - if (padding != RSA_PKCS1_PADDING) { + if (padding != WC_RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " "FIPS"); ret = WOLFSSL_FATAL_ERROR; @@ -4417,15 +4437,15 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, if (ret == 0) { #if !defined(HAVE_FIPS) switch (padding) { - case RSA_PKCS1_PADDING: + case WC_RSA_PKCS1_PADDING: pad_type = WC_RSA_PKCSV15_PAD; break; - case RSA_PKCS1_OAEP_PADDING: + case WC_RSA_PKCS1_OAEP_PADDING: pad_type = WC_RSA_OAEP_PAD; hash = WC_HASH_TYPE_SHA; mgf = WC_MGF1SHA1; break; - case RSA_NO_PADDING: + case WC_RSA_NO_PAD: pad_type = WC_RSA_NO_PAD; break; default: @@ -4435,7 +4455,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, #else /* Check for supported padding schemes in FIPS. */ /* TODO: Do we support more schemes in later versions of FIPS? */ - if (padding != RSA_PKCS1_PADDING) { + if (padding != WC_RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " "FIPS"); ret = WOLFSSL_FATAL_ERROR; @@ -4508,10 +4528,10 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, if (ret == 0) { #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) switch (padding) { - case RSA_PKCS1_PADDING: + case WC_RSA_PKCS1_PADDING: pad_type = WC_RSA_PKCSV15_PAD; break; - case RSA_NO_PADDING: + case WC_RSA_NO_PAD: pad_type = WC_RSA_NO_PAD; break; /* TODO: RSA_X931_PADDING not supported */ @@ -4520,7 +4540,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, ret = WOLFSSL_FATAL_ERROR; } #else - if (padding != RSA_PKCS1_PADDING) { + if (padding != WC_RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in " "FIPS"); ret = WOLFSSL_FATAL_ERROR; @@ -4599,9 +4619,9 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, if (ret == 0) { switch (padding) { - case RSA_PKCS1_PADDING: + case WC_RSA_PKCS1_PADDING: #ifdef WC_RSA_NO_PADDING - case RSA_NO_PADDING: + case WC_RSA_NO_PAD: #endif break; /* TODO: RSA_X931_PADDING not supported */ @@ -4627,12 +4647,12 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, if (ret == 0) { /* Use wolfCrypt to private-encrypt with RSA key. * Size of output buffer must be size of RSA key. */ - if (padding == RSA_PKCS1_PADDING) { + if (padding == WC_RSA_PKCS1_PADDING) { ret = wc_RsaSSL_Sign(from, (word32)len, to, (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng); } #ifdef WC_RSA_NO_PADDING - else if (padding == RSA_NO_PADDING) { + else if (padding == WC_RSA_NO_PAD) { word32 outLen = (word32)wolfSSL_RSA_size(rsa); ret = wc_RsaFunction(from, (word32)len, to, &outLen, RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng); @@ -5824,7 +5844,7 @@ WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA** dsa, const unsigned char** der, * Returns 1 or 0 */ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, - const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, wc_pem_password_cb* cb, void* arg) { int ret = 1; @@ -5942,7 +5962,7 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) * 1 if success, 0 if error */ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, - const EVP_CIPHER* cipher, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen) { @@ -6062,7 +6082,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, * 1 if success, 0 if error */ int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa, - const EVP_CIPHER *enc, + const WOLFSSL_EVP_CIPHER *enc, unsigned char *kstr, int klen, wc_pem_password_cb *cb, void *u) { @@ -6508,17 +6528,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid) * FIPS v2 module */ switch (nid) { #ifdef HAVE_FFDHE_2048 - case NID_ffdhe2048: + case WC_NID_ffdhe2048: params = wc_Dh_ffdhe2048_Get(); break; #endif /* HAVE_FFDHE_2048 */ #ifdef HAVE_FFDHE_3072 - case NID_ffdhe3072: + case WC_NID_ffdhe3072: params = wc_Dh_ffdhe3072_Get(); break; #endif /* HAVE_FFDHE_3072 */ #ifdef HAVE_FFDHE_4096 - case NID_ffdhe4096: + case WC_NID_ffdhe4096: params = wc_Dh_ffdhe4096_Get(); break; #endif /* HAVE_FFDHE_4096 */ @@ -6604,17 +6624,17 @@ static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid) switch (nid) { #ifdef HAVE_FFDHE_2048 - case NID_ffdhe2048: + case WC_NID_ffdhe2048: name = WC_FFDHE_2048; break; #endif /* HAVE_FFDHE_2048 */ #ifdef HAVE_FFDHE_3072 - case NID_ffdhe3072: + case WC_NID_ffdhe3072: name = WC_FFDHE_3072; break; #endif /* HAVE_FFDHE_3072 */ #ifdef HAVE_FFDHE_4096 - case NID_ffdhe4096: + case WC_NID_ffdhe4096: name = WC_FFDHE_4096; break; #endif /* HAVE_FFDHE_4096 */ @@ -7856,7 +7876,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int err = 0; byte* der = NULL; - word32 derSz; + word32 derSz = 0; DhKey* key = NULL; (void)heap; @@ -7913,7 +7933,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh) { int ret = 1; - int derSz; + int derSz = 0; byte* derBuf = NULL; void* heap = NULL; @@ -8763,7 +8783,7 @@ static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, ret = WOLFSSL_FATAL_ERROR; } /* Get the maximum size of computed DH key. */ - if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) { + if ((ret == 0) && ((keySz = (word32)wolfSSL_DH_size(dh)) == 0)) { WOLFSSL_ERROR_MSG("Bad DH_size"); ret = WOLFSSL_FATAL_ERROR; } @@ -9028,7 +9048,7 @@ int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth) if (meth != NULL) { /* Only field type supported by code base. */ - nid = NID_X9_62_prime_field; + nid = WC_NID_X9_62_prime_field; } return nid; @@ -9052,62 +9072,62 @@ int EccEnumToNID(int n) switch(n) { case ECC_SECP192R1: - return NID_X9_62_prime192v1; + return WC_NID_X9_62_prime192v1; case ECC_PRIME192V2: - return NID_X9_62_prime192v2; + return WC_NID_X9_62_prime192v2; case ECC_PRIME192V3: - return NID_X9_62_prime192v3; + return WC_NID_X9_62_prime192v3; case ECC_PRIME239V1: - return NID_X9_62_prime239v1; + return WC_NID_X9_62_prime239v1; case ECC_PRIME239V2: - return NID_X9_62_prime239v2; + return WC_NID_X9_62_prime239v2; case ECC_PRIME239V3: - return NID_X9_62_prime239v3; + return WC_NID_X9_62_prime239v3; case ECC_SECP256R1: - return NID_X9_62_prime256v1; + return WC_NID_X9_62_prime256v1; case ECC_SECP112R1: - return NID_secp112r1; + return WC_NID_secp112r1; case ECC_SECP112R2: - return NID_secp112r2; + return WC_NID_secp112r2; case ECC_SECP128R1: - return NID_secp128r1; + return WC_NID_secp128r1; case ECC_SECP128R2: - return NID_secp128r2; + return WC_NID_secp128r2; case ECC_SECP160R1: - return NID_secp160r1; + return WC_NID_secp160r1; case ECC_SECP160R2: - return NID_secp160r2; + return WC_NID_secp160r2; case ECC_SECP224R1: - return NID_secp224r1; + return WC_NID_secp224r1; case ECC_SECP384R1: - return NID_secp384r1; + return WC_NID_secp384r1; case ECC_SECP521R1: - return NID_secp521r1; + return WC_NID_secp521r1; case ECC_SECP160K1: - return NID_secp160k1; + return WC_NID_secp160k1; case ECC_SECP192K1: - return NID_secp192k1; + return WC_NID_secp192k1; case ECC_SECP224K1: - return NID_secp224k1; + return WC_NID_secp224k1; case ECC_SECP256K1: - return NID_secp256k1; + return WC_NID_secp256k1; case ECC_BRAINPOOLP160R1: - return NID_brainpoolP160r1; + return WC_NID_brainpoolP160r1; case ECC_BRAINPOOLP192R1: - return NID_brainpoolP192r1; + return WC_NID_brainpoolP192r1; case ECC_BRAINPOOLP224R1: - return NID_brainpoolP224r1; + return WC_NID_brainpoolP224r1; case ECC_BRAINPOOLP256R1: - return NID_brainpoolP256r1; + return WC_NID_brainpoolP256r1; case ECC_BRAINPOOLP320R1: - return NID_brainpoolP320r1; + return WC_NID_brainpoolP320r1; case ECC_BRAINPOOLP384R1: - return NID_brainpoolP384r1; + return WC_NID_brainpoolP384r1; case ECC_BRAINPOOLP512R1: - return NID_brainpoolP512r1; + return WC_NID_brainpoolP512r1; #ifdef WOLFSSL_SM2 case ECC_SM2P256V1: - return NID_sm2; + return WC_NID_sm2; #endif default: WOLFSSL_MSG("NID not found"); @@ -9132,85 +9152,85 @@ int NIDToEccEnum(int nid) WOLFSSL_ENTER("NIDToEccEnum"); switch (nid) { - case NID_X9_62_prime192v1: + case WC_NID_X9_62_prime192v1: id = ECC_SECP192R1; break; - case NID_X9_62_prime192v2: + case WC_NID_X9_62_prime192v2: id = ECC_PRIME192V2; break; - case NID_X9_62_prime192v3: + case WC_NID_X9_62_prime192v3: id = ECC_PRIME192V3; break; - case NID_X9_62_prime239v1: + case WC_NID_X9_62_prime239v1: id = ECC_PRIME239V1; break; - case NID_X9_62_prime239v2: + case WC_NID_X9_62_prime239v2: id = ECC_PRIME239V2; break; - case NID_X9_62_prime239v3: + case WC_NID_X9_62_prime239v3: id = ECC_PRIME239V3; break; - case NID_X9_62_prime256v1: + case WC_NID_X9_62_prime256v1: id = ECC_SECP256R1; break; - case NID_secp112r1: + case WC_NID_secp112r1: id = ECC_SECP112R1; break; - case NID_secp112r2: + case WC_NID_secp112r2: id = ECC_SECP112R2; break; - case NID_secp128r1: + case WC_NID_secp128r1: id = ECC_SECP128R1; break; - case NID_secp128r2: + case WC_NID_secp128r2: id = ECC_SECP128R2; break; - case NID_secp160r1: + case WC_NID_secp160r1: id = ECC_SECP160R1; break; - case NID_secp160r2: + case WC_NID_secp160r2: id = ECC_SECP160R2; break; - case NID_secp224r1: + case WC_NID_secp224r1: id = ECC_SECP224R1; break; - case NID_secp384r1: + case WC_NID_secp384r1: id = ECC_SECP384R1; break; - case NID_secp521r1: + case WC_NID_secp521r1: id = ECC_SECP521R1; break; - case NID_secp160k1: + case WC_NID_secp160k1: id = ECC_SECP160K1; break; - case NID_secp192k1: + case WC_NID_secp192k1: id = ECC_SECP192K1; break; - case NID_secp224k1: + case WC_NID_secp224k1: id = ECC_SECP224K1; break; - case NID_secp256k1: + case WC_NID_secp256k1: id = ECC_SECP256K1; break; - case NID_brainpoolP160r1: + case WC_NID_brainpoolP160r1: id = ECC_BRAINPOOLP160R1; break; - case NID_brainpoolP192r1: + case WC_NID_brainpoolP192r1: id = ECC_BRAINPOOLP192R1; break; - case NID_brainpoolP224r1: + case WC_NID_brainpoolP224r1: id = ECC_BRAINPOOLP224R1; break; - case NID_brainpoolP256r1: + case WC_NID_brainpoolP256r1: id = ECC_BRAINPOOLP256R1; break; - case NID_brainpoolP320r1: + case WC_NID_brainpoolP320r1: id = ECC_BRAINPOOLP320R1; break; - case NID_brainpoolP384r1: + case WC_NID_brainpoolP384r1: id = ECC_BRAINPOOLP384R1; break; - case NID_brainpoolP512r1: + case WC_NID_brainpoolP512r1: id = ECC_BRAINPOOLP512R1; break; default: @@ -9622,53 +9642,53 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) } else { switch (group->curve_nid) { - case NID_secp112r1: - case NID_secp112r2: + case WC_NID_secp112r1: + case WC_NID_secp112r2: degree = 112; break; - case NID_secp128r1: - case NID_secp128r2: + case WC_NID_secp128r1: + case WC_NID_secp128r2: degree = 128; break; - case NID_secp160k1: - case NID_secp160r1: - case NID_secp160r2: - case NID_brainpoolP160r1: + case WC_NID_secp160k1: + case WC_NID_secp160r1: + case WC_NID_secp160r2: + case WC_NID_brainpoolP160r1: degree = 160; break; - case NID_secp192k1: - case NID_brainpoolP192r1: - case NID_X9_62_prime192v1: - case NID_X9_62_prime192v2: - case NID_X9_62_prime192v3: + case WC_NID_secp192k1: + case WC_NID_brainpoolP192r1: + case WC_NID_X9_62_prime192v1: + case WC_NID_X9_62_prime192v2: + case WC_NID_X9_62_prime192v3: degree = 192; break; - case NID_secp224k1: - case NID_secp224r1: - case NID_brainpoolP224r1: + case WC_NID_secp224k1: + case WC_NID_secp224r1: + case WC_NID_brainpoolP224r1: degree = 224; break; - case NID_X9_62_prime239v1: - case NID_X9_62_prime239v2: - case NID_X9_62_prime239v3: + case WC_NID_X9_62_prime239v1: + case WC_NID_X9_62_prime239v2: + case WC_NID_X9_62_prime239v3: degree = 239; break; - case NID_secp256k1: - case NID_brainpoolP256r1: - case NID_X9_62_prime256v1: + case WC_NID_secp256k1: + case WC_NID_brainpoolP256r1: + case WC_NID_X9_62_prime256v1: degree = 256; break; - case NID_brainpoolP320r1: + case WC_NID_brainpoolP320r1: degree = 320; break; - case NID_secp384r1: - case NID_brainpoolP384r1: + case WC_NID_secp384r1: + case WC_NID_brainpoolP384r1: degree = 384; break; - case NID_brainpoolP512r1: + case WC_NID_brainpoolP512r1: degree = 512; break; - case NID_secp521r1: + case WC_NID_secp521r1: degree = 521; break; } @@ -10139,7 +10159,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, if (!err) { /* [] */ len = sz + 1; - if (form == POINT_CONVERSION_UNCOMPRESSED) { + if (form == WC_POINT_CONVERSION_UNCOMPRESSED) { /* Include y ordinate when uncompressed. */ len += sz; } @@ -10165,7 +10185,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, } } if (!err) { - if (form == POINT_CONVERSION_COMPRESSED) { + if (form == WC_POINT_CONVERSION_COMPRESSED) { /* Compressed format byte value dependent on whether y-ordinate is * odd. */ @@ -10222,13 +10242,13 @@ static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz) return sz; } -WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group, +WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx) { /* for uncompressed mode */ size_t str_sz; - BIGNUM *Gx = NULL; - BIGNUM *Gy = NULL; + WOLFSSL_BIGNUM *Gx = NULL; + WOLFSSL_BIGNUM *Gy = NULL; char strGx[MAX_ECC_BYTES * 2 + 1]; /* for compressed mode */ @@ -10295,7 +10315,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const EC_GROUP *group, wolfSSL_BN_free(Gx); wolfSSL_BN_free(Gy); if (p_alloc) { - EC_POINT_free(p); + wolfSSL_EC_POINT_free(p); } return NULL; @@ -10473,7 +10493,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, int err = 0; word32 enc_len = (word32)len; #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - int compressed = ((form == POINT_CONVERSION_COMPRESSED) ? 1 : 0); + int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0); #endif /* !HAVE_SELFTEST */ WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct"); @@ -10498,7 +10518,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, if (buf != NULL) { /* Check whether buffer has space. */ if (len < 1) { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); + wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E); err = 1; } else { @@ -10510,9 +10530,9 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, /* Not infinity. */ else if (!err) { /* Validate format. */ - if (form != POINT_CONVERSION_UNCOMPRESSED + if (form != WC_POINT_CONVERSION_UNCOMPRESSED #ifndef HAVE_SELFTEST - && form != POINT_CONVERSION_COMPRESSED + && form != WC_POINT_CONVERSION_COMPRESSED #endif /* !HAVE_SELFTEST */ ) { WOLFSSL_MSG("Unsupported point form"); @@ -10593,8 +10613,8 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group, * @param [in] group EC group. * @param [in] point EC point. * @param [in] form Format of encoding. Valid values: - * POINT_CONVERSION_UNCOMPRESSED, - * POINT_CONVERSION_COMPRESSED. + * WC_POINT_CONVERSION_UNCOMPRESSED, + * WC_POINT_CONVERSION_COMPRESSED. * @param [in, out] bn BN to hold point value. * When NULL a new BN is allocated otherwise this is * returned on success. @@ -10811,10 +10831,10 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group, } /* Copy the externally set x and y ordinates. */ - if ((ret == 1) && (BN_copy(x, point->X) == NULL)) { + if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) { ret = 0; } - if ((ret == 1) && (BN_copy(y, point->Y) == NULL)) { + if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) { ret = 0; } @@ -11831,7 +11851,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId) /* Cache heap hint. */ key->heap = heap; /* Initialize fields to defaults. */ - key->form = POINT_CONVERSION_UNCOMPRESSED; + key->form = WC_POINT_CONVERSION_UNCOMPRESSED; /* Initialize reference count. */ wolfSSL_RefInit(&key->ref, &err); @@ -11857,7 +11877,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId) if (!err) { /* Group unknown at creation */ - key->group = wolfSSL_EC_GROUP_new_by_curve_name(NID_undef); + key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef); if (key->group == NULL) { WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure"); err = 1; @@ -12194,7 +12214,7 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out) { int ret = 1; size_t len = 0; - int form = POINT_CONVERSION_UNCOMPRESSED; + int form = WC_POINT_CONVERSION_UNCOMPRESSED; WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey"); @@ -12214,9 +12234,9 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out) if (ret == 1) { #ifdef HAVE_COMP_KEY /* Default to compressed form if not set */ - form = (key->form != POINT_CONVERSION_UNCOMPRESSED) ? - POINT_CONVERSION_UNCOMPRESSED : - POINT_CONVERSION_COMPRESSED; + form = (key->form != WC_POINT_CONVERSION_UNCOMPRESSED) ? + WC_POINT_CONVERSION_UNCOMPRESSED : + WC_POINT_CONVERSION_COMPRESSED; #endif /* Calculate length of point encoding. */ @@ -12880,7 +12900,7 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) * @return 0 on error. */ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, - const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, wc_pem_password_cb* cb, void* arg) { int ret = 1; @@ -12928,7 +12948,7 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, * @return 0 on error. */ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec, - const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen) { #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) @@ -12960,7 +12980,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec, /* Calculate maximum size of DER encoding. * 4 > size of pub, priv + ASN.1 additional information */ der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) + - AES_BLOCK_SIZE; + WC_AES_BLOCK_SIZE; /* Allocate buffer big enough to hold encoding. */ derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL, @@ -13017,7 +13037,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec, * @return 0 on error. */ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec, - const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, + const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, wc_pem_password_cb *cb, void *pass) { int ret = 1; @@ -13120,7 +13140,7 @@ int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent) if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) { /* Get the public key point as one BN. */ WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group, - key->pub_key, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL); + key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL); if (pubBn == NULL) { WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed."); ret = 0; @@ -13311,7 +13331,8 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) * @return Point conversion format on success. * @return -1 on error. */ -point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key) +wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form( + const WOLFSSL_EC_KEY* key) { if (key == NULL) return WOLFSSL_FATAL_ERROR; @@ -13322,17 +13343,17 @@ point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key) * * @param [in, out] key EC key to set format into. * @param [in] form Point conversion format. Valid values: - * POINT_CONVERSION_UNCOMPRESSED, - * POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY) + * WC_POINT_CONVERSION_UNCOMPRESSED, + * WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY) */ void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form) { if (key == NULL) { WOLFSSL_MSG("Key passed in NULL"); } - else if (form == POINT_CONVERSION_UNCOMPRESSED + else if (form == WC_POINT_CONVERSION_UNCOMPRESSED #ifdef HAVE_COMP_KEY - || form == POINT_CONVERSION_COMPRESSED + || form == WC_POINT_CONVERSION_COMPRESSED #endif ) { key->form = (unsigned char)form; @@ -14041,7 +14062,7 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key) { int err = 0; int len = 0; - const EC_GROUP *group = NULL; + const WOLFSSL_EC_GROUP *group = NULL; int bits = 0; /* Validate parameter. */ @@ -15478,24 +15499,24 @@ int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) if ((bio != NULL) && (key != NULL)) { switch (key->type) { #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: ret = wolfSSL_PEM_write_bio_RSA_PUBKEY(bio, key->rsa); break; #endif /* WOLFSSL_KEY_GEN && !NO_RSA */ #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \ (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa); break; #endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ defined(WOLFSSL_KEY_GEN) - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: ret = wolfSSL_PEM_write_bio_EC_PUBKEY(bio, key->ecc); break; #endif /* HAVE_ECC && HAVE_ECC_KEY_EXPORT */ #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: /* DH public key not supported. */ WOLFSSL_MSG("Writing DH PUBKEY not supported!"); break; @@ -15546,21 +15567,21 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, #ifdef WOLFSSL_KEY_GEN switch (key->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: /* Write using RSA specific API. */ ret = wolfSSL_PEM_write_bio_RSAPrivateKey(bio, key->rsa, cipher, passwd, len, cb, arg); break; #endif #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: /* Write using DSA specific API. */ ret = wolfSSL_PEM_write_bio_DSAPrivateKey(bio, key->dsa, cipher, passwd, len, cb, arg); break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: #if defined(HAVE_ECC_KEY_EXPORT) /* Write using EC specific API. */ ret = wolfSSL_PEM_write_bio_ECPrivateKey(bio, key->ecc, @@ -15572,7 +15593,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, break; #endif #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: /* Write using generic API with DH type. */ ret = der_write_to_bio_as_pem((byte*)key->pkey.ptr, key->pkey_sz, bio, DH_PRIVATEKEY_TYPE); @@ -15588,22 +15609,22 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, switch (key->type) { #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: type = DSA_PRIVATEKEY_TYPE; break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: type = ECC_PRIVATEKEY_TYPE; break; #endif #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: type = DH_PRIVATEKEY_TYPE; break; #endif #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: type = PRIVATEKEY_TYPE; break; #endif @@ -15719,16 +15740,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, /* No key format set - default to RSA. */ case 0: case RSAk: - type = EVP_PKEY_RSA; + type = WC_EVP_PKEY_RSA; break; case DSAk: - type = EVP_PKEY_DSA; + type = WC_EVP_PKEY_DSA; break; case ECDSAk: - type = EVP_PKEY_EC; + type = WC_EVP_PKEY_EC; break; case DHk: - type = EVP_PKEY_DH; + type = WC_EVP_PKEY_DH; break; default: type = WOLFSSL_FATAL_ERROR; @@ -15761,8 +15782,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, } -PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, - PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg) +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO( + WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, + void* arg) { return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg); } @@ -15865,16 +15887,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key, /* No key format set - default to RSA. */ case 0: case RSAk: - type = EVP_PKEY_RSA; + type = WC_EVP_PKEY_RSA; break; case DSAk: - type = EVP_PKEY_DSA; + type = WC_EVP_PKEY_DSA; break; case ECDSAk: - type = EVP_PKEY_EC; + type = WC_EVP_PKEY_EC; break; case DHk: - type = EVP_PKEY_DH; + type = WC_EVP_PKEY_DH; break; default: type = WOLFSSL_FATAL_ERROR; @@ -16478,13 +16500,13 @@ int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; - int algId; - const byte* curveOid; - word32 oidSz; + int algId = 0; + const byte* curveOid = 0; + word32 oidSz = 0; /* Get the details of the private key. */ #ifdef HAVE_ECC - if (pkey->type == EVP_PKEY_EC) { + if (pkey->type == WC_EVP_PKEY_EC) { /* ECC private and get curve OID information. */ algId = ECDSAk; ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, @@ -16492,19 +16514,20 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) } else #endif - if (pkey->type == EVP_PKEY_RSA) { + if (pkey->type == WC_EVP_PKEY_RSA) { /* RSA private has no curve information. */ algId = RSAk; curveOid = NULL; oidSz = 0; } - else if (pkey->type == EVP_PKEY_DSA) { + else if (pkey->type == WC_EVP_PKEY_DSA) { /* DSA has no curve information. */ algId = DSAk; curveOid = NULL; oidSz = 0; } - else if (pkey->type == EVP_PKEY_DH) { +#ifndef NO_DH + else if (pkey->type == WC_EVP_PKEY_DH) { if (pkey->dh == NULL) return BAD_FUNC_ARG; @@ -16526,6 +16549,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) curveOid = NULL; oidSz = 0; } +#endif else { ret = NOT_COMPILED_IN; } @@ -16563,7 +16587,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, int ret = 0; char password[NAME_SZ]; byte* key = NULL; - word32 keySz; + word32 keySz = 0; int type = PKCS8_PRIVATEKEY_TYPE; /* Validate parameters. */ diff --git a/src/src/quic.c b/src/src/quic.c index f709ea6..64cf14f 100644 --- a/src/src/quic.c +++ b/src/src/quic.c @@ -1193,7 +1193,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md, WOLFSSL_ENTER("wolfSSL_quic_hkdf_extract"); - pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL); + pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL); if (pctx == NULL) { ret = WOLFSSL_FAILURE; goto cleanup; @@ -1201,7 +1201,7 @@ int wolfSSL_quic_hkdf_extract(uint8_t* dest, const WOLFSSL_EVP_MD* md, if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_hkdf_mode( - pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS + pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt( pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS @@ -1230,7 +1230,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen, WOLFSSL_ENTER("wolfSSL_quic_hkdf_expand"); - pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL); + pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL); if (pctx == NULL) { ret = WOLFSSL_FAILURE; goto cleanup; @@ -1238,7 +1238,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen, if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_hkdf_mode( - pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS + pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt( pctx, (byte*)"", 0) != WOLFSSL_SUCCESS @@ -1253,7 +1253,7 @@ int wolfSSL_quic_hkdf_expand(uint8_t* dest, size_t destlen, cleanup: if (pctx) - EVP_PKEY_CTX_free(pctx); + wolfSSL_EVP_PKEY_CTX_free(pctx); WOLFSSL_LEAVE("wolfSSL_quic_hkdf_expand", ret); return ret; } @@ -1270,7 +1270,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen, WOLFSSL_ENTER("wolfSSL_quic_hkdf"); - pctx = wolfSSL_EVP_PKEY_CTX_new_id(NID_hkdf, NULL); + pctx = wolfSSL_EVP_PKEY_CTX_new_id(WC_NID_hkdf, NULL); if (pctx == NULL) { ret = WOLFSSL_FAILURE; goto cleanup; @@ -1278,7 +1278,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen, if (wolfSSL_EVP_PKEY_derive_init(pctx) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_hkdf_mode( - pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS + pctx, WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_set_hkdf_md(pctx, md) != WOLFSSL_SUCCESS || wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt( pctx, (byte*)salt, (int)saltlen) != WOLFSSL_SUCCESS @@ -1293,7 +1293,7 @@ int wolfSSL_quic_hkdf(uint8_t* dest, size_t destlen, cleanup: if (pctx) - EVP_PKEY_CTX_free(pctx); + wolfSSL_EVP_PKEY_CTX_free(pctx); WOLFSSL_LEAVE("wolfSSL_quic_hkdf", ret); return ret; } @@ -1346,7 +1346,7 @@ int wolfSSL_quic_aead_encrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx, ctx, dest, &len, plain, (int)plainlen) != WOLFSSL_SUCCESS || wolfSSL_EVP_CipherFinal(ctx, dest + len, &len) != WOLFSSL_SUCCESS || wolfSSL_EVP_CIPHER_CTX_ctrl( - ctx, EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen) + ctx, WOLFSSL_EVP_CTRL_AEAD_GET_TAG, ctx->authTagSz, dest + plainlen) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -1373,7 +1373,7 @@ int wolfSSL_quic_aead_decrypt(uint8_t* dest, WOLFSSL_EVP_CIPHER_CTX* ctx, if (wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0) != WOLFSSL_SUCCESS || wolfSSL_EVP_CIPHER_CTX_ctrl( - ctx, EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag) + ctx, WOLFSSL_EVP_CTRL_AEAD_SET_TAG, ctx->authTagSz, (uint8_t*)tag) != WOLFSSL_SUCCESS || wolfSSL_EVP_CipherUpdate(ctx, NULL, &len, aad, (int)aadlen) != WOLFSSL_SUCCESS diff --git a/src/src/sniffer.c b/src/src/sniffer.c index 758e7be..a3814a4 100644 --- a/src/src/sniffer.c +++ b/src/src/sniffer.c @@ -227,8 +227,8 @@ BOOL APIENTRY DllMain( HMODULE hModule, #endif /* _WIN32 */ -static WOLFSSL_GLOBAL int TraceOn = 0; /* Trace is off by default */ -static WOLFSSL_GLOBAL XFILE TraceFile = 0; +static WC_THREADSHARED int TraceOn = 0; /* Trace is off by default */ +static WC_THREADSHARED XFILE TraceFile = 0; /* windows uses .rc table for this */ @@ -566,52 +566,52 @@ typedef struct SnifferSession { /* Sniffer Server List and mutex */ -static THREAD_LS_T WOLFSSL_GLOBAL SnifferServer* ServerList = NULL; +static THREAD_LS_T SnifferServer* ServerList = NULL; #ifndef HAVE_C___ATOMIC -static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex); +static WC_THREADSHARED wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex); #endif /* Session Hash Table, mutex, and count */ -static THREAD_LS_T WOLFSSL_GLOBAL SnifferSession* SessionTable[HASH_SIZE]; +static THREAD_LS_T SnifferSession* SessionTable[HASH_SIZE]; #ifndef HAVE_C___ATOMIC -static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex); +static WC_THREADSHARED wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex); #endif -static THREAD_LS_T WOLFSSL_GLOBAL int SessionCount = 0; +static THREAD_LS_T int SessionCount = 0; -static WOLFSSL_GLOBAL int RecoveryEnabled = 0; /* global switch */ -static WOLFSSL_GLOBAL int MaxRecoveryMemory = -1; +static WC_THREADSHARED int RecoveryEnabled = 0; /* global switch */ +static WC_THREADSHARED int MaxRecoveryMemory = -1; /* per session max recovery memory */ #ifndef WOLFSSL_SNIFFER_NO_RECOVERY /* Recovery of missed data switches and stats */ -static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */ +static WC_THREADSHARED wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */ /* # of sessions with missed data */ -static WOLFSSL_GLOBAL word32 MissedDataSessions = 0; +static WC_THREADSHARED word32 MissedDataSessions = 0; #endif /* Connection Info Callback */ -static WOLFSSL_GLOBAL SSLConnCb ConnectionCb; -static WOLFSSL_GLOBAL void* ConnectionCbCtx = NULL; +static WC_THREADSHARED SSLConnCb ConnectionCb; +static WC_THREADSHARED void* ConnectionCbCtx = NULL; #ifdef WOLFSSL_SNIFFER_STATS /* Sessions Statistics */ -static WOLFSSL_GLOBAL SSLStats SnifferStats; -static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex); +static WC_THREADSHARED SSLStats SnifferStats; +static WC_THREADSHARED wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex); #endif #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK -static WOLFSSL_GLOBAL SSLKeyCb KeyCb; -static WOLFSSL_GLOBAL void* KeyCbCtx = NULL; +static WC_THREADSHARED SSLKeyCb KeyCb; +static WC_THREADSHARED void* KeyCbCtx = NULL; #endif #ifdef WOLFSSL_SNIFFER_WATCH /* Watch Key Callback */ -static WOLFSSL_GLOBAL SSLWatchCb WatchCb; -static WOLFSSL_GLOBAL void* WatchCbCtx = NULL; +static WC_THREADSHARED SSLWatchCb WatchCb; +static WC_THREADSHARED void* WatchCbCtx = NULL; #endif #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB /* Store Data Callback */ -static WOLFSSL_GLOBAL SSLStoreDataCb StoreDataCb; +static WC_THREADSHARED SSLStoreDataCb StoreDataCb; #endif @@ -656,7 +656,7 @@ static void UpdateMissedDataSessions(void) #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT) - static WOLFSSL_GLOBAL int CryptoDeviceId = INVALID_DEVID; + static WC_THREADSHARED int CryptoDeviceId = INVALID_DEVID; #endif #if defined(WOLFSSL_SNIFFER_KEYLOGFILE) @@ -3854,8 +3854,10 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, #endif if (session->sslServer->options.haveSessionId) { - if (XMEMCMP(session->sslServer->arrays->sessionID, - session->sslClient->arrays->sessionID, ID_LEN) == 0) { + if (session->sslServer->arrays->sessionIDSz == ID_LEN && + session->sslClient->arrays->sessionIDSz == ID_LEN && + XMEMCMP(session->sslServer->arrays->sessionID, + session->sslClient->arrays->sessionID, ID_LEN) == 0) { doResume = 1; } } @@ -4292,8 +4294,8 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, char* error) { int ret; - Sha256 sha; - byte digest[SHA256_DIGEST_SIZE]; + wc_Sha256 sha; + byte digest[WC_SHA256_DIGEST_SIZE]; if (WatchCb == NULL) { SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); @@ -6023,8 +6025,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo, /* returns 0 on success (continue), -1 on error, 1 on success (end) */ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte** sslFrame, SnifferSession** pSession, - int* sslBytes, const byte** end, - void* vChain, word32 chainSz, char* error) + int* sslBytes, const byte** end, char* error) { word32 length; SnifferSession* session = *pSession; @@ -6094,53 +6095,12 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, return WOLFSSL_FATAL_ERROR; } } - if (vChain == NULL) { - XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], - *sslFrame, *sslBytes); - *sslBytes += length; - ssl->buffers.inputBuffer.length = *sslBytes; - *sslFrame = ssl->buffers.inputBuffer.buffer; - *end = *sslFrame + *sslBytes; - } - else { - #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT - struct iovec* chain = (struct iovec*)vChain; - word32 i, offset, headerSz, qty, remainder; - - Trace(CHAIN_INPUT_STR); - headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base); - remainder = *sslBytes; - - if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { - if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { - SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return WOLFSSL_FATAL_ERROR; - } - } - - qty = min(*sslBytes, (word32)chain[0].iov_len - headerSz); - XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], - (byte*)chain[0].iov_base + headerSz, qty); - offset = length; - for (i = 1; i < chainSz; i++) { - offset += qty; - remainder -= qty; - - if (chain[i].iov_len > remainder) - qty = remainder; - else - qty = (word32)chain[i].iov_len; - XMEMCPY(ssl->buffers.inputBuffer.buffer + offset, - chain[i].iov_base, qty); - } - - *sslBytes += length; - ssl->buffers.inputBuffer.length = *sslBytes; - *sslFrame = ssl->buffers.inputBuffer.buffer; - *end = *sslFrame + *sslBytes; - #endif - (void)chainSz; - } + XMEMCPY(&ssl->buffers.inputBuffer.buffer[length], + *sslFrame, *sslBytes); + *sslBytes += length; + ssl->buffers.inputBuffer.length = *sslBytes; + *sslFrame = ssl->buffers.inputBuffer.buffer; + *end = *sslFrame + *sslBytes; } if (session->flags.clientHello == 0 && **sslFrame != handshake) { @@ -6616,27 +6576,33 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, { TcpInfo tcpInfo; IpInfo ipInfo; + byte* tmpPacket = NULL; /* Assemble the chain */ const byte* sslFrame; const byte* end; int sslBytes; /* ssl bytes unconsumed */ int ret; SnifferSession* session = NULL; - void* vChain = NULL; - word32 chainSz = 0; if (isChain) { #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT struct iovec* chain; word32 i; - vChain = (void*)packet; - chainSz = (word32)length; + word32 chainSz = (word32)length; - chain = (struct iovec*)vChain; + chain = (struct iovec*)packet; length = 0; - for (i = 0; i < chainSz; i++) + for (i = 0; i < chainSz; i++) length += chain[i].iov_len; + + tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); + if (tmpPacket == NULL) return MEMORY_E; + + length = 0; + for (i = 0; i < chainSz; i++) { + XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len); length += chain[i].iov_len; - packet = (const byte*)chain[0].iov_base; + } + packet = (const byte*)tmpPacket; #else SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_SNIFFER_ERROR; @@ -6645,18 +6611,27 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (CheckHeaders(&ipInfo, &tcpInfo, packet, length, &sslFrame, &sslBytes, error, 1, 1) != 0) { - return WOLFSSL_SNIFFER_ERROR; + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; } end = sslFrame + sslBytes; ret = CheckSession(&ipInfo, &tcpInfo, sslBytes, &session, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } #ifdef WOLFSSL_ASYNC_CRYPT - else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return WC_PENDING_E; + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = WC_PENDING_E; + goto exit_decode; + } #endif - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS if (sslBytes > 0) { @@ -6669,7 +6644,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, INC_STAT(SnifferStats.sslDecryptedPackets); } #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } #ifdef WOLFSSL_ASYNC_CRYPT @@ -6677,30 +6653,41 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, #endif ret = CheckSequence(&ipInfo, &tcpInfo, session, &sslBytes, &sslFrame,error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } else if (ret != 0) { - /* return specific error case */ - return ret; + goto exit_decode; /* return specific error case */ } ret = CheckPreRecord(&ipInfo, &tcpInfo, &sslFrame, &session, &sslBytes, - &end, vChain, chainSz, error); - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; - else if (ret == -1) return WOLFSSL_SNIFFER_ERROR; + &end, error); + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } + else if (ret == -1) { + ret = WOLFSSL_SNIFFER_ERROR; + goto exit_decode; + } else if (ret == 1) { #ifdef WOLFSSL_SNIFFER_STATS INC_STAT(SnifferStats.sslDecryptedPackets); #endif - return 0; /* done for now */ + ret = 0; + goto exit_decode; /* done for now */ } #ifdef WOLFSSL_ASYNC_CRYPT @@ -6708,7 +6695,8 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, if (asyncOkay && session->sslServer->error == WC_NO_ERR_TRACE(WC_PENDING_E) && !session->flags.wasPolled) { - return WC_PENDING_E; + ret = WC_PENDING_E; + goto exit_decode; } #endif @@ -6745,7 +6733,7 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, wolfSSL_AsyncPoll(session->sslServer, WOLF_POLL_FLAG_CHECK_HW); } else { - return ret; /* return to caller */ + goto exit_decode; /* return to caller */ } } else { @@ -6756,12 +6744,18 @@ static int ssl_DecodePacketInternal(const byte* packet, int length, int isChain, (void)asyncOkay; #endif - if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) - return WOLFSSL_SNIFFER_FATAL_ERROR; + if (RemoveFatalSession(&ipInfo, &tcpInfo, session, error)) { + ret = WOLFSSL_SNIFFER_FATAL_ERROR; + goto exit_decode; + } if (CheckFinCapture(&ipInfo, &tcpInfo, session) == 0) { CopySessionInfo(session, sslInfo); } +exit_decode: + if (isChain) { + XFREE(tmpPacket, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); + } return ret; } @@ -6868,11 +6862,15 @@ int ssl_Trace(const char* traceFile, char* error) if (traceFile) { /* Don't try to reopen the file */ if (TraceFile == NULL) { - TraceFile = XFOPEN(traceFile, "a"); - if (!TraceFile) { - SetError(BAD_TRACE_FILE_STR, error, NULL, 0); - return WOLFSSL_FATAL_ERROR; - } + if (XSTRCMP(traceFile, "-") == 0) { + TraceFile = stdout; + } else { + TraceFile = XFOPEN(traceFile, "a"); + if (!TraceFile) { + SetError(BAD_TRACE_FILE_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + } TraceOn = 1; } } @@ -7238,11 +7236,11 @@ typedef struct SecretNode { #define WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE HASH_SIZE #endif -static THREAD_LS_T WOLFSSL_GLOBAL +static THREAD_LS_T SecretNode* secretHashTable[WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE] = {NULL}; #ifndef HAVE_C___ATOMIC -static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex); +static WC_THREADSHARED wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex); #endif static unsigned int secretHashFunction(unsigned char* clientRandom); diff --git a/src/src/ssl.c b/src/src/ssl.c index fe81193..c38fcbf 100644 --- a/src/src/ssl.c +++ b/src/src/ssl.c @@ -53,7 +53,7 @@ #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \ && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) - #error "No cipher suites defined because DH disabled, ECC disabled, " + #error "No cipher suites defined because DH disabled, ECC disabled, " \ "and no static suites defined. Please see top of README" #endif #ifdef WOLFSSL_CERT_GEN @@ -208,7 +208,7 @@ * * @param [in] sn Short name of OID. * @return NID corresponding to shortname on success. - * @return NID_undef when not recognized. + * @return WC_NID_undef when not recognized. */ int wc_OBJ_sn2nid(const char *sn) { @@ -217,21 +217,21 @@ int wc_OBJ_sn2nid(const char *sn) int nid; } sn2nid[] = { #ifndef NO_CERTS - {WOLFSSL_COMMON_NAME, NID_commonName}, - {WOLFSSL_COUNTRY_NAME, NID_countryName}, - {WOLFSSL_LOCALITY_NAME, NID_localityName}, - {WOLFSSL_STATE_NAME, NID_stateOrProvinceName}, - {WOLFSSL_ORG_NAME, NID_organizationName}, - {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName}, + {WOLFSSL_COMMON_NAME, WC_NID_commonName}, + {WOLFSSL_COUNTRY_NAME, WC_NID_countryName}, + {WOLFSSL_LOCALITY_NAME, WC_NID_localityName}, + {WOLFSSL_STATE_NAME, WC_NID_stateOrProvinceName}, + {WOLFSSL_ORG_NAME, WC_NID_organizationName}, + {WOLFSSL_ORGUNIT_NAME, WC_NID_organizationalUnitName}, #ifdef WOLFSSL_CERT_NAME_ALL - {WOLFSSL_NAME, NID_name}, - {WOLFSSL_INITIALS, NID_initials}, - {WOLFSSL_GIVEN_NAME, NID_givenName}, - {WOLFSSL_DNQUALIFIER, NID_dnQualifier}, + {WOLFSSL_NAME, WC_NID_name}, + {WOLFSSL_INITIALS, WC_NID_initials}, + {WOLFSSL_GIVEN_NAME, WC_NID_givenName}, + {WOLFSSL_DNQUALIFIER, WC_NID_dnQualifier}, #endif - {WOLFSSL_EMAIL_ADDR, NID_emailAddress}, + {WOLFSSL_EMAIL_ADDR, WC_NID_emailAddress}, #endif - {"SHA1", NID_sha1}, + {"SHA1", WC_NID_sha1}, {NULL, -1}}; int i; #ifdef HAVE_ECC @@ -249,7 +249,7 @@ int wc_OBJ_sn2nid(const char *sn) #ifdef HAVE_ECC if (XSTRLEN(sn) > ECC_MAXNAME) - return NID_undef; + return WC_NID_undef; /* Nginx uses this OpenSSL string. */ if (XSTRCMP(sn, "prime256v1") == 0) @@ -275,12 +275,19 @@ int wc_OBJ_sn2nid(const char *sn) } #endif /* HAVE_ECC */ - return NID_undef; + return WC_NID_undef; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifndef WOLFCRYPT_ONLY + +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) +/* The system wide crypto-policy. Configured by wolfSSL_crypto_policy_enable. + * */ +static struct SystemCryptoPolicy crypto_policy; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || \ (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && !defined(NO_DSA)) @@ -1026,18 +1033,26 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) } #endif /* WOLFSSL_TLS13 && HAVE_ECH */ +#ifdef OPENSSL_EXTRA +static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl, + Suites* suites, const char* list); +#endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) #include #endif /* prevent multiple mutex initializations */ -static volatile WOLFSSL_GLOBAL int initRefCount = 0; +static volatile WC_THREADSHARED int initRefCount = 0; /* init ref count mutex */ -static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex +static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex); #ifndef WOLFSSL_MUTEX_INITIALIZER -static WOLFSSL_GLOBAL int inits_count_mutex_valid = 0; +static WC_THREADSHARED volatile int inits_count_mutex_valid = 0; +#endif + +#ifdef NO_TLS +static const WOLFSSL_METHOD gNoTlsMethod; #endif /* Create a new WOLFSSL_CTX struct and return the pointer to created struct. @@ -1062,8 +1077,13 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) } } +#ifndef NO_TLS if (method == NULL) return ctx; +#else + /* a blank TLS method */ + method = (WOLFSSL_METHOD*)&gNoTlsMethod; +#endif ctx = (WOLFSSL_CTX*)XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX); if (ctx) { @@ -1116,6 +1136,30 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) } #endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + /* Load the crypto-policy ciphers if configured. */ + if (ctx && wolfSSL_crypto_policy_is_enabled()) { + const char * list = wolfSSL_crypto_policy_get_ciphers(); + int ret = 0; + + if (list != NULL && *list != '\0') { + if (AllocateCtxSuites(ctx) != 0) { + WOLFSSL_MSG("allocate ctx suites failed"); + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + else { + ret = wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("parse cipher list failed"); + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + } + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0); return ctx; } @@ -1136,7 +1180,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx) { int ret; - wolfSSL_RefInc(&ctx->ref, &ret); + wolfSSL_RefWithMutexInc(&ctx->ref, &ret); #ifdef WOLFSSL_REFCNT_ERROR_RETURN return ((ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE); #else @@ -1723,6 +1767,17 @@ int wolfSSL_get_fd(const WOLFSSL* ssl) return fd; } +int wolfSSL_get_wfd(const WOLFSSL* ssl) +{ + int fd = -1; + WOLFSSL_ENTER("wolfSSL_get_fd"); + if (ssl) { + fd = ssl->wfd; + } + WOLFSSL_LEAVE("wolfSSL_get_fd", fd); + return fd; +} + int wolfSSL_dtls(WOLFSSL* ssl) { @@ -1855,38 +1910,105 @@ int wolfSSL_dtls_free_peer(void* addr) } #endif +#ifdef WOLFSSL_DTLS +static int SockAddrSet(WOLFSSL_SOCKADDR* sockAddr, void* peer, + unsigned int peerSz, void* heap) +{ + if (peer == NULL || peerSz == 0) { + if (sockAddr->sa != NULL) + XFREE(sockAddr->sa, heap, DYNAMIC_TYPE_SOCKADDR); + sockAddr->sa = NULL; + sockAddr->sz = 0; + sockAddr->bufSz = 0; + return WOLFSSL_SUCCESS; + } + + if (peerSz > sockAddr->bufSz) { + if (sockAddr->sa != NULL) + XFREE(sockAddr->sa, heap, DYNAMIC_TYPE_SOCKADDR); + sockAddr->sa = + (void*)XMALLOC(peerSz, heap, DYNAMIC_TYPE_SOCKADDR); + if (sockAddr->sa == NULL) { + sockAddr->sz = 0; + sockAddr->bufSz = 0; + return WOLFSSL_FAILURE; + } + sockAddr->bufSz = peerSz; + } + XMEMCPY(sockAddr->sa, peer, peerSz); + sockAddr->sz = peerSz; + return WOLFSSL_SUCCESS; +} +#endif + int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) { #ifdef WOLFSSL_DTLS - void* sa; + int ret; if (ssl == NULL) return WOLFSSL_FAILURE; - - if (peer == NULL || peerSz == 0) { - if (ssl->buffers.dtlsCtx.peer.sa != NULL) - XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR); - ssl->buffers.dtlsCtx.peer.sa = NULL; - ssl->buffers.dtlsCtx.peer.sz = 0; - ssl->buffers.dtlsCtx.peer.bufSz = 0; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockRwLock_Wr(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_FAILURE; +#endif + ret = SockAddrSet(&ssl->buffers.dtlsCtx.peer, peer, peerSz, ssl->heap); + if (ret == WOLFSSL_SUCCESS && !(peer == NULL || peerSz == 0)) + ssl->buffers.dtlsCtx.userSet = 1; + else ssl->buffers.dtlsCtx.userSet = 0; - return WOLFSSL_SUCCESS; - } +#ifdef WOLFSSL_RW_THREADED + if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + ret = WOLFSSL_FAILURE; +#endif + return ret; +#else + (void)ssl; + (void)peer; + (void)peerSz; + return WOLFSSL_NOT_IMPLEMENTED; +#endif +} - sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR); - if (sa != NULL) { - if (ssl->buffers.dtlsCtx.peer.sa != NULL) { - XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR); - ssl->buffers.dtlsCtx.peer.sa = NULL; +#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_NO_SOCK) +int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) +{ +#ifdef WOLFSSL_DTLS + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + + if (ssl == NULL) + return WOLFSSL_FAILURE; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_FAILURE; +#endif + if (ssl->buffers.dtlsCtx.peer.sa != NULL && + ssl->buffers.dtlsCtx.peer.sz == peerSz && + sockAddrEqual((SOCKADDR_S*)ssl->buffers.dtlsCtx.peer.sa, + (XSOCKLENT)ssl->buffers.dtlsCtx.peer.sz, (SOCKADDR_S*)peer, + (XSOCKLENT)peerSz)) { + /* Already the current peer. */ + if (ssl->buffers.dtlsCtx.pendingPeer.sa != NULL) { + /* Clear any other pendingPeer */ + XFREE(ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->heap, + DYNAMIC_TYPE_SOCKADDR); + ssl->buffers.dtlsCtx.pendingPeer.sa = NULL; + ssl->buffers.dtlsCtx.pendingPeer.sz = 0; + ssl->buffers.dtlsCtx.pendingPeer.bufSz = 0; } - XMEMCPY(sa, peer, peerSz); - ssl->buffers.dtlsCtx.peer.sa = sa; - ssl->buffers.dtlsCtx.peer.sz = peerSz; - ssl->buffers.dtlsCtx.peer.bufSz = peerSz; - ssl->buffers.dtlsCtx.userSet = 1; - return WOLFSSL_SUCCESS; + ret = WOLFSSL_SUCCESS; } - return WOLFSSL_FAILURE; + else { + ret = SockAddrSet(&ssl->buffers.dtlsCtx.pendingPeer, peer, peerSz, + ssl->heap); + } + if (ret == WOLFSSL_SUCCESS) + ssl->buffers.dtlsCtx.processingPendingRecord = 0; +#ifdef WOLFSSL_RW_THREADED + if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + ret = WOLFSSL_FAILURE; +#endif + return ret; #else (void)ssl; (void)peer; @@ -1894,22 +2016,51 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) return WOLFSSL_NOT_IMPLEMENTED; #endif } +#endif /* WOLFSSL_DTLS_CID && !WOLFSSL_NO_SOCK */ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz) { #ifdef WOLFSSL_DTLS - if (ssl == NULL) { + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + if (ssl == NULL) return WOLFSSL_FAILURE; - } - +#ifdef WOLFSSL_RW_THREADED + if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_FAILURE; +#endif if (peer != NULL && peerSz != NULL && *peerSz >= ssl->buffers.dtlsCtx.peer.sz && ssl->buffers.dtlsCtx.peer.sa != NULL) { *peerSz = ssl->buffers.dtlsCtx.peer.sz; XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz); - return WOLFSSL_SUCCESS; + ret = WOLFSSL_SUCCESS; } - return WOLFSSL_FAILURE; +#ifdef WOLFSSL_RW_THREADED + if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + ret = WOLFSSL_FAILURE; +#endif + return ret; +#else + (void)ssl; + (void)peer; + (void)peerSz; + return WOLFSSL_NOT_IMPLEMENTED; +#endif +} + +int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, + unsigned int* peerSz) +{ +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_RW_THREADED) + if (ssl == NULL) + return WOLFSSL_FAILURE; + + if (peer == NULL || peerSz == NULL) + return WOLFSSL_FAILURE; + + *peer = ssl->buffers.dtlsCtx.peer.sa; + *peerSz = ssl->buffers.dtlsCtx.peer.sz; + return WOLFSSL_SUCCESS; #else (void)ssl; (void)peer; @@ -1976,9 +2127,9 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) { if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0) - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; else - return SSL_FAILURE; + return WOLFSSL_FAILURE; } #endif /* OPENSSL_ALL || OPENSSL_EXTRA */ @@ -2073,6 +2224,13 @@ int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str) if (ctx != NULL) { ret = DtlsSrtpSelProfiles(&ctx->dtlsSrtpProfiles, profile_str); } + + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + ret = 1; + } else { + ret = 0; + } + return ret; } int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str) @@ -2081,6 +2239,13 @@ int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str) if (ssl != NULL) { ret = DtlsSrtpSelProfiles(&ssl->dtlsSrtpProfiles, profile_str); } + + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + ret = 1; + } else { + ret = 0; + } + return ret; } @@ -2171,7 +2336,7 @@ int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, word16 id) WOLFSSL_ENTER("wolfSSL_CTX_mcast_set_member_id"); - if (ctx == NULL || id > 255) + if (ctx == NULL || id > WOLFSSL_MAX_8BIT) ret = BAD_FUNC_ARG; if (ret == 0) { @@ -2306,7 +2471,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub) int i; WOLFSSL_ENTER("wolfSSL_mcast_peer_add"); - if (ssl == NULL || peerId > 255) + if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT) return BAD_FUNC_ARG; if (!sub) { @@ -2362,7 +2527,7 @@ int wolfSSL_mcast_peer_known(WOLFSSL* ssl, unsigned short peerId) WOLFSSL_ENTER("wolfSSL_mcast_peer_known"); - if (ssl == NULL || peerId > 255) { + if (ssl == NULL || peerId > WOLFSSL_MAX_8BIT) { return BAD_FUNC_ARG; } @@ -2418,7 +2583,7 @@ int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx) #endif /* WOLFSSL_LEANPSK */ - +#ifndef NO_TLS /* return underlying connect or accept, WOLFSSL_SUCCESS on ok */ int wolfSSL_negotiate(WOLFSSL* ssl) { @@ -2457,7 +2622,7 @@ int wolfSSL_negotiate(WOLFSSL* ssl) return err; } - +#endif /* !NO_TLS */ WOLFSSL_ABI WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl) @@ -2638,7 +2803,7 @@ int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats) #endif /* WOLFSSL_STATIC_MEMORY */ - +#ifndef NO_TLS /* return max record layer size plaintext input size */ int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl) { @@ -2686,6 +2851,14 @@ int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ctx->minEccKeySz > (keySz / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ctx->minEccKeySz = keySz / 8; #ifndef NO_CERTS ctx->cm->minEccKeySz = keySz / 8; @@ -2702,6 +2875,14 @@ int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ssl->options.minEccKeySz > (keySz / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ssl->options.minEccKeySz = keySz / 8; return WOLFSSL_SUCCESS; } @@ -2716,6 +2897,14 @@ int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ctx->minRsaKeySz > (keySz / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ctx->minRsaKeySz = keySz / 8; ctx->cm->minRsaKeySz = keySz / 8; return WOLFSSL_SUCCESS; @@ -2729,6 +2918,14 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ssl->options.minRsaKeySz > (keySz / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ssl->options.minRsaKeySz = keySz / 8; return WOLFSSL_SUCCESS; } @@ -2761,6 +2958,14 @@ int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits) if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0) return BAD_FUNC_ARG; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ctx->minDhKeySz > (keySz_bits / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ctx->minDhKeySz = keySz_bits / 8; return WOLFSSL_SUCCESS; } @@ -2771,6 +2976,14 @@ int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits) if (ssl == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0) return BAD_FUNC_ARG; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ssl->options.minDhKeySz > (keySz_bits / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ssl->options.minDhKeySz = keySz_bits / 8; return WOLFSSL_SUCCESS; } @@ -2781,6 +2994,14 @@ int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits) if (ctx == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0) return BAD_FUNC_ARG; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ctx->minDhKeySz > (keySz_bits / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ctx->maxDhKeySz = keySz_bits / 8; return WOLFSSL_SUCCESS; } @@ -2791,6 +3012,14 @@ int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz_bits) if (ssl == NULL || keySz_bits > 16000 || keySz_bits % 8 != 0) return BAD_FUNC_ARG; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + if (ssl->options.minDhKeySz > (keySz_bits / 8)) { + return CRYPTO_POLICY_FORBIDDEN; + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + ssl->options.maxDhKeySz = keySz_bits / 8; return WOLFSSL_SUCCESS; } @@ -2860,8 +3089,8 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_WRITE, WOLFSSL_SUCCESS); - ssl->cbmode = SSL_CB_WRITE; + ssl->CBIS(ssl, WOLFSSL_CB_WRITE, WOLFSSL_SUCCESS); + ssl->cbmode = WOLFSSL_CB_WRITE; } #endif ret = SendData(ssl, data, sz); @@ -2874,6 +3103,42 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) return ret; } +int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) +{ + int maxLength; + int usedLength; + + WOLFSSL_ENTER("wolfSSL_inject"); + + if (ssl == NULL || data == NULL || sz <= 0) + return BAD_FUNC_ARG; + + usedLength = (int)(ssl->buffers.inputBuffer.length - + ssl->buffers.inputBuffer.idx); + maxLength = (int)(ssl->buffers.inputBuffer.bufferSize - + (word32)usedLength); + + if (sz > maxLength) { + /* Need to make space */ + int ret; + if (ssl->buffers.clearOutputBuffer.length > 0) { + /* clearOutputBuffer points into so reallocating inputBuffer will + * invalidate clearOutputBuffer and lose app data */ + WOLFSSL_MSG("Can't inject while there is application data to read"); + return APP_DATA_READY; + } + ret = GrowInputBuffer(ssl, sz, usedLength); + if (ret < 0) + return ret; + } + + XMEMCPY(ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, + data, sz); + ssl->buffers.inputBuffer.length += sz; + + return WOLFSSL_SUCCESS; +} + static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) { int ret; @@ -2972,8 +3237,8 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) return BAD_FUNC_ARG; } if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS); - ssl->cbmode = SSL_CB_READ; + ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS); + ssl->cbmode = WOLFSSL_CB_READ; } #endif return wolfSSL_read_internal(ssl, data, sz, FALSE); @@ -2998,7 +3263,7 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz) } #endif /* WOLFSSL_MULTICAST */ - +#endif /* !NO_TLS */ /* helpers to set the device id, WOLFSSL_SUCCESS on ok */ WOLFSSL_ABI @@ -3045,6 +3310,7 @@ void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl) } +#ifndef NO_TLS #ifdef HAVE_SNI WOLFSSL_ABI @@ -3110,7 +3376,7 @@ int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, return BAD_FUNC_ARG; } -#endif /* NO_WOLFSSL_SERVER */ +#endif /* !NO_WOLFSSL_SERVER */ #endif /* HAVE_SNI */ @@ -3297,6 +3563,17 @@ static int isValidCurveGroup(word16 name) case WOLFSSL_FFDHE_8192: #ifdef WOLFSSL_HAVE_KYBER +#ifndef WOLFSSL_NO_ML_KEM + case WOLFSSL_ML_KEM_512: + case WOLFSSL_ML_KEM_768: + case WOLFSSL_ML_KEM_1024: + #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS) + case WOLFSSL_P256_ML_KEM_512: + case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P521_ML_KEM_1024: + #endif +#endif /* !WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_KYBER_ORIGINAL case WOLFSSL_KYBER_LEVEL1: case WOLFSSL_KYBER_LEVEL3: case WOLFSSL_KYBER_LEVEL5: @@ -3305,6 +3582,7 @@ static int isValidCurveGroup(word16 name) case WOLFSSL_P384_KYBER_LEVEL3: case WOLFSSL_P521_KYBER_LEVEL5: #endif +#endif /* WOLFSSL_KYBER_ORIGINAL */ #endif return 1; @@ -4100,7 +4378,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl) return ret; } - +#endif /* !NO_TLS */ /* get current error state value */ int wolfSSL_state(WOLFSSL* ssl) @@ -4156,12 +4434,12 @@ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h) /* returns SSL_WRITING, SSL_READING or SSL_NOTHING */ int wolfSSL_want(WOLFSSL* ssl) { - int rw_state = SSL_NOTHING; + int rw_state = WOLFSSL_NOTHING; if (ssl) { if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) - rw_state = SSL_READING; + rw_state = WOLFSSL_READING; else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)) - rw_state = SSL_WRITING; + rw_state = WOLFSSL_WRITING; } return rw_state; } @@ -4177,7 +4455,6 @@ int wolfSSL_want_read(WOLFSSL* ssl) return 0; } - /* return TRUE if current error is want write */ int wolfSSL_want_write(WOLFSSL* ssl) { @@ -4188,7 +4465,6 @@ int wolfSSL_want_write(WOLFSSL* ssl) return 0; } - char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data) { WOLFSSL_ENTER("wolfSSL_ERR_error_string"); @@ -4723,7 +4999,7 @@ int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx) #endif -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) /* connect enough to get peer cert chain */ int wolfSSL_connect_cert(WOLFSSL* ssl) { @@ -4757,9 +5033,7 @@ int wolfSSL_set_group_messages(WOLFSSL* ssl) /* make minVersion the internal equivalent SSL version */ static int SetMinVersionHelper(byte* minVersion, int version) { -#ifdef NO_TLS (void)minVersion; -#endif switch (version) { #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) @@ -4826,6 +5100,12 @@ int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + return CRYPTO_POLICY_FORBIDDEN; + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + return SetMinVersionHelper(&ctx->minDowngrade, version); } @@ -4840,6 +5120,12 @@ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version) return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (crypto_policy.enabled) { + return CRYPTO_POLICY_FORBIDDEN; + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + return SetMinVersionHelper(&ssl->options.minDowngrade, version); } @@ -4949,8 +5235,7 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version) InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side); return WOLFSSL_SUCCESS; } #endif /* !leanpsk */ @@ -5020,8 +5305,13 @@ int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert) return ret; tp = cm->tpTable[row]; while (tp) { - if (XMEMCMP(cert->subjectHash, tp->subjectNameHash, + if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + && (XMEMCMP(cert->issuerHash, tp->issuerHash, + SIGNER_DIGEST_SIZE) == 0) + #endif + ) ret = 1; #ifndef NO_SKID if (cert->extSubjKeyIdSet) { @@ -5061,8 +5351,13 @@ TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert) tp = cm->tpTable[row]; while (tp) { - if (XMEMCMP(cert->subjectHash, tp->subjectNameHash, + if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash, + SIGNER_DIGEST_SIZE) == 0) + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + && (XMEMCMP(cert->issuerHash, tp->issuerHash, SIGNER_DIGEST_SIZE) == 0) + #endif + ) ret = tp; #ifndef NO_SKID if (cert->extSubjKeyIdSet) { @@ -5328,6 +5623,10 @@ int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) #endif XMEMCPY(peerCert->subjectNameHash, cert->subjectHash, SIGNER_DIGEST_SIZE); + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + XMEMCPY(peerCert->issuerHash, cert->issuerHash, + SIGNER_DIGEST_SIZE); + #endif /* If Key Usage not set, all uses valid. */ peerCert->next = NULL; cert->subjectCN = 0; @@ -5569,6 +5868,29 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) row = HashSigner(signer->subjectNameHash); #endif + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) + /* Verify CA by TSIP so that generated tsip key is going to */ + /* be able to be used for peer's cert verification */ + /* TSIP is only able to handle USER CA, and only one CA. */ + /* Therefore, it doesn't need to call TSIP again if there is already */ + /* verified CA. */ + if ( ret == 0 && signer != NULL ) { + signer->cm_idx = row; + if (type == WOLFSSL_USER_CA) { + if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, + cert->maxIdx, + cert->sigCtx.CertAtt.pubkey_n_start, + cert->sigCtx.CertAtt.pubkey_n_len - 1, + cert->sigCtx.CertAtt.pubkey_e_start, + cert->sigCtx.CertAtt.pubkey_e_len - 1, + row/* cm index */)) + < 0) + WOLFSSL_MSG("Renesas_RootCertVerify() failed"); + else + WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); + } + } + #endif /* TSIP or SCE */ if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) { signer->next = cm->caTable[row]; @@ -5582,28 +5904,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) ret = BAD_MUTEX_E; } } -#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - /* Verify CA by TSIP so that generated tsip key is going to be able to */ - /* be used for peer's cert verification */ - /* TSIP is only able to handle USER CA, and only one CA. */ - /* Therefore, it doesn't need to call TSIP again if there is already */ - /* verified CA. */ - if ( ret == 0 && signer != NULL ) { - signer->cm_idx = row; - if (type == WOLFSSL_USER_CA) { - if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, cert->maxIdx, - cert->sigCtx.CertAtt.pubkey_n_start, - cert->sigCtx.CertAtt.pubkey_n_len - 1, - cert->sigCtx.CertAtt.pubkey_e_start, - cert->sigCtx.CertAtt.pubkey_e_len - 1, - row/* cm index */)) - < 0) - WOLFSSL_MSG("Renesas_RootCertVerify() failed"); - else - WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); - } - } -#endif /* TSIP or SCE */ WOLFSSL_MSG("\tFreeing Parsed CA"); FreeDecodedCert(cert); @@ -5628,12 +5928,48 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) static int wolfSSL_RAND_InitMutex(void); #endif +/* If we don't have static mutex initializers, but we do have static atomic + * initializers, activate WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS to leverage + * the latter. + * + * See further explanation below in wolfSSL_Init(). + */ +#ifndef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS + #if !defined(WOLFSSL_MUTEX_INITIALIZER) && !defined(SINGLE_THREADED) && \ + defined(WOLFSSL_ATOMIC_OPS) && defined(WOLFSSL_ATOMIC_INITIALIZER) + #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 1 + #else + #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0 + #endif +#elif defined(WOLFSSL_MUTEX_INITIALIZER) || defined(SINGLE_THREADED) + #undef WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS + #define WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS 0 +#endif + +#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS + #ifndef WOLFSSL_ATOMIC_OPS + #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_OPS + #endif + #ifndef WOLFSSL_ATOMIC_INITIALIZER + #error WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS requires WOLFSSL_ATOMIC_INITIALIZER + #endif + static wolfSSL_Atomic_Int inits_count_mutex_atomic_initing_flag = + WOLFSSL_ATOMIC_INITIALIZER(0); +#endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS && !WOLFSSL_MUTEX_INITIALIZER */ + #if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT) static void AtExitCleanup(void) { if (initRefCount > 0) { initRefCount = 1; (void)wolfSSL_Cleanup(); +#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS + if (inits_count_mutex_valid == 1) { + (void)wc_FreeMutex(&inits_count_mutex); + inits_count_mutex_valid = 0; + inits_count_mutex_atomic_initing_flag = 0; + } +#endif } } #endif @@ -5650,8 +5986,31 @@ int wolfSSL_Init(void) #ifndef WOLFSSL_MUTEX_INITIALIZER if (inits_count_mutex_valid == 0) { + #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS + + /* Without this mitigation, if two threads enter wolfSSL_Init() at the + * same time, and both see zero inits_count_mutex_valid, then both will + * run wc_InitMutex(&inits_count_mutex), leading to process corruption + * or (best case) a resource leak. + * + * When WOLFSSL_ATOMIC_INITIALIZER() is available, we can mitigate this + * by use an atomic counting int as a mutex. + */ + + if (wolfSSL_Atomic_Int_FetchAdd(&inits_count_mutex_atomic_initing_flag, + 1) != 0) + { + (void)wolfSSL_Atomic_Int_FetchSub( + &inits_count_mutex_atomic_initing_flag, 1); + return DEADLOCK_AVERTED_E; + } + #endif /* WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS */ if (wc_InitMutex(&inits_count_mutex) != 0) { WOLFSSL_MSG("Bad Init Mutex count"); + #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS + (void)wolfSSL_Atomic_Int_FetchSub( + &inits_count_mutex_atomic_initing_flag, 1); + #endif return BAD_MUTEX_E; } else { @@ -5758,6 +6117,11 @@ int wolfSSL_Init(void) #endif } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + /* System wide crypto policy disabled by default. */ + XMEMSET(&crypto_policy, 0, sizeof(crypto_policy)); +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + if (ret == WOLFSSL_SUCCESS) { initRefCount++; } @@ -5774,6 +6138,286 @@ int wolfSSL_Init(void) return ret; } +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) +/* Helper function for wolfSSL_crypto_policy_enable and + * wolfSSL_crypto_policy_enable_buffer. + * + * Parses the crypto policy string, verifies values, + * and sets in global crypto policy struct. Not thread + * safe. String length has already been verified. + * + * Returns WOLFSSL_SUCCESS on success. + * Returns CRYPTO_POLICY_FORBIDDEN if already enabled. + * Returns < 0 on misc error. + * */ +static int crypto_policy_parse(void) +{ + const char * hdr = WOLFSSL_SECLEVEL_STR; + int sec_level = 0; + size_t i = 0; + + /* All policies should begin with "@SECLEVEL=" (N={0..5}) followed + * by bulk cipher list. */ + if (XMEMCMP(crypto_policy.str, hdr, strlen(hdr)) != 0) { + WOLFSSL_MSG("error: crypto policy: invalid header"); + return WOLFSSL_BAD_FILE; + } + + { + /* Extract the security level. */ + char * policy_mem = crypto_policy.str; + policy_mem += strlen(hdr); + sec_level = (int) (*policy_mem - '0'); + } + + if (sec_level < MIN_WOLFSSL_SEC_LEVEL || + sec_level > MAX_WOLFSSL_SEC_LEVEL) { + WOLFSSL_MSG_EX("error: invalid SECLEVEL: %d", sec_level); + return WOLFSSL_BAD_FILE; + } + + /* Remove trailing '\r' or '\n'. */ + for (i = 0; i < MAX_WOLFSSL_CRYPTO_POLICY_SIZE; ++i) { + if (crypto_policy.str[i] == '\0') { + break; + } + + if (crypto_policy.str[i] == '\r' || crypto_policy.str[i] == '\n') { + crypto_policy.str[i] = '\0'; + break; + } + } + + #if defined(DEBUG_WOLFSSL_VERBOSE) + WOLFSSL_MSG_EX("info: SECLEVEL=%d", sec_level); + WOLFSSL_MSG_EX("info: using crypto-policy file: %s, %ld", policy_file, sz); + #endif /* DEBUG_WOLFSSL_VERBOSE */ + + crypto_policy.secLevel = sec_level; + crypto_policy.enabled = 1; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_FILESYSTEM +/* Enables wolfSSL system wide crypto-policy, using the given policy + * file arg. If NULL is passed, then the default system crypto-policy + * file that was set at configure time will be used instead. + * + * While enabled: + * - TLS methods, min key sizes, and cipher lists are all configured + * automatically by the policy. + * - Attempting to use lesser strength parameters will fail with + * error CRYPTO_POLICY_FORBIDDEN. + * + * Disable with wolfSSL_crypto_policy_disable. + * + * Note: the wolfSSL_crypto_policy_X API are not thread safe, and should + * only be called at program init time. + * + * Returns WOLFSSL_SUCCESS on success. + * Returns CRYPTO_POLICY_FORBIDDEN if already enabled. + * Returns < 0 on misc error. + * */ +int wolfSSL_crypto_policy_enable(const char * policy_file) +{ + XFILE file; + long sz = 0; + size_t n_read = 0; + + WOLFSSL_ENTER("wolfSSL_crypto_policy_enable"); + + if (wolfSSL_crypto_policy_is_enabled()) { + WOLFSSL_MSG_EX("error: crypto policy already enabled: %s", + policy_file); + return CRYPTO_POLICY_FORBIDDEN; + } + + if (policy_file == NULL) { + /* Use the configure-time default if NULL passed. */ + policy_file = WC_STRINGIFY(WOLFSSL_CRYPTO_POLICY_FILE); + } + + if (policy_file == NULL || *policy_file == '\0') { + WOLFSSL_MSG("error: crypto policy empty file"); + return BAD_FUNC_ARG; + } + + XMEMSET(&crypto_policy, 0, sizeof(crypto_policy)); + + file = XFOPEN(policy_file, "rb"); + + if (file == XBADFILE) { + WOLFSSL_MSG_EX("error: crypto policy file open failed: %s", + policy_file); + return WOLFSSL_BAD_FILE; + } + + if (XFSEEK(file, 0, XSEEK_END) != 0) { + WOLFSSL_MSG_EX("error: crypto policy file seek end failed: %s", + policy_file); + XFCLOSE(file); + return WOLFSSL_BAD_FILE; + } + + sz = XFTELL(file); + + if (XFSEEK(file, 0, XSEEK_SET) != 0) { + WOLFSSL_MSG_EX("error: crypto policy file seek failed: %s", + policy_file); + XFCLOSE(file); + return WOLFSSL_BAD_FILE; + } + + if (sz <= 0 || sz > MAX_WOLFSSL_CRYPTO_POLICY_SIZE) { + WOLFSSL_MSG_EX("error: crypto policy file %s, invalid size: %ld", + policy_file, sz); + XFCLOSE(file); + return WOLFSSL_BAD_FILE; + } + + n_read = XFREAD(crypto_policy.str, 1, sz, file); + XFCLOSE(file); + + if (n_read != (size_t) sz) { + WOLFSSL_MSG_EX("error: crypto policy file %s: read %zu, " + "expected %ld", policy_file, n_read, sz); + return WOLFSSL_BAD_FILE; + } + + crypto_policy.str[n_read] = '\0'; + + return crypto_policy_parse(); +} +#endif /* ! NO_FILESYSTEM */ + +/* Same behavior as wolfSSL_crypto_policy_enable, but loads + * via memory buf instead of file. + * + * Returns WOLFSSL_SUCCESS on success. + * Returns CRYPTO_POLICY_FORBIDDEN if already enabled. + * Returns < 0 on misc error. + * */ +int wolfSSL_crypto_policy_enable_buffer(const char * buf) +{ + size_t sz = 0; + + WOLFSSL_ENTER("wolfSSL_crypto_policy_enable_buffer"); + + if (wolfSSL_crypto_policy_is_enabled()) { + WOLFSSL_MSG_EX("error: crypto policy already enabled"); + return CRYPTO_POLICY_FORBIDDEN; + } + + if (buf == NULL || *buf == '\0') { + return BAD_FUNC_ARG; + } + + sz = XSTRLEN(buf); + + if (sz == 0 || sz > MAX_WOLFSSL_CRYPTO_POLICY_SIZE) { + return BAD_FUNC_ARG; + } + + XMEMSET(&crypto_policy, 0, sizeof(crypto_policy)); + XMEMCPY(crypto_policy.str, buf, sz); + + return crypto_policy_parse(); +} + +/* Returns whether the system wide crypto-policy is enabled. + * + * Returns 1 if enabled. + * 0 if disabled. + * */ +int wolfSSL_crypto_policy_is_enabled(void) +{ + WOLFSSL_ENTER("wolfSSL_crypto_policy_is_enabled"); + + return crypto_policy.enabled == 1; +} + +/* Disables the system wide crypto-policy. + * note: SSL and CTX structures already instantiated will + * keep their security policy parameters. This will only + * affect new instantiations. + * */ +void wolfSSL_crypto_policy_disable(void) +{ + WOLFSSL_ENTER("wolfSSL_crypto_policy_disable"); + crypto_policy.enabled = 0; + XMEMSET(&crypto_policy, 0, sizeof(crypto_policy)); + return; +} + +/* Get the crypto-policy bulk cipher list string. + * String is not owned by caller, should not be freed. + * + * Returns pointer to bulk cipher list string. + * Returns NULL if NOT enabled, or on error. + * */ +const char * wolfSSL_crypto_policy_get_ciphers(void) +{ + WOLFSSL_ENTER("wolfSSL_crypto_policy_get_ciphers"); + + if (crypto_policy.enabled == 1) { + /* The crypto policy config will have + * this form: + * "@SECLEVEL=2:kEECDH:kRSA..." */ + return crypto_policy.str; + } + + return NULL; +} + +/* Get the configured crypto-policy security level. + * A security level of 0 does not impose any additional + * restrictions. + * + * Returns 1 - 5 if enabled. + * Returns 0 if NOT enabled. + * */ +int wolfSSL_crypto_policy_get_level(void) +{ + if (crypto_policy.enabled == 1) { + return crypto_policy.secLevel; + } + + return 0; +} + +/* Get security level from ssl structure. + * @param ssl a pointer to WOLFSSL structure + */ +int wolfSSL_get_security_level(const WOLFSSL * ssl) +{ + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + return ssl->secLevel; +} + +#ifndef NO_WOLFSSL_STUB +/* + * Set security level (wolfSSL doesn't support setting the security level). + * + * The security level can only be set through a system wide crypto-policy + * with wolfSSL_crypto_policy_enable(). + * + * @param ssl a pointer to WOLFSSL structure + * @param level security level + */ +void wolfSSL_set_security_level(WOLFSSL * ssl, int level) +{ + WOLFSSL_ENTER("wolfSSL_set_security_level"); + (void)ssl; + (void)level; +} +#endif /* !NO_WOLFSSL_STUB */ + +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + #define WOLFSSL_SSL_LOAD_INCLUDED #include @@ -6511,17 +7155,17 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) switch (ctx->privateKeyType) { #ifndef NO_RSA case rsa_sa_algo: - type = EVP_PKEY_RSA; + type = WC_EVP_PKEY_RSA; break; #endif #ifdef HAVE_ECC case ecc_dsa_sa_algo: - type = EVP_PKEY_EC; + type = WC_EVP_PKEY_EC; break; #endif #ifdef WOLFSSL_SM2 case sm2_sa_algo: - type = EVP_PKEY_EC; + type = WC_EVP_PKEY_EC; break; #endif default: @@ -6616,7 +7260,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } if (ret == 1) { XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = EVP_PKEY_RSA; + pkey->type = WC_EVP_PKEY_RSA; pkey->ownRsa = 1; pkey->rsa = wolfssl_rsa_d2i(NULL, mem, memSz, @@ -6700,7 +7344,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } if (ret == 1) { XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = EVP_PKEY_EC; + pkey->type = WC_EVP_PKEY_EC; pkey->ownEcc = 1; pkey->ecc = wolfSSL_EC_KEY_new(); @@ -6788,7 +7432,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } if (ret == 1) { XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = EVP_PKEY_DSA; + pkey->type = WC_EVP_PKEY_DSA; pkey->ownDsa = 1; pkey->dsa = wolfSSL_DSA_new(); @@ -6872,7 +7516,7 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } if (ret == 1) { XMEMCPY(pkey->pkey.ptr, mem, memSz); - pkey->type = EVP_PKEY_DH; + pkey->type = WC_EVP_PKEY_DH; pkey->ownDh = 1; pkey->dh = wolfSSL_DH_new(); @@ -6947,7 +7591,7 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } ret = 1; - pkey->type = EVP_PKEY_DH; + pkey->type = WC_EVP_PKEY_DH; pkey->pkey_sz = (int)memSz; pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : @@ -7063,7 +7707,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, return 0; } } - pkey->type = EVP_PKEY_FALCON; + pkey->type = WC_EVP_PKEY_FALCON; pkey->pkey.ptr = NULL; pkey->pkey_sz = 0; @@ -7148,7 +7792,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, return 0; } } - pkey->type = EVP_PKEY_DILITHIUM; + pkey->type = WC_EVP_PKEY_DILITHIUM; pkey->pkey.ptr = NULL; pkey->pkey_sz = 0; @@ -7542,14 +8186,14 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, WOLFSSL_MSG("Found PKCS8 header"); pkcs8HeaderSz = (word16)idx; - if ((type == EVP_PKEY_RSA && algId != RSAk + if ((type == WC_EVP_PKEY_RSA && algId != RSAk #ifdef WC_RSA_PSS && algId != RSAPSSk #endif ) || - (type == EVP_PKEY_EC && algId != ECDSAk) || - (type == EVP_PKEY_DSA && algId != DSAk) || - (type == EVP_PKEY_DH && algId != DHk)) { + (type == WC_EVP_PKEY_EC && algId != ECDSAk) || + (type == WC_EVP_PKEY_DSA && algId != DSAk) || + (type == WC_EVP_PKEY_DH && algId != DHk)) { WOLFSSL_MSG("PKCS8 does not match EVP key type"); return NULL; } @@ -7589,7 +8233,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, switch (type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC; local->ownRsa = 1; local->rsa = wolfssl_rsa_d2i(NULL, @@ -7601,7 +8245,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, break; #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: local->ownEcc = 1; local->ecc = wolfSSL_EC_KEY_new(); if (local->ecc == NULL) { @@ -7621,7 +8265,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, #endif /* HAVE_ECC */ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: local->ownDsa = 1; local->dsa = wolfSSL_DSA_new(); if (local->dsa == NULL) { @@ -7640,7 +8284,7 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, #endif /* NO_DSA */ #ifndef NO_DH #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: local->ownDh = 1; local->dh = wolfSSL_DH_new(); if (local->dh == NULL) { @@ -7725,7 +8369,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, switch (type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: { RsaKey* key; local->ownRsa = 1; @@ -7744,7 +8388,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, } #endif /* !NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: { ecc_key* key; local->ownEcc = 1; @@ -9116,7 +9760,13 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; if (!ssl->options.handShakeDone) { - int result = DtlsMsgPoolSend(ssl, 0); + int result; +#ifdef WOLFSSL_DTLS13 + if (IsAtLeastTLSv1_3(ssl->version)) + result = Dtls13DoScheduledWork(ssl); + else +#endif + result = DtlsMsgPoolSend(ssl, 0); if (result < 0) { ssl->error = result; WOLFSSL_ERROR(result); @@ -9124,7 +9774,7 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl) } } - return 0; + return WOLFSSL_SUCCESS; } #endif /* DTLS */ @@ -9198,7 +9848,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, /* EITHER SIDE METHODS */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) +#if !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) WOLFSSL_METHOD* wolfSSLv23_method(void) { return wolfSSLv23_method_ex(NULL); @@ -9244,10 +9894,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, } #endif #endif -#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ +#endif /* !NO_TLS && (OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE) */ /* client only parts */ -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv2_client_method(void) @@ -9341,8 +9991,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS); - ssl->cbmode = SSL_CB_WRITE; + ssl->CBIS(ssl, WOLFSSL_ST_CONNECT, WOLFSSL_SUCCESS); + ssl->cbmode = WOLFSSL_CB_WRITE; } #endif #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ @@ -9747,11 +10397,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || !WOLFSSL_TLS13 */ } -#endif /* NO_WOLFSSL_CLIENT */ - +#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */ +/* end client only parts */ /* server only parts */ -#ifndef NO_WOLFSSL_SERVER +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) #if defined(OPENSSL_EXTRA) && !defined(NO_OLD_TLS) WOLFSSL_METHOD* wolfSSLv2_server_method(void) @@ -10288,9 +10938,81 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif /* !WOLFSSL_NO_TLS12 */ } -#endif /* NO_WOLFSSL_SERVER */ +#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */ +/* end server only parts */ + #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) +struct chGoodDisableReadCbCtx { + ClientHelloGoodCb userCb; + void* userCtx; +}; + +static int chGoodDisableReadCB(WOLFSSL* ssl, void* ctx) +{ + struct chGoodDisableReadCbCtx* cb = (struct chGoodDisableReadCbCtx*)ctx; + int ret = 0; + if (cb->userCb != NULL) + ret = cb->userCb(ssl, cb->userCtx); + if (ret >= 0) + wolfSSL_SSLDisableRead(ssl); + return ret; +} + +/** + * Statelessly listen for a connection + * @param ssl The ssl object to use for listening to connections + * @return WOLFSSL_SUCCESS - ClientHello containing a valid cookie was received + * The connection can be continued with wolfSSL_accept + * WOLFSSL_FAILURE - The I/O layer returned WANT_READ. This is either + * because there is no data to read and we are using + * non-blocking sockets or we sent a cookie request + * and we are waiting for a reply. The user should + * call wolfDTLS_accept_stateless again after data + * becomes available in the I/O layer. + * WOLFSSL_FATAL_ERROR - A fatal error occurred. The ssl object should + * be free'd and allocated again to continue. + */ +int wolfDTLS_accept_stateless(WOLFSSL* ssl) +{ + byte disableRead; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + struct chGoodDisableReadCbCtx cb; + + WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); + + if (ssl == NULL) + return WOLFSSL_FATAL_ERROR; + + /* Save this to restore it later */ + disableRead = (byte)ssl->options.disableRead; + cb.userCb = ssl->chGoodCb; + cb.userCtx = ssl->chGoodCtx; + + /* Register our own callback so that we can disable reading */ + if (wolfDTLS_SetChGoodCb(ssl, chGoodDisableReadCB, &cb) != WOLFSSL_SUCCESS) + return WOLFSSL_FATAL_ERROR; + + ret = wolfSSL_accept(ssl); + /* restore user options */ + ssl->options.disableRead = disableRead; + (void)wolfDTLS_SetChGoodCb(ssl, cb.userCb, cb.userCtx); + if (ret == WOLFSSL_SUCCESS) { + WOLFSSL_MSG("should not happen. maybe the user called " + "wolfDTLS_accept_stateless instead of wolfSSL_accept"); + } + else if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) { + if (ssl->options.dtlsStateful) + ret = WOLFSSL_SUCCESS; + else + ret = WOLFSSL_FAILURE; + } + else { + ret = WOLFSSL_FATAL_ERROR; + } + return ret; +} + int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx) { WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); @@ -10362,6 +11084,10 @@ int wolfSSL_Cleanup(void) if (!release) return ret; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + wolfSSL_crypto_policy_disable(); +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + #ifdef OPENSSL_EXTRA wolfSSL_BN_free_one(); #endif @@ -10409,7 +11135,8 @@ int wolfSSL_Cleanup(void) #endif #endif /* !NO_SESSION_CACHE */ -#ifndef WOLFSSL_MUTEX_INITIALIZER +#if !defined(WOLFSSL_MUTEX_INITIALIZER) && \ + !WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS if ((inits_count_mutex_valid == 1) && (wc_FreeMutex(&inits_count_mutex) != 0)) { if (ret == WOLFSSL_SUCCESS) @@ -10450,11 +11177,7 @@ int wolfSSL_Cleanup(void) #endif #endif -#if defined(HAVE_EX_DATA) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ - defined(WOLFSSL_WPAS_SMALL) +#ifdef HAVE_EX_DATA_CRYPTO crypto_ex_cb_free(crypto_ex_cb_ctx_session); crypto_ex_cb_ctx_session = NULL; #endif @@ -10535,7 +11258,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifndef USE_WINDOWS_API - #ifndef NO_WRITEV + #if !defined(NO_WRITEV) && !defined(NO_TLS) /* simulate writev semantics, doesn't actually do block at a time though because of SSL_write behavior and because front adds may be small */ @@ -10810,8 +11533,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side); } #ifdef OPENSSL_EXTRA /** @@ -10867,8 +11589,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side); } const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl) @@ -11031,18 +11752,30 @@ int wolfSSL_set_compression(WOLFSSL* ssl) int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx) { + int ret; + WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts"); if (ctx == NULL) return BAD_FUNC_ARG; + ret = wolfSSL_RefWithMutexLock(&ctx->ref); + if (ret < 0) + return ret; + if (ctx->ref.count > 1) { WOLFSSL_MSG("ctx object must have a ref count of 1 before " "unloading intermediate certs"); - return BAD_STATE_E; + ret = BAD_STATE_E; + } + else { + ret = wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm); } - return wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm); + if (wolfSSL_RefWithMutexUnlock(&ctx->ref) != 0) + WOLFSSL_MSG("Failed to unlock mutex!"); + + return ret; } @@ -11190,11 +11923,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* User programs should always retry reading from these BIOs */ if (rd) { /* User writes to rd */ - BIO_set_retry_write(rd); + wolfSSL_BIO_set_retry_write(rd); } if (wr) { /* User reads from wr */ - BIO_set_retry_read(wr); + wolfSSL_BIO_set_retry_read(wr); } } @@ -11289,6 +12022,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } return WOLFSSL_FAILURE; } + +#ifndef NO_TLS WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, byte second) { @@ -11304,6 +12039,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) info.psk = (byte)CipherRequires(first, second, REQUIRES_PSK); return info; } +#endif /** * @param first First byte of the hash and signature algorithm @@ -12587,6 +13323,7 @@ int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version) if (ctx == NULL) { return WOLFSSL_FAILURE; } + if (version != 0) { proto = version; ctx->minProto = 0; /* turn min proto flag off */ @@ -13139,7 +13876,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, unsigned long wolfSSLeay(void) { +#ifdef SSLEAY_VERSION_NUMBER return SSLEAY_VERSION_NUMBER; +#else + return OPENSSL_VERSION_NUMBER; +#endif } unsigned long wolfSSL_OpenSSL_version_num(void) @@ -13296,7 +14037,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("wolfSSL_CTX_set_mode"); switch(mode) { - case SSL_MODE_ENABLE_PARTIAL_WRITE: + case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE: ctx->partialWrite = 1; break; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) @@ -13304,14 +14045,14 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); break; #endif - case SSL_MODE_AUTO_RETRY: + case WOLFSSL_MODE_AUTO_RETRY: ctx->autoRetry = 1; break; default: WOLFSSL_MSG("Mode Not Implemented"); } - /* SSL_MODE_AUTO_RETRY + /* WOLFSSL_MODE_AUTO_RETRY * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */ return mode; @@ -13323,7 +14064,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("wolfSSL_CTX_clear_mode"); switch(mode) { - case SSL_MODE_ENABLE_PARTIAL_WRITE: + case WOLFSSL_MODE_ENABLE_PARTIAL_WRITE: ctx->partialWrite = 0; break; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) @@ -13331,14 +14072,14 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); break; #endif - case SSL_MODE_AUTO_RETRY: + case WOLFSSL_MODE_AUTO_RETRY: ctx->autoRetry = 0; break; default: WOLFSSL_MSG("Mode Not Implemented"); } - /* SSL_MODE_AUTO_RETRY + /* WOLFSSL_MODE_AUTO_RETRY * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */ return 0; @@ -13484,7 +14225,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, * * file output pointer to file where error happened * line output to line number of error - * data output data. Is a string if ERR_TXT_STRING flag is used + * data output data. Is a string if WOLFSSL_ERR_TXT_STRING flag is used * flags output format of output * * Returns the error value or 0 if no errors are in the queue @@ -13498,7 +14239,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); if (flags != NULL) - *flags = ERR_TXT_STRING; /* Clear the flags */ + *flags = WOLFSSL_ERR_TXT_STRING; /* Clear the flags */ ret = wc_PullErrorNode(file, data, line); if (ret < 0) { @@ -14540,6 +15281,42 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) * check to override this result in the case of a hybrid. */ if (IsAtLeastTLSv1_3(ssl->version)) { switch (ssl->namedGroup) { +#ifndef WOLFSSL_NO_ML_KEM +#ifdef HAVE_LIBOQS + case WOLFSSL_ML_KEM_512: + return "ML_KEM_512"; + case WOLFSSL_ML_KEM_768: + return "ML_KEM_768"; + case WOLFSSL_ML_KEM_1024: + return "ML_KEM_1024"; + case WOLFSSL_P256_ML_KEM_512: + return "P256_ML_KEM_512"; + case WOLFSSL_P384_ML_KEM_768: + return "P384_ML_KEM_768"; + case WOLFSSL_P521_ML_KEM_1024: + return "P521_ML_KEM_1024"; +#elif defined(WOLFSSL_WC_KYBER) + #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + return "ML_KEM_512"; + case WOLFSSL_P256_ML_KEM_512: + return "P256_ML_KEM_512"; + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + return "ML_KEM_768"; + case WOLFSSL_P384_ML_KEM_768: + return "P384_ML_KEM_768"; + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + return "ML_KEM_1024"; + case WOLFSSL_P521_ML_KEM_1024: + return "P521_ML_KEM_1024"; + #endif +#endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef HAVE_LIBOQS case WOLFSSL_KYBER_LEVEL1: return "KYBER_LEVEL1"; @@ -14554,24 +15331,25 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) case WOLFSSL_P521_KYBER_LEVEL5: return "P521_KYBER_LEVEL5"; #elif defined(WOLFSSL_WC_KYBER) - #ifdef WOLFSSL_KYBER512 + #ifndef WOLFSSL_NO_KYBER512 case WOLFSSL_KYBER_LEVEL1: return "KYBER_LEVEL1"; case WOLFSSL_P256_KYBER_LEVEL1: return "P256_KYBER_LEVEL1"; #endif - #ifdef WOLFSSL_KYBER768 + #ifndef WOLFSSL_NO_KYBER768 case WOLFSSL_KYBER_LEVEL3: return "KYBER_LEVEL3"; case WOLFSSL_P384_KYBER_LEVEL3: return "P384_KYBER_LEVEL3"; #endif - #ifdef WOLFSSL_KYBER1024 + #ifndef WOLFSSL_NO_KYBER1024 case WOLFSSL_KYBER_LEVEL5: return "KYBER_LEVEL5"; case WOLFSSL_P521_KYBER_LEVEL5: return "P521_KYBER_LEVEL5"; #endif +#endif #endif } } @@ -14610,7 +15388,7 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* return authentication NID corresponding to cipher suite * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found + * return NID if found, WC_NID_undef if not found */ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) { @@ -14618,12 +15396,12 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) const char* alg_name; const int nid; } authnid_tbl[] = { - {"RSA", NID_auth_rsa}, - {"PSK", NID_auth_psk}, - {"SRP", NID_auth_srp}, - {"ECDSA", NID_auth_ecdsa}, - {"None", NID_auth_null}, - {NULL, NID_undef} + {"RSA", WC_NID_auth_rsa}, + {"PSK", WC_NID_auth_psk}, + {"SRP", WC_NID_auth_srp}, + {"ECDSA", WC_NID_auth_ecdsa}, + {"None", WC_NID_auth_null}, + {NULL, WC_NID_undef} }; const char* authStr; @@ -14631,7 +15409,7 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) if (GetCipherSegment(cipher, n) == NULL) { WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; + return WC_NID_undef; } authStr = GetCipherAuthStr(n); @@ -14645,11 +15423,11 @@ int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher) } } - return NID_undef; + return WC_NID_undef; } /* return cipher NID corresponding to cipher suite * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found + * return NID if found, WC_NID_undef if not found */ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) { @@ -14657,18 +15435,18 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) const char* alg_name; const int nid; } ciphernid_tbl[] = { - {"AESGCM(256)", NID_aes_256_gcm}, - {"AESGCM(128)", NID_aes_128_gcm}, - {"AESCCM(128)", NID_aes_128_ccm}, - {"AES(128)", NID_aes_128_cbc}, - {"AES(256)", NID_aes_256_cbc}, - {"CAMELLIA(256)", NID_camellia_256_cbc}, - {"CAMELLIA(128)", NID_camellia_128_cbc}, - {"RC4", NID_rc4}, - {"3DES", NID_des_ede3_cbc}, - {"CHACHA20/POLY1305(256)", NID_chacha20_poly1305}, - {"None", NID_undef}, - {NULL, NID_undef} + {"AESGCM(256)", WC_NID_aes_256_gcm}, + {"AESGCM(128)", WC_NID_aes_128_gcm}, + {"AESCCM(128)", WC_NID_aes_128_ccm}, + {"AES(128)", WC_NID_aes_128_cbc}, + {"AES(256)", WC_NID_aes_256_cbc}, + {"CAMELLIA(256)", WC_NID_camellia_256_cbc}, + {"CAMELLIA(128)", WC_NID_camellia_128_cbc}, + {"RC4", WC_NID_rc4}, + {"3DES", WC_NID_des_ede3_cbc}, + {"CHACHA20/POLY1305(256)", WC_NID_chacha20_poly1305}, + {"None", WC_NID_undef}, + {NULL, WC_NID_undef} }; const char* encStr; @@ -14678,7 +15456,7 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) if (GetCipherSegment(cipher, n) == NULL) { WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; + return WC_NID_undef; } encStr = GetCipherEncStr(n); @@ -14692,11 +15470,11 @@ int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher) } } - return NID_undef; + return WC_NID_undef; } /* return digest NID corresponding to cipher suite * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found + * return NID if found, WC_NID_undef if not found */ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) { @@ -14704,10 +15482,10 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) const char* alg_name; const int nid; } macnid_tbl[] = { - {"SHA1", NID_sha1}, - {"SHA256", NID_sha256}, - {"SHA384", NID_sha384}, - {NULL, NID_undef} + {"SHA1", WC_NID_sha1}, + {"SHA256", WC_NID_sha256}, + {"SHA384", WC_NID_sha384}, + {NULL, WC_NID_undef} }; const char* name; @@ -14719,12 +15497,12 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) if ((name = GetCipherSegment(cipher, n)) == NULL) { WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; + return WC_NID_undef; } - /* in MD5 case, NID will be NID_md5 */ + /* in MD5 case, NID will be WC_NID_md5 */ if (XSTRSTR(name, "MD5") != NULL) { - return NID_md5; + return WC_NID_md5; } macStr = GetCipherMacStr(n); @@ -14738,11 +15516,11 @@ int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher) } } - return NID_undef; + return WC_NID_undef; } /* return key exchange NID corresponding to cipher suite * @param cipher a pointer to WOLFSSL_CIPHER - * return NID if found, NID_undef if not found + * return NID if found, WC_NID_undef if not found */ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) { @@ -14750,15 +15528,15 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) const char* name; const int nid; } kxnid_table[] = { - {"ECDHEPSK", NID_kx_ecdhe_psk}, - {"ECDH", NID_kx_ecdhe}, - {"DHEPSK", NID_kx_dhe_psk}, - {"DH", NID_kx_dhe}, - {"RSAPSK", NID_kx_rsa_psk}, - {"SRP", NID_kx_srp}, - {"EDH", NID_kx_dhe}, - {"RSA", NID_kx_rsa}, - {NULL, NID_undef} + {"ECDHEPSK", WC_NID_kx_ecdhe_psk}, + {"ECDH", WC_NID_kx_ecdhe}, + {"DHEPSK", WC_NID_kx_dhe_psk}, + {"DH", WC_NID_kx_dhe}, + {"RSAPSK", WC_NID_kx_rsa_psk}, + {"SRP", WC_NID_kx_srp}, + {"EDH", WC_NID_kx_dhe}, + {"RSA", WC_NID_kx_rsa}, + {NULL, WC_NID_undef} }; const char* keaStr; @@ -14768,12 +15546,12 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) if (GetCipherSegment(cipher, n) == NULL) { WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; + return WC_NID_undef; } - /* in TLS 1.3 case, NID will be NID_kx_any */ + /* in TLS 1.3 case, NID will be WC_NID_kx_any */ if (XSTRCMP(n[0], "TLS13") == 0) { - return NID_kx_any; + return WC_NID_kx_any; } keaStr = GetCipherKeaStr(n); @@ -14787,7 +15565,7 @@ int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher) } } - return NID_undef; + return WC_NID_undef; } /* check if cipher suite is AEAD * @param cipher a pointer to WOLFSSL_CIPHER @@ -14801,7 +15579,7 @@ int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher) if (GetCipherSegment(cipher, n) == NULL) { WOLFSSL_MSG("no suitable cipher name found"); - return NID_undef; + return WC_NID_undef; } return IsCipherAEAD(n); @@ -15386,12 +16164,12 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) } key_type = key->type; - if ((key_type != EVP_PKEY_EC) && (key_type != EVP_PKEY_RSA)) { + if ((key_type != WC_EVP_PKEY_EC) && (key_type != WC_EVP_PKEY_RSA)) { return WOLFSSL_FATAL_ERROR; } #ifndef NO_RSA - if (key_type == EVP_PKEY_RSA) { + if (key_type == WC_EVP_PKEY_RSA) { return wolfSSL_i2d_RSAPublicKey(key->rsa, der); } #endif @@ -15613,32 +16391,40 @@ unsigned long wolfSSL_ERR_peek_error(void) return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); } +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H +#include +#endif + int wolfSSL_ERR_GET_LIB(unsigned long err) { unsigned long value; value = (err & 0xFFFFFFL); switch (value) { - case -WC_NO_ERR_TRACE(PARSE_ERROR): - return ERR_LIB_SSL; - case -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER): - case PEM_R_NO_START_LINE: - case PEM_R_PROBLEMS_GETTING_PASSWORD: - case PEM_R_BAD_PASSWORD_READ: - case PEM_R_BAD_DECRYPT: - return ERR_LIB_PEM; - case EVP_R_BAD_DECRYPT: - case EVP_R_BN_DECODE_ERROR: - case EVP_R_DECODE_ERROR: - case EVP_R_PRIVATE_KEY_DECODE_ERROR: - return ERR_LIB_EVP; - case ASN1_R_HEADER_TOO_LONG: - return ERR_LIB_ASN1; + case -PARSE_ERROR: + return WOLFSSL_ERR_LIB_SSL; + case -ASN_NO_PEM_HEADER: + case -WOLFSSL_PEM_R_NO_START_LINE_E: + case -WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E: + case -WOLFSSL_PEM_R_BAD_PASSWORD_READ_E: + case -WOLFSSL_PEM_R_BAD_DECRYPT_E: + return WOLFSSL_ERR_LIB_PEM; + case -WOLFSSL_EVP_R_BAD_DECRYPT_E: + case -WOLFSSL_EVP_R_BN_DECODE_ERROR: + case -WOLFSSL_EVP_R_DECODE_ERROR: + case -WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR: + return WOLFSSL_ERR_LIB_EVP; + case -WOLFSSL_ASN1_R_HEADER_TOO_LONG_E: + return WOLFSSL_ERR_LIB_ASN1; default: return 0; } } +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES +#include +#endif + /* This function is to find global error values that are the same through out * all library version. With wolfSSL having only one set of error codes the * return value is pretty straight forward. The only thing needed is all wolfSSL @@ -15667,11 +16453,11 @@ int wolfSSL_ERR_GET_REASON(unsigned long err) return ASN1_R_HEADER_TOO_LONG; #endif - /* check if error value is in range of wolfSSL errors */ + /* check if error value is in range of wolfCrypt or wolfSSL errors */ ret = 0 - ret; /* setting as negative value */ - /* wolfCrypt range is less than MAX (-100) - wolfSSL range is MIN (-300) and lower */ - if ((ret <= WC_FIRST_E && ret >= WC_LAST_E) || + + if ((ret <= WC_SPAN1_FIRST_E && ret >= WC_SPAN1_LAST_E) || + (ret <= WC_SPAN2_FIRST_E && ret >= WC_SPAN2_LAST_E) || (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E)) { return ret; @@ -15684,6 +16470,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err) return ret; } +#ifndef NO_TLS /* returns a string that describes the alert * * alertID the alert value to look up @@ -15695,13 +16482,13 @@ const char* wolfSSL_alert_type_string_long(int alertID) return AlertTypeToString(alertID); } - const char* wolfSSL_alert_desc_string_long(int alertID) { WOLFSSL_ENTER("wolfSSL_alert_desc_string_long"); return AlertTypeToString(alertID); } +#endif /* !NO_TLS */ #define STATE_STRINGS_PROTO(s) \ { \ @@ -15850,10 +16637,10 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl) } /* Get state of callback */ - if (ssl->cbmode == SSL_CB_MODE_WRITE) { + if (ssl->cbmode == WOLFSSL_CB_MODE_WRITE) { cbmode = SS_WRITE; } - else if (ssl->cbmode == SSL_CB_MODE_READ) { + else if (ssl->cbmode == WOLFSSL_CB_MODE_READ) { cbmode = SS_READ; } else { @@ -15903,7 +16690,7 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl) } /* accept process */ - if (ssl->cbmode == SSL_CB_MODE_READ) { + if (ssl->cbmode == WOLFSSL_CB_MODE_READ) { state = ssl->cbtype; switch (state) { case hello_request: @@ -16204,9 +16991,8 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.useAnon, - TRUE, ssl->options.side); + ssl->options.useAnon, + TRUE, TRUE, TRUE, TRUE, ssl->options.side); } else { /* Only preserve overlapping suites */ @@ -16227,7 +17013,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) * - haveStaticECC turns off haveRSA * - haveECDSAsig turns off haveRSAsig */ InitSuites(&tmpSuites, ssl->version, 0, 1, 1, 1, haveECDSAsig, 1, 1, - haveStaticECC, 1, 1, 1, 1, ssl->options.side); + haveStaticECC, 1, 1, 1, 1, 1, ssl->options.side); for (in = 0, out = 0; in < ssl->suites->suiteSz; in += SUITE_LEN) { if (FindSuite(&tmpSuites, ssl->suites->suites[in], ssl->suites->suites[in+1]) >= 0) { @@ -16351,7 +17137,7 @@ long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) return BAD_FUNC_ARG; } - if (type == TLSEXT_STATUSTYPE_ocsp){ + if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){ int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0, s, s->heap, s->devId); return (long)r; @@ -16370,7 +17156,7 @@ long wolfSSL_get_tlsext_status_type(WOLFSSL *s) if (s == NULL) return WOLFSSL_FATAL_ERROR; extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST); - return extension != NULL ? TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR; + return extension != NULL ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR; } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ @@ -16429,20 +17215,20 @@ WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl) #ifndef NO_WOLFSSL_STUB /*** TBD ***/ -void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, +void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)) { (void)ctx; (void)dh; - WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback"); + WOLFSSL_STUB("WOLFSSL_CTX_set_tmp_dh_callback"); } #endif #ifndef NO_WOLFSSL_STUB /*** TBD ***/ -WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) +WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void) { - WOLFSSL_STUB("SSL_COMP_get_compression_methods"); + WOLFSSL_STUB("WOLFSSL_COMP_get_compression_methods"); return NULL; } #endif @@ -16464,7 +17250,7 @@ WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i) } #if !defined(NETOS) -void ERR_load_SSL_strings(void) +void wolfSSL_ERR_load_SSL_strings(void) { } @@ -16494,7 +17280,7 @@ long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, #endif /* HAVE_OCSP */ #ifdef HAVE_MAX_FRAGMENT -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) /** * Set max fragment tls extension * @param c a pointer to WOLFSSL_CTX object @@ -16522,7 +17308,7 @@ int wolfSSL_set_tlsext_max_fragment_length(WOLFSSL *s, unsigned char mode) return wolfSSL_UseMaxFragment(s, mode); } -#endif /* NO_WOLFSSL_CLIENT */ +#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */ #endif /* HAVE_MAX_FRAGMENT */ #endif /* OPENSSL_EXTRA */ @@ -17287,48 +18073,49 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) } #endif #endif /* OPENSSL_EXTRA */ + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifndef NO_CERTS /* oidCertExtType */ - { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints", + { WC_NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints", "X509v3 Basic Constraints"}, - { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName", + { WC_NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName", "X509v3 Subject Alternative Name"}, - { NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType, + { WC_NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType, "crlDistributionPoints", "X509v3 CRL Distribution Points"}, - { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess", + { WC_NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess", "Authority Information Access"}, - { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType, + { WC_NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType, "authorityKeyIdentifier", "X509v3 Authority Key Identifier"}, - { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType, + { WC_NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType, "subjectKeyIdentifier", "X509v3 Subject Key Identifier"}, - { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage", + { WC_NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage", "X509v3 Key Usage"}, - { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType, + { WC_NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType, "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"}, - { NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType, + { WC_NID_ext_key_usage, EXT_KEY_USAGE_OID, oidCertExtType, "extendedKeyUsage", "X509v3 Extended Key Usage"}, - { NID_name_constraints, NAME_CONS_OID, oidCertExtType, + { WC_NID_name_constraints, NAME_CONS_OID, oidCertExtType, "nameConstraints", "X509v3 Name Constraints"}, - { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType, + { WC_NID_certificate_policies, CERT_POLICY_OID, oidCertExtType, "certificatePolicies", "X509v3 Certificate Policies"}, /* oidCertAuthInfoType */ - { NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP", + { WC_NID_ad_OCSP, AIA_OCSP_OID, oidCertAuthInfoType, "OCSP", "OCSP"}, - { NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType, + { WC_NID_ad_ca_issuers, AIA_CA_ISSUER_OID, oidCertAuthInfoType, "caIssuers", "CA Issuers"}, /* oidCertPolicyType */ - { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy", + { WC_NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy", "X509v3 Any Policy"}, /* oidCertAltNameType */ - { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""}, + { WC_NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""}, /* oidCertKeyUseType */ - { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType, + { WC_NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType, "anyExtendedKeyUsage", "Any Extended Key Usage"}, { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType, "serverAuth", "TLS Web Server Authentication"}, @@ -17338,192 +18125,194 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { "OCSPSigning", "OCSP Signing"}, /* oidCertNameType */ - { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"}, + { WC_NID_commonName, WC_NID_commonName, oidCertNameType, "CN", "commonName"}, #if !defined(WOLFSSL_CERT_REQ) - { NID_surname, NID_surname, oidCertNameType, "SN", "surname"}, + { WC_NID_surname, WC_NID_surname, oidCertNameType, "SN", "surname"}, #endif - { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber", + { WC_NID_serialNumber, WC_NID_serialNumber, oidCertNameType, "serialNumber", "serialNumber"}, - { NID_userId, NID_userId, oidCertNameType, "UID", "userid"}, - { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"}, - { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"}, - { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST", + { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userid"}, + { WC_NID_countryName, WC_NID_countryName, oidCertNameType, "C", "countryName"}, + { WC_NID_localityName, WC_NID_localityName, oidCertNameType, "L", "localityName"}, + { WC_NID_stateOrProvinceName, WC_NID_stateOrProvinceName, oidCertNameType, "ST", "stateOrProvinceName"}, - { NID_streetAddress, NID_streetAddress, oidCertNameType, "street", + { WC_NID_streetAddress, WC_NID_streetAddress, oidCertNameType, "street", "streetAddress"}, - { NID_organizationName, NID_organizationName, oidCertNameType, "O", + { WC_NID_organizationName, WC_NID_organizationName, oidCertNameType, "O", "organizationName"}, - { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType, + { WC_NID_organizationalUnitName, WC_NID_organizationalUnitName, oidCertNameType, "OU", "organizationalUnitName"}, - { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress", + { WC_NID_emailAddress, WC_NID_emailAddress, oidCertNameType, "emailAddress", "emailAddress"}, - { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC", + { WC_NID_domainComponent, WC_NID_domainComponent, oidCertNameType, "DC", "domainComponent"}, - { NID_favouriteDrink, NID_favouriteDrink, oidCertNameType, "favouriteDrink", + { WC_NID_rfc822Mailbox, WC_NID_rfc822Mailbox, oidCertNameType, "rfc822Mailbox", + "rfc822Mailbox"}, + { WC_NID_favouriteDrink, WC_NID_favouriteDrink, oidCertNameType, "favouriteDrink", "favouriteDrink"}, - { NID_businessCategory, NID_businessCategory, oidCertNameType, + { WC_NID_businessCategory, WC_NID_businessCategory, oidCertNameType, "businessCategory", "businessCategory"}, - { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType, + { WC_NID_jurisdictionCountryName, WC_NID_jurisdictionCountryName, oidCertNameType, "jurisdictionC", "jurisdictionCountryName"}, - { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName, + { WC_NID_jurisdictionStateOrProvinceName, WC_NID_jurisdictionStateOrProvinceName, oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"}, - { NID_postalCode, NID_postalCode, oidCertNameType, "postalCode", + { WC_NID_postalCode, WC_NID_postalCode, oidCertNameType, "postalCode", "postalCode"}, - { NID_userId, NID_userId, oidCertNameType, "UID", "userId"}, + { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userId"}, #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL) - { NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID, + { WC_NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID, oidCsrAttrType, "challengePassword", "challengePassword"}, - { NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID, + { WC_NID_pkcs9_contentType, PKCS9_CONTENT_TYPE_OID, oidCsrAttrType, "contentType", "contentType" }, - { NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, + { WC_NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, oidCsrAttrType, "unstructuredName", "unstructuredName" }, - { NID_name, NAME_OID, oidCsrAttrType, "name", "name" }, - { NID_surname, SURNAME_OID, + { WC_NID_name, NAME_OID, oidCsrAttrType, "name", "name" }, + { WC_NID_surname, SURNAME_OID, oidCsrAttrType, "surname", "surname" }, - { NID_givenName, GIVEN_NAME_OID, + { WC_NID_givenName, GIVEN_NAME_OID, oidCsrAttrType, "givenName", "givenName" }, - { NID_initials, INITIALS_OID, + { WC_NID_initials, INITIALS_OID, oidCsrAttrType, "initials", "initials" }, - { NID_dnQualifier, DNQUALIFIER_OID, + { WC_NID_dnQualifier, DNQUALIFIER_OID, oidCsrAttrType, "dnQualifer", "dnQualifier" }, #endif #endif #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */ /* oidHashType */ #ifdef WOLFSSL_MD2 - { NID_md2, MD2h, oidHashType, "MD2", "md2"}, + { WC_NID_md2, MD2h, oidHashType, "MD2", "md2"}, #endif - #ifdef WOLFSSL_MD5 - { NID_md5, MD5h, oidHashType, "MD5", "md5"}, + #ifndef NO_MD5 + { WC_NID_md5, MD5h, oidHashType, "MD5", "md5"}, #endif #ifndef NO_SHA - { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"}, + { WC_NID_sha1, SHAh, oidHashType, "SHA1", "sha1"}, #endif #ifdef WOLFSSL_SHA224 - { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"}, + { WC_NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"}, #endif #ifndef NO_SHA256 - { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"}, + { WC_NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"}, #endif #ifdef WOLFSSL_SHA384 - { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"}, + { WC_NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"}, #endif #ifdef WOLFSSL_SHA512 - { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, + { WC_NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"}, #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - { NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, + { WC_NID_sha3_224, SHA3_224h, oidHashType, "SHA3-224", "sha3-224"}, #endif #ifndef WOLFSSL_NOSHA3_256 - { NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, + { WC_NID_sha3_256, SHA3_256h, oidHashType, "SHA3-256", "sha3-256"}, #endif #ifndef WOLFSSL_NOSHA3_384 - { NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, + { WC_NID_sha3_384, SHA3_384h, oidHashType, "SHA3-384", "sha3-384"}, #endif #ifndef WOLFSSL_NOSHA3_512 - { NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, + { WC_NID_sha3_512, SHA3_512h, oidHashType, "SHA3-512", "sha3-512"}, #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - { NID_sm3, SM3h, oidHashType, "SM3", "sm3"}, + { WC_NID_sm3, SM3h, oidHashType, "SM3", "sm3"}, #endif /* oidSigType */ #ifndef NO_DSA #ifndef NO_SHA - { NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"}, - { NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256", + { WC_NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"}, + { WC_NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256", "dsa_with_SHA256"}, #endif #endif /* NO_DSA */ #ifndef NO_RSA #ifdef WOLFSSL_MD2 - { NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2", + { WC_NID_md2WithRSAEncryption, CTC_MD2wRSA, oidSigType, "RSA-MD2", "md2WithRSAEncryption"}, #endif #ifndef NO_MD5 - { NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5", + { WC_NID_md5WithRSAEncryption, CTC_MD5wRSA, oidSigType, "RSA-MD5", "md5WithRSAEncryption"}, #endif #ifndef NO_SHA - { NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1", + { WC_NID_sha1WithRSAEncryption, CTC_SHAwRSA, oidSigType, "RSA-SHA1", "sha1WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA224 - { NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224", + { WC_NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224", "sha224WithRSAEncryption"}, #endif #ifndef NO_SHA256 - { NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256", + { WC_NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256", "sha256WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA384 - { NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384", + { WC_NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384", "sha384WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA512 - { NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512", + { WC_NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512", "sha512WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - { NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224", + { WC_NID_RSA_SHA3_224, CTC_SHA3_224wRSA, oidSigType, "RSA-SHA3-224", "sha3-224WithRSAEncryption"}, #endif #ifndef WOLFSSL_NOSHA3_256 - { NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256", + { WC_NID_RSA_SHA3_256, CTC_SHA3_256wRSA, oidSigType, "RSA-SHA3-256", "sha3-256WithRSAEncryption"}, #endif #ifndef WOLFSSL_NOSHA3_384 - { NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384", + { WC_NID_RSA_SHA3_384, CTC_SHA3_384wRSA, oidSigType, "RSA-SHA3-384", "sha3-384WithRSAEncryption"}, #endif #ifndef WOLFSSL_NOSHA3_512 - { NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512", + { WC_NID_RSA_SHA3_512, CTC_SHA3_512wRSA, oidSigType, "RSA-SHA3-512", "sha3-512WithRSAEncryption"}, #endif #endif #ifdef WC_RSA_PSS - { NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" }, + { WC_NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" }, #endif #endif /* NO_RSA */ #ifdef HAVE_ECC #ifndef NO_SHA - { NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1", + { WC_NID_ecdsa_with_SHA1, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1", "shaWithECDSA"}, #endif #ifdef WOLFSSL_SHA224 - { NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA224, CTC_SHA224wECDSA, oidSigType, "ecdsa-with-SHA224","sha224WithECDSA"}, #endif #ifndef NO_SHA256 - { NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA256, CTC_SHA256wECDSA, oidSigType, "ecdsa-with-SHA256","sha256WithECDSA"}, #endif #ifdef WOLFSSL_SHA384 - { NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA384, CTC_SHA384wECDSA, oidSigType, "ecdsa-with-SHA384","sha384WithECDSA"}, #endif #ifdef WOLFSSL_SHA512 - { NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA512, CTC_SHA512wECDSA, oidSigType, "ecdsa-with-SHA512","sha512WithECDSA"}, #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - { NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA3_224, CTC_SHA3_224wECDSA, oidSigType, "id-ecdsa-with-SHA3-224", "ecdsa_with_SHA3-224"}, #endif #ifndef WOLFSSL_NOSHA3_256 - { NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA3_256, CTC_SHA3_256wECDSA, oidSigType, "id-ecdsa-with-SHA3-256", "ecdsa_with_SHA3-256"}, #endif #ifndef WOLFSSL_NOSHA3_384 - { NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA3_384, CTC_SHA3_384wECDSA, oidSigType, "id-ecdsa-with-SHA3-384", "ecdsa_with_SHA3-384"}, #endif #ifndef WOLFSSL_NOSHA3_512 - { NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType, + { WC_NID_ecdsa_with_SHA3_512, CTC_SHA3_512wECDSA, oidSigType, "id-ecdsa-with-SHA3-512", "ecdsa_with_SHA3-512"}, #endif #endif @@ -17531,28 +18320,28 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { /* oidKeyType */ #ifndef NO_DSA - { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"}, + { WC_NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"}, #endif /* NO_DSA */ #ifndef NO_RSA - { NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption", + { WC_NID_rsaEncryption, RSAk, oidKeyType, "rsaEncryption", "rsaEncryption"}, #ifdef WC_RSA_PSS - { NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"}, + { WC_NID_rsassaPss, RSAPSSk, oidKeyType, "RSASSA-PSS", "rsassaPss"}, #endif #endif /* NO_RSA */ #ifdef HAVE_ECC - { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey", + { WC_NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey", "id-ecPublicKey"}, #endif /* HAVE_ECC */ #ifndef NO_DH - { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement", + { WC_NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement", "dhKeyAgreement"}, #endif #ifdef HAVE_ED448 - { NID_ED448, ED448k, oidKeyType, "ED448", "ED448"}, + { WC_NID_ED448, ED448k, oidKeyType, "ED448", "ED448"}, #endif #ifdef HAVE_ED25519 - { NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"}, + { WC_NID_ED25519, ED25519k, oidKeyType, "ED25519", "ED25519"}, #endif #ifdef HAVE_FALCON { CTC_FALCON_LEVEL1, FALCON_LEVEL1k, oidKeyType, "Falcon Level 1", @@ -17571,71 +18360,71 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { /* oidCurveType */ #ifdef HAVE_ECC - { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", + { WC_NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", "prime192v1"}, - { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", + { WC_NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", "prime192v2"}, - { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", + { WC_NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", "prime192v3"}, - { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", + { WC_NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", "prime239v1"}, - { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", + { WC_NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", "prime239v2"}, - { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", + { WC_NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", "prime239v3"}, - { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", + { WC_NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", "prime256v1"}, - { NID_secp112r1, ECC_SECP112R1_OID, oidCurveType, "secp112r1", + { WC_NID_secp112r1, ECC_SECP112R1_OID, oidCurveType, "secp112r1", "secp112r1"}, - { NID_secp112r2, ECC_SECP112R2_OID, oidCurveType, "secp112r2", + { WC_NID_secp112r2, ECC_SECP112R2_OID, oidCurveType, "secp112r2", "secp112r2"}, - { NID_secp128r1, ECC_SECP128R1_OID, oidCurveType, "secp128r1", + { WC_NID_secp128r1, ECC_SECP128R1_OID, oidCurveType, "secp128r1", "secp128r1"}, - { NID_secp128r2, ECC_SECP128R2_OID, oidCurveType, "secp128r2", + { WC_NID_secp128r2, ECC_SECP128R2_OID, oidCurveType, "secp128r2", "secp128r2"}, - { NID_secp160r1, ECC_SECP160R1_OID, oidCurveType, "secp160r1", + { WC_NID_secp160r1, ECC_SECP160R1_OID, oidCurveType, "secp160r1", "secp160r1"}, - { NID_secp160r2, ECC_SECP160R2_OID, oidCurveType, "secp160r2", + { WC_NID_secp160r2, ECC_SECP160R2_OID, oidCurveType, "secp160r2", "secp160r2"}, - { NID_secp224r1, ECC_SECP224R1_OID, oidCurveType, "secp224r1", + { WC_NID_secp224r1, ECC_SECP224R1_OID, oidCurveType, "secp224r1", "secp224r1"}, - { NID_secp384r1, ECC_SECP384R1_OID, oidCurveType, "secp384r1", + { WC_NID_secp384r1, ECC_SECP384R1_OID, oidCurveType, "secp384r1", "secp384r1"}, - { NID_secp521r1, ECC_SECP521R1_OID, oidCurveType, "secp521r1", + { WC_NID_secp521r1, ECC_SECP521R1_OID, oidCurveType, "secp521r1", "secp521r1"}, - { NID_secp160k1, ECC_SECP160K1_OID, oidCurveType, "secp160k1", + { WC_NID_secp160k1, ECC_SECP160K1_OID, oidCurveType, "secp160k1", "secp160k1"}, - { NID_secp192k1, ECC_SECP192K1_OID, oidCurveType, "secp192k1", + { WC_NID_secp192k1, ECC_SECP192K1_OID, oidCurveType, "secp192k1", "secp192k1"}, - { NID_secp224k1, ECC_SECP224K1_OID, oidCurveType, "secp224k1", + { WC_NID_secp224k1, ECC_SECP224K1_OID, oidCurveType, "secp224k1", "secp224k1"}, - { NID_secp256k1, ECC_SECP256K1_OID, oidCurveType, "secp256k1", + { WC_NID_secp256k1, ECC_SECP256K1_OID, oidCurveType, "secp256k1", "secp256k1"}, - { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID, oidCurveType, + { WC_NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID, oidCurveType, "brainpoolP160r1", "brainpoolP160r1"}, - { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID, oidCurveType, + { WC_NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID, oidCurveType, "brainpoolP192r1", "brainpoolP192r1"}, - { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID, oidCurveType, + { WC_NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID, oidCurveType, "brainpoolP224r1", "brainpoolP224r1"}, - { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID, oidCurveType, + { WC_NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID, oidCurveType, "brainpoolP256r1", "brainpoolP256r1"}, - { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID, oidCurveType, + { WC_NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID, oidCurveType, "brainpoolP320r1", "brainpoolP320r1"}, - { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID, oidCurveType, + { WC_NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID, oidCurveType, "brainpoolP384r1", "brainpoolP384r1"}, - { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID, oidCurveType, + { WC_NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID, oidCurveType, "brainpoolP512r1", "brainpoolP512r1"}, #ifdef WOLFSSL_SM2 - { NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"}, + { WC_NID_sm2, ECC_SM2P256V1_OID, oidCurveType, "sm2", "sm2"}, #endif #endif /* HAVE_ECC */ @@ -17650,17 +18439,17 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"}, #endif #ifndef NO_DES3 - { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"}, - { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"}, + { WC_NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"}, + { WC_NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"}, #endif /* !NO_DES3 */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - { NID_chacha20_poly1305, NID_chacha20_poly1305, oidBlkType, + { WC_NID_chacha20_poly1305, WC_NID_chacha20_poly1305, oidBlkType, "ChaCha20-Poly1305", "chacha20-poly1305"}, #endif /* oidOcspType */ #ifdef HAVE_OCSP - { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, + { WC_NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, "basicOCSPResponse", "Basic OCSP Response"}, { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce", "OCSP Nonce"}, #endif /* HAVE_OCSP */ @@ -17728,15 +18517,15 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #endif #if defined(WOLFSSL_APACHE_HTTPD) /* "1.3.6.1.5.5.7.8.7" */ - { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType, + { WC_NID_id_on_dnsSRV, WC_NID_id_on_dnsSRV, oidCertNameType, WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV }, /* "1.3.6.1.4.1.311.20.2.3" */ - { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN, + { WC_NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN, WOLFSSL_LN_MS_UPN }, /* "1.3.6.1.5.5.7.1.24" */ - { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType, + { WC_NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType, WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE }, #endif #endif /* OPENSSL_EXTRA */ @@ -17745,7 +18534,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #define WOLFSSL_OBJECT_INFO_SZ \ (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info)) const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ; -#endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Free the dynamically allocated data. @@ -17812,7 +18601,7 @@ unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len) return targetBuf; } -int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) +int wolfSSL_OPENSSL_init_ssl(word64 opts, const WOLFSSL_INIT_SETTINGS *settings) { (void)opts; (void)settings; @@ -17820,7 +18609,7 @@ int wolfSSL_OPENSSL_init_ssl(word64 opts, const OPENSSL_INIT_SETTINGS *settings) } int wolfSSL_OPENSSL_init_crypto(word64 opts, - const OPENSSL_INIT_SETTINGS* settings) + const WOLFSSL_INIT_SETTINGS* settings) { (void)opts; (void)settings; @@ -17871,31 +18660,31 @@ static int HashToNid(byte hashAlgo, int* nid) switch ((enum wc_MACAlgorithm)hashAlgo) { case no_mac: case rmd_mac: - *nid = NID_undef; + *nid = WC_NID_undef; break; case md5_mac: - *nid = NID_md5; + *nid = WC_NID_md5; break; case sha_mac: - *nid = NID_sha1; + *nid = WC_NID_sha1; break; case sha224_mac: - *nid = NID_sha224; + *nid = WC_NID_sha224; break; case sha256_mac: - *nid = NID_sha256; + *nid = WC_NID_sha256; break; case sha384_mac: - *nid = NID_sha384; + *nid = WC_NID_sha384; break; case sha512_mac: - *nid = NID_sha512; + *nid = WC_NID_sha512; break; case blake2b_mac: - *nid = NID_blake2b512; + *nid = WC_NID_blake2b512; break; case sm3_mac: - *nid = NID_sm3; + *nid = WC_NID_sm3; break; default: ret = WOLFSSL_FAILURE; @@ -17911,33 +18700,33 @@ static int SaToNid(byte sa, int* nid) /* Cast for compiler to check everything is implemented */ switch ((enum SignatureAlgorithm)sa) { case anonymous_sa_algo: - *nid = NID_undef; + *nid = WC_NID_undef; break; case rsa_sa_algo: - *nid = NID_rsaEncryption; + *nid = WC_NID_rsaEncryption; break; case dsa_sa_algo: - *nid = NID_dsa; + *nid = WC_NID_dsa; break; case ecc_dsa_sa_algo: - *nid = NID_X9_62_id_ecPublicKey; + *nid = WC_NID_X9_62_id_ecPublicKey; break; case rsa_pss_sa_algo: - *nid = NID_rsassaPss; + *nid = WC_NID_rsassaPss; break; case ed25519_sa_algo: #ifdef HAVE_ED25519 - *nid = NID_ED25519; + *nid = WC_NID_ED25519; #else ret = WOLFSSL_FAILURE; #endif break; case rsa_pss_pss_algo: - *nid = NID_rsassaPss; + *nid = WC_NID_rsassaPss; break; case ed448_sa_algo: #ifdef HAVE_ED448 - *nid = NID_ED448; + *nid = WC_NID_ED448; #else ret = WOLFSSL_FAILURE; #endif @@ -17958,7 +18747,7 @@ static int SaToNid(byte sa, int* nid) *nid = CTC_DILITHIUM_LEVEL5; break; case sm2_sa_algo: - *nid = NID_sm2; + *nid = WC_NID_sm2; break; case invalid_sa_algo: default: @@ -19060,8 +19849,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) if (bufSz) { XMEMCPY(buf, name, bufSz); } - else if (a->type == GEN_DNS || a->type == GEN_EMAIL || - a->type == GEN_URI) { + else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL || + a->type == WOLFSSL_GEN_URI) { bufSz = (int)XSTRLEN((const char*)a->obj); XMEMCPY(buf, a->obj, min((word32)bufSz, (word32)bufLen)); } @@ -19116,10 +19905,10 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) size_t i; WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn"); - if (n == NID_md5) { - /* NID_surname == NID_md5 and NID_surname comes before NID_md5 in + if (n == WC_NID_md5) { + /* WC_NID_surname == WC_NID_md5 and WC_NID_surname comes before WC_NID_md5 in * wolfssl_object_info. As a result, the loop below will incorrectly - * return "SN" instead of "MD5." NID_surname isn't the true OpenSSL + * return "SN" instead of "MD5." WC_NID_surname isn't the true OpenSSL * NID, but other functions rely on this table and modifying it to * conform with OpenSSL's NIDs isn't trivial. */ return "MD5"; @@ -19137,7 +19926,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) int wolfSSL_OBJ_sn2nid(const char *sn) { WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid"); if (sn == NULL) - return NID_undef; + return WC_NID_undef; return wc_OBJ_sn2nid(sn); } #endif @@ -19217,9 +20006,9 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) #ifdef WOLFSSL_QT if (o->grp == oidCertExtType) { - /* If nid is an unknown extension, return NID_undef */ + /* If nid is an unknown extension, return WC_NID_undef */ if (wolfSSL_OBJ_nid2sn(o->nid) == NULL) - return NID_undef; + return WC_NID_undef; } #endif @@ -19254,7 +20043,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } /* Return the corresponding NID for the long name - * or NID_undef if NID can't be found. + * or WC_NID_undef if NID can't be found. */ int wolfSSL_OBJ_ln2nid(const char *ln) { @@ -19281,7 +20070,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } } } - return NID_undef; + return WC_NID_undef; } /* compares two objects, return 0 if equal */ @@ -19333,7 +20122,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) /* Gets the NID value that is related to the OID string passed in. Example * string would be "2.5.29.14" for subject key ID. * - * returns NID value on success and NID_undef on error + * returns NID value on success and WC_NID_undef on error */ int wolfSSL_OBJ_txt2nid(const char* s) { @@ -19348,7 +20137,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); if (s == NULL) { - return NID_undef; + return WC_NID_undef; } #ifdef WOLFSSL_CERT_EXT @@ -19387,7 +20176,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } } - return NID_undef; + return WC_NID_undef; } #endif #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ @@ -19406,7 +20195,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name) { int i, ret; - int nid = NID_undef; + int nid = WC_NID_undef; unsigned int outSz = MAX_OID_SZ; unsigned char out[MAX_OID_SZ]; WOLFSSL_ASN1_OBJECT* obj; @@ -19453,7 +20242,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) } } - if (nid != NID_undef) + if (nid != WC_NID_undef) return wolfSSL_OBJ_nid2obj(nid); return NULL; @@ -19528,11 +20317,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) #endif /* OPENSSL_EXTRA */ -#if defined(HAVE_EX_DATA) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ - defined(WOLFSSL_WPAS_SMALL) +#ifdef HAVE_EX_DATA_CRYPTO CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session = NULL; static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr, @@ -19670,23 +20455,9 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, return WOLFSSL_FATAL_ERROR; return idx; } -#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ - -#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) -void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); -#ifdef HAVE_EX_DATA - if(ctx != NULL) { - return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx); - } -#else - (void)ctx; - (void)idx; -#endif - return NULL; -} +#endif /* HAVE_EX_DATA_CRYPTO */ +#ifdef HAVE_EX_DATA_CRYPTO int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, @@ -19712,21 +20483,35 @@ int wolfSSL_get_ex_new_index(long argValue, void* arg, return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, argValue, arg, cb1, cb2, cb3); } +#endif /* HAVE_EX_DATA_CRYPTO */ +#ifdef OPENSSL_EXTRA +void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); +#ifdef HAVE_EX_DATA + if (ctx != NULL) { + return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx); + } +#else + (void)ctx; + (void)idx; +#endif + return NULL; +} int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) { WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data"); - #ifdef HAVE_EX_DATA - if (ctx != NULL) - { +#ifdef HAVE_EX_DATA + if (ctx != NULL) { return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data); } - #else +#else (void)ctx; (void)idx; (void)data; - #endif +#endif return WOLFSSL_FAILURE; } @@ -19738,16 +20523,14 @@ int wolfSSL_CTX_set_ex_data_with_cleanup( wolfSSL_ex_data_cleanup_routine_t cleanup_routine) { WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data_with_cleanup"); - if (ctx != NULL) - { + if (ctx != NULL) { return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data, cleanup_routine); } return WOLFSSL_FAILURE; } #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - -#endif /* defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) */ +#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -19779,15 +20562,11 @@ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(HAVE_EX_DATA) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) - int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) { WOLFSSL_ENTER("wolfSSL_set_ex_data"); #ifdef HAVE_EX_DATA - if (ssl != NULL) - { + if (ssl != NULL) { return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data); } #else @@ -19831,8 +20610,6 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) return 0; } -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ - #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) @@ -20012,10 +20789,10 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) if ((ctrl_opt & WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) == WOLFSSL_OP_CIPHER_SERVER_PREFERENCE) { WOLFSSL_MSG("Using Server's Cipher Preference."); - ctx->useClientOrder = FALSE; + ctx->useClientOrder = 0; } else { WOLFSSL_MSG("Using Client's Cipher Preference."); - ctx->useClientOrder = TRUE; + ctx->useClientOrder = 1; } #endif /* WOLFSSL_QT */ @@ -20457,7 +21234,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) InitSSL_CTX_Suites(ctx); } - wolfSSL_RefInc(&ctx->ref, &ret); + wolfSSL_RefWithMutexInc(&ctx->ref, &ret); #ifdef WOLFSSL_REFCNT_ERROR_RETURN if (ret != 0) { /* can only fail on serious stuff, like mutex not working @@ -20701,10 +21478,10 @@ unsigned long wolfSSL_ERR_peek_last_error(void) return 0; } if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) - return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E); #if defined(WOLFSSL_PYTHON) if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) - return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; + return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); #endif return (unsigned long)ret; } @@ -20755,11 +21532,12 @@ WOLFSSL_CTX* wolfSSL_get_SSL_CTX(const WOLFSSL* ssl) return ssl->ctx; } -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \ - || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) /* TODO: Doesn't currently track SSL_VERIFY_CLIENT_ONCE */ -int wolfSSL_get_verify_mode(const WOLFSSL* ssl) { +int wolfSSL_get_verify_mode(const WOLFSSL* ssl) +{ int mode = 0; WOLFSSL_ENTER("wolfSSL_get_verify_mode"); @@ -20907,21 +21685,22 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, err = wc_PeekErrorNodeLineData(file, line, data, flags, peek_ignore_err); if (err == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) - return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; + return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E); #ifdef OPENSSL_ALL /* PARSE_ERROR is returned if an HTTP request is detected. */ else if (err == -WC_NO_ERR_TRACE(PARSE_ERROR)) - return (ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST; + return (WOLFSSL_ERR_LIB_SSL << 24) | -WC_NO_ERR_TRACE(PARSE_ERROR) /* SSL_R_HTTP_REQUEST */; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) else if (err == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) - return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; + return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); #endif return err; } #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if !defined(WOLFSSL_USER_IO) /* converts an IPv6 or IPv4 address into an octet string for use with rfc3280 @@ -21089,11 +21868,9 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) } return ssl->suitesStack; } -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) { WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout"); @@ -21133,7 +21910,7 @@ int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh) } #endif #ifndef NO_BIO -BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s) +WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s) { WOLFSSL_ENTER("wolfSSL_SSL_get_rbio"); /* Nginx sets the buffer size if the read BIO is different to write BIO. @@ -21144,7 +21921,7 @@ BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s) return s->biord; } -BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s) +WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s) { WOLFSSL_ENTER("wolfSSL_SSL_get_wbio"); (void)s; @@ -21158,6 +21935,7 @@ BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s) } #endif /* !NO_BIO */ +#ifndef NO_TLS int wolfSSL_SSL_do_handshake_internal(WOLFSSL *s) { WOLFSSL_ENTER("wolfSSL_SSL_do_handshake_internal"); @@ -21191,6 +21969,7 @@ int wolfSSL_SSL_do_handshake(WOLFSSL *s) #endif return wolfSSL_SSL_do_handshake_internal(s); } +#endif /* !NO_TLS */ #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L int wolfSSL_SSL_in_init(const WOLFSSL *ssl) @@ -21752,7 +22531,7 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen, byte lenIn, lenClient; if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL) - return OPENSSL_NPN_UNSUPPORTED; + return WOLFSSL_NPN_UNSUPPORTED; for (i = 0; i < inLen; i += lenIn) { lenIn = in[i++]; @@ -21765,14 +22544,14 @@ int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen, if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) { *out = (unsigned char *)(in + i); *outLen = lenIn; - return OPENSSL_NPN_NEGOTIATED; + return WOLFSSL_NPN_NEGOTIATED; } } } *out = (unsigned char *)clientNames + 1; *outLen = clientNames[0]; - return OPENSSL_NPN_NO_OVERLAP; + return WOLFSSL_NPN_NO_OVERLAP; } void wolfSSL_set_alpn_select_cb(WOLFSSL *ssl, @@ -21876,28 +22655,42 @@ int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, word16 curve_id) const WOLF_EC_NIST_NAME kNistCurves[] = { #ifdef HAVE_ECC - {CURVE_NAME("P-160"), NID_secp160r1, WOLFSSL_ECC_SECP160R1}, - {CURVE_NAME("P-160-2"), NID_secp160r2, WOLFSSL_ECC_SECP160R2}, - {CURVE_NAME("P-192"), NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1}, - {CURVE_NAME("P-224"), NID_secp224r1, WOLFSSL_ECC_SECP224R1}, - {CURVE_NAME("P-256"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, - {CURVE_NAME("P-384"), NID_secp384r1, WOLFSSL_ECC_SECP384R1}, - {CURVE_NAME("P-521"), NID_secp521r1, WOLFSSL_ECC_SECP521R1}, - {CURVE_NAME("K-160"), NID_secp160k1, WOLFSSL_ECC_SECP160K1}, - {CURVE_NAME("K-192"), NID_secp192k1, WOLFSSL_ECC_SECP192K1}, - {CURVE_NAME("K-224"), NID_secp224k1, WOLFSSL_ECC_SECP224R1}, - {CURVE_NAME("K-256"), NID_secp256k1, WOLFSSL_ECC_SECP256K1}, - {CURVE_NAME("B-256"), NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1}, - {CURVE_NAME("B-384"), NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1}, - {CURVE_NAME("B-512"), NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1}, + {CURVE_NAME("P-160"), WC_NID_secp160r1, WOLFSSL_ECC_SECP160R1}, + {CURVE_NAME("P-160-2"), WC_NID_secp160r2, WOLFSSL_ECC_SECP160R2}, + {CURVE_NAME("P-192"), WC_NID_X9_62_prime192v1, WOLFSSL_ECC_SECP192R1}, + {CURVE_NAME("P-224"), WC_NID_secp224r1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("P-256"), WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("P-384"), WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1}, + {CURVE_NAME("P-521"), WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1}, + {CURVE_NAME("K-160"), WC_NID_secp160k1, WOLFSSL_ECC_SECP160K1}, + {CURVE_NAME("K-192"), WC_NID_secp192k1, WOLFSSL_ECC_SECP192K1}, + {CURVE_NAME("K-224"), WC_NID_secp224k1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("K-256"), WC_NID_secp256k1, WOLFSSL_ECC_SECP256K1}, + {CURVE_NAME("B-256"), WC_NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1}, + {CURVE_NAME("B-384"), WC_NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1}, + {CURVE_NAME("B-512"), WC_NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1}, #endif #ifdef HAVE_CURVE25519 - {CURVE_NAME("X25519"), NID_X25519, WOLFSSL_ECC_X25519}, + {CURVE_NAME("X25519"), WC_NID_X25519, WOLFSSL_ECC_X25519}, #endif #ifdef HAVE_CURVE448 - {CURVE_NAME("X448"), NID_X448, WOLFSSL_ECC_X448}, + {CURVE_NAME("X448"), WC_NID_X448, WOLFSSL_ECC_X448}, #endif #ifdef WOLFSSL_HAVE_KYBER +#ifndef WOLFSSL_NO_ML_KEM + {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512}, + {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768}, + {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024}, +#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) + {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512, + WOLFSSL_P256_ML_KEM_512}, + {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768, + WOLFSSL_P384_ML_KEM_768}, + {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024, + WOLFSSL_P521_ML_KEM_1024}, +#endif +#endif /* !WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_KYBER_ORIGINAL {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, @@ -21906,19 +22699,20 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, #endif -#endif +#endif /* WOLFSSL_KYBER_ORIGINAL */ +#endif /* WOLFSSL_HAVE_KYBER */ #ifdef WOLFSSL_SM2 - {CURVE_NAME("SM2"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, + {CURVE_NAME("SM2"), WC_NID_sm2, WOLFSSL_ECC_SM2P256V1}, #endif #ifdef HAVE_ECC /* Alternative curve names */ - {CURVE_NAME("prime256v1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, - {CURVE_NAME("secp256r1"), NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, - {CURVE_NAME("secp384r1"), NID_secp384r1, WOLFSSL_ECC_SECP384R1}, - {CURVE_NAME("secp521r1"), NID_secp521r1, WOLFSSL_ECC_SECP521R1}, + {CURVE_NAME("prime256v1"), WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("secp256r1"), WC_NID_X9_62_prime256v1, WOLFSSL_ECC_SECP256R1}, + {CURVE_NAME("secp384r1"), WC_NID_secp384r1, WOLFSSL_ECC_SECP384R1}, + {CURVE_NAME("secp521r1"), WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1}, #endif #ifdef WOLFSSL_SM2 - {CURVE_NAME("sm2p256v1"), NID_sm2, WOLFSSL_ECC_SM2P256V1}, + {CURVE_NAME("sm2p256v1"), WC_NID_sm2, WOLFSSL_ECC_SM2P256V1}, #endif {0, NULL, 0, 0}, }; @@ -22031,7 +22825,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, else { disabled &= ~(1U << curve); } - #ifdef HAVE_SUPPORTED_CURVES + #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_TLS) #if !defined(WOLFSSL_OLD_SET_CURVES_LIST) /* using the wolfSSL API to set the groups, this will populate * (ssl|ctx)->groups and reset any TLSX_SUPPORTED_GROUPS. @@ -22054,7 +22848,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, goto leave; } #endif - #endif /* HAVE_SUPPORTED_CURVES */ + #endif /* HAVE_SUPPORTED_CURVES && !NO_TLS */ } if (ssl != NULL) @@ -22093,6 +22887,7 @@ int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) */ #endif /* OPENSSL_EXTRA || HAVE_CURL */ + #ifdef OPENSSL_EXTRA /* Sets a callback for when sending and receiving protocol messages. * This callback is copied to all WOLFSSL objects created from the ctx. @@ -22174,7 +22969,7 @@ void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, if (data == NULL || siz >= INT_MAX) return NULL; - ret = OPENSSL_malloc(siz); + ret = wolfSSL_OPENSSL_malloc(siz); if (ret == NULL) { return NULL; } @@ -22329,45 +23124,45 @@ word32 nid2oid(int nid, int grp) case oidHashType: switch (nid) { #ifdef WOLFSSL_MD2 - case NID_md2: + case WC_NID_md2: return MD2h; #endif #ifndef NO_MD5 - case NID_md5: + case WC_NID_md5: return MD5h; #endif #ifndef NO_SHA - case NID_sha1: + case WC_NID_sha1: return SHAh; #endif - case NID_sha224: + case WC_NID_sha224: return SHA224h; #ifndef NO_SHA256 - case NID_sha256: + case WC_NID_sha256: return SHA256h; #endif #ifdef WOLFSSL_SHA384 - case NID_sha384: + case WC_NID_sha384: return SHA384h; #endif #ifdef WOLFSSL_SHA512 - case NID_sha512: + case WC_NID_sha512: return SHA512h; #endif #ifndef WOLFSSL_NOSHA3_224 - case NID_sha3_224: + case WC_NID_sha3_224: return SHA3_224h; #endif #ifndef WOLFSSL_NOSHA3_256 - case NID_sha3_256: + case WC_NID_sha3_256: return SHA3_256h; #endif #ifndef WOLFSSL_NOSHA3_384 - case NID_sha3_384: + case WC_NID_sha3_384: return SHA3_384h; #endif #ifndef WOLFSSL_NOSHA3_512 - case NID_sha3_512: + case WC_NID_sha3_512: return SHA3_512h; #endif } @@ -22377,56 +23172,56 @@ word32 nid2oid(int nid, int grp) case oidSigType: switch (nid) { #ifndef NO_DSA - case NID_dsaWithSHA1: + case WC_NID_dsaWithSHA1: return CTC_SHAwDSA; - case NID_dsa_with_SHA256: + case WC_NID_dsa_with_SHA256: return CTC_SHA256wDSA; #endif /* NO_DSA */ #ifndef NO_RSA - case NID_md2WithRSAEncryption: + case WC_NID_md2WithRSAEncryption: return CTC_MD2wRSA; - case NID_md5WithRSAEncryption: + case WC_NID_md5WithRSAEncryption: return CTC_MD5wRSA; - case NID_sha1WithRSAEncryption: + case WC_NID_sha1WithRSAEncryption: return CTC_SHAwRSA; - case NID_sha224WithRSAEncryption: + case WC_NID_sha224WithRSAEncryption: return CTC_SHA224wRSA; - case NID_sha256WithRSAEncryption: + case WC_NID_sha256WithRSAEncryption: return CTC_SHA256wRSA; - case NID_sha384WithRSAEncryption: + case WC_NID_sha384WithRSAEncryption: return CTC_SHA384wRSA; - case NID_sha512WithRSAEncryption: + case WC_NID_sha512WithRSAEncryption: return CTC_SHA512wRSA; #ifdef WOLFSSL_SHA3 - case NID_RSA_SHA3_224: + case WC_NID_RSA_SHA3_224: return CTC_SHA3_224wRSA; - case NID_RSA_SHA3_256: + case WC_NID_RSA_SHA3_256: return CTC_SHA3_256wRSA; - case NID_RSA_SHA3_384: + case WC_NID_RSA_SHA3_384: return CTC_SHA3_384wRSA; - case NID_RSA_SHA3_512: + case WC_NID_RSA_SHA3_512: return CTC_SHA3_512wRSA; #endif #endif /* NO_RSA */ #ifdef HAVE_ECC - case NID_ecdsa_with_SHA1: + case WC_NID_ecdsa_with_SHA1: return CTC_SHAwECDSA; - case NID_ecdsa_with_SHA224: + case WC_NID_ecdsa_with_SHA224: return CTC_SHA224wECDSA; - case NID_ecdsa_with_SHA256: + case WC_NID_ecdsa_with_SHA256: return CTC_SHA256wECDSA; - case NID_ecdsa_with_SHA384: + case WC_NID_ecdsa_with_SHA384: return CTC_SHA384wECDSA; - case NID_ecdsa_with_SHA512: + case WC_NID_ecdsa_with_SHA512: return CTC_SHA512wECDSA; #ifdef WOLFSSL_SHA3 - case NID_ecdsa_with_SHA3_224: + case WC_NID_ecdsa_with_SHA3_224: return CTC_SHA3_224wECDSA; - case NID_ecdsa_with_SHA3_256: + case WC_NID_ecdsa_with_SHA3_256: return CTC_SHA3_256wECDSA; - case NID_ecdsa_with_SHA3_384: + case WC_NID_ecdsa_with_SHA3_384: return CTC_SHA3_384wECDSA; - case NID_ecdsa_with_SHA3_512: + case WC_NID_ecdsa_with_SHA3_512: return CTC_SHA3_512wECDSA; #endif #endif /* HAVE_ECC */ @@ -22437,15 +23232,15 @@ word32 nid2oid(int nid, int grp) case oidKeyType: switch (nid) { #ifndef NO_DSA - case NID_dsa: + case WC_NID_dsa: return DSAk; #endif /* NO_DSA */ #ifndef NO_RSA - case NID_rsaEncryption: + case WC_NID_rsaEncryption: return RSAk; #endif /* NO_RSA */ #ifdef HAVE_ECC - case NID_X9_62_id_ecPublicKey: + case WC_NID_X9_62_id_ecPublicKey: return ECDSAk; #endif /* HAVE_ECC */ } @@ -22455,59 +23250,59 @@ word32 nid2oid(int nid, int grp) #ifdef HAVE_ECC case oidCurveType: switch (nid) { - case NID_X9_62_prime192v1: + case WC_NID_X9_62_prime192v1: return ECC_SECP192R1_OID; - case NID_X9_62_prime192v2: + case WC_NID_X9_62_prime192v2: return ECC_PRIME192V2_OID; - case NID_X9_62_prime192v3: + case WC_NID_X9_62_prime192v3: return ECC_PRIME192V3_OID; - case NID_X9_62_prime239v1: + case WC_NID_X9_62_prime239v1: return ECC_PRIME239V1_OID; - case NID_X9_62_prime239v2: + case WC_NID_X9_62_prime239v2: return ECC_PRIME239V2_OID; - case NID_X9_62_prime239v3: + case WC_NID_X9_62_prime239v3: return ECC_PRIME239V3_OID; - case NID_X9_62_prime256v1: + case WC_NID_X9_62_prime256v1: return ECC_SECP256R1_OID; - case NID_secp112r1: + case WC_NID_secp112r1: return ECC_SECP112R1_OID; - case NID_secp112r2: + case WC_NID_secp112r2: return ECC_SECP112R2_OID; - case NID_secp128r1: + case WC_NID_secp128r1: return ECC_SECP128R1_OID; - case NID_secp128r2: + case WC_NID_secp128r2: return ECC_SECP128R2_OID; - case NID_secp160r1: + case WC_NID_secp160r1: return ECC_SECP160R1_OID; - case NID_secp160r2: + case WC_NID_secp160r2: return ECC_SECP160R2_OID; - case NID_secp224r1: + case WC_NID_secp224r1: return ECC_SECP224R1_OID; - case NID_secp384r1: + case WC_NID_secp384r1: return ECC_SECP384R1_OID; - case NID_secp521r1: + case WC_NID_secp521r1: return ECC_SECP521R1_OID; - case NID_secp160k1: + case WC_NID_secp160k1: return ECC_SECP160K1_OID; - case NID_secp192k1: + case WC_NID_secp192k1: return ECC_SECP192K1_OID; - case NID_secp224k1: + case WC_NID_secp224k1: return ECC_SECP224K1_OID; - case NID_secp256k1: + case WC_NID_secp256k1: return ECC_SECP256K1_OID; - case NID_brainpoolP160r1: + case WC_NID_brainpoolP160r1: return ECC_BRAINPOOLP160R1_OID; - case NID_brainpoolP192r1: + case WC_NID_brainpoolP192r1: return ECC_BRAINPOOLP192R1_OID; - case NID_brainpoolP224r1: + case WC_NID_brainpoolP224r1: return ECC_BRAINPOOLP224R1_OID; - case NID_brainpoolP256r1: + case WC_NID_brainpoolP256r1: return ECC_BRAINPOOLP256R1_OID; - case NID_brainpoolP320r1: + case WC_NID_brainpoolP320r1: return ECC_BRAINPOOLP320R1_OID; - case NID_brainpoolP384r1: + case WC_NID_brainpoolP384r1: return ECC_BRAINPOOLP384R1_OID; - case NID_brainpoolP512r1: + case WC_NID_brainpoolP512r1: return ECC_BRAINPOOLP512R1_OID; } break; @@ -22529,9 +23324,9 @@ word32 nid2oid(int nid, int grp) return AES256CBCb; #endif #ifndef NO_DES3 - case NID_des: + case WC_NID_des: return DESb; - case NID_des3: + case WC_NID_des3: return DES3b; #endif } @@ -22540,7 +23335,7 @@ word32 nid2oid(int nid, int grp) #ifdef HAVE_OCSP case oidOcspType: switch (nid) { - case NID_id_pkix_OCSP_basic: + case WC_NID_id_pkix_OCSP_basic: return OCSP_BASIC_OID; case OCSP_NONCE_OID: return OCSP_NONCE_OID; @@ -22551,27 +23346,27 @@ word32 nid2oid(int nid, int grp) /* oidCertExtType */ case oidCertExtType: switch (nid) { - case NID_basic_constraints: + case WC_NID_basic_constraints: return BASIC_CA_OID; - case NID_subject_alt_name: + case WC_NID_subject_alt_name: return ALT_NAMES_OID; - case NID_crl_distribution_points: + case WC_NID_crl_distribution_points: return CRL_DIST_OID; - case NID_info_access: + case WC_NID_info_access: return AUTH_INFO_OID; - case NID_authority_key_identifier: + case WC_NID_authority_key_identifier: return AUTH_KEY_OID; - case NID_subject_key_identifier: + case WC_NID_subject_key_identifier: return SUBJ_KEY_OID; - case NID_inhibit_any_policy: + case WC_NID_inhibit_any_policy: return INHIBIT_ANY_OID; - case NID_key_usage: + case WC_NID_key_usage: return KEY_USAGE_OID; - case NID_name_constraints: + case WC_NID_name_constraints: return NAME_CONS_OID; - case NID_certificate_policies: + case WC_NID_certificate_policies: return CERT_POLICY_OID; - case NID_ext_key_usage: + case WC_NID_ext_key_usage: return EXT_KEY_USAGE_OID; } break; @@ -22579,9 +23374,9 @@ word32 nid2oid(int nid, int grp) /* oidCertAuthInfoType */ case oidCertAuthInfoType: switch (nid) { - case NID_ad_OCSP: + case WC_NID_ad_OCSP: return AIA_OCSP_OID; - case NID_ad_ca_issuers: + case WC_NID_ad_ca_issuers: return AIA_CA_ISSUER_OID; } break; @@ -22589,7 +23384,7 @@ word32 nid2oid(int nid, int grp) /* oidCertPolicyType */ case oidCertPolicyType: switch (nid) { - case NID_any_policy: + case WC_NID_any_policy: return CP_ANY_OID; } break; @@ -22597,7 +23392,7 @@ word32 nid2oid(int nid, int grp) /* oidCertAltNameType */ case oidCertAltNameType: switch (nid) { - case NID_hw_name_oid: + case WC_NID_hw_name_oid: return HW_NAME_OID; } break; @@ -22605,7 +23400,7 @@ word32 nid2oid(int nid, int grp) /* oidCertKeyUseType */ case oidCertKeyUseType: switch (nid) { - case NID_anyExtendedKeyUsage: + case WC_NID_anyExtendedKeyUsage: return EKU_ANY_OID; case EKU_SERVER_AUTH_OID: return EKU_SERVER_AUTH_OID; @@ -22684,15 +23479,15 @@ word32 nid2oid(int nid, int grp) #ifdef WOLFSSL_CERT_REQ case oidCsrAttrType: switch (nid) { - case NID_pkcs9_contentType: + case WC_NID_pkcs9_contentType: return PKCS9_CONTENT_TYPE_OID; - case NID_pkcs9_challengePassword: + case WC_NID_pkcs9_challengePassword: return CHALLENGE_PASSWORD_OID; - case NID_serialNumber: + case WC_NID_serialNumber: return SERIAL_NUMBER_OID; - case NID_userId: + case WC_NID_userId: return USER_ID_OID; - case NID_surname: + case WC_NID_surname: return SURNAME_OID; } break; @@ -22718,29 +23513,29 @@ int oid2nid(word32 oid, int grp) switch (oid) { #ifdef WOLFSSL_MD2 case MD2h: - return NID_md2; + return WC_NID_md2; #endif #ifndef NO_MD5 case MD5h: - return NID_md5; + return WC_NID_md5; #endif #ifndef NO_SHA case SHAh: - return NID_sha1; + return WC_NID_sha1; #endif case SHA224h: - return NID_sha224; + return WC_NID_sha224; #ifndef NO_SHA256 case SHA256h: - return NID_sha256; + return WC_NID_sha256; #endif #ifdef WOLFSSL_SHA384 case SHA384h: - return NID_sha384; + return WC_NID_sha384; #endif #ifdef WOLFSSL_SHA512 case SHA512h: - return NID_sha512; + return WC_NID_sha512; #endif } break; @@ -22750,60 +23545,60 @@ int oid2nid(word32 oid, int grp) switch (oid) { #ifndef NO_DSA case CTC_SHAwDSA: - return NID_dsaWithSHA1; + return WC_NID_dsaWithSHA1; case CTC_SHA256wDSA: - return NID_dsa_with_SHA256; + return WC_NID_dsa_with_SHA256; #endif /* NO_DSA */ #ifndef NO_RSA case CTC_MD2wRSA: - return NID_md2WithRSAEncryption; + return WC_NID_md2WithRSAEncryption; case CTC_MD5wRSA: - return NID_md5WithRSAEncryption; + return WC_NID_md5WithRSAEncryption; case CTC_SHAwRSA: - return NID_sha1WithRSAEncryption; + return WC_NID_sha1WithRSAEncryption; case CTC_SHA224wRSA: - return NID_sha224WithRSAEncryption; + return WC_NID_sha224WithRSAEncryption; case CTC_SHA256wRSA: - return NID_sha256WithRSAEncryption; + return WC_NID_sha256WithRSAEncryption; case CTC_SHA384wRSA: - return NID_sha384WithRSAEncryption; + return WC_NID_sha384WithRSAEncryption; case CTC_SHA512wRSA: - return NID_sha512WithRSAEncryption; + return WC_NID_sha512WithRSAEncryption; #ifdef WOLFSSL_SHA3 case CTC_SHA3_224wRSA: - return NID_RSA_SHA3_224; + return WC_NID_RSA_SHA3_224; case CTC_SHA3_256wRSA: - return NID_RSA_SHA3_256; + return WC_NID_RSA_SHA3_256; case CTC_SHA3_384wRSA: - return NID_RSA_SHA3_384; + return WC_NID_RSA_SHA3_384; case CTC_SHA3_512wRSA: - return NID_RSA_SHA3_512; + return WC_NID_RSA_SHA3_512; #endif #ifdef WC_RSA_PSS case CTC_RSASSAPSS: - return NID_rsassaPss; + return WC_NID_rsassaPss; #endif #endif /* NO_RSA */ #ifdef HAVE_ECC case CTC_SHAwECDSA: - return NID_ecdsa_with_SHA1; + return WC_NID_ecdsa_with_SHA1; case CTC_SHA224wECDSA: - return NID_ecdsa_with_SHA224; + return WC_NID_ecdsa_with_SHA224; case CTC_SHA256wECDSA: - return NID_ecdsa_with_SHA256; + return WC_NID_ecdsa_with_SHA256; case CTC_SHA384wECDSA: - return NID_ecdsa_with_SHA384; + return WC_NID_ecdsa_with_SHA384; case CTC_SHA512wECDSA: - return NID_ecdsa_with_SHA512; + return WC_NID_ecdsa_with_SHA512; #ifdef WOLFSSL_SHA3 case CTC_SHA3_224wECDSA: - return NID_ecdsa_with_SHA3_224; + return WC_NID_ecdsa_with_SHA3_224; case CTC_SHA3_256wECDSA: - return NID_ecdsa_with_SHA3_256; + return WC_NID_ecdsa_with_SHA3_256; case CTC_SHA3_384wECDSA: - return NID_ecdsa_with_SHA3_384; + return WC_NID_ecdsa_with_SHA3_384; case CTC_SHA3_512wECDSA: - return NID_ecdsa_with_SHA3_512; + return WC_NID_ecdsa_with_SHA3_512; #endif #endif /* HAVE_ECC */ } @@ -22814,19 +23609,19 @@ int oid2nid(word32 oid, int grp) switch (oid) { #ifndef NO_DSA case DSAk: - return NID_dsa; + return WC_NID_dsa; #endif /* NO_DSA */ #ifndef NO_RSA case RSAk: - return NID_rsaEncryption; + return WC_NID_rsaEncryption; #ifdef WC_RSA_PSS case RSAPSSk: - return NID_rsassaPss; + return WC_NID_rsassaPss; #endif #endif /* NO_RSA */ #ifdef HAVE_ECC case ECDSAk: - return NID_X9_62_id_ecPublicKey; + return WC_NID_X9_62_id_ecPublicKey; #endif /* HAVE_ECC */ } break; @@ -22836,59 +23631,59 @@ int oid2nid(word32 oid, int grp) case oidCurveType: switch (oid) { case ECC_SECP192R1_OID: - return NID_X9_62_prime192v1; + return WC_NID_X9_62_prime192v1; case ECC_PRIME192V2_OID: - return NID_X9_62_prime192v2; + return WC_NID_X9_62_prime192v2; case ECC_PRIME192V3_OID: - return NID_X9_62_prime192v3; + return WC_NID_X9_62_prime192v3; case ECC_PRIME239V1_OID: - return NID_X9_62_prime239v1; + return WC_NID_X9_62_prime239v1; case ECC_PRIME239V2_OID: - return NID_X9_62_prime239v2; + return WC_NID_X9_62_prime239v2; case ECC_PRIME239V3_OID: - return NID_X9_62_prime239v3; + return WC_NID_X9_62_prime239v3; case ECC_SECP256R1_OID: - return NID_X9_62_prime256v1; + return WC_NID_X9_62_prime256v1; case ECC_SECP112R1_OID: - return NID_secp112r1; + return WC_NID_secp112r1; case ECC_SECP112R2_OID: - return NID_secp112r2; + return WC_NID_secp112r2; case ECC_SECP128R1_OID: - return NID_secp128r1; + return WC_NID_secp128r1; case ECC_SECP128R2_OID: - return NID_secp128r2; + return WC_NID_secp128r2; case ECC_SECP160R1_OID: - return NID_secp160r1; + return WC_NID_secp160r1; case ECC_SECP160R2_OID: - return NID_secp160r2; + return WC_NID_secp160r2; case ECC_SECP224R1_OID: - return NID_secp224r1; + return WC_NID_secp224r1; case ECC_SECP384R1_OID: - return NID_secp384r1; + return WC_NID_secp384r1; case ECC_SECP521R1_OID: - return NID_secp521r1; + return WC_NID_secp521r1; case ECC_SECP160K1_OID: - return NID_secp160k1; + return WC_NID_secp160k1; case ECC_SECP192K1_OID: - return NID_secp192k1; + return WC_NID_secp192k1; case ECC_SECP224K1_OID: - return NID_secp224k1; + return WC_NID_secp224k1; case ECC_SECP256K1_OID: - return NID_secp256k1; + return WC_NID_secp256k1; case ECC_BRAINPOOLP160R1_OID: - return NID_brainpoolP160r1; + return WC_NID_brainpoolP160r1; case ECC_BRAINPOOLP192R1_OID: - return NID_brainpoolP192r1; + return WC_NID_brainpoolP192r1; case ECC_BRAINPOOLP224R1_OID: - return NID_brainpoolP224r1; + return WC_NID_brainpoolP224r1; case ECC_BRAINPOOLP256R1_OID: - return NID_brainpoolP256r1; + return WC_NID_brainpoolP256r1; case ECC_BRAINPOOLP320R1_OID: - return NID_brainpoolP320r1; + return WC_NID_brainpoolP320r1; case ECC_BRAINPOOLP384R1_OID: - return NID_brainpoolP384r1; + return WC_NID_brainpoolP384r1; case ECC_BRAINPOOLP512R1_OID: - return NID_brainpoolP512r1; + return WC_NID_brainpoolP512r1; } break; #endif /* HAVE_ECC */ @@ -22910,9 +23705,9 @@ int oid2nid(word32 oid, int grp) #endif #ifndef NO_DES3 case DESb: - return NID_des; + return WC_NID_des; case DES3b: - return NID_des3; + return WC_NID_des3; #endif } break; @@ -22921,7 +23716,7 @@ int oid2nid(word32 oid, int grp) case oidOcspType: switch (oid) { case OCSP_BASIC_OID: - return NID_id_pkix_OCSP_basic; + return WC_NID_id_pkix_OCSP_basic; case OCSP_NONCE_OID: return OCSP_NONCE_OID; } @@ -22932,27 +23727,27 @@ int oid2nid(word32 oid, int grp) case oidCertExtType: switch (oid) { case BASIC_CA_OID: - return NID_basic_constraints; + return WC_NID_basic_constraints; case ALT_NAMES_OID: - return NID_subject_alt_name; + return WC_NID_subject_alt_name; case CRL_DIST_OID: - return NID_crl_distribution_points; + return WC_NID_crl_distribution_points; case AUTH_INFO_OID: - return NID_info_access; + return WC_NID_info_access; case AUTH_KEY_OID: - return NID_authority_key_identifier; + return WC_NID_authority_key_identifier; case SUBJ_KEY_OID: - return NID_subject_key_identifier; + return WC_NID_subject_key_identifier; case INHIBIT_ANY_OID: - return NID_inhibit_any_policy; + return WC_NID_inhibit_any_policy; case KEY_USAGE_OID: - return NID_key_usage; + return WC_NID_key_usage; case NAME_CONS_OID: - return NID_name_constraints; + return WC_NID_name_constraints; case CERT_POLICY_OID: - return NID_certificate_policies; + return WC_NID_certificate_policies; case EXT_KEY_USAGE_OID: - return NID_ext_key_usage; + return WC_NID_ext_key_usage; } break; @@ -22960,9 +23755,9 @@ int oid2nid(word32 oid, int grp) case oidCertAuthInfoType: switch (oid) { case AIA_OCSP_OID: - return NID_ad_OCSP; + return WC_NID_ad_OCSP; case AIA_CA_ISSUER_OID: - return NID_ad_ca_issuers; + return WC_NID_ad_ca_issuers; } break; @@ -22970,7 +23765,7 @@ int oid2nid(word32 oid, int grp) case oidCertPolicyType: switch (oid) { case CP_ANY_OID: - return NID_any_policy; + return WC_NID_any_policy; } break; @@ -22978,7 +23773,7 @@ int oid2nid(word32 oid, int grp) case oidCertAltNameType: switch (oid) { case HW_NAME_OID: - return NID_hw_name_oid; + return WC_NID_hw_name_oid; } break; @@ -22986,7 +23781,7 @@ int oid2nid(word32 oid, int grp) case oidCertKeyUseType: switch (oid) { case EKU_ANY_OID: - return NID_anyExtendedKeyUsage; + return WC_NID_anyExtendedKeyUsage; case EKU_SERVER_AUTH_OID: return EKU_SERVER_AUTH_OID; case EKU_CLIENT_AUTH_OID: @@ -23064,13 +23859,13 @@ int oid2nid(word32 oid, int grp) case oidCsrAttrType: switch (oid) { case PKCS9_CONTENT_TYPE_OID: - return NID_pkcs9_contentType; + return WC_NID_pkcs9_contentType; case CHALLENGE_PASSWORD_OID: - return NID_pkcs9_challengePassword; + return WC_NID_pkcs9_challengePassword; case SERIAL_NUMBER_OID: - return NID_serialNumber; + return WC_NID_serialNumber; case USER_ID_OID: - return NID_userId; + return WC_NID_userId; } break; #endif @@ -23230,9 +24025,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, int type; /* ECC includes version, private[, curve][, public key] */ if (cnt >= 2 && cnt <= 4) - type = EVP_PKEY_EC; + type = WC_EVP_PKEY_EC; else - type = EVP_PKEY_RSA; + type = WC_EVP_PKEY_RSA; key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); *pp = der; @@ -23692,8 +24487,12 @@ int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff) } /** - * set security level (wolfSSL doesn't support security level) - * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure + * Set security level (wolfSSL doesn't support setting the security level). + * + * The security level can only be set through a system wide crypto-policy + * with wolfSSL_crypto_policy_enable(). + * + * @param ctx a pointer to WOLFSSL_CTX structure * @param level security level */ void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level) @@ -23702,16 +24501,20 @@ void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level) (void)ctx; (void)level; } -/** - * get security level (wolfSSL doesn't support security level) - * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure - * @return always 0(level 0) - */ -int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx) + +int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX * ctx) { WOLFSSL_ENTER("wolfSSL_CTX_get_security_level"); + #if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + + return ctx->secLevel; + #else (void)ctx; return 0; + #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ } #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) @@ -23885,21 +24688,17 @@ void *wolfSSL_CRYPTO_malloc(size_t num, const char *file, int line) /******************************************************************************* * START OF EX_DATA APIs ******************************************************************************/ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ - (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH))) -void wolfSSL_CRYPTO_cleanup_all_ex_data(void){ - WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); +#ifdef HAVE_EX_DATA +void wolfSSL_CRYPTO_cleanup_all_ex_data(void) +{ + WOLFSSL_ENTER("wolfSSL_CRYPTO_cleanup_all_ex_data"); } -#endif -#ifdef HAVE_EX_DATA void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx) { - WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); + WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data"); #ifdef MAX_EX_DATA - if(ex_data && idx < MAX_EX_DATA && idx >= 0) { + if (ex_data && idx < MAX_EX_DATA && idx >= 0) { return ex_data->ex_data[idx]; } #else @@ -23917,6 +24716,8 @@ int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, if (ex_data && idx < MAX_EX_DATA && idx >= 0) { #ifdef HAVE_EX_DATA_CLEANUP_HOOKS if (ex_data->ex_data_cleanup_routines[idx]) { + /* call cleanup then remove cleanup callback, + * since different value is being set */ if (ex_data->ex_data[idx]) ex_data->ex_data_cleanup_routines[idx](ex_data->ex_data[idx]); ex_data->ex_data_cleanup_routines[idx] = NULL; @@ -23951,7 +24752,9 @@ int wolfSSL_CRYPTO_set_ex_data_with_cleanup( return WOLFSSL_FAILURE; } #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ +#endif /* HAVE_EX_DATA */ +#ifdef HAVE_EX_DATA_CRYPTO /** * Issues unique index for the class specified by class_index. * Other parameter except class_index are ignored. @@ -23977,7 +24780,7 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, return wolfssl_get_ex_new_index(class_index, argl, argp, new_func, dup_func, free_func); } -#endif /* HAVE_EX_DATA */ +#endif /* HAVE_EX_DATA_CRYPTO */ /******************************************************************************* * END OF EX_DATA APIs @@ -24801,150 +25604,150 @@ int wolfSSL_RAND_load_file(const char* fname, long len) switch (ctx->cipherType) { #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : + case WC_AES_128_CBC_TYPE : + case WC_AES_192_CBC_TYPE : + case WC_AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); break; #endif #ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : + case WC_AES_128_GCM_TYPE : + case WC_AES_192_GCM_TYPE : + case WC_AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); break; #endif /* HAVE_AESGCM */ #ifdef HAVE_AESCCM - case AES_128_CCM_TYPE : - case AES_192_CCM_TYPE : - case AES_256_CCM_TYPE : + case WC_AES_128_CCM_TYPE : + case WC_AES_192_CCM_TYPE : + case WC_AES_256_CCM_TYPE : WOLFSSL_MSG("AES CCM"); XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, ctx->ivSz); break; #endif /* HAVE_AESCCM */ #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : + case WC_AES_128_ECB_TYPE : + case WC_AES_192_ECB_TYPE : + case WC_AES_256_ECB_TYPE : WOLFSSL_MSG("AES ECB"); break; #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : + case WC_AES_128_CTR_TYPE : + case WC_AES_192_CTR_TYPE : + case WC_AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); - XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); + XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, WC_AES_BLOCK_SIZE); break; #endif /* WOLFSSL_AES_COUNTER */ #ifdef WOLFSSL_AES_CFB #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: WOLFSSL_MSG("AES CFB1"); break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: WOLFSSL_MSG("AES CFB8"); break; #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: WOLFSSL_MSG("AES CFB128"); break; #endif /* WOLFSSL_AES_CFB */ #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: WOLFSSL_MSG("AES OFB"); break; #endif /* WOLFSSL_AES_OFB */ #ifdef WOLFSSL_AES_XTS - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: WOLFSSL_MSG("AES XTS"); break; #endif /* WOLFSSL_AES_XTS */ #endif /* NO_AES */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : + case WC_ARIA_128_GCM_TYPE : + case WC_ARIA_192_GCM_TYPE : + case WC_ARIA_256_GCM_TYPE : WOLFSSL_MSG("ARIA GCM"); XMEMCPY(ctx->iv, &ctx->cipher.aria.nonce, ARIA_BLOCK_SIZE); break; #endif /* HAVE_ARIA */ #ifndef NO_DES3 - case DES_CBC_TYPE : + case WC_DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); break; - case DES_EDE3_CBC_TYPE : + case WC_DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : + case WC_DES_ECB_TYPE : WOLFSSL_MSG("DES ECB"); break; - case DES_EDE3_ECB_TYPE : + case WC_DES_EDE3_ECB_TYPE : WOLFSSL_MSG("DES3 ECB"); break; #endif - case ARC4_TYPE : + case WC_ARC4_TYPE : WOLFSSL_MSG("ARC4"); break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: break; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: break; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: break; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: WOLFSSL_MSG("SM4 CBC"); XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: WOLFSSL_MSG("SM4 CTR"); XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: WOLFSSL_MSG("SM4 GCM"); XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: WOLFSSL_MSG("SM4 CCM"); XMEMCPY(&ctx->cipher.sm4.iv, ctx->iv, SM4_BLOCK_SIZE); break; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL"); break; @@ -24971,112 +25774,112 @@ int wolfSSL_RAND_load_file(const char* fname, long len) #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : + case WC_AES_128_CBC_TYPE : + case WC_AES_192_CBC_TYPE : + case WC_AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); - XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); + XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE); break; #endif #ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : + case WC_AES_128_GCM_TYPE : + case WC_AES_192_GCM_TYPE : + case WC_AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); - XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); + XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE); break; #endif #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : + case WC_AES_128_ECB_TYPE : + case WC_AES_192_ECB_TYPE : + case WC_AES_256_ECB_TYPE : WOLFSSL_MSG("AES ECB"); break; #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : + case WC_AES_128_CTR_TYPE : + case WC_AES_192_CTR_TYPE : + case WC_AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); - XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); + XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, WC_AES_BLOCK_SIZE); break; #endif #endif /* NO_AES */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : + case WC_ARIA_128_GCM_TYPE : + case WC_ARIA_192_GCM_TYPE : + case WC_ARIA_256_GCM_TYPE : WOLFSSL_MSG("ARIA GCM"); XMEMCPY(&ctx->cipher.aria.nonce, ctx->iv, ARIA_BLOCK_SIZE); break; #endif /* HAVE_ARIA */ #ifndef NO_DES3 - case DES_CBC_TYPE : + case WC_DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); break; - case DES_EDE3_CBC_TYPE : + case WC_DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : + case WC_DES_ECB_TYPE : WOLFSSL_MSG("DES ECB"); break; - case DES_EDE3_ECB_TYPE : + case WC_DES_EDE3_ECB_TYPE : WOLFSSL_MSG("DES3 ECB"); break; #endif - case ARC4_TYPE : + case WC_ARC4_TYPE : WOLFSSL_MSG("ARC4"); break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: break; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: break; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: break; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: WOLFSSL_MSG("SM4 CBC"); XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); break; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: WOLFSSL_MSG("SM4 CTR"); XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); break; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: WOLFSSL_MSG("SM4 GCM"); XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); break; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: WOLFSSL_MSG("SM4 CCM"); XMEMCPY(ctx->iv, &ctx->cipher.sm4.iv, ctx->ivSz); break; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL"); break; @@ -25128,7 +25931,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, if (doset) (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ else - XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); + XMEMCPY(iv, &ctx->cipher.aes.reg, WC_AES_BLOCK_SIZE); } #endif /* NO_AES */ diff --git a/src/src/ssl_asn1.c b/src/src/ssl_asn1.c index 95f9cca..5ebad81 100644 --- a/src/src/ssl_asn1.c +++ b/src/src/ssl_asn1.c @@ -282,10 +282,12 @@ static int wolfssl_i2d_asn1_items(const void* obj, byte* buf, len = 0; break; } + if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) { - /* Encode the implicit tag */ byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ]; - SetImplicit(tmp[0], mem->tag, 0, imp, 0); + /* Encode the implicit tag; There's other stuff in the upper bits + * of the integer tag, so strip out everything else for value. */ + SetImplicit(tmp[0], (byte)(mem->tag), 0, imp, 0); tmp[0] = imp[0]; } len += ret; @@ -456,7 +458,7 @@ static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, mem->free_func(ret); /* never a stack so we can call this directly */ return NULL; } - *len -= (tmp - *src); + *len -= (long)(tmp - *src); *src = tmp; return ret; } @@ -586,7 +588,7 @@ static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem, WOLFSSL_MSG("ptr not advanced enough"); goto error; } - *len -= tmp - *src; + *len -= (long)(tmp - *src); *src = tmp; return ret; error: @@ -1019,7 +1021,7 @@ static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a) /* No data, not negative. */ a->negative = 0; /* Set type to positive INTEGER. */ - a->type = V_ASN1_INTEGER; + a->type = WOLFSSL_V_ASN1_INTEGER; } #endif /* OPENSSL_EXTRA */ @@ -1318,7 +1320,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a, } if (!err) { /* Set type. */ - ret->type = V_ASN1_INTEGER; + ret->type = WOLFSSL_V_ASN1_INTEGER; /* Copy DER encoding and length. */ XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len)); @@ -1331,7 +1333,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a, } if ((!err) && ret->negative) { /* Update type if number was negative. */ - ret->type |= V_ASN1_NEG_INTEGER; + ret->type |= WOLFSSL_V_ASN1_NEG_INTEGER; } if (err) { @@ -1490,7 +1492,7 @@ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, * @return 0 when bp or a is NULL. * @return 0 DER header in data is invalid. */ -int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) +int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a) { int err = 0; word32 idx = 1; /* Skip ASN.1 INTEGER tag byte. */ @@ -1751,10 +1753,10 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, int length; /* Set type and negative. */ - a->type = V_ASN1_INTEGER; + a->type = WOLFSSL_V_ASN1_INTEGER; if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) { a->negative = 1; - a->type |= V_ASN1_NEG_INTEGER; + a->type |= WOLFSSL_V_ASN1_NEG_INTEGER; } /* Get length in bytes of encoded number. */ @@ -1883,7 +1885,7 @@ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v) if (v < 0) { /* Set negative and 2's complement the value. */ a->negative = 1; - a->type |= V_ASN1_NEG; + a->type |= WOLFSSL_V_ASN1_NEG; v = -v; } @@ -2345,7 +2347,7 @@ int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str)); } /* Try getting text version and write it out. */ - else if ((length = i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) { + else if ((length = wolfSSL_i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) { length = wolfSSL_BIO_write(bp, buf, length); } /* Look for DER header. */ @@ -2651,7 +2653,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s) } /* Check type of ASN.1 STRING. */ - if ((ret == 1) && (s->type != V_ASN1_UNIVERSALSTRING)) { + if ((ret == 1) && (s->type != WOLFSSL_V_ASN1_UNIVERSALSTRING)) { WOLFSSL_MSG("Input is not a universal string"); ret = 0; } @@ -2685,7 +2687,7 @@ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s) *copy = '\0'; /* Update length and type. */ s->length /= 4; - s->type = V_ASN1_PRINTABLESTRING; + s->type = WOLFSSL_V_ASN1_PRINTABLESTRING; } return ret; @@ -2912,7 +2914,7 @@ static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out, byte tag = 0; int length = 0; - WOLFSSL_ENTER("d2i_ASN1_GENERALSTRING"); + WOLFSSL_ENTER("d2i_ASN1_STRING"); if (src == NULL || *src == NULL || len == 0) return NULL; @@ -3207,10 +3209,10 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, if (ret == 1) { switch (asn_in->type) { - case MBSTRING_UTF8: - case V_ASN1_PRINTABLESTRING: + case WOLFSSL_MBSTRING_UTF8: + case WOLFSSL_V_ASN1_PRINTABLESTRING: /* Set type to UTF8. */ - asn_out->type = MBSTRING_UTF8; + asn_out->type = WOLFSSL_MBSTRING_UTF8; /* Dispose of any dynamic data already in asn_out. */ if (asn_out->isDynamic) { XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL); @@ -3327,8 +3329,8 @@ const char* wolfSSL_ASN1_tag2str(int tag) const char* str = "(unknown)"; /* Clear negative flag. */ - if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) { - tag &= ~V_ASN1_NEG; + if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) { + tag &= ~WOLFSSL_V_ASN1_NEG; } /* Check for known basic types. */ if ((tag >= 0) && (tag <= 30)) { @@ -3514,7 +3516,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, err = 1; } /* Check if ASN.1 type is to be printed. */ - if ((!err) && (flags & ASN1_STRFLGS_SHOW_TYPE)) { + if ((!err) && (flags & WOLFSSL_ASN1_STRFLGS_SHOW_TYPE)) { /* Print type and colon to BIO. */ type_len = wolfssl_string_print_type(bio, str); if (type_len == 0) { @@ -3523,12 +3525,12 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, } if (!err) { - if (flags & ASN1_STRFLGS_DUMP_ALL) { + if (flags & WOLFSSL_ASN1_STRFLGS_DUMP_ALL) { /* Dump hex. */ str_len = wolfssl_asn1_string_dump_hex(bio, str, - flags & ASN1_STRFLGS_DUMP_DER); + flags & WOLFSSL_ASN1_STRFLGS_DUMP_DER); } - else if (flags & ASN1_STRFLGS_ESC_2253) { + else if (flags & WOLFSSL_ASN1_STRFLGS_ESC_2253) { /* Print out string with escaping. */ str_len = wolfssl_asn1_string_print_esc_2253(bio, str); } @@ -3621,7 +3623,7 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, ret = BAD_FUNC_ARG; } /* Check type is GENERALIZED TIME. */ - if ((ret == 1) && (asnTime->type != V_ASN1_GENERALIZEDTIME)) { + if ((ret == 1) && (asnTime->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) { WOLFSSL_MSG("Error, not GENERALIZED_TIME"); ret = 0; } @@ -4036,8 +4038,8 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) /* Do not include NUL terminator in length. */ t->length = slen - 1; /* Set ASN.1 type based on string length. */ - t->type = ((slen == ASN_UTC_TIME_SIZE) ? V_ASN1_UTCTIME : - V_ASN1_GENERALIZEDTIME); + t->type = ((slen == ASN_UTC_TIME_SIZE) ? WOLFSSL_V_ASN1_UTCTIME : + WOLFSSL_V_ASN1_GENERALIZEDTIME); } return ret; @@ -4078,8 +4080,8 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_MSG("Invalid ASN_TIME value"); } /* Ensure ASN.1 type is one that is supported. */ - else if ((t->type != V_ASN1_UTCTIME) && - (t->type != V_ASN1_GENERALIZEDTIME)) { + else if ((t->type != WOLFSSL_V_ASN1_UTCTIME) && + (t->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) { WOLFSSL_MSG("Invalid ASN_TIME type."); } /* Check for ASN.1 GENERALIZED TIME object being passed in. */ @@ -4097,9 +4099,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, if (ret != NULL) { /* Set the ASN.1 type and length of string. */ - ret->type = V_ASN1_GENERALIZEDTIME; + ret->type = WOLFSSL_V_ASN1_GENERALIZEDTIME; - if (t->type == V_ASN1_GENERALIZEDTIME) { + if (t->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) { ret->length = ASN_GENERALIZED_TIME_SIZE; /* Just copy as data already appropriately formatted. */ @@ -4151,7 +4153,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t) ret = NULL; } else { - ret->type = V_ASN1_UTCTIME; + ret->type = WOLFSSL_V_ASN1_UTCTIME; } return ret; @@ -4311,7 +4313,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime, /* Zero out values in broken-down time. */ XMEMSET(tm, 0, sizeof(struct tm)); - if (asnTime->type == V_ASN1_UTCTIME) { + if (asnTime->type == WOLFSSL_V_ASN1_UTCTIME) { /* Get year from UTC TIME string. */ int tm_year; if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen, @@ -4321,7 +4323,7 @@ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime, i = 2; } } - else if (asnTime->type == V_ASN1_GENERALIZEDTIME) { + else if (asnTime->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) { /* Get year from GENERALIZED TIME string. */ int tm_year; if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen, @@ -4522,7 +4524,7 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) ret = 0; } /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */ - if ((ret == 1) && (a->type != V_ASN1_UTCTIME)) { + if ((ret == 1) && (a->type != WOLFSSL_V_ASN1_UTCTIME)) { WOLFSSL_MSG("Error, not UTC_TIME"); ret = 0; } @@ -4574,28 +4576,28 @@ WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void) static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at) { switch (at->type) { - case V_ASN1_NULL: + case WOLFSSL_V_ASN1_NULL: break; - case V_ASN1_OBJECT: + case WOLFSSL_V_ASN1_OBJECT: wolfSSL_ASN1_OBJECT_free(at->value.object); break; - case V_ASN1_UTCTIME: + case WOLFSSL_V_ASN1_UTCTIME: #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA) wolfSSL_ASN1_TIME_free(at->value.utctime); #endif break; - case V_ASN1_GENERALIZEDTIME: + case WOLFSSL_V_ASN1_GENERALIZEDTIME: #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA) wolfSSL_ASN1_TIME_free(at->value.generalizedtime); #endif break; - case V_ASN1_UTF8STRING: - case V_ASN1_OCTET_STRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_IA5STRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_SEQUENCE: + case WOLFSSL_V_ASN1_UTF8STRING: + case WOLFSSL_V_ASN1_OCTET_STRING: + case WOLFSSL_V_ASN1_PRINTABLESTRING: + case WOLFSSL_V_ASN1_T61STRING: + case WOLFSSL_V_ASN1_IA5STRING: + case WOLFSSL_V_ASN1_UNIVERSALSTRING: + case WOLFSSL_V_ASN1_SEQUENCE: wolfSSL_ASN1_STRING_free(at->value.asn1_string); break; default: @@ -4626,25 +4628,25 @@ int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp) return WOLFSSL_FATAL_ERROR; switch (at->type) { - case V_ASN1_NULL: + case WOLFSSL_V_ASN1_NULL: break; - case V_ASN1_OBJECT: + case WOLFSSL_V_ASN1_OBJECT: ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp); break; - case V_ASN1_UTF8STRING: + case WOLFSSL_V_ASN1_UTF8STRING: ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp); break; - case V_ASN1_GENERALIZEDTIME: + case WOLFSSL_V_ASN1_GENERALIZEDTIME: ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp); break; - case V_ASN1_SEQUENCE: + case WOLFSSL_V_ASN1_SEQUENCE: ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp); break; - case V_ASN1_UTCTIME: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_IA5STRING: - case V_ASN1_UNIVERSALSTRING: + case WOLFSSL_V_ASN1_UTCTIME: + case WOLFSSL_V_ASN1_PRINTABLESTRING: + case WOLFSSL_V_ASN1_T61STRING: + case WOLFSSL_V_ASN1_IA5STRING: + case WOLFSSL_V_ASN1_UNIVERSALSTRING: default: WOLFSSL_MSG("asn1 i2d type not supported"); break; @@ -4661,16 +4663,16 @@ int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp) * Set ASN.1 TYPE object with a type and value. * * Type of value for different types: - * V_ASN1_NULL : Value should be NULL. - * V_ASN1_OBJECT : WOLFSSL_ASN1_OBJECT. - * V_ASN1_UTCTIME : WOLFSSL_ASN1_TIME. - * V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME. - * V_ASN1_UTF8STRING : WOLFSSL_ASN1_STRING. - * V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING. - * V_ASN1_T61STRING : WOLFSSL_ASN1_STRING. - * V_ASN1_IA5STRING : WOLFSSL_ASN1_STRING. - * V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING. - * V_ASN1_SEQUENCE : WOLFSSL_ASN1_STRING. + * WOLFSSL_V_ASN1_NULL : Value should be NULL. + * WOLFSSL_V_ASN1_OBJECT : WOLFSSL_ASN1_OBJECT. + * WOLFSSL_V_ASN1_UTCTIME : WOLFSSL_ASN1_TIME. + * WOLFSSL_V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME. + * WOLFSSL_V_ASN1_UTF8STRING : WOLFSSL_ASN1_STRING. + * WOLFSSL_V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING. + * WOLFSSL_V_ASN1_T61STRING : WOLFSSL_ASN1_STRING. + * WOLFSSL_V_ASN1_IA5STRING : WOLFSSL_ASN1_STRING. + * WOLFSSL_V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING. + * WOLFSSL_V_ASN1_SEQUENCE : WOLFSSL_ASN1_STRING. * * @param [in, out] a ASN.1 TYPE object to set. * @param [in] type ASN.1 type of value. @@ -4680,22 +4682,22 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value) { if (a != NULL) { switch (type) { - case V_ASN1_NULL: + case WOLFSSL_V_ASN1_NULL: if (value != NULL) { WOLFSSL_MSG("NULL tag meant to be always empty!"); /* No way to return error - value will not be used. */ } FALL_THROUGH; - case V_ASN1_OBJECT: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_UTF8STRING: - case V_ASN1_OCTET_STRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_IA5STRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_SEQUENCE: + case WOLFSSL_V_ASN1_OBJECT: + case WOLFSSL_V_ASN1_UTCTIME: + case WOLFSSL_V_ASN1_GENERALIZEDTIME: + case WOLFSSL_V_ASN1_UTF8STRING: + case WOLFSSL_V_ASN1_OCTET_STRING: + case WOLFSSL_V_ASN1_PRINTABLESTRING: + case WOLFSSL_V_ASN1_T61STRING: + case WOLFSSL_V_ASN1_IA5STRING: + case WOLFSSL_V_ASN1_UNIVERSALSTRING: + case WOLFSSL_V_ASN1_SEQUENCE: /* Dispose of any value currently set. */ wolfssl_asn1_type_free_value(a); /* Assign anonymously typed input to anonymously typed field. */ @@ -4712,7 +4714,7 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value) int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a) { - if (a != NULL && (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL + if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL || a->value.ptr != NULL)) return a->type; return 0; diff --git a/src/src/ssl_bn.c b/src/src/ssl_bn.c index 227fc71..1c05b14 100644 --- a/src/src/ssl_bn.c +++ b/src/src/ssl_bn.c @@ -166,7 +166,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) /* Dispose of any allocated big number on error. */ if ((ret == -1) && (a != NULL)) { - BN_free(a); + wolfSSL_BN_free(a); *bn = NULL; } return ret; diff --git a/src/src/ssl_certman.c b/src/src/ssl_certman.c index 346904e..6d18db5 100644 --- a/src/src/ssl_certman.c +++ b/src/src/ssl_certman.c @@ -44,6 +44,7 @@ */ static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void* heap) { + (void)heap; #ifndef NO_WOLFSSL_CLIENT #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) return wolfSSLv3_client_method_ex(heap); @@ -624,7 +625,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc) cm->verifyCallback = vc; } } -#endif /* NO_WOLFSSL_CM_VERIFY */ +#endif /* !NO_WOLFSSL_CM_VERIFY */ #ifdef WC_ASN_UNKNOWN_EXT_CB void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, @@ -1895,6 +1896,41 @@ int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, crlErrorCb cb, return ret; } +#ifdef HAVE_CRL_UPDATE_CB +int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info, + const byte* buff, long sz, int type) +{ + return GetCRLInfo(cm->crl, info, buff, sz, type); +} + +/* Set the callback to be called when a CRL entry has + * been updated (new entry had the same issuer hash and + * a newer CRL number). + * + * @param [in] cm Certificate manager. + * @param [in] cb CRL update callback. + * @return WOLFSSL_SUCCESS on success. + * @return BAD_FUNC_ARG when cm is NULL. + */ +int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, CbUpdateCRL cb) +{ + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_CertManagerSetCRLUpdate_Cb"); + + /* Validate parameters. */ + if (cm == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == WOLFSSL_SUCCESS) { + /* Store callback. */ + cm->cbUpdateCRL = cb; + } + + return ret; +} +#endif + #ifdef HAVE_CRL_IO /* Set the CRL I/O callback. * diff --git a/src/src/ssl_crypto.c b/src/src/ssl_crypto.c index 0730c45..f2ff781 100644 --- a/src/src/ssl_crypto.c +++ b/src/src/ssl_crypto.c @@ -45,12 +45,12 @@ void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4) { /* Ensure WOLFSSL_MD4_CTX is big enough for wolfCrypt Md4. */ - WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, Md4); + WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, wc_Md4); WOLFSSL_ENTER("MD4_Init"); /* Initialize wolfCrypt MD4 object. */ - wc_InitMd4((Md4*)md4); + wc_InitMd4((wc_Md4*)md4); } /* Update MD4 hash with data. @@ -65,7 +65,7 @@ void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data, WOLFSSL_ENTER("MD4_Update"); /* Update wolfCrypt MD4 object with data. */ - wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len); + wc_Md4Update((wc_Md4*)md4, (const byte*)data, (word32)len); } /* Finalize MD4 hash and return output. @@ -79,7 +79,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4) WOLFSSL_ENTER("MD4_Final"); /* Finalize wolfCrypt MD4 hash into digest. */ - wc_Md4Final((Md4*)md4, digest); + wc_Md4Final((wc_Md4*)md4, digest); } #endif /* NO_MD4 */ @@ -293,7 +293,7 @@ int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha) { WOLFSSL_ENTER("SHA1_Init"); - return SHA_Init(sha); + return wolfSSL_SHA_Init(sha); } @@ -310,7 +310,7 @@ int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input, { WOLFSSL_ENTER("SHA1_Update"); - return SHA_Update(sha, input, sz); + return wolfSSL_SHA_Update(sha, input, sz); } /* Finalize SHA-1 hash and return output. @@ -325,7 +325,7 @@ int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha) { WOLFSSL_ENTER("SHA1_Final"); - return SHA_Final(output, sha); + return wolfSSL_SHA_Final(output, sha); } #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ @@ -359,7 +359,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data) int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224) { /* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA224_CTX, wc_Sha224); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA224_CTX, wc_Sha224); WOLFSSL_ENTER("SHA224_Init"); @@ -418,7 +418,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224) int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256) { /* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA256_CTX, wc_Sha256); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA256_CTX, wc_Sha256); WOLFSSL_ENTER("SHA256_Init"); @@ -507,7 +507,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384) { /* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA384_CTX, wc_Sha384); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA384_CTX, wc_Sha384); WOLFSSL_ENTER("SHA384_Init"); @@ -566,7 +566,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384) int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512) { /* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA512_CTX, wc_Sha512); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA512_CTX, wc_Sha512); WOLFSSL_ENTER("SHA512_Init"); @@ -802,7 +802,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512, int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224) { /* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA3_224_CTX, wc_Sha3); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_224_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_224_Init"); @@ -861,7 +861,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3) int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256) { /* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA3_256_CTX, wc_Sha3); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_256_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_256_Init"); @@ -920,7 +920,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3) int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384) { /* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA3_384_CTX, wc_Sha3); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_384_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_384_Init"); @@ -979,7 +979,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3) int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512) { /* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */ - WOLFSSL_ASSERT_SIZEOF_GE(SHA3_512_CTX, wc_Sha3); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA3_512_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_512_Init"); @@ -1722,7 +1722,7 @@ const WOLFSSL_EVP_MD* wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX* ctx) * @return 0 on failure. */ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz, - const EVP_MD* type, WOLFSSL_ENGINE* e) + const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE* e) { WOLFSSL_ENTER("wolfSSL_HMAC_Init_ex"); @@ -1746,7 +1746,7 @@ int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keySz, * @return 0 on failure. */ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, - const EVP_MD* type) + const WOLFSSL_EVP_MD* type) { int ret = 1; void* heap = NULL; @@ -2228,7 +2228,7 @@ int wolfSSL_CMAC_Update(WOLFSSL_CMAC_CTX* ctx, const void* data, size_t len) * * @param [in, out] ctx CMAC context object. * @param [out] out Buffer to place CMAC result into. - * Must be able to hold AES_BLOCK_SIZE bytes. + * Must be able to hold WC_AES_BLOCK_SIZE bytes. * @param [out] len Length of CMAC result. May be NULL. * @return 1 on success. * @return 0 when ctx is NULL. @@ -2248,7 +2248,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len) if (ret == 1) { /* Get the expected output size. */ - blockSize = EVP_CIPHER_CTX_block_size(ctx->cctx); + blockSize = wolfSSL_EVP_CIPHER_CTX_block_size(ctx->cctx); /* Check value is valid. */ if (blockSize <= 0) { ret = 0; @@ -2567,7 +2567,7 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in, if (!err) { /* Encrypt data into temporary. */ wolfSSL_DES_cbc_encrypt(data, tmp, dataSz, sc, (WOLFSSL_DES_cblock*)iv, - DES_ENCRYPT); + WC_DES_ENCRYPT); /* Copy out last block. */ XMEMCPY((unsigned char*)out, tmp + (dataSz - DES_BLOCK_SIZE), DES_BLOCK_SIZE); @@ -2614,7 +2614,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, WOLFSSL_ENTER("wolfSSL_DES_cbc_encrypt"); #ifdef WOLFSSL_SMALL_STACK - des = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); + des = (Des*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); if (des == NULL) { WOLFSSL_MSG("Failed to allocate memory for Des object"); } @@ -2631,7 +2631,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, /* Length of data that is a multiple of a block. */ word32 len = (word32)(length - lb_sz); - if (enc == DES_ENCRYPT) { + if (enc == WC_DES_ENCRYPT) { /* Encrypt full blocks into output. */ wc_Des_CbcEncrypt(des, output, input, len); if (lb_sz != 0) { @@ -2687,7 +2687,7 @@ void wolfSSL_DES_ncbc_encrypt(const unsigned char* input, unsigned char* output, offset = (offset + DES_BLOCK_SIZE - 1) / DES_BLOCK_SIZE; offset *= DES_BLOCK_SIZE; offset -= DES_BLOCK_SIZE; - if (enc == DES_ENCRYPT) { + if (enc == WC_DES_ENCRYPT) { /* Encrypt data. */ wolfSSL_DES_cbc_encrypt(input, output, length, schedule, ivec, enc); /* Use last encrypted block as new IV. */ @@ -2732,7 +2732,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt"); #ifdef WOLFSSL_SMALL_STACK - des3 = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); if (des3 == NULL) { WOLFSSL_MSG("Failed to allocate memory for Des3 object"); sz = 0; @@ -2761,7 +2761,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, ret = wc_Des3Init(des3, NULL, INVALID_DEVID); (void)ret; - if (enc == DES_ENCRYPT) { + if (enc == WC_DES_ENCRYPT) { /* Initialize wolfCrypt DES3 object. */ if (wc_Des3_SetKey(des3, key, (const byte*)ivec, DES_ENCRYPTION) == 0) { @@ -2858,22 +2858,24 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out, /* Validate parameters. */ if ((in == NULL) || (out == NULL) || (key == NULL) || - ((enc != DES_ENCRYPT) && (enc != DES_DECRYPT))) { + ((enc != WC_DES_ENCRYPT) && (enc != WC_DES_DECRYPT))) { WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } #ifdef WOLFSSL_SMALL_STACK - else if ((des = XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER)) == NULL) { + else if ((des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER)) + == NULL) + { WOLFSSL_MSG("Failed to allocate memory for Des object"); } #endif /* Set key in wolfCrypt DES object for encryption or decryption. - * DES_ENCRYPT = 1, wolfSSL DES_ENCRYPTION = 0. - * DES_DECRYPT = 0, wolfSSL DES_DECRYPTION = 1. + * WC_DES_ENCRYPT = 1, wolfSSL DES_ENCRYPTION = 0. + * WC_DES_DECRYPT = 0, wolfSSL DES_DECRYPTION = 1. */ else if (wc_Des_SetKey(des, (const byte*)key, NULL, !enc) != 0) { WOLFSSL_MSG("wc_Des_SetKey return error."); } - else if (enc == DES_ENCRYPT) { + else if (enc == WC_DES_ENCRYPT) { /* Encrypt a block with wolfCrypt DES object. */ if (wc_Des_EcbEncrypt(des, (byte*)out, (const byte*)in, DES_KEY_SIZE) != 0) { @@ -2915,15 +2917,15 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out, * @param [in] key Key data. * @param [in] bits Number of bits in key. * @param [out] aes AES key object. - * @param [in] enc Whether to encrypt. AES_ENCRYPT or AES_DECRYPT. + * @param [in] enc Whether to encrypt. AES_ENCRYPTION or AES_DECRYPTION. * @return 0 on success. * @return -1 when key or aes is NULL. * @return -1 when setting key with wolfCrypt fails. */ static int wolfssl_aes_set_key(const unsigned char *key, const int bits, - AES_KEY *aes, int enc) + WOLFSSL_AES_KEY *aes, int enc) { - wc_static_assert(sizeof(AES_KEY) >= sizeof(Aes)); + wc_static_assert(sizeof(WOLFSSL_AES_KEY) >= sizeof(Aes)); /* Validate parameters. */ if ((key == NULL) || (aes == NULL)) { @@ -2931,7 +2933,7 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits, return WOLFSSL_FATAL_ERROR; } - XMEMSET(aes, 0, sizeof(AES_KEY)); + XMEMSET(aes, 0, sizeof(WOLFSSL_AES_KEY)); if (wc_AesInit((Aes*)aes, NULL, INVALID_DEVID) != 0) { WOLFSSL_MSG("Error in initting AES key"); @@ -2955,11 +2957,11 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits, * @return -1 when setting key with wolfCrypt fails. */ int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits, - AES_KEY *aes) + WOLFSSL_AES_KEY *aes) { WOLFSSL_ENTER("wolfSSL_AES_set_encrypt_key"); - return wolfssl_aes_set_key(key, bits, aes, AES_ENCRYPT); + return wolfssl_aes_set_key(key, bits, aes, AES_ENCRYPTION); } /* Sets the key into the AES key object for decryption. @@ -2972,11 +2974,11 @@ int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits, * @return -1 when setting key with wolfCrypt fails. */ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits, - AES_KEY *aes) + WOLFSSL_AES_KEY *aes) { WOLFSSL_ENTER("wolfSSL_AES_set_decrypt_key"); - return wolfssl_aes_set_key(key, bits, aes, AES_DECRYPT); + return wolfssl_aes_set_key(key, bits, aes, AES_DECRYPTION); } #ifdef WOLFSSL_AES_DIRECT @@ -2984,15 +2986,15 @@ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits, * * wolfSSL_AES_set_encrypt_key() must have been called. * - * #input must contain AES_BLOCK_SIZE bytes of data. - * #output must be a buffer at least AES_BLOCK_SIZE bytes in length. + * #input must contain WC_AES_BLOCK_SIZE bytes of data. + * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length. * * @param [in] input Data to encrypt. * @param [out] output Encrypted data. * @param [in] key AES key to use for encryption. */ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output, - AES_KEY *key) + WOLFSSL_AES_KEY *key) { WOLFSSL_ENTER("wolfSSL_AES_encrypt"); @@ -3002,7 +3004,8 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output, } else #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ + || defined(WOLFSSL_LINUXKM)) /* Encrypt a block with wolfCrypt AES. */ if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) { WOLFSSL_MSG("wc_AesEncryptDirect failed"); @@ -3020,15 +3023,15 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output, * * wolfSSL_AES_set_decrypt_key() must have been called. * - * #input must contain AES_BLOCK_SIZE bytes of data. - * #output must be a buffer at least AES_BLOCK_SIZE bytes in length. + * #input must contain WC_AES_BLOCK_SIZE bytes of data. + * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length. * * @param [in] input Data to decrypt. * @param [out] output Decrypted data. * @param [in] key AES key to use for encryption. */ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output, - AES_KEY *key) + WOLFSSL_AES_KEY *key) { WOLFSSL_ENTER("wolfSSL_AES_decrypt"); @@ -3038,7 +3041,7 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output, } else #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0))) /* Decrypt a block with wolfCrypt AES. */ if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) { WOLFSSL_MSG("wc_AesDecryptDirect failed"); @@ -3060,17 +3063,17 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output, * wolfSSL_AES_set_encrypt_key() or wolfSSL_AES_set_decrypt_key ()must have been * called. * - * #input must contain AES_BLOCK_SIZE bytes of data. - * #output must be a buffer at least AES_BLOCK_SIZE bytes in length. + * #input must contain WC_AES_BLOCK_SIZE bytes of data. + * #output must be a buffer at least WC_AES_BLOCK_SIZE bytes in length. * * @param [in] in Data to encipher. * @param [out] out Enciphered data. * @param [in] key AES key to use for encryption/decryption. * @param [in] enc Whether to encrypt. - * AES_ENCRPT for encryption, AES_DECRYPT for decryption. + * AES_ENCRPT for encryption, AES_DECRYPTION for decryption. */ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, - AES_KEY *key, const int enc) + WOLFSSL_AES_KEY *key, const int enc) { WOLFSSL_ENTER("wolfSSL_AES_ecb_encrypt"); @@ -3078,16 +3081,16 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, if ((key == NULL) || (in == NULL) || (out == NULL)) { WOLFSSL_MSG("Error, Null argument passed in"); } - else if (enc == AES_ENCRYPT) { + else if (enc == AES_ENCRYPTION) { /* Encrypt block. */ - if (wc_AesEcbEncrypt((Aes*)key, out, in, AES_BLOCK_SIZE) != 0) { + if (wc_AesEcbEncrypt((Aes*)key, out, in, WC_AES_BLOCK_SIZE) != 0) { WOLFSSL_MSG("Error with AES CBC encrypt"); } } else { #ifdef HAVE_AES_DECRYPT /* Decrypt block. */ - if (wc_AesEcbDecrypt((Aes*)key, out, in, AES_BLOCK_SIZE) != 0) { + if (wc_AesEcbDecrypt((Aes*)key, out, in, WC_AES_BLOCK_SIZE) != 0) { WOLFSSL_MSG("Error with AES CBC decrypt"); } #else @@ -3111,10 +3114,10 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, * On in, used with first block. * On out, IV for further operations. * @param [in] enc Whether to encrypt. - * AES_ENCRPT for encryption, AES_DECRYPT for decryption. + * AES_ENCRPT for encryption, AES_DECRYPTION for decryption. */ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, - size_t len, AES_KEY *key, unsigned char* iv, const int enc) + size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, const int enc) { WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt"); @@ -3131,7 +3134,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, if ((ret = wc_AesSetIV(aes, (const byte*)iv)) != 0) { WOLFSSL_MSG("Error with setting iv"); } - else if (enc == AES_ENCRYPT) { + else if (enc == AES_ENCRYPTION) { /* Encrypt with wolfCrypt AES object. */ if ((ret = wc_AesCbcEncrypt(aes, out, in, (word32)len)) != 0) { WOLFSSL_MSG("Error with AES CBC encrypt"); @@ -3146,7 +3149,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, if (ret == 0) { /* Get IV for next operation. */ - XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE); + XMEMCPY(iv, (byte*)(aes->reg), WC_AES_BLOCK_SIZE); } } } @@ -3166,10 +3169,10 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, * On out, IV for further operations. * @param [out] num Number of bytes used from last incomplete block. * @param [in] enc Whether to encrypt. - * AES_ENCRPT for encryption, AES_DECRYPT for decryption. + * AES_ENCRPT for encryption, AES_DECRYPTION for decryption. */ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, - size_t len, AES_KEY *key, unsigned char* iv, int* num, const int enc) + size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc) { #ifndef WOLFSSL_AES_CFB WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB"); @@ -3196,9 +3199,9 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, * leftover bytes field "left", and this function relies on the leftover * bytes being preserved between calls. */ - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); - if (enc == AES_ENCRYPT) { + if (enc == AES_ENCRYPTION) { /* Encrypt data with AES-CFB. */ if ((ret = wc_AesCfbEncrypt(aes, out, in, (word32)len)) != 0) { WOLFSSL_MSG("Error with AES CBC encrypt"); @@ -3213,11 +3216,11 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, if (ret == 0) { /* Copy IV out after operation. */ - XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE); + XMEMCPY(iv, (byte*)(aes->reg), WC_AES_BLOCK_SIZE); /* Store number of left over bytes to num. */ if (num != NULL) { - *num = (AES_BLOCK_SIZE - aes->left) % AES_BLOCK_SIZE; + *num = (WC_AES_BLOCK_SIZE - aes->left) % WC_AES_BLOCK_SIZE; } } } @@ -3237,7 +3240,7 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, * @return 0 when key, iv, out or in is NULL. * @return 0 when key length is not valid. */ -int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv, +int wolfSSL_AES_wrap_key(WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inSz) { int ret = 0; @@ -3272,7 +3275,7 @@ int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv, * @return 0 when key, iv, out or in is NULL. * @return 0 when wrapped key data length is not valid. */ -int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv, +int wolfSSL_AES_unwrap_key(WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inSz) { int ret = 0; @@ -3333,7 +3336,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, } /* Encrypt data up to last block */ - (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPT); + (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPTION); /* Move to last block */ in += len - lastBlkLen; @@ -3346,7 +3349,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); /* Encrypt last block. */ (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ, - key, iv, AES_ENCRYPT); + key, iv, AES_ENCRYPTION); } return len; @@ -3401,13 +3404,13 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, * Use 0 buffer as IV to do straight decryption. * This places the Cn-1 block at lastBlk */ XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ); - (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPT); + (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPTION); /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn * to create En. */ XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); /* Cn and Cn-1 can now be decrypted */ - (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT); - (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT); + (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION); + (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION); XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen); } diff --git a/src/src/ssl_load.c b/src/src/ssl_load.c index 0361edb..004cb65 100644 --- a/src/src/ssl_load.c +++ b/src/src/ssl_load.c @@ -1397,7 +1397,7 @@ static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, #ifdef OPENSSL_EXTRA /* Decryption password is probably wrong. */ if (info->passwd_cb) { - EVPerr(0, EVP_R_BAD_DECRYPT); + WOLFSSL_EVPerr(0, -WOLFSSL_EVP_R_BAD_DECRYPT_E); } #endif WOLFSSL_ERROR(WOLFSSL_BAD_FILE); @@ -2201,9 +2201,9 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type) InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, - ssl->options.haveStaticECC, ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.useAnon, TRUE, - ssl->options.side); + ssl->options.haveStaticECC, + ssl->options.useAnon, TRUE, + TRUE, TRUE, TRUE, ssl->options.side); } } } @@ -2218,8 +2218,8 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type) InitSuites(ctx->suites, ctx->method->version, ctx->privateKeySz, WOLFSSL_HAVE_RSA, CTX_HAVE_PSK(ctx), ctx->haveDH, ctx->haveECDSAsig, ctx->haveECC, TRUE, ctx->haveStaticECC, - ctx->haveFalconSig, ctx->haveDilithiumSig, CTX_USE_ANON(ctx), - TRUE, ctx->method->side); + CTX_USE_ANON(ctx), + TRUE, TRUE, TRUE, TRUE, ctx->method->side); } } @@ -2332,7 +2332,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, #endif } else if (ret == 0) { - /* Processing a cerificate. */ + /* Processing a certificate. */ if (userChain) { /* Take original buffer and add to user chain to send in TLS * handshake. */ @@ -2707,7 +2707,7 @@ static int wolfssl_ctx_load_path(WOLFSSL_CTX* ctx, const char* path, /* Load file. */ ret = wolfssl_ctx_load_path_file(ctx, name, verify, (int)flags, &failCount, &successCount); - /* Get next filenmae. */ + /* Get next filename. */ fileRet = wc_ReadDirNext(readCtx, path, &name); } /* Cleanup directory reading context. */ @@ -4146,6 +4146,77 @@ int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label, #endif /* WOLFSSL_DUAL_ALG_CERTS */ #endif /* WOLF_PRIVATE_KEY_ID */ +#if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS) + +static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx, + const char *label, const unsigned char *id, int idLen, int devId) +{ + int ret; + byte *certData = NULL; + word32 certDataLen = 0; + word32 labelLen = 0; + int certFormat = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ex"); + + if (label != NULL) { + labelLen = (word32)XSTRLEN(label); + } + + ret = wc_CryptoCb_GetCert(devId, label, labelLen, id, idLen, + &certData, &certDataLen, &certFormat, ctx->heap); + if (ret != 0) { + ret = WOLFSSL_FAILURE; + goto exit; + } + + ret = ProcessBuffer(ctx, certData, certDataLen, certFormat, + CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + +exit: + XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT); + return ret; +} + +/* Load the label name of a certificate into the SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] label Buffer holding label. + * @param [in] devId Device identifier. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx, + const char *label, int devId) +{ + if ((ctx == NULL) || (label == NULL)) { + return WOLFSSL_FAILURE; + } + + return wolfSSL_CTX_use_certificate_ex(ctx, label, NULL, 0, devId); +} + +/* Load the id of a certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] id Buffer holding id. + * @param [in] idLen Size of data in bytes. + * @param [in] devId Device identifier. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx, + const unsigned char *id, int idLen, int devId) +{ + if ((ctx == NULL) || (id == NULL) || (idLen <= 0)) { + return WOLFSSL_FAILURE; + } + + return wolfSSL_CTX_use_certificate_ex(ctx, NULL, id, idLen, devId); +} + +#endif /* if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS) */ + /* Load a certificate chain in a buffer into SSL context. * * @param [in, out] ctx SSL context object. @@ -4791,7 +4862,7 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) /* Use the certificate. */ ret = wolfSSL_CTX_use_certificate(ctx, x509); } - /* Increate reference count as we will store it. */ + /* Increase reference count as we will store it. */ else if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) { /* Load the DER encoding. */ ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer, @@ -4946,19 +5017,19 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) if (ret == 1) { switch (pkey->type) { #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: WOLFSSL_MSG("populating RSA key"); ret = PopulateRSAEvpPkeyDer(pkey); break; #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */ #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: break; #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && * !NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: WOLFSSL_MSG("populating ECC key"); ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc); break; @@ -4972,7 +5043,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */ ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, - SSL_FILETYPE_ASN1); + WOLFSSL_FILETYPE_ASN1); } return ret; @@ -5001,7 +5072,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, if ((ctx == NULL) || (der == NULL)) { ret = 0; } - /* Load DER encoded cerificate into SSL context. */ + /* Load DER encoded certificate into SSL context. */ if ((ret == 1) && (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1) != 1)) { ret = 0; @@ -5023,7 +5094,7 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) { int ret = 1; - int derSize; + int derSize = 0; unsigned char* der = NULL; unsigned char* p; @@ -5060,7 +5131,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) } if (ret == 1) { - /* Load DER encoded cerificate into SSL context. */ + /* Load DER encoded certificate into SSL context. */ ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSize, SSL_FILETYPE_ASN1); if (ret != WOLFSSL_SUCCESS) { @@ -5238,9 +5309,9 @@ static int wolfssl_set_tmp_dh(WOLFSSL* ssl, unsigned char* p, int pSz, InitSuites(ssl->suites, ssl->version, SSL_KEY_SZ(ssl), WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, - ssl->options.haveStaticECC, ssl->options.haveFalconSig, - ssl->options.haveDilithiumSig, ssl->options.useAnon, TRUE, - ssl->options.side); + ssl->options.haveStaticECC, + ssl->options.useAnon, TRUE, + TRUE, TRUE, TRUE, ssl->options.side); } return ret; diff --git a/src/src/ssl_p7p12.c b/src/src/ssl_p7p12.c index fba2767..12ef33c 100644 --- a/src/src/ssl_p7p12.c +++ b/src/src/ssl_p7p12.c @@ -948,7 +948,7 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7) int pemSz = -1; enum wc_HashType hashType; byte hashBuf[WC_MAX_DIGEST_SIZE]; - word32 hashSz = -1; + word32 hashSz = 0; WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7"); @@ -2012,7 +2012,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, #ifndef NO_RSA { const unsigned char* pt = pk; - if (wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, pkey, &pt, pkSz) != + if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, pkey, &pt, pkSz) != NULL) { ret = 0; } @@ -2022,7 +2022,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, #ifdef HAVE_ECC if (ret != 0) { /* if is in fail state check if ECC key */ const unsigned char* pt = pk; - if (wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, pkey, &pt, pkSz) != + if (wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_EC, pkey, &pt, pkSz) != NULL) { ret = 0; } diff --git a/src/src/ssl_sess.c b/src/src/ssl_sess.c index 91f2c84..1471b9d 100644 --- a/src/src/ssl_sess.c +++ b/src/src/ssl_sess.c @@ -113,10 +113,10 @@ } SessionRow; #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2)) - static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS]; + static WC_THREADSHARED SessionRow SessionCache[SESSION_ROWS]; #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) - static WOLFSSL_GLOBAL word32 PeakSessions; + static WC_THREADSHARED word32 PeakSessions; #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK @@ -124,8 +124,8 @@ #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&(row)->row_lock) #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); #else - static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */ - static WOLFSSL_GLOBAL int session_lock_valid = 0; + static WC_THREADSHARED wolfSSL_RwLock session_lock; /* SessionCache lock */ + static WC_THREADSHARED int session_lock_valid = 0; #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&session_lock) #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&session_lock) #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); @@ -176,22 +176,22 @@ ClientSession Clients[CLIENT_SESSIONS_PER_ROW]; } ClientRow; - static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS]; + static WC_THREADSHARED ClientRow ClientCache[CLIENT_SESSION_ROWS]; /* Client Cache */ /* uses session mutex */ /* ClientCache mutex */ - static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex + static WC_THREADSHARED wolfSSL_Mutex clisession_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex); #ifndef WOLFSSL_MUTEX_INITIALIZER - static WOLFSSL_GLOBAL int clisession_mutex_valid = 0; + static WC_THREADSHARED int clisession_mutex_valid = 0; #endif #endif /* !NO_CLIENT_CACHE */ void EvictSessionFromCache(WOLFSSL_SESSION* session) { #ifdef HAVE_EX_DATA - int save_ownExData = session->ownExData; + byte save_ownExData = session->ownExData; session->ownExData = 1; /* Make sure ex_data access doesn't lead back * into the cache. */ #endif @@ -823,10 +823,8 @@ void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm) void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm) { int i, j; - byte id[ID_LEN]; (void)ctx; - XMEMSET(id, 0, ID_LEN); WOLFSSL_ENTER("wolfSSL_flush_sessions"); for (i = 0; i < SESSION_ROWS; ++i) { if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { @@ -843,7 +841,7 @@ void wolfSSL_CTX_flush_sessions(WOLFSSL_CTX* ctx, long tm) #ifdef SESSION_CACHE_DYNAMIC_MEM s != NULL && #endif - XMEMCMP(s->sessionID, id, ID_LEN) != 0 && + s->sessionIDSz > 0 && s->bornOn + s->timeout < (word32)tm ) { @@ -873,7 +871,7 @@ int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to) return WOLFSSL_SUCCESS; } - +#ifndef NO_TLS /** * Sets ctx session timeout in seconds. * The timeout value set here should be reflected in the @@ -934,7 +932,7 @@ int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to) return ret; #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ } - +#endif /* !NO_TLS */ #ifndef NO_CLIENT_CACHE @@ -1120,7 +1118,9 @@ static int TlsSessionCacheGetAndLock(const byte *id, #else s = &sessRow->Sessions[idx]; #endif - if (s && XMEMCMP(s->sessionID, id, ID_LEN) == 0 && s->side == side) { + /* match session ID value and length */ + if (s && s->sessionIDSz == ID_LEN && s->side == side && + XMEMCMP(s->sessionID, id, ID_LEN) == 0) { *sess = s; break; } @@ -1839,7 +1839,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, } preallocNonceLen = addSession->ticketNonce.len; } -#endif /* WOLFSSL_TLS13 && WOLFSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3) */ +#endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ #endif /* HAVE_SESSION_TICKET */ /* Find a position for the new session in cache and use that */ @@ -1916,7 +1916,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, cacheSession = &sessRow->Sessions[idx]; #endif -#ifdef HAVE_EX_DATA +#ifdef HAVE_EX_DATA_CRYPTO if (overwrite) { /* Figure out who owns the ex_data */ if (cacheSession->ownExData) { @@ -3108,7 +3108,7 @@ long wolfSSL_SESSION_set_time(WOLFSSL_SESSION *ses, long t) return t; } -#endif /* !NO_SESSION_CACHE && OPENSSL_EXTRA || HAVE_EXT_CACHE */ +#endif /* !NO_SESSION_CACHE && (OPENSSL_EXTRA || HAVE_EXT_CACHE) */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(HAVE_EX_DATA) @@ -3132,6 +3132,10 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, id = session->sessionID; if (session->haveAltSessionID) id = session->altSessionID; + else if (session->sessionIDSz != ID_LEN) { + WOLFSSL_MSG("Incorrect sessionIDSz"); + return; + } row = (int)(HashObject(id, ID_LEN, &error) % SESSION_ROWS); if (error != 0) { @@ -3156,7 +3160,7 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, #else cacheSession = &sessRow->Sessions[i]; #endif - if (cacheSession && + if (cacheSession && cacheSession->sessionIDSz == ID_LEN && XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0 && session->side == cacheSession->side #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) @@ -3682,10 +3686,12 @@ WOLFSSL_SESSION* wolfSSL_NewSession(void* heap) #endif #ifdef HAVE_EX_DATA ret->ownExData = 1; + #ifdef HAVE_EX_DATA_CRYPTO if (crypto_ex_cb_ctx_session != NULL) { crypto_ex_cb_setup_new_data(ret, crypto_ex_cb_ctx_session, &ret->ex_data); } + #endif #endif } return ret; @@ -3739,7 +3745,7 @@ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session) * @param ticketNonceBuf If not null and @avoidSysCalls is true, the copy of the * ticketNonce will happen in this pre allocated buffer * @param ticketNonceLen @ticketNonceBuf len as input, used length on output - * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket noncet + * @param ticketNonceUsed if @ticketNonceBuf was used to copy the ticket nonce * @return WOLFSSL_SUCCESS on success * WOLFSSL_FAILURE on failure */ @@ -3748,7 +3754,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, byte* ticketNonceLen, byte* preallocUsed) { #ifdef HAVE_SESSION_TICKET - int ticLenAlloc = 0; + word16 ticLenAlloc = 0; byte *ticBuff = NULL; #endif const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) + @@ -3964,7 +3970,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, #endif /* HAVE_SESSION_TICKET */ -#ifdef HAVE_EX_DATA +#ifdef HAVE_EX_DATA_CRYPTO if (input->type != WOLFSSL_SESSION_TYPE_CACHE && output->type != WOLFSSL_SESSION_TYPE_CACHE) { /* Not called with cache as that passes ownership of ex_data */ @@ -4044,7 +4050,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) WOLFSSL_MSG("wolfSSL_FreeSession full free"); -#ifdef HAVE_EX_DATA +#ifdef HAVE_EX_DATA_CRYPTO if (session->ownExData) { crypto_ex_cb_free_data(session, crypto_ex_cb_ctx_session, &session->ex_data); @@ -4164,7 +4170,8 @@ int wolfSSL_SESSION_set1_id(WOLFSSL_SESSION *s, if (sid_len > ID_LEN) { return WOLFSSL_FAILURE; } - s->sessionIDSz = sid_len; + + s->sessionIDSz = (byte)sid_len; if (sid != s->sessionID) { XMEMCPY(s->sessionID, sid, sid_len); } @@ -4180,7 +4187,7 @@ int wolfSSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, if (sid_ctx_len > ID_LEN) { return WOLFSSL_FAILURE; } - s->sessionCtxSz = sid_ctx_len; + s->sessionCtxSz = (byte)sid_ctx_len; if (sid_ctx != s->sessionCtx) { XMEMCPY(s->sessionCtx, sid_ctx, sid_ctx_len); } @@ -4230,8 +4237,7 @@ const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session) #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ - defined(HAVE_EX_DATA) +#ifdef HAVE_EX_DATA int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) { @@ -4301,13 +4307,8 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) #endif return ret; } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_EX_DATA */ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ - (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) -#ifdef HAVE_EX_DATA +#ifdef HAVE_EX_DATA_CRYPTO int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func) @@ -4316,9 +4317,8 @@ int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr, return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, ctx_l, ctx_ptr, new_func, dup_func, free_func); } -#endif -#endif - +#endif /* HAVE_EX_DATA_CRYPTO */ +#endif /* HAVE_EX_DATA */ #if defined(OPENSSL_ALL) || \ defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \ diff --git a/src/src/tls.c b/src/src/tls.c index 8441acf..0e5f43b 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -3649,7 +3649,7 @@ int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, request = &csr->request.ocsp[req_cnt]; if (request->serial != NULL) { - /* clear request contents before re-use */ + /* clear request contents before reuse */ FreeOcspRequest(request); if (csr->requests > 0) csr->requests--; @@ -6450,7 +6450,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13Minor) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0 #endif ) { cnt++; @@ -6462,7 +6462,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) isDtls, ssl->options.minDowngrade, tls12Minor) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0 #endif ) { cnt++; @@ -6473,7 +6473,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) isDtls, ssl->options.minDowngrade, tls11Minor) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0 #endif ) { cnt++; @@ -6482,7 +6482,7 @@ static int TLSX_SupportedVersions_GetSize(void* data, byte msgType, word16* pSz) if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0 #endif ) { cnt++; @@ -6547,7 +6547,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls13minor) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1_3) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == 0 #endif ) { *cnt += OPAQUE16_LEN; @@ -6567,7 +6567,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls12minor) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1_2) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) == 0 #endif ) { *cnt += OPAQUE16_LEN; @@ -6580,7 +6580,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, if (versionIsLessEqual(isDtls, ssl->options.minDowngrade, tls11minor) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1_1) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_1) == 0 #endif ) { *cnt += OPAQUE16_LEN; @@ -6591,7 +6591,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, if (!ssl->options.dtls && (ssl->options.minDowngrade <= TLSv1_MINOR) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) - && (ssl->options.mask & SSL_OP_NO_TLSv1) == 0 + && (ssl->options.mask & WOLFSSL_OP_NO_TLSv1) == 0 #endif ) { *cnt += OPAQUE16_LEN; @@ -7168,15 +7168,16 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input, return 0; } -#define CAN_GET_SIZE TLSX_CA_Names_GetSize -#define CAN_WRITE TLSX_CA_Names_Write -#define CAN_PARSE TLSX_CA_Names_Parse +#define CAN_GET_SIZE(data) TLSX_CA_Names_GetSize(data) +#define CAN_WRITE(data, output) TLSX_CA_Names_Write(data, output) +#define CAN_PARSE(ssl, input, length, isRequest) \ + TLSX_CA_Names_Parse(ssl, input, length, isRequest) #else -#define CAN_GET_SIZE(...) 0 -#define CAN_WRITE(...) 0 -#define CAN_PARSE(...) 0 +#define CAN_GET_SIZE(data) 0 +#define CAN_WRITE(data, output) 0 +#define CAN_PARSE(ssl, input, length, isRequest) 0 #endif @@ -7982,6 +7983,24 @@ static int kyber_id2type(int id, int *type) int ret = 0; switch (id) { +#ifndef WOLFSSL_NO_ML_KEM + #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + *type = WC_ML_KEM_512; + break; + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + *type = WC_ML_KEM_768; + break; + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + *type = WC_ML_KEM_1024; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: *type = KYBER512; @@ -7997,6 +8016,7 @@ static int kyber_id2type(int id, int *type) *type = KYBER1024; break; #endif +#endif default: ret = NOT_COMPILED_IN; break; @@ -8012,12 +8032,22 @@ typedef struct PqcHybridMapping { } PqcHybridMapping; static const PqcHybridMapping pqc_hybrid_mapping[] = { +#ifndef WOLFSSL_NO_ML_KEM + {.hybrid = WOLFSSL_P256_ML_KEM_512, .ecc = WOLFSSL_ECC_SECP256R1, + .pqc = WOLFSSL_ML_KEM_512}, + {.hybrid = WOLFSSL_P384_ML_KEM_768, .ecc = WOLFSSL_ECC_SECP384R1, + .pqc = WOLFSSL_ML_KEM_768}, + {.hybrid = WOLFSSL_P521_ML_KEM_1024, .ecc = WOLFSSL_ECC_SECP521R1, + .pqc = WOLFSSL_ML_KEM_1024}, +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL {.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, .pqc = WOLFSSL_KYBER_LEVEL1}, {.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, .pqc = WOLFSSL_KYBER_LEVEL3}, {.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, .pqc = WOLFSSL_KYBER_LEVEL5}, +#endif {.hybrid = 0, .ecc = 0, .pqc = 0} }; @@ -9662,6 +9692,45 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) #endif #endif #ifdef WOLFSSL_HAVE_KYBER +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_KYBER + #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + case WOLFSSL_P256_ML_KEM_512: + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + case WOLFSSL_P384_ML_KEM_768: + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + case WOLFSSL_P521_ML_KEM_1024: + #endif + break; + #elif defined(HAVE_LIBOQS) + case WOLFSSL_ML_KEM_512: + case WOLFSSL_ML_KEM_768: + case WOLFSSL_ML_KEM_1024: + case WOLFSSL_P256_ML_KEM_512: + case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P521_ML_KEM_1024: + { + int ret; + int id; + findEccPqc(NULL, &namedGroup, namedGroup); + ret = kyber_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } + + if (! ext_kyber_enabled(id)) { + return 0; + } + break; + } + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_WC_KYBER #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: @@ -9699,6 +9768,7 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) } #endif #endif +#endif /* WOLFSSL_HAVE_KYBER */ default: return 0; } @@ -9744,6 +9814,31 @@ static const word16 preferredGroup[] = { #if defined(HAVE_FFDHE_8192) WOLFSSL_FFDHE_8192, #endif +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_KYBER + #ifndef WOLFSSL_NO_ML_KEM_512 + WOLFSSL_ML_KEM_512, + WOLFSSL_P256_ML_KEM_512, + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + WOLFSSL_ML_KEM_768, + WOLFSSL_P384_ML_KEM_768, + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + WOLFSSL_ML_KEM_1024, + WOLFSSL_P521_ML_KEM_1024, + #endif +#elif defined(HAVE_LIBOQS) + /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ + WOLFSSL_ML_KEM_512, + WOLFSSL_ML_KEM_768, + WOLFSSL_ML_KEM_1024, + WOLFSSL_P256_ML_KEM_512, + WOLFSSL_P384_ML_KEM_768, + WOLFSSL_P521_ML_KEM_1024, +#endif +#endif /* !WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_WC_KYBER #ifdef WOLFSSL_KYBER512 WOLFSSL_KYBER_LEVEL1, @@ -9766,6 +9861,7 @@ static const word16 preferredGroup[] = { WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P521_KYBER_LEVEL5, #endif +#endif /* WOLFSSL_KYBER_ORIGINAL */ WOLFSSL_NAMED_GROUP_INVALID }; @@ -9957,6 +10053,16 @@ int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length, } } + /* This could be a situation where the client tried to start with TLS 1.3 + * when it sent ClientHello and the server down-graded to TLS 1.2. In that + * case, erroring out because it is TLS 1.2 is not a reasonable thing to do. + * In the case of TLS 1.2, the CKS values will be ignored. */ + if (!IsAtLeastTLSv1_3(ssl->version)) { + ssl->sigSpec = NULL; + ssl->sigSpecSz = 0; + return 0; + } + /* Extension data is valid, but if we are the server and we don't have an * alt private key, do not respond with CKS extension. */ if (wolfSSL_is_server(ssl) && ssl->buffers.altKey == NULL) { @@ -12368,7 +12474,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, readBuf_p += ech->encLen; ato16(readBuf_p, &ech->innerClientHelloLen); - ech->innerClientHelloLen -= AES_BLOCK_SIZE; + ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE; readBuf_p += 2; ech->outerClientPayload = readBuf_p; @@ -12384,7 +12490,7 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, /* set the ech payload of the copy to zeros */ XMEMSET(aadCopy + (readBuf_p - ech->aad), 0, - ech->innerClientHelloLen + AES_BLOCK_SIZE); + ech->innerClientHelloLen + WC_AES_BLOCK_SIZE); /* allocate the inner payload buffer */ ech->innerClientHello = @@ -13376,6 +13482,52 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #endif #ifdef WOLFSSL_HAVE_KYBER +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_KYBER +#ifndef WOLFSSL_NO_ML_KEM_512 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, + ssl->heap); +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, + ssl->heap); +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, + ssl->heap); +#endif +#elif defined(HAVE_LIBOQS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, + ssl->heap); +#endif /* HAVE_LIBOQS */ +#endif /* !WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_WC_KYBER #ifdef WOLFSSL_KYBER512 if (ret == WOLFSSL_SUCCESS) @@ -13419,6 +13571,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, ssl->heap); #endif /* HAVE_LIBOQS */ +#endif /* WOLFSSL_KYBER_ORIGINAL */ #endif /* WOLFSSL_HAVE_KYBER */ (void)ssl; @@ -13454,7 +13607,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) return ret; #endif /* HAVE_RPK */ -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) && \ + !defined(WOLFSSL_NO_TLS12) if (!ssl->options.disallowEncThenMac) { ret = TLSX_EncryptThenMac_Use(ssl); if (ret != 0) @@ -13627,11 +13781,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) word64 now, milli; #endif - if (sess->ticketLen > MAX_PSK_ID_LEN) { - WOLFSSL_MSG("Session ticket length for PSK ext is too large"); - return BUFFER_ERROR; - } - /* Determine the MAC algorithm for the cipher suite used. */ ssl->options.cipherSuite0 = sess->cipherSuite0; ssl->options.cipherSuite = sess->cipherSuite; @@ -14762,9 +14911,9 @@ static word16 TLSX_GetMinSize_Client(word16* type) return 0; } } - #define TLSX_GET_MIN_SIZE_CLIENT TLSX_GetMinSize_Client + #define TLSX_GET_MIN_SIZE_CLIENT(type) TLSX_GetMinSize_Client(type) #else - #define TLSX_GET_MIN_SIZE_CLIENT(...) 0 + #define TLSX_GET_MIN_SIZE_CLIENT(type) 0 #endif @@ -14831,9 +14980,9 @@ static word16 TLSX_GetMinSize_Server(const word16 *type) return 0; } } - #define TLSX_GET_MIN_SIZE_SERVER TLSX_GetMinSize_Server + #define TLSX_GET_MIN_SIZE_SERVER(type) TLSX_GetMinSize_Server(type) #else - #define TLSX_GET_MIN_SIZE_SERVER(...) 0 + #define TLSX_GET_MIN_SIZE_SERVER(type) 0 #endif @@ -15038,9 +15187,8 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #ifdef WOLFSSL_DUAL_ALG_CERTS case TLSX_CKS: WOLFSSL_MSG("CKS extension received"); - if (!IsAtLeastTLSv1_3(ssl->version) || - (msgType != client_hello && - msgType != encrypted_extensions)) { + if (msgType != client_hello && + msgType != encrypted_extensions) { WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); return EXT_NOT_ALLOWED; } @@ -15529,7 +15677,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #elif defined(WOLFSSL_ALLOW_TLSV10) InitSSL_Method(method, MakeTLSv1()); #else - #error No TLS version enabled! + #error No TLS version enabled! Consider using NO_TLS or WOLFCRYPT_ONLY. #endif method->downgrade = 1; @@ -15904,7 +16052,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #elif defined(WOLFSSL_ALLOW_TLSV10) InitSSL_Method(method, MakeTLSv1()); #else - #error No TLS version enabled! + #error No TLS version enabled! Consider using NO_TLS or WOLFCRYPT_ONLY. #endif method->downgrade = 1; diff --git a/src/src/tls13.c b/src/src/tls13.c index e826893..a1a1783 100644 --- a/src/src/tls13.c +++ b/src/src/tls13.c @@ -2413,6 +2413,9 @@ static WC_INLINE void WriteSEQTls13(WOLFSSL* ssl, int verifyOrder, byte* out) if (seq[1] > ssl->keys.sequence_number_lo) ssl->keys.sequence_number_hi++; } +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG_EX("TLS 1.3 Write Sequence %d %d", seq[0], seq[1]); +#endif c32toa(seq[0], out); c32toa(seq[1], out + OPAQUE32_LEN); @@ -2428,14 +2431,11 @@ static WC_INLINE void WriteSEQTls13(WOLFSSL* ssl, int verifyOrder, byte* out) static WC_INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv, int order) { - int i; - + int seq_offset = AEAD_NONCE_SZ - SEQ_SZ; /* The nonce is the IV with the sequence XORed into the last bytes. */ - WriteSEQTls13(ssl, order, nonce + AEAD_NONCE_SZ - SEQ_SZ); - for (i = 0; i < AEAD_NONCE_SZ - SEQ_SZ; i++) - nonce[i] = iv[i]; - for (; i < AEAD_NONCE_SZ; i++) - nonce[i] ^= iv[i]; + WriteSEQTls13(ssl, order, nonce + seq_offset); + XMEMCPY(nonce, iv, seq_offset); + xorbuf(nonce + seq_offset, iv + seq_offset, SEQ_SZ); } #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) @@ -3621,6 +3621,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz, #ifdef WOLFSSL_DTLS13 /* Tie cookie to peer address */ if (ret == 0) { + /* peerLock not necessary. Still in handshake phase. */ if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) { ret = wc_HmacUpdate(&cookieHmac, (byte*)ssl->buffers.dtlsCtx.peer.sa, @@ -4018,6 +4019,10 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx) WOLFSSL_ENTER("WritePSKBinders"); + if (idx > WOLFSSL_MAX_16BIT) { + return INPUT_SIZE_E; + } + ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); if (ext == NULL) return SANITY_MSG_E; @@ -4033,7 +4038,7 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) ret = Dtls13HashHandshake(ssl, output + Dtls13GetRlHeaderLength(ssl, 0), - idx - Dtls13GetRlHeaderLength(ssl, 0)); + (word16)idx - Dtls13GetRlHeaderLength(ssl, 0)); else #endif /* WOLFSSL_DTLS13 */ ret = HashOutput(ssl, output, (int)idx, 0); @@ -5285,7 +5290,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, defined(WOLFSSL_WPAS_SMALL) /* Check if client has disabled TLS 1.2 */ if (args->pv.minor == TLSv1_2_MINOR && - (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + (ssl->options.mask & WOLFSSL_OP_NO_TLSv1_2) + == WOLFSSL_OP_NO_TLSv1_2) + { WOLFSSL_MSG("\tOption set to not allow TLSv1.2"); WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; @@ -6268,7 +6275,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, return ret; if (*usingPSK != 0) { - word16 modes; + word32 modes; #ifdef WOLFSSL_EARLY_DATA TLSX* extEarlyData; @@ -6403,6 +6410,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz) #ifdef WOLFSSL_DTLS13 /* Tie cookie to peer address */ if (ret == 0) { + /* peerLock not necessary. Still in handshake phase. */ if (ssl->options.dtls && ssl->buffers.dtlsCtx.peer.sz > 0) { ret = wc_HmacUpdate(&cookieHmac, (byte*)ssl->buffers.dtlsCtx.peer.sa, @@ -7930,6 +7938,27 @@ static void EncodeDualSigAlg(byte sigAlg, byte altSigAlg, byte* output) } #endif /* WOLFSSL_DUAL_ALG_CERTS */ +static enum wc_MACAlgorithm GetNewSAHashAlgo(int typeIn) +{ + switch (typeIn) { + case RSA_PSS_RSAE_SHA256_MINOR: + case RSA_PSS_PSS_SHA256_MINOR: + return sha256_mac; + + case RSA_PSS_RSAE_SHA384_MINOR: + case RSA_PSS_PSS_SHA384_MINOR: + return sha384_mac; + + case RSA_PSS_RSAE_SHA512_MINOR: + case RSA_PSS_PSS_SHA512_MINOR: + case ED25519_SA_MINOR: + case ED448_SA_MINOR: + return sha512_mac; + default: + return no_mac; + } +} + /* Decode the signature algorithm. * * input The encoded signature algorithm. @@ -7954,17 +7983,23 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, break; #endif case NEW_SA_MAJOR: - /* PSS signatures: 0x080[4-6] */ - if (input[1] >= sha256_mac && input[1] <= sha512_mac) { + *hashAlgo = GetNewSAHashAlgo(input[1]); + + /* PSS encryption: 0x080[4-6] */ + if (input[1] >= RSA_PSS_RSAE_SHA256_MINOR && + input[1] <= RSA_PSS_RSAE_SHA512_MINOR) { + *hsType = input[0]; + } + /* PSS signature: 0x080[9-B] */ + else if (input[1] >= RSA_PSS_PSS_SHA256_MINOR && + input[1] <= RSA_PSS_PSS_SHA512_MINOR) { *hsType = input[0]; - *hashAlgo = input[1]; } #ifdef HAVE_ED25519 /* ED25519: 0x0807 */ else if (input[1] == ED25519_SA_MINOR) { *hsType = ed25519_sa_algo; /* Hash performed as part of sign/verify operation. */ - *hashAlgo = sha512_mac; } #endif #ifdef HAVE_ED448 @@ -7972,7 +8007,6 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, else if (input[1] == ED448_SA_MINOR) { *hsType = ed448_sa_algo; /* Hash performed as part of sign/verify operation. */ - *hashAlgo = sha512_mac; } #endif else @@ -8998,7 +9032,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) return 0; /* sent blank cert, can't verify */ } - args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA; + args->sendSz = WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA; /* Always encrypted. */ args->sendSz += MAX_MSG_EXTRA; @@ -9590,11 +9624,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) else #endif { + #ifdef HAVE_PK_CALLBACKS + buffer tmp; + + tmp.length = ssl->buffers.key->length; + tmp.buffer = ssl->buffers.key->buffer; + #endif ret = EccVerify(ssl, sigOut, args->sigLen, args->sigData, args->sigDataSz, (ecc_key*)ssl->hsKey, #ifdef HAVE_PK_CALLBACKS - ssl->buffers.key + &tmp #else NULL #endif @@ -9655,7 +9695,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) if (ssl->options.dtls) { ssl->options.buildingMsg = 0; ret = Dtls13HandshakeSend(ssl, args->output, - MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA, + WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA + MAX_MSG_EXTRA, (word16)args->sendSz, certificate_verify, 1); if (ret != 0) goto exit_scv; @@ -9666,7 +9706,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) /* This message is always encrypted. */ ret = BuildTls13Message(ssl, args->output, - MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA, + WC_MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA, args->output + RECORD_HEADER_SZ, args->sendSz - RECORD_HEADER_SZ, handshake, 1, 0, 0); @@ -10853,15 +10893,19 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } if (sniff == NO_SNIFF) { + ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz); #ifdef WOLFSSL_HAVE_TLS_UNIQUE + if (finishedSz > TLS_FINISHED_SZ_MAX) { + return BUFFER_ERROR; + } if (ssl->options.side == WOLFSSL_CLIENT_END) { XMEMCPY(ssl->serverFinished, mac, finishedSz); - ssl->serverFinished_len = finishedSz; + ssl->serverFinished_len = (byte)finishedSz; } else { XMEMCPY(ssl->clientFinished, mac, finishedSz); - ssl->clientFinished_len = finishedSz; + ssl->clientFinished_len = (byte)finishedSz; } #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ if (ret != 0) @@ -10889,6 +10933,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Force input exhaustion at ProcessReply by consuming padSz. */ *inOutIdx += size + ssl->keys.padSz; +#ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END && !ssl->options.handShakeDone) { #ifdef WOLFSSL_EARLY_DATA @@ -10901,6 +10946,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) return ret; } +#endif #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) @@ -10943,7 +10989,7 @@ int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, */ static int SendTls13Finished(WOLFSSL* ssl) { - int finishedSz = ssl->specs.hash_size; + byte finishedSz = ssl->specs.hash_size; byte* input; byte* output; int ret; @@ -11133,14 +11179,14 @@ static int SendTls13Finished(WOLFSSL* ssl) !ssl->options.handShakeDone) { #ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData != no_early_data) { - if ((ret = DeriveTls13Keys(ssl, no_key, ENCRYPT_AND_DECRYPT_SIDE, + if ((ret = DeriveTls13Keys(ssl, no_key, ENCRYPT_SIDE_ONLY, 1)) != 0) { return ret; } } #endif /* Setup keys for application data messages. */ - if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) + if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) return ret; #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) @@ -11803,9 +11849,9 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) { byte* output; int ret; + word32 length; int sendSz; word16 extSz; - word32 length; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; WOLFSSL_START(WC_FUNC_NEW_SESSION_TICKET_SEND); @@ -11876,7 +11922,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) /* Nonce */ length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ; - sendSz = (int)(idx + length + MAX_MSG_EXTRA); + sendSz = (word16)(idx + length + MAX_MSG_EXTRA); /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) @@ -11932,6 +11978,10 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) idx += EXTS_SZ; #endif + if (idx > WOLFSSL_MAX_16BIT) { + return BAD_LENGTH_E; + } + ssl->options.haveSessionId = 1; SetupSession(ssl); @@ -11944,12 +11994,15 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) - return Dtls13HandshakeSend(ssl, output, sendSz, idx, session_ticket, 0); + return Dtls13HandshakeSend(ssl, output, (word16)sendSz, + (word16)idx, session_ticket, 0); #endif /* WOLFSSL_DTLS13 */ /* This message is always encrypted. */ - sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, - idx - RECORD_HEADER_SZ, handshake, 0, 0, 0); + sendSz = BuildTls13Message(ssl, output, sendSz, + output + RECORD_HEADER_SZ, + (word16)idx - RECORD_HEADER_SZ, + handshake, 0, 0, 0); if (sendSz < 0) return sendSz; @@ -12797,7 +12850,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_QUIC if (WOLFSSL_IS_QUIC(ssl) && ssl->earlyData != no_early_data) { /* QUIC never sends/receives EndOfEarlyData, but having - * early data means the last encrpytion keys had not been + * early data means the last encryption keys had not been * set yet. */ if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) return ret; @@ -12808,12 +12861,21 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->earlyData == no_early_data)) != 0) { return ret; } + if (ssl->earlyData != no_early_data) { + if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY, + 1)) != 0) { + return ret; + } + } #else if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { return ret; } #endif + /* Setup keys for application data messages. */ + if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) + return ret; } #ifdef WOLFSSL_POST_HANDSHAKE_AUTH if (type == certificate_request && @@ -13033,7 +13095,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) } /* make sure this wolfSSL object has arrays and rng setup. Protects - * case where the WOLFSSL object is re-used via wolfSSL_clear() */ + * case where the WOLFSSL object is reused via wolfSSL_clear() */ if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) { return ret; } @@ -13953,8 +14015,7 @@ void wolfSSL_set_psk_client_cs_callback(WOLFSSL* ssl, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side); } /* Set the PSK callback that returns the cipher suite for a client to use @@ -14006,8 +14067,7 @@ void wolfSSL_set_psk_client_tls13_callback(WOLFSSL* ssl, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side); } /* Set the PSK callback that returns the cipher suite for a server to use @@ -14056,8 +14116,7 @@ void wolfSSL_set_psk_server_tls13_callback(WOLFSSL* ssl, InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, - ssl->options.haveFalconSig, ssl->options.haveDilithiumSig, - ssl->options.useAnon, TRUE, ssl->options.side); + ssl->options.useAnon, TRUE, TRUE, TRUE, TRUE, ssl->options.side); } /* Get name of first supported cipher suite that uses the hash indicated. @@ -14134,7 +14193,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) } /* make sure this wolfSSL object has arrays and rng setup. Protects - * case where the WOLFSSL object is re-used via wolfSSL_clear() */ + * case where the WOLFSSL object is reused via wolfSSL_clear() */ if ((ret = ReinitSSL(ssl, ssl->ctx, 0)) != 0) { return ret; } diff --git a/src/src/wolfio.c b/src/src/wolfio.c index a632ff8..5e62e9f 100644 --- a/src/src/wolfio.c +++ b/src/src/wolfio.c @@ -32,6 +32,15 @@ #ifndef WOLFCRYPT_ONLY +#if defined(HAVE_ERRNO_H) && defined(WOLFSSL_NO_SOCK) && \ + (defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)) + /* error codes are needed for TranslateIoReturnCode() and + * wolfIO_TcpConnect() even if defined(WOLFSSL_NO_SOCK), which inhibits + * inclusion of errno.h by wolfio.h. + */ + #include +#endif + #ifdef _WIN32_WCE /* On WinCE winsock2.h must be included before windows.h for socket stuff */ #include @@ -116,7 +125,7 @@ Possible IO enable options: * * DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER: This flag has effect only if * ASN_NO_TIME is enabled. If enabled invalid peers messages are ignored - * indefinetely. If not enabled EmbedReceiveFrom will return timeout after + * indefinitely. If not enabled EmbedReceiveFrom will return timeout after * DTLS_RECEIVEFROM_MAX_INVALID_PEER number of packets from invalid peers. When * enabled, without a timer, EmbedReceivefrom can't check if the timeout is * expired and it may never return under a continuous flow of invalid packets. @@ -251,7 +260,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) NULL); WOLFSSL_MSG(errstr); #else - WOLFSSL_MSG("\tGeneral error"); + WOLFSSL_MSG_EX("\tGeneral error: %d", err); #endif return WOLFSSL_CBIO_ERR_GENERAL; } @@ -260,12 +269,12 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) #ifdef OPENSSL_EXTRA #ifndef NO_BIO -int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) +int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) { return SslBioSend(ssl, buf, sz, ctx); } -int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) +int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) { return SslBioReceive(ssl, buf, sz, ctx); } @@ -560,7 +569,7 @@ STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags, #define DTLS_RECVFROM_FUNCTION recvfrom #endif -static int sockAddrEqual( +int sockAddrEqual( SOCKADDR_S *a, XSOCKLENT aLen, SOCKADDR_S *b, XSOCKLENT bLen) { if (aLen != bLen) @@ -651,8 +660,17 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) word32 invalidPeerPackets = 0; #endif int newPeer = 0; + int ret = 0; WOLFSSL_ENTER("EmbedReceiveFrom"); + (void)ret; /* possibly unused */ + + XMEMSET(&lclPeer, 0, sizeof(lclPeer)); + +#ifdef WOLFSSL_RW_THREADED + if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_CBIO_ERR_GENERAL; +#endif if (dtlsCtx->connected) { peer = NULL; @@ -661,33 +679,32 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #ifndef WOLFSSL_IPV6 if (PeerIsIpv6((SOCKADDR_S*)dtlsCtx->peer.sa, dtlsCtx->peer.sz)) { WOLFSSL_MSG("ipv6 dtls peer set but no ipv6 support compiled"); - return NOT_COMPILED_IN; + ret = WOLFSSL_CBIO_ERR_GENERAL; } #endif peer = &lclPeer; - XMEMSET(&lclPeer, 0, sizeof(lclPeer)); peerSz = sizeof(lclPeer); } else { /* Store the peer address. It is used to calculate the DTLS cookie. */ - if (dtlsCtx->peer.sa == NULL) { - dtlsCtx->peer.sa = (void*)XMALLOC(sizeof(SOCKADDR_S), - ssl->heap, DYNAMIC_TYPE_SOCKADDR); - dtlsCtx->peer.sz = 0; - if (dtlsCtx->peer.sa != NULL) - dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S); - else - dtlsCtx->peer.bufSz = 0; - newPeer = 1; - peer = (SOCKADDR_S*)dtlsCtx->peer.sa; - } - else { - peer = &lclPeer; - XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); + newPeer = dtlsCtx->peer.sa == NULL || !ssl->options.dtlsStateful; + peer = &lclPeer; + if (dtlsCtx->peer.sa != NULL) { + XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, MIN(sizeof(lclPeer), + dtlsCtx->peer.sz)); } - peerSz = dtlsCtx->peer.bufSz; + peerSz = sizeof(lclPeer); } +#ifdef WOLFSSL_RW_THREADED + /* We make a copy above to avoid holding the lock for the entire function */ + if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_CBIO_ERR_GENERAL; +#endif + + if (ret != 0) + return ret; + /* Don't use ssl->options.handShakeDone since it is true even if * we are in the process of renegotiation */ doDtlsTimeout = ssl->options.handShakeState != HANDSHAKE_DONE; @@ -696,12 +713,9 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL; #ifdef WOLFSSL_RW_THREADED - { - int ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); - if (ret < 0) { - return ret; - } - } + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret != 0) + return ret; #endif doDtlsTimeout = doDtlsTimeout || (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL); @@ -772,26 +786,16 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } #endif /* !NO_ASN_TIME */ - recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, - (SOCKADDR*)peer, peer != NULL ? &peerSz : NULL); - - /* From the RECV(2) man page - * The returned address is truncated if the buffer provided is too - * small; in this case, addrlen will return a value greater than was - * supplied to the call. - */ - if (dtlsCtx->connected) { - /* No need to sanitize the value of peerSz */ - } - else if (dtlsCtx->userSet) { - /* Truncate peer size */ - if (peerSz > (XSOCKLENT)sizeof(lclPeer)) - peerSz = (XSOCKLENT)sizeof(lclPeer); - } - else { - /* Truncate peer size */ - if (peerSz > (XSOCKLENT)dtlsCtx->peer.bufSz) - peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz; + { + XSOCKLENT inPeerSz = peerSz; + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, + ssl->rflags, (SOCKADDR*)peer, peer != NULL ? &inPeerSz : NULL); + /* Truncate peerSz. From the RECV(2) man page + * The returned address is truncated if the buffer provided is too + * small; in this case, addrlen will return a value greater than was + * supplied to the call. + */ + peerSz = MIN(peerSz, inPeerSz); } recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); @@ -820,11 +824,23 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } else if (dtlsCtx->userSet) { /* Check we received the packet from the correct peer */ + int ignore = 0; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_CBIO_ERR_GENERAL; +#endif if (dtlsCtx->peer.sz > 0 && (peerSz != (XSOCKLENT)dtlsCtx->peer.sz || !sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa, dtlsCtx->peer.sz))) { WOLFSSL_MSG(" Ignored packet from invalid peer"); + ignore = 1; + } +#ifdef WOLFSSL_RW_THREADED + if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_CBIO_ERR_GENERAL; +#endif + if (ignore) { #if defined(NO_ASN_TIME) && \ !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER) if (doDtlsTimeout) { @@ -840,13 +856,27 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } else { if (newPeer) { - /* Store size of saved address */ - dtlsCtx->peer.sz = peerSz; + /* Store size of saved address. Locking handled internally. */ + if (wolfSSL_dtls_set_peer(ssl, peer, peerSz) != WOLFSSL_SUCCESS) + return WOLFSSL_CBIO_ERR_GENERAL; } #ifndef WOLFSSL_PEER_ADDRESS_CHANGES - else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || - (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { - return WOLFSSL_CBIO_ERR_GENERAL; + else { + ret = 0; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_CBIO_ERR_GENERAL; +#endif + if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa, + dtlsCtx->peer.sz)) { + ret = WOLFSSL_CBIO_ERR_GENERAL; + } +#ifdef WOLFSSL_RW_THREADED + if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) + return WOLFSSL_CBIO_ERR_GENERAL; +#endif + if (ret != 0) + return ret; } #endif } @@ -1032,7 +1062,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) } ((SOCKADDR_IN*)&addr)->sin_port = XHTONS(port); - /* peer sa is free'd in SSL_ResourceFree */ + /* peer sa is free'd in wolfSSL_ResourceFree */ if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN*)&addr, sizeof(SOCKADDR_IN)))!= WOLFSSL_SUCCESS) { WOLFSSL_MSG("Import DTLS peer info error"); @@ -1049,7 +1079,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) } ((SOCKADDR_IN6*)&addr)->sin6_port = XHTONS(port); - /* peer sa is free'd in SSL_ResourceFree */ + /* peer sa is free'd in wolfSSL_ResourceFree */ if ((ret = wolfSSL_dtls_set_peer(ssl, (SOCKADDR_IN6*)&addr, sizeof(SOCKADDR_IN6)))!= WOLFSSL_SUCCESS) { WOLFSSL_MSG("Import DTLS peer info error"); @@ -2342,6 +2372,20 @@ void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend) } } +void wolfSSL_SSLDisableRead(WOLFSSL *ssl) +{ + if (ssl) { + ssl->options.disableRead = 1; + } +} + +void wolfSSL_SSLEnableRead(WOLFSSL *ssl) +{ + if (ssl) { + ssl->options.disableRead = 0; + } +} + void wolfSSL_SetIOReadCtx(WOLFSSL* ssl, void *rctx) { diff --git a/src/src/x509.c b/src/src/x509.c index 18feff0..d656815 100644 --- a/src/src/x509.c +++ b/src/src/x509.c @@ -49,10 +49,10 @@ unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509) if (x509 != NULL) { if (x509->keyUsageSet) { - flags |= EXFLAG_KUSAGE; + flags |= WOLFSSL_EXFLAG_KUSAGE; } if (x509->extKeyUsageSrc != NULL) { - flags |= EXFLAG_XKUSAGE; + flags |= WOLFSSL_EXFLAG_XKUSAGE; } } @@ -92,19 +92,19 @@ unsigned int wolfSSL_X509_get_extended_key_usage(WOLFSSL_X509* x509) if (x509 != NULL) { if (x509->extKeyUsage & EXTKEYUSE_OCSP_SIGN) - ret |= XKU_OCSP_SIGN; + ret |= WOLFSSL_XKU_OCSP_SIGN; if (x509->extKeyUsage & EXTKEYUSE_TIMESTAMP) - ret |= XKU_TIMESTAMP; + ret |= WOLFSSL_XKU_TIMESTAMP; if (x509->extKeyUsage & EXTKEYUSE_EMAILPROT) - ret |= XKU_SMIME; + ret |= WOLFSSL_XKU_SMIME; if (x509->extKeyUsage & EXTKEYUSE_CODESIGN) - ret |= XKU_CODE_SIGN; + ret |= WOLFSSL_XKU_CODE_SIGN; if (x509->extKeyUsage & EXTKEYUSE_CLIENT_AUTH) - ret |= XKU_SSL_CLIENT; + ret |= WOLFSSL_XKU_SSL_CLIENT; if (x509->extKeyUsage & EXTKEYUSE_SERVER_AUTH) - ret |= XKU_SSL_SERVER; + ret |= WOLFSSL_XKU_SSL_SERVER; if (x509->extKeyUsage & EXTKEYUSE_ANY) - ret |= XKU_ANYEKU; + ret |= WOLFSSL_XKU_ANYEKU; } WOLFSSL_LEAVE("wolfSSL_X509_get_extended_key_usage", ret); @@ -314,7 +314,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_create_by_OBJ( if (ret == NULL) { err = 1; } - } else { + } + else { /* Prevent potential memory leaks and dangling pointers. */ wolfSSL_ASN1_OBJECT_free(ret->obj); ret->obj = NULL; @@ -360,7 +361,8 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void) /* This function does NOT return 1 on success. It returns 0 on fail, and the * number of items in the stack upon success. This is for compatibility with * OpenSSL. */ -int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext) +int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk, + WOLFSSL_X509_EXTENSION* ext) { WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push"); @@ -532,7 +534,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, goto err; } - tag = V_ASN1_UTF8STRING; + tag = WOLFSSL_V_ASN1_UTF8STRING; } else #endif @@ -555,7 +557,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, len -= idx; /* Set the tag to object so that it gets output in raw form */ - tag = V_ASN1_SEQUENCE; + tag = WOLFSSL_V_ASN1_SEQUENCE; } @@ -587,6 +589,76 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, #endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns) +{ + gn->type = dns->type; + switch (gn->type) { + case WOLFSSL_GEN_OTHERNAME: + if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) { + WOLFSSL_MSG("OTHERNAME set failed"); + return WOLFSSL_FAILURE; + } + break; + + case WOLFSSL_GEN_EMAIL: + case WOLFSSL_GEN_DNS: + case WOLFSSL_GEN_URI: + case WOLFSSL_GEN_IPADD: + case WOLFSSL_GEN_IA5: + gn->d.ia5->length = dns->len; + if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, + gn->d.ia5->length) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ASN1_STRING_set failed"); + return WOLFSSL_FAILURE; + } + break; + + + case WOLFSSL_GEN_DIRNAME: + /* wolfSSL_GENERAL_NAME_new() mallocs this by default */ + wolfSSL_ASN1_STRING_free(gn->d.ia5); + gn->d.ia5 = NULL; + + gn->d.dirn = wolfSSL_X509_NAME_new();; + /* @TODO extract dir name info from DNS_entry */ + break; + +#ifdef WOLFSSL_RID_ALT_NAME + case WOLFSSL_GEN_RID: + /* wolfSSL_GENERAL_NAME_new() mallocs this by default */ + wolfSSL_ASN1_STRING_free(gn->d.ia5); + gn->d.ia5 = NULL; + + gn->d.registeredID = wolfSSL_ASN1_OBJECT_new(); + if (gn->d.registeredID == NULL) { + return WOLFSSL_FAILURE; + } + gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len, + gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); + if (gn->d.registeredID->obj == NULL) { + /* registeredID gets free'd up by caller after failure */ + return WOLFSSL_FAILURE; + } + gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; + XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len); + gn->d.registeredID->objSz = dns->len; + gn->d.registeredID->grp = oidCertExtType; + gn->d.registeredID->nid = WC_NID_registeredAddress; + break; +#endif + + case WOLFSSL_GEN_X400: + /* Unsupported: fall through */ + case WOLFSSL_GEN_EDIPARTY: + /* Unsupported: fall through */ + default: + WOLFSSL_MSG("Unsupported type conversion"); + return WOLFSSL_FAILURE; + } + return WOLFSSL_SUCCESS; +} + + static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509, WOLFSSL_X509_EXTENSION* ext) { @@ -624,24 +696,10 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509, goto err; } - gn->type = dns->type; - if (gn->type == GEN_OTHERNAME) { - if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) { - WOLFSSL_MSG("OTHERNAME set failed"); - wolfSSL_GENERAL_NAME_free(gn); - wolfSSL_sk_pop_free(sk, NULL); - goto err; - } - } - else { - gn->d.ia5->length = dns->len; - if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, - gn->d.ia5->length) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("ASN1_STRING_set failed"); - wolfSSL_GENERAL_NAME_free(gn); - wolfSSL_sk_pop_free(sk, NULL); - goto err; - } + if (DNS_to_GENERAL_NAME(gn, dns) != WOLFSSL_SUCCESS) { + wolfSSL_GENERAL_NAME_free(gn); + wolfSSL_sk_pop_free(sk, NULL); + goto err; } if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) { @@ -685,12 +743,12 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) WOLFSSL_ENTER("wolfSSL_X509_set_ext"); - if(x509 == NULL){ + if (x509 == NULL) { WOLFSSL_MSG("\tNot passed a certificate"); return NULL; } - if(loc <0 || (loc > wolfSSL_X509_get_ext_count(x509))){ + if (loc < 0 || (loc > wolfSSL_X509_get_ext_count(x509))) { WOLFSSL_MSG("\tBad location argument"); return NULL; } @@ -922,7 +980,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) obj->obj = (byte*)x509->authInfoCaIssuer; obj->objSz = (unsigned int)x509->authInfoCaIssuerSz; obj->grp = oidCertAuthInfoType; - obj->nid = NID_ad_ca_issuers; + obj->nid = WC_NID_ad_ca_issuers; ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; @@ -958,7 +1016,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) obj->obj = x509->authInfo; obj->objSz = (unsigned int)x509->authInfoSz; obj->grp = oidCertAuthInfoType; - obj->nid = NID_ad_OCSP; + obj->nid = WC_NID_ad_OCSP; ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; @@ -1124,8 +1182,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } ext->obj->objSz = (unsigned int)objSz; - if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || - (ext->obj->obj == NULL)) { + if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || + (ext->obj->obj == NULL)) { ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj, ext->obj->objSz, NULL,DYNAMIC_TYPE_ASN1); @@ -1139,7 +1197,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) return NULL; } ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; - } else { + } + else { ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; } /* Get OID from input and copy to ASN1_OBJECT buffer */ @@ -1177,7 +1236,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) #endif return NULL; } - ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1); + ext->value.data = (char*)XMALLOC(length, NULL, + DYNAMIC_TYPE_ASN1); ext->value.isDynamic = 1; if (ext->value.data == NULL) { WOLFSSL_MSG("Failed to malloc ASN1_STRING data"); @@ -1221,16 +1281,13 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf, - word32* len, void* heap) { - if (!str || !buf || !len) { - return WOLFSSL_FAILURE; - } + word32* len, void* heap) +{ if (str->data && str->length > 0) { if (*buf) XFREE(*buf, heap, DYNAMIC_TYPE_X509_EXT); *len = 0; - *buf = (byte*)XMALLOC(str->length, heap, - DYNAMIC_TYPE_X509_EXT); + *buf = (byte*)XMALLOC(str->length, heap, DYNAMIC_TYPE_X509_EXT); if (!*buf) { WOLFSSL_MSG("malloc error"); return WOLFSSL_FAILURE; @@ -1243,7 +1300,8 @@ static int asn1_string_copy_to_buffer(WOLFSSL_ASN1_STRING* str, byte** buf, return WOLFSSL_SUCCESS; } -int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc) +int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, + int loc) { int nid; @@ -1256,7 +1314,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo nid = (ext->obj != NULL) ? ext->obj->type : ext->value.nid; switch (nid) { - case NID_authority_key_identifier: + case WC_NID_authority_key_identifier: if (x509->authKeyIdSrc != NULL) { /* If authKeyId points into authKeyIdSrc then free it and * revert to old functionality */ @@ -1271,7 +1329,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } x509->authKeyIdCrit = (byte)ext->crit; break; - case NID_subject_key_identifier: + case WC_NID_subject_key_identifier: if (asn1_string_copy_to_buffer(&ext->value, &x509->subjKeyId, &x509->subjKeyIdSz, x509->heap) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("asn1_string_copy_to_buffer error"); @@ -1279,7 +1337,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } x509->subjKeyIdCrit = (byte)ext->crit; break; - case NID_subject_alt_name: + case WC_NID_subject_alt_name: { WOLFSSL_GENERAL_NAMES* gns = ext->ext_sk; while (gns) { @@ -1323,11 +1381,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo x509->subjAltNameCrit = (byte)ext->crit; break; } - case NID_key_usage: + case WC_NID_key_usage: if (ext && ext->value.data) { if (ext->value.length == sizeof(word16)) { /* if ext->value is already word16, set directly */ x509->keyUsage = *(word16*)ext->value.data; +#ifdef BIG_ENDIAN_ORDER + x509->keyUsage = rotlFixed16(x509->keyUsage, 8U); +#endif x509->keyUsageCrit = (byte)ext->crit; x509->keyUsageSet = 1; } @@ -1345,10 +1406,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } } break; - case NID_ext_key_usage: + case WC_NID_ext_key_usage: if (ext && ext->value.data) { if (ext->value.length == sizeof(byte)) { - /* if ext->value is already word16, set directly */ + /* if ext->value is already 1 byte, set directly */ x509->extKeyUsage = *(byte*)ext->value.data; x509->extKeyUsageCrit = (byte)ext->crit; } @@ -1365,12 +1426,14 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } } break; - case NID_basic_constraints: + case WC_NID_basic_constraints: if (ext->obj) { x509->isCa = (byte)ext->obj->ca; x509->basicConstCrit = (byte)ext->crit; - if (ext->obj->pathlen) + if (ext->obj->pathlen) { x509->pathLength = (word32)ext->obj->pathlen->length; + x509->basicConstPlSet = 1; + } x509->basicConstSet = 1; } break; @@ -1415,9 +1478,16 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo return WOLFSSL_FAILURE; } + /* ext->crit is WOLFSSL_ASN1_BOOLEAN */ + if (ext->crit != 0 && ext->crit != -1) { + XFREE(val, x509->heap, DYNAMIC_TYPE_X509_EXT); + XFREE(oid, x509->heap, DYNAMIC_TYPE_X509_EXT); + return WOLFSSL_FAILURE; + } + /* x509->custom_exts now owns the buffers and they must be managed. */ x509->custom_exts[x509->customExtCount].oid = oid; - x509->custom_exts[x509->customExtCount].crit = ext->crit; + x509->custom_exts[x509->customExtCount].crit = (byte)ext->crit; x509->custom_exts[x509->customExtCount].val = val; x509->custom_exts[x509->customExtCount].valSz = ext->value.length; x509->customExtCount++; @@ -1438,8 +1508,8 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent) { - ASN1_OBJECT* obj; - ASN1_STRING* str; + WOLFSSL_ASN1_OBJECT* obj; + WOLFSSL_ASN1_STRING* str; int nid; int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); char tmp[CTC_NAME_SIZE*2 + 1]; @@ -1590,13 +1660,13 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit) * not NULL, get the NID of the extension object and populate the * extension type-specific X509V3_EXT_* function(s) in v3_ext_method. * - * Returns NULL on error or pointer to the v3_ext_method populated with extension - * type-specific X509V3_EXT_* function(s). + * Returns NULL on error or pointer to the v3_ext_method populated with + * extension type-specific X509V3_EXT_* function(s). * - * NOTE: NID_subject_key_identifier is currently the only extension implementing + * NOTE: WC_NID_subject_key_identifier is currently the only extension implementing * the X509V3_EXT_* functions, as it is the only type called directly by QT. The - * other extension types return a pointer to a v3_ext_method struct that contains - * only the NID. + * other extension types return a pointer to a v3_ext_method struct that + * contains only the NID. */ #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) @@ -1622,30 +1692,31 @@ WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) } XMEMSET(&method, 0, sizeof(WOLFSSL_v3_ext_method)); switch (nid) { - case NID_basic_constraints: + case WC_NID_basic_constraints: break; - case NID_subject_key_identifier: - method.i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING; + case WC_NID_subject_key_identifier: + method.i2s = (WOLFSSL_X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING; break; - case NID_subject_alt_name: - WOLFSSL_MSG("i2v function not yet implemented for Subject Alternative Name"); + case WC_NID_subject_alt_name: + WOLFSSL_MSG("i2v function not yet implemented for Subject " + "Alternative Name"); break; - case NID_key_usage: + case WC_NID_key_usage: WOLFSSL_MSG("i2v function not yet implemented for Key Usage"); break; - case NID_authority_key_identifier: + case WC_NID_authority_key_identifier: WOLFSSL_MSG("i2v function not yet implemented for Auth Key Id"); break; - case NID_info_access: + case WC_NID_info_access: WOLFSSL_MSG("i2v function not yet implemented for Info Access"); break; - case NID_ext_key_usage: + case WC_NID_ext_key_usage: WOLFSSL_MSG("i2v function not yet implemented for Ext Key Usage"); break; - case NID_certificate_policies: + case WC_NID_certificate_policies: WOLFSSL_MSG("r2i function not yet implemented for Cert Policies"); break; - case NID_crl_distribution_points: + case WC_NID_crl_distribution_points: WOLFSSL_MSG("r2i function not yet implemented for CRL Dist Points"); break; default: @@ -1748,7 +1819,7 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i( } /* Set the type of general name to URI (only type supported). */ - ret = wolfSSL_GENERAL_NAME_set_type(ad->location, GEN_URI); + ret = wolfSSL_GENERAL_NAME_set_type(ad->location, WOLFSSL_GEN_URI); if (ret != WOLFSSL_SUCCESS) { err = 1; break; @@ -1812,27 +1883,27 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) WOLFSSL_ENTER("wolfSSL_X509V3_EXT_d2i"); - if(ext == NULL) { + if (ext == NULL) { WOLFSSL_MSG("Bad function Argument"); return NULL; } + object = wolfSSL_X509_EXTENSION_get_object(ext); + if (object == NULL) { + WOLFSSL_MSG("X509_EXTENSION_get_object failed"); + return NULL; + } /* extract extension info */ method = wolfSSL_X509V3_EXT_get(ext); if (method == NULL) { WOLFSSL_MSG("wolfSSL_X509V3_EXT_get error"); return NULL; } - object = wolfSSL_X509_EXTENSION_get_object(ext); - if (object == NULL) { - WOLFSSL_MSG("X509_EXTENSION_get_object failed"); - return NULL; - } /* Return pointer to proper internal structure based on NID */ switch (object->type) { /* basicConstraints */ - case (NID_basic_constraints): + case WC_NID_basic_constraints: WOLFSSL_MSG("basicConstraints"); /* Allocate new BASIC_CONSTRAINTS structure */ bc = wolfSSL_BASIC_CONSTRAINTS_new(); @@ -1842,7 +1913,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) } /* Copy pathlen and CA into BASIC_CONSTRAINTS from object */ bc->ca = object->ca; - if (object->pathlen->length > 0) { + if (object->pathlen != NULL && object->pathlen->length > 0) { bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen); if (bc->pathlen == NULL) { WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER"); @@ -1855,7 +1926,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) return bc; /* subjectKeyIdentifier */ - case (NID_subject_key_identifier): + case WC_NID_subject_key_identifier: WOLFSSL_MSG("subjectKeyIdentifier"); asn1String = wolfSSL_X509_EXTENSION_get_data(ext); if (asn1String == NULL) { @@ -1878,7 +1949,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) return newString; /* authorityKeyIdentifier */ - case (NID_authority_key_identifier): + case WC_NID_authority_key_identifier: WOLFSSL_MSG("AuthorityKeyIdentifier"); akey = (WOLFSSL_AUTHORITY_KEYID*) @@ -1921,7 +1992,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) return akey; /* keyUsage */ - case (NID_key_usage): + case WC_NID_key_usage: WOLFSSL_MSG("keyUsage"); /* This may need to be updated for future use. The i2v method for keyUsage is not currently set. For now, return the ASN1_STRING @@ -1947,21 +2018,21 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) return newString; /* extKeyUsage */ - case (NID_ext_key_usage): + case WC_NID_ext_key_usage: WOLFSSL_MSG("extKeyUsage not supported yet"); return NULL; /* certificatePolicies */ - case (NID_certificate_policies): + case WC_NID_certificate_policies: WOLFSSL_MSG("certificatePolicies not supported yet"); return NULL; /* cRLDistributionPoints */ - case (NID_crl_distribution_points): + case WC_NID_crl_distribution_points: WOLFSSL_MSG("cRLDistributionPoints not supported yet"); return NULL; - case NID_subject_alt_name: + case WC_NID_subject_alt_name: if (ext->ext_sk == NULL) { WOLFSSL_MSG("Subject alt name stack NULL"); return NULL; @@ -1974,7 +2045,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) return sk; /* authorityInfoAccess */ - case NID_info_access: + case WC_NID_info_access: WOLFSSL_MSG("AuthorityInfoAccess"); return wolfssl_x509v3_ext_aia_d2i(ext); @@ -2009,12 +2080,12 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) WOLFSSL_ENTER("wolfSSL_X509_get_ext_by_NID"); - if(x509 == NULL){ + if (x509 == NULL) { WOLFSSL_MSG("\tNot passed a certificate"); return WOLFSSL_FATAL_ERROR; } - if(lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))){ + if (lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))) { WOLFSSL_MSG("\tBad location argument"); return WOLFSSL_FATAL_ERROR; } @@ -2095,8 +2166,8 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) if (extCount >= loc) { /* extCount >= loc. Now check if extension has been set */ - isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, (int)foundNID); - + isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, + (int)foundNID); if (isSet && ((word32)nid == foundNID)) { found = 1; break; @@ -2258,7 +2329,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, WOLFSSL_MSG("ASN1_STRING_set failed"); goto err; } - gn->d.dNSName->type = V_ASN1_IA5STRING; + gn->d.dNSName->type = WOLFSSL_V_ASN1_IA5STRING; } dns = dns->next; @@ -2296,7 +2367,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, goto err; } - if (wolfSSL_GENERAL_NAME_set_type(gn, GEN_URI) != + if (wolfSSL_GENERAL_NAME_set_type(gn, WOLFSSL_GEN_URI) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error setting GENERAL_NAME type"); goto err; @@ -2362,7 +2433,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, if (x509->authKeyIdSet) { WOLFSSL_AUTHORITY_KEYID* akey = wolfSSL_AUTHORITY_KEYID_new(); if (!akey) { - WOLFSSL_MSG("Issue creating WOLFSSL_AUTHORITY_KEYID struct"); + WOLFSSL_MSG( + "Issue creating WOLFSSL_AUTHORITY_KEYID struct"); return NULL; } @@ -2430,7 +2502,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, for (i = 0; i < x509->certPoliciesNb - 1; i++) { obj = wolfSSL_ASN1_OBJECT_new(); if (obj == NULL) { - WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); + WOLFSSL_MSG( + "Issue creating WOLFSSL_ASN1_OBJECT struct"); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); return NULL; } @@ -2743,9 +2816,6 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value) { WOLFSSL_X509_EXTENSION* ext; - if (value == NULL) - return NULL; - ext = wolfSSL_X509_EXTENSION_new(); if (ext == NULL) { WOLFSSL_MSG("memory error"); @@ -2754,8 +2824,8 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value) ext->value.nid = nid; switch (nid) { - case NID_subject_key_identifier: - case NID_authority_key_identifier: + case WC_NID_subject_key_identifier: + case WC_NID_authority_key_identifier: if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error"); @@ -2763,7 +2833,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value) } ext->value.type = CTC_UTF8; break; - case NID_subject_alt_name: + case WC_NID_subject_alt_name: { WOLFSSL_GENERAL_NAMES* gns; WOLFSSL_GENERAL_NAME* gn; @@ -2802,7 +2872,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value) gn->type = ASN_DNS_TYPE; break; } - case NID_key_usage: + case WC_NID_key_usage: if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error"); @@ -2810,7 +2880,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value) } ext->value.type = KEY_USAGE_OID; break; - case NID_ext_key_usage: + case WC_NID_ext_key_usage: if (wolfSSL_ASN1_STRING_set(&ext->value, value, -1) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_set error"); @@ -2901,22 +2971,22 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method, WOLFSSL_ENTER("wolfSSL_X509V3_EXT_METHOD_populate"); switch (nid) { - case NID_subject_key_identifier: - method->i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING; + case WC_NID_subject_key_identifier: + method->i2s = (WOLFSSL_X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING; FALL_THROUGH; - case NID_authority_key_identifier: - case NID_key_usage: - case NID_certificate_policies: - case NID_policy_mappings: - case NID_subject_alt_name: - case NID_issuer_alt_name: - case NID_basic_constraints: - case NID_name_constraints: - case NID_policy_constraints: - case NID_ext_key_usage: - case NID_crl_distribution_points: - case NID_inhibit_any_policy: - case NID_info_access: + case WC_NID_authority_key_identifier: + case WC_NID_key_usage: + case WC_NID_certificate_policies: + case WC_NID_policy_mappings: + case WC_NID_subject_alt_name: + case WC_NID_issuer_alt_name: + case WC_NID_basic_constraints: + case WC_NID_name_constraints: + case WC_NID_policy_constraints: + case WC_NID_ext_key_usage: + case WC_NID_crl_distribution_points: + case WC_NID_inhibit_any_policy: + case WC_NID_info_access: WOLFSSL_MSG("Nothing to populate for current NID"); break; default: @@ -2928,7 +2998,7 @@ static void wolfSSL_X509V3_EXT_METHOD_populate(WOLFSSL_v3_ext_method *method, } /** - * @param nid One of the NID_* constants defined in asn.h + * @param nid One of the WC_NID_* constants defined in asn.h * @param crit * @param data This data is copied to the returned extension. * @return @@ -2952,9 +3022,9 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, wolfSSL_X509V3_EXT_METHOD_populate(&ext->ext_method, nid); switch (nid) { - case NID_subject_key_identifier: + case WC_NID_subject_key_identifier: /* WOLFSSL_ASN1_STRING */ - case NID_key_usage: + case WC_NID_key_usage: /* WOLFSSL_ASN1_STRING */ { asn1str = (WOLFSSL_ASN1_STRING*)data; @@ -2981,13 +3051,13 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, break; } - case NID_subject_alt_name: + case WC_NID_subject_alt_name: /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */ - case NID_issuer_alt_name: + case WC_NID_issuer_alt_name: /* typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES */ - case NID_ext_key_usage: + case WC_NID_ext_key_usage: /* typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE */ - case NID_info_access: + case WC_NID_info_access: /* typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS */ { WOLFSSL_STACK* sk = (WOLFSSL_STACK*)data; @@ -3008,7 +3078,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, break; } - case NID_basic_constraints: + case WC_NID_basic_constraints: { /* WOLFSSL_BASIC_CONSTRAINTS */ WOLFSSL_BASIC_CONSTRAINTS* bc = (WOLFSSL_BASIC_CONSTRAINTS*)data; @@ -3028,7 +3098,7 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, } break; } - case NID_authority_key_identifier: + case WC_NID_authority_key_identifier: { /* AUTHORITY_KEYID */ WOLFSSL_AUTHORITY_KEYID* akey = (WOLFSSL_AUTHORITY_KEYID*)data; @@ -3055,22 +3125,22 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, } } else { - WOLFSSL_MSG("NID_authority_key_identifier empty data"); + WOLFSSL_MSG("WC_NID_authority_key_identifier empty data"); goto err_cleanup; } break; } - case NID_inhibit_any_policy: + case WC_NID_inhibit_any_policy: /* ASN1_INTEGER */ - case NID_certificate_policies: + case WC_NID_certificate_policies: /* STACK_OF(POLICYINFO) */ - case NID_policy_mappings: + case WC_NID_policy_mappings: /* STACK_OF(POLICY_MAPPING) */ - case NID_name_constraints: + case WC_NID_name_constraints: /* NAME_CONSTRAINTS */ - case NID_policy_constraints: + case WC_NID_policy_constraints: /* POLICY_CONSTRAINTS */ - case NID_crl_distribution_points: + case WC_NID_crl_distribution_points: /* typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS */ default: WOLFSSL_MSG("Unknown or unsupported NID"); @@ -3088,11 +3158,11 @@ WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, } /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */ -WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \ - (WOLFSSL_X509_EXTENSION* ext) +WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object( + WOLFSSL_X509_EXTENSION* ext) { WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_object"); - if(ext == NULL) + if (ext == NULL) return NULL; return ext->obj; } @@ -3121,7 +3191,8 @@ int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext, #endif /* OPENSSL_ALL */ /* Returns pointer to ASN1_STRING in X509_EXTENSION object */ -WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext) +WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data( + WOLFSSL_X509_EXTENSION* ext) { WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data"); if (ext == NULL) @@ -3231,6 +3302,7 @@ int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509, #endif /* OPENSSL_EXTRA */ #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(KEEP_OUR_CERT) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* user externally called free X509, if dynamic go ahead with free, otherwise @@ -3253,16 +3325,14 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) if (ret != 0) { WOLFSSL_MSG("Couldn't lock x509 mutex"); } - #endif /* OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA */ - - #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) if (doFree) #endif /* OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA */ { FreeX509(x509); XFREE(x509, x509->heap, DYNAMIC_TYPE_X509); } - } else { + } + else { WOLFSSL_MSG("free called on non dynamic object, not freeing"); } } @@ -3272,10 +3342,13 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) WOLFSSL_ABI void wolfSSL_X509_free(WOLFSSL_X509* x509) { - WOLFSSL_ENTER("wolfSSL_FreeX509"); + WOLFSSL_ENTER("wolfSSL_X509_free"); ExternalFreeX509(x509); } +#endif +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* copy name into in buffer, at most sz bytes, if buffer is null will malloc buffer, call responsible for freeing */ @@ -3284,15 +3357,15 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) { int copySz; + WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline"); + if (name == NULL) { WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL"); return NULL; } - copySz = (int)min((word32)sz, (word32)name->sz); - - WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline"); - if (!name->sz) return in; + if (name->sz == 0) + return in; if (!in) { #ifdef WOLFSSL_STATIC_MEMORY @@ -3300,13 +3373,16 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) return NULL; #else in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL); - if (!in ) return in; + if (!in) + return in; copySz = name->sz; #endif } - - if (copySz <= 0) - return in; + else { + copySz = (int)min((word32)sz, (word32)name->sz); + if (copySz <= 0) + return in; + } XMEMCPY(in, name->name, copySz - 1); in[copySz - 1] = 0; @@ -3346,7 +3422,7 @@ static unsigned long X509NameHash(WOLFSSL_X509_NAME* name, return 0; } - rc = wc_Hash(hashType, (const byte*)canonName,(word32)size, digest, + rc = wc_Hash(hashType, (const byte*)canonName, (word32)size, digest, sizeof(digest)); if (rc == 0) { @@ -3511,7 +3587,8 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_MSG("Memory error"); return NULL; } - if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, buf)) >= strSz) { + if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, + buf)) >= strSz) { WOLFSSL_MSG("buffer overrun"); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); return NULL; @@ -3697,7 +3774,7 @@ int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) || \ - defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) + defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) /* return the next, if any, altname from the peer cert */ WOLFSSL_ABI @@ -3874,7 +3951,8 @@ const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz) return x509->derCert->buffer; } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || KEEP_PEER_CERT || SESSION_CERTS */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_OUR_CERT || + * KEEP_PEER_CERT || SESSION_CERTS */ #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || \ @@ -3892,7 +3970,8 @@ const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509) XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData)); x509->notBeforeData[0] = (byte)x509->notBefore.type; x509->notBeforeData[1] = (byte)x509->notBefore.length; - XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data, x509->notBefore.length); + XMEMCPY(&x509->notBeforeData[2], x509->notBefore.data, + x509->notBefore.length); return x509->notBeforeData; } @@ -3971,6 +4050,7 @@ byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz) int copySz; WOLFSSL_ENTER("wolfSSL_X509_get_dev_type"); + if (x509 == NULL) return NULL; if (inOutSz == NULL) return NULL; if (!x509->deviceTypeSz) return in; @@ -3999,6 +4079,7 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz) int copySz; WOLFSSL_ENTER("wolfSSL_X509_get_hw_type"); + if (x509 == NULL) return NULL; if (inOutSz == NULL) return NULL; if (!x509->hwTypeSz) return in; @@ -4028,6 +4109,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in, int copySz; WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number"); + if (x509 == NULL) return NULL; if (inOutSz == NULL) return NULL; if (!x509->hwTypeSz) return in; @@ -4078,8 +4160,9 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509) } -/* return 1 on success 0 on fail */ -int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) +/* return number of elements on success 0 on fail */ +int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, + WOLFSSL_X509* x509) { WOLFSSL_ENTER("wolfSSL_sk_X509_push"); @@ -4114,7 +4197,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) } if (sk->num > 0) { - sk->num -= 1; + sk->num--; } return x509; @@ -4128,7 +4211,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) * returns a pointer to a WOLFSSL_X509 structure on success and NULL on * fail */ -WOLFSSL_X509* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i) +WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i) { WOLFSSL_ENTER("wolfSSL_sk_X509_value"); @@ -4187,7 +4270,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk) * sk stack to free nodes in * f X509 free function */ -void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, +void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*)) { WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free"); @@ -4222,8 +4305,9 @@ void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk) wolfSSL_sk_X509_CRL_pop_free(sk, NULL); } -/* return 1 on success 0 on fail */ -int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, WOLFSSL_X509_CRL* crl) +/* return number of elements on success 0 on fail */ +int wolfSSL_sk_X509_CRL_push(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, + WOLFSSL_X509_CRL* crl) { WOLFSSL_ENTER("wolfSSL_sk_X509_CRL_push"); @@ -4255,7 +4339,7 @@ int wolfSSL_sk_X509_CRL_num(WOLF_STACK_OF(WOLFSSL_X509)* sk) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) -/* return 1 on success 0 on fail */ +/* return number of elements on success 0 on fail */ int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk, WOLFSSL_ACCESS_DESCRIPTION* a) { @@ -4338,7 +4422,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void) wolfSSL_GENERAL_NAME_free(gn); return NULL; } - gn->type = GEN_IA5; + gn->type = WOLFSSL_GEN_IA5; return gn; } @@ -4362,33 +4446,33 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn) dupl->d.ia5 = NULL; switch (gn->type) { /* WOLFSSL_ASN1_STRING types */ - case GEN_DNS: + case WOLFSSL_GEN_DNS: if (!(dupl->d.dNSName = wolfSSL_ASN1_STRING_dup(gn->d.dNSName))) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error"); goto error; } break; - case GEN_IPADD: + case WOLFSSL_GEN_IPADD: if (!(dupl->d.iPAddress = wolfSSL_ASN1_STRING_dup(gn->d.iPAddress))) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error"); goto error; } break; - case GEN_EMAIL: + case WOLFSSL_GEN_EMAIL: if (!(dupl->d.rfc822Name = wolfSSL_ASN1_STRING_dup(gn->d.rfc822Name))) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error"); goto error; } break; - case GEN_URI: + case WOLFSSL_GEN_URI: if (!(dupl->d.uniformResourceIdentifier = wolfSSL_ASN1_STRING_dup(gn->d.uniformResourceIdentifier))) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_dup error"); goto error; } break; - case GEN_OTHERNAME: - if (gn->d.otherName->value->type != V_ASN1_UTF8STRING) { + case WOLFSSL_GEN_OTHERNAME: + if (gn->d.otherName->value->type != WOLFSSL_V_ASN1_UTF8STRING) { WOLFSSL_MSG("Unsupported othername value type"); goto error; } @@ -4419,10 +4503,10 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn) goto error; } break; - case GEN_X400: - case GEN_DIRNAME: - case GEN_EDIPARTY: - case GEN_RID: + case WOLFSSL_GEN_X400: + case WOLFSSL_GEN_DIRNAME: + case WOLFSSL_GEN_EDIPARTY: + case WOLFSSL_GEN_RID: default: WOLFSSL_MSG("Unrecognized or unsupported GENERAL_NAME type"); goto error; @@ -4431,9 +4515,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn) return dupl; error: - if (dupl) { - wolfSSL_GENERAL_NAME_free(dupl); - } + wolfSSL_GENERAL_NAME_free(dupl); return NULL; } @@ -4446,7 +4528,7 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn) * WOLFSSL_SUCCESS otherwise. */ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, - ASN1_OBJECT* oid, ASN1_TYPE* value) + WOLFSSL_ASN1_OBJECT* oid, WOLFSSL_ASN1_TYPE* value) { WOLFSSL_ASN1_OBJECT *x = NULL; @@ -4460,13 +4542,13 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, return WOLFSSL_FAILURE; } - gen->type = GEN_OTHERNAME; + gen->type = WOLFSSL_GEN_OTHERNAME; gen->d.otherName->type_id = x; gen->d.otherName->value = value; return WOLFSSL_SUCCESS; } -/* return 1 on success 0 on fail */ +/* return number of elements on success 0 on fail */ int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk, WOLFSSL_GENERAL_NAME* gn) { @@ -4644,7 +4726,7 @@ void wolfSSL_DIST_POINTS_free(WOLFSSL_DIST_POINTS *dps) wolfSSL_sk_free(dps); } -/* return 1 on success 0 on fail */ +/* return number of elements on success 0 on fail */ int wolfSSL_sk_DIST_POINT_push(WOLFSSL_DIST_POINTS* sk, WOLFSSL_DIST_POINT* dp) { WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_push"); @@ -4742,35 +4824,35 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name) { if (name != NULL) { switch (name->type) { - case GEN_IA5: + case WOLFSSL_GEN_IA5: wolfSSL_ASN1_STRING_free(name->d.ia5); name->d.ia5 = NULL; break; - case GEN_EMAIL: + case WOLFSSL_GEN_EMAIL: wolfSSL_ASN1_STRING_free(name->d.rfc822Name); name->d.rfc822Name = NULL; break; - case GEN_DNS: + case WOLFSSL_GEN_DNS: wolfSSL_ASN1_STRING_free(name->d.dNSName); name->d.dNSName = NULL; break; - case GEN_DIRNAME: + case WOLFSSL_GEN_DIRNAME: wolfSSL_X509_NAME_free(name->d.dirn); name->d.dirn = NULL; break; - case GEN_URI: + case WOLFSSL_GEN_URI: wolfSSL_ASN1_STRING_free(name->d.uniformResourceIdentifier); name->d.uniformResourceIdentifier = NULL; break; - case GEN_IPADD: + case WOLFSSL_GEN_IPADD: wolfSSL_ASN1_STRING_free(name->d.iPAddress); name->d.iPAddress = NULL; break; - case GEN_RID: + case WOLFSSL_GEN_RID: wolfSSL_ASN1_OBJECT_free(name->d.registeredID); name->d.registeredID = NULL; break; - case GEN_OTHERNAME: + case WOLFSSL_GEN_OTHERNAME: if (name->d.otherName != NULL) { wolfSSL_ASN1_OBJECT_free(name->d.otherName->type_id); wolfSSL_ASN1_TYPE_free(name->d.otherName->value); @@ -4778,9 +4860,9 @@ static void wolfSSL_GENERAL_NAME_type_free(WOLFSSL_GENERAL_NAME* name) name->d.otherName = NULL; } break; - case GEN_X400: + case WOLFSSL_GEN_X400: /* Unsupported: fall through */ - case GEN_EDIPARTY: + case WOLFSSL_GEN_EDIPARTY: /* Unsupported: fall through */ default: WOLFSSL_MSG("wolfSSL_GENERAL_NAME_type_free: possible leak"); @@ -4801,13 +4883,13 @@ int wolfSSL_GENERAL_NAME_set_type(WOLFSSL_GENERAL_NAME* name, int typ) name->type = typ; switch (typ) { - case GEN_URI: + case WOLFSSL_GEN_URI: name->d.uniformResourceIdentifier = wolfSSL_ASN1_STRING_new(); if (name->d.uniformResourceIdentifier == NULL) ret = MEMORY_E; break; default: - name->type = GEN_IA5; + name->type = WOLFSSL_GEN_IA5; name->d.ia5 = wolfSSL_ASN1_STRING_new(); if (name->d.ia5 == NULL) ret = MEMORY_E; @@ -4842,16 +4924,15 @@ void wolfSSL_GENERAL_NAME_set0_value(WOLFSSL_GENERAL_NAME *a, int type, return; } - if (type != GEN_DNS) { - WOLFSSL_MSG("Only GEN_DNS is supported"); + if (type != WOLFSSL_GEN_DNS) { + WOLFSSL_MSG("Only WOLFSSL_GEN_DNS is supported"); return; } wolfSSL_GENERAL_NAME_type_free(a); a->type = type; - if (type == GEN_DNS) { - a->d.dNSName = val; - } + /* Only when WOLFSSL_GEN_DNS. */ + a->d.dNSName = val; } /* Frees GENERAL_NAME objects. @@ -5011,6 +5092,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen) case GEN_RID: ret = wolfSSL_BIO_printf(out, "Registered ID:"); + ret = (ret > 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; if (ret == WOLFSSL_SUCCESS) { ret = wolfSSL_i2a_ASN1_OBJECT(out, gen->d.registeredID); } @@ -5070,7 +5152,8 @@ void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk) #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) { @@ -5140,12 +5223,12 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) if (file == XBADFILE) return NULL; - if (XFSEEK(file, 0, XSEEK_END) != 0){ + if (XFSEEK(file, 0, XSEEK_END) != 0) { XFCLOSE(file); return NULL; } sz = XFTELL(file); - if (XFSEEK(file, 0, XSEEK_SET) != 0){ + if (XFSEEK(file, 0, XSEEK_SET) != 0) { XFCLOSE(file); return NULL; } @@ -5279,7 +5362,8 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( } #endif -#endif /* KEEP_PEER_CERT || SESSION_CERTS */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || \ + SESSION_CERTS */ #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(KEEP_PEER_CERT) || \ defined(SESSION_CERTS) @@ -5358,11 +5442,6 @@ static WOLFSSL_X509_NAME_ENTRY* GetEntryByNID(WOLFSSL_X509_NAME* name, int nid, int i; WOLFSSL_X509_NAME_ENTRY* ret = NULL; - /* and index of less than 0 is assumed to be starting from 0 */ - if (*idx < 0) { - *idx = 0; - } - for (i = *idx; i < MAX_NAME_ENTRIES; i++) { if (name->entry[i].nid == nid) { ret = &name->entry[i]; @@ -5424,14 +5503,15 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, WOLFSSL_MSG("Buffer is NULL, returning buffer size only"); return textSz; } + if (len <= 0) { + return 0; + } - /* buf is not NULL from above */ - if (text != NULL) { - textSz = (int)min((word32)textSz + 1, (word32)len); /* + 1 to account for null char */ - if (textSz > 0) { - XMEMCPY(buf, text, textSz - 1); - buf[textSz - 1] = '\0'; - } + /* + 1 to account for null char */ + textSz = (int)min((word32)textSz + 1, (word32)len); + if (textSz > 0) { + XMEMCPY(buf, text, textSz - 1); + buf[textSz - 1] = '\0'; } WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz); @@ -5454,13 +5534,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) key = wolfSSL_EVP_PKEY_new_ex(x509->heap); if (key != NULL) { if (x509->pubKeyOID == RSAk) { - key->type = EVP_PKEY_RSA; + key->type = WC_EVP_PKEY_RSA; } else if (x509->pubKeyOID == DSAk) { - key->type = EVP_PKEY_DSA; + key->type = WC_EVP_PKEY_DSA; } else { - key->type = EVP_PKEY_EC; + key->type = WC_EVP_PKEY_EC; } key->save_type = 0; key->pkey.ptr = (char*)XMALLOC( @@ -5479,7 +5559,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) /* decode RSA key */ #ifndef NO_RSA - if (key->type == EVP_PKEY_RSA) { + if (key->type == WC_EVP_PKEY_RSA) { key->ownRsa = 1; key->rsa = wolfSSL_RSA_new(); if (key->rsa == NULL) { @@ -5498,7 +5578,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) /* decode ECC key */ #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - if (key->type == EVP_PKEY_EC) { + if (key->type == WC_EVP_PKEY_EC) { word32 idx = 0; key->ownEcc = 1; @@ -5531,7 +5611,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) #endif /* HAVE_ECC && OPENSSL_EXTRA */ #ifndef NO_DSA - if (key->type == EVP_PKEY_DSA) { + if (key->type == WC_EVP_PKEY_DSA) { key->ownDsa = 1; key->dsa = wolfSSL_DSA_new(); if (key->dsa == NULL) { @@ -5571,17 +5651,17 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) int outSzA = 0; int outSzB = 0; - if (a == NULL || b == NULL){ + if (a == NULL || b == NULL) { return BAD_FUNC_ARG; } derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA); - if (derA == NULL){ + if (derA == NULL) { WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed"); return WOLFSSL_FATAL_ERROR; } derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB); - if (derB == NULL){ + if (derB == NULL) { WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed"); return WOLFSSL_FATAL_ERROR; } @@ -5606,18 +5686,26 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (x509 != NULL) { switch (nid) { - case NID_basic_constraints: isSet = x509->basicConstSet; break; - case NID_subject_alt_name: isSet = x509->subjAltNameSet; break; - case NID_authority_key_identifier: isSet = x509->authKeyIdSet; break; - case NID_subject_key_identifier: isSet = x509->subjKeyIdSet; break; - case NID_key_usage: isSet = x509->keyUsageSet; break; - case NID_crl_distribution_points: isSet = x509->CRLdistSet; break; - case NID_ext_key_usage: isSet = ((x509->extKeyUsageSrc) ? 1 : 0); - break; - case NID_info_access: isSet = x509->authInfoSet; break; - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) - case NID_certificate_policies: isSet = x509->certPolicySet; break; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + case WC_NID_basic_constraints: + isSet = x509->basicConstSet; break; + case WC_NID_subject_alt_name: + isSet = x509->subjAltNameSet; break; + case WC_NID_authority_key_identifier: + isSet = x509->authKeyIdSet; break; + case WC_NID_subject_key_identifier: + isSet = x509->subjKeyIdSet; break; + case WC_NID_key_usage: + isSet = x509->keyUsageSet; break; + case WC_NID_crl_distribution_points: + isSet = x509->CRLdistSet; break; + case WC_NID_ext_key_usage: + isSet = ((x509->extKeyUsageSrc) ? 1 : 0); break; + case WC_NID_info_access: + isSet = x509->authInfoSet; break; + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + case WC_NID_certificate_policies: + isSet = x509->certPolicySet; break; + #endif /* WOLFSSL_SEP || WOLFSSL_QT */ default: WOLFSSL_MSG("NID not in table"); } @@ -5637,15 +5725,23 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (x509 != NULL) { switch (nid) { - case NID_basic_constraints: crit = x509->basicConstCrit; break; - case NID_subject_alt_name: crit = x509->subjAltNameCrit; break; - case NID_authority_key_identifier: crit = x509->authKeyIdCrit; break; - case NID_subject_key_identifier: crit = x509->subjKeyIdCrit; break; - case NID_key_usage: crit = x509->keyUsageCrit; break; - case NID_crl_distribution_points: crit= x509->CRLdistCrit; break; - case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break; + case WC_NID_basic_constraints: + crit = x509->basicConstCrit; break; + case WC_NID_subject_alt_name: + crit = x509->subjAltNameCrit; break; + case WC_NID_authority_key_identifier: + crit = x509->authKeyIdCrit; break; + case WC_NID_subject_key_identifier: + crit = x509->subjKeyIdCrit; break; + case WC_NID_key_usage: + crit = x509->keyUsageCrit; break; + case WC_NID_crl_distribution_points: + crit= x509->CRLdistCrit; break; + case WC_NID_ext_key_usage: + crit= x509->extKeyUsageCrit; break; #ifdef WOLFSSL_SEP - case NID_certificate_policies: crit = x509->certPolicyCrit; break; + case WC_NID_certificate_policies: + crit = x509->certPolicyCrit; break; #endif /* WOLFSSL_SEP */ } } @@ -5768,7 +5864,6 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (x509->subjKeyIdStr != NULL) { if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr, x509->subjKeyId, x509->subjKeyIdSz) == 1) { - ret = x509->subjKeyIdStr; } else { wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr); @@ -5776,9 +5871,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } } } - else { - ret = x509->subjKeyIdStr; - } + ret = x509->subjKeyIdStr; } WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL); @@ -5926,8 +6019,8 @@ static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry) /* Copy it in, decrement available space. */ XSTRNCPY(dst, pfx, bytes_left); dst += XSTRLEN(pfx); - total_len += XSTRLEN(pfx); - bytes_left -= XSTRLEN(pfx); + total_len += (int)XSTRLEN(pfx); + bytes_left -= (int)XSTRLEN(pfx); if (fld_len > bytes_left) { /* Not enough space left. */ @@ -6534,11 +6627,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) } nid = wolfSSL_OBJ_obj2nid(obj); switch (nid) { - case NID_subject_alt_name: + case WC_NID_subject_alt_name: ret = X509PrintSubjAltName(bio, x509, indent + 8); break; - case NID_subject_key_identifier: + case WC_NID_subject_key_identifier: if (!x509->subjKeyIdSet || x509->subjKeyId == NULL || x509->subjKeyIdSz == 0) { @@ -6583,7 +6676,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) } break; - case NID_authority_key_identifier: + case WC_NID_authority_key_identifier: if (!x509->authKeyIdSet || x509->authKeyId == NULL || x509->authKeyIdSz == 0) { ret = WOLFSSL_FAILURE; @@ -6632,7 +6725,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) } break; - case NID_basic_constraints: + case WC_NID_basic_constraints: if (!x509->basicConstSet) { ret = WOLFSSL_FAILURE; break; @@ -6653,11 +6746,11 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) } break; - case NID_key_usage: + case WC_NID_key_usage: ret = X509PrintKeyUsage(bio, x509, indent + 8); break; - case NID_ext_key_usage: + case WC_NID_ext_key_usage: ret = X509PrintExtendedKeyUsage(bio, x509, indent + 8); break; @@ -6882,7 +6975,8 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) if (bio == NULL || x509 == NULL) return BAD_FUNC_ARG; - len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent, ""); + len = XSNPRINTF(scratch, MAX_WIDTH, "%*sSubject Public Key Info:\n", indent, + ""); if (len >= MAX_WIDTH) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(bio, scratch, len) <= 0) @@ -7067,8 +7161,10 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) return WOLFSSL_FAILURE; } - /* print version of cert */ - if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) + /* print version of cert. Note that we increment by 1 because for REQs, + * the value stored in x509->version is the actual value of the field; not + * the version. */ + if (X509PrintVersion(bio, (int)wolfSSL_X509_REQ_get_version(x509) + 1, 8) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -7423,7 +7519,7 @@ int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509) return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_BIO_set_fp error"); wolfSSL_BIO_free(bio); return WOLFSSL_FAILURE; @@ -7546,12 +7642,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, if (fp == XBADFILE) return WS_RETURN_CODE(BAD_FUNC_ARG, (int)WOLFSSL_FAILURE); - if(XFSEEK(fp, 0, XSEEK_END) != 0) { + if (XFSEEK(fp, 0, XSEEK_END) != 0) { XFCLOSE(fp); return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE); } sz = XFTELL(fp); - if(XFSEEK(fp, 0, XSEEK_SET) != 0) { + if (XFSEEK(fp, 0, XSEEK_SET) != 0) { XFCLOSE(fp); return WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE); } @@ -7836,7 +7932,8 @@ static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req, * * returns WOLFSSL_SUCCESS on success */ -static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int req) +static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + int req) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); /* Get large buffer to hold cert der */ @@ -8013,7 +8110,7 @@ static WOLFSSL_X509* d2i_X509orX509REQ_bio(WOLFSSL_BIO* bio, size = wolfSSL_BIO_get_len(bio); if (size <= 0) { WOLFSSL_MSG("wolfSSL_BIO_get_len error. Possibly no pending data."); - WOLFSSL_ERROR(ASN1_R_HEADER_TOO_LONG); + WOLFSSL_ERROR(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); return NULL; } @@ -8071,7 +8168,8 @@ WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509) /* Use the public key to verify the signature. Note: this only verifies * the certificate signature. * returns WOLFSSL_SUCCESS on successful signature verification */ -static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int req) +static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, + int req) { int ret; const byte* der; @@ -8091,15 +8189,15 @@ static int verifyX509orX509REQ(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, int r } switch (pkey->type) { - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: type = RSAk; break; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: type = ECDSAk; break; - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: type = DSAk; break; @@ -8188,7 +8286,8 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) if ((newx509 = wc_PKCS12_new()) == NULL) { goto err_exit; } - if (wc_d2i_PKCS12(fileBuffer, (word32)sz, (WC_PKCS12*)newx509) < 0) { + if (wc_d2i_PKCS12(fileBuffer, (word32)sz, + (WC_PKCS12*)newx509) < 0) { goto err_exit; } } @@ -8260,16 +8359,19 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, if (wolfSSL_X509_STORE_add_cert(ctx->store, x509) == WOLFSSL_SUCCESS) { cnt++; - } else { + } + else { WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert error"); } wolfSSL_X509_free(x509); x509 = NULL; - } else { + } + else { WOLFSSL_MSG("wolfSSL_X509_load_certificate_file error"); } - } else { + } + else { #if defined(OPENSSL_ALL) #if !defined(NO_BIO) STACK_OF(WOLFSSL_X509_INFO) *info; @@ -8277,7 +8379,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, int i; int num = 0; WOLFSSL_BIO *bio = wolfSSL_BIO_new_file(file, "rb"); - if(!bio) { + if (!bio) { WOLFSSL_MSG("wolfSSL_BIO_new error"); return cnt; } @@ -8295,19 +8397,21 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, info_tmp = wolfSSL_sk_X509_INFO_value(info, i); if (info_tmp->x509) { - if(wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) == + if (wolfSSL_X509_STORE_add_cert(ctx->store, info_tmp->x509) == WOLFSSL_SUCCESS) { cnt ++; - } else { + } + else { WOLFSSL_MSG("wolfSSL_X509_STORE_add_cert failed"); } } #ifdef HAVE_CRL if (info_tmp->crl) { - if(wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) == + if (wolfSSL_X509_STORE_add_crl(ctx->store, info_tmp->crl) == WOLFSSL_SUCCESS) { cnt ++; - } else { + } + else { WOLFSSL_MSG("wolfSSL_X509_STORE_add_crl failed"); } } @@ -8400,7 +8504,8 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) { WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); - return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); + return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, + CRL_TYPE); } /* Read CRL file, and add it to store and corresponding cert manager */ @@ -8461,15 +8566,18 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL); if (crl == NULL) { WOLFSSL_MSG("Load crl failed"); - } else { + } + else { ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("Adding crl failed"); - } else { + } + else { ret = 1;/* handled a file */ } } - } else { + } + else { WOLFSSL_MSG("Invalid file type"); } @@ -8554,21 +8662,25 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, if (in == NULL) { WOLFSSL_MSG("Bad argument value"); - } else { + } + else { newcrl =(WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_CRL); - if (newcrl == NULL){ + if (newcrl == NULL) { WOLFSSL_MSG("New CRL allocation failed"); - } else { + } + else { ret = InitCRL(newcrl, NULL); if (ret < 0) { WOLFSSL_MSG("Init tmp CRL failed"); - } else { + } + else { ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, NO_VERIFY); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Buffer Load CRL failed"); - } else { + } + else { if (crl) { *crl = newcrl; } @@ -8577,7 +8689,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, } } - if((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) { + if ((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) { wolfSSL_X509_CRL_free(newcrl); newcrl = NULL; } @@ -8645,8 +8757,15 @@ int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, crl->crlList->signature == NULL || bufSz == NULL) return BAD_FUNC_ARG; - if (buf != NULL) - XMEMCPY(buf, crl->crlList->signature, *bufSz); + if (buf != NULL) { + if (*bufSz < (int)crl->crlList->signatureSz) { + WOLFSSL_MSG("Signature buffer too small"); + return BUFFER_E; + } + else { + XMEMCPY(buf, crl->crlList->signature, crl->crlList->signatureSz); + } + } *bufSz = (int)crl->crlList->signatureSz; return WOLFSSL_SUCCESS; @@ -8831,8 +8950,8 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, } tmp[0] = '\0'; } - if (XSNPRINTF(val, (size_t)valSz, ":%02X", crl->crlList->extAuthKeyId[i]) - >= valSz) + if (XSNPRINTF(val, (size_t)valSz, ":%02X", + crl->crlList->extAuthKeyId[i]) >= valSz) { WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; @@ -9195,10 +9314,16 @@ static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = { } }; -const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name) +const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup( + const char *name) { const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0], - *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)]; + *param_end = &x509_verify_param_builtins[ + XELEM_CNT(x509_verify_param_builtins)]; + + if (name == NULL) { + return NULL; + } while (param < param_end) { if (XSTRCMP(name, param->name) == 0) return param; @@ -9403,6 +9528,10 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, WOLFSSL_MSG("bad function arg"); return ret; } + if (ip == NULL && iplen != 0) { + WOLFSSL_MSG("bad function arg"); + return ret; + } #ifndef NO_FILESYSTEM if (iplen == 4) { /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */ @@ -9449,7 +9578,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, p = buf; for (i = 0; i < 16; i += 2) { val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; - if (val == 0){ + if (val == 0) { if (!write_zero) { *p = ':'; } @@ -9519,7 +9648,8 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) return wolfSSL_X509_cmp_time(asnTime, NULL); } -/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime, and 1 otherwise +/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime, + * and 1 otherwise * return 0 on error */ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime) @@ -9604,7 +9734,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl) { (void)crl; WOLFSSL_STUB("X509_CRL_get_REVOKED"); - return 0; + return NULL; } #endif @@ -9615,7 +9745,7 @@ WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( (void)revoked; (void)value; WOLFSSL_STUB("sk_X509_REVOKED_value"); - return 0; + return NULL; } #endif @@ -9653,7 +9783,8 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) } a->dataMax = (unsigned int)x509->serialSz + 2; a->isDynamic = 1; - } else { + } + else { /* Use array instead of dynamic memory */ a->data = a->intData; a->dataMax = WOLFSSL_ASN1_INTEGER_MAX; @@ -9733,8 +9864,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, *pptype = algor->parameter->type; } else { - /* Default to V_ASN1_OBJECT */ - *pptype = V_ASN1_OBJECT; + /* Default to WOLFSSL_V_ASN1_OBJECT */ + *pptype = WOLFSSL_V_ASN1_OBJECT; } } } @@ -9749,8 +9880,8 @@ void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, * @return WOLFSSL_SUCCESS on success * WOLFSSL_FAILURE on missing parameters or bad malloc */ -int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, - int ptype, void *pval) +int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, + WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval) { if (!algor) { return WOLFSSL_FAILURE; @@ -10006,14 +10137,14 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) switch (key->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: pval = NULL; - ptype = V_ASN1_NULL; + ptype = WOLFSSL_V_ASN1_NULL; pk->pubKeyOID = RSAk; break; #endif #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (!key->dsa->p || !key->dsa->q || !key->dsa->g) goto error; @@ -10030,12 +10161,12 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) str->isDynamic = 1; pval = str; - ptype = V_ASN1_SEQUENCE; + ptype = WOLFSSL_V_ASN1_SEQUENCE; pk->pubKeyOID = DSAk; break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: group = wolfSSL_EC_KEY_get0_group(key->ecc); if (!group) goto error; @@ -10051,7 +10182,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) if (!pval) goto error; - ptype = V_ASN1_OBJECT; + ptype = WOLFSSL_V_ASN1_OBJECT; pk->pubKeyOID = ECDSAk; break; #endif @@ -10062,7 +10193,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) keyTypeObj = wolfSSL_OBJ_nid2obj(key->type); if (keyTypeObj == NULL) { - if (ptype == V_ASN1_OBJECT) + if (ptype == WOLFSSL_V_ASN1_OBJECT) ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval); else ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval); @@ -10071,7 +10202,7 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) if (!wolfSSL_X509_ALGOR_set0(pk->algor, keyTypeObj, ptype, pval)) { WOLFSSL_MSG("Failed to create algorithm object"); ASN1_OBJECT_free(keyTypeObj); - if (ptype == V_ASN1_OBJECT) + if (ptype == WOLFSSL_V_ASN1_OBJECT) ASN1_OBJECT_free((WOLFSSL_ASN1_OBJECT *)pval); else ASN1_STRING_free((WOLFSSL_ASN1_STRING *)pval); @@ -10094,11 +10225,13 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) return WOLFSSL_FAILURE; } -#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */ +#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || + * WOLFSSL_WPAS */ #if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED) -int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) +int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, + unsigned char** der) { if (x509_PubKey == NULL) return WOLFSSL_FATAL_ERROR; @@ -10154,7 +10287,7 @@ WOLFSSL_AUTHORITY_KEYID* wolfSSL_AUTHORITY_KEYID_new(void) void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id) { WOLFSSL_ENTER("wolfSSL_AUTHORITY_KEYID_free"); - if(id == NULL) { + if (id == NULL) { WOLFSSL_MSG("Argument is NULL"); return; } @@ -10272,7 +10405,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( #ifdef WOLFSSL_CERT_GEN -#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ + defined(OPENSSL_EXTRA) /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to * a Cert structure. * @@ -10347,7 +10481,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( #if defined(OPENSSL_ALL) idx = wolfSSL_X509_REQ_get_attr_by_NID(req, - NID_pkcs9_unstructuredName, -1); + WC_NID_pkcs9_unstructuredName, -1); if (idx != WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { WOLFSSL_X509_ATTRIBUTE *attr; attr = wolfSSL_X509_REQ_get_attr(req, idx); @@ -10405,221 +10539,221 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } #endif /* WOLFSSL_CERT_REQ */ - /* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on - * success */ - static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t) - { - int sz, i; +/* converts WOLFSSL_AN1_TIME to Cert form, returns positive size on + * success */ +static int CertDateFromX509(byte* out, int outSz, WOLFSSL_ASN1_TIME* t) +{ + int sz, i; - if (t->length + 1 >= outSz) { - return BUFFER_E; - } + if (t->length + 1 >= outSz) { + return BUFFER_E; + } - out[0] = (byte) t->type; - sz = (int)SetLength((word32)t->length, out + 1) + 1; /* gen tag */ - for (i = 0; i < t->length; i++) { - out[sz + i] = t->data[i]; - } - return t->length + sz; + out[0] = (byte) t->type; + sz = (int)SetLength((word32)t->length, out + 1) + 1; /* gen tag */ + for (i = 0; i < t->length; i++) { + out[sz + i] = t->data[i]; } + return t->length + sz; +} - /* convert a WOLFSSL_X509 to a Cert structure for writing out */ - static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) - { - int ret; - #ifdef WOLFSSL_CERT_EXT - int i; - #endif +/* convert a WOLFSSL_X509 to a Cert structure for writing out */ +static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) +{ + int ret; +#ifdef WOLFSSL_CERT_EXT + int i; +#endif - WOLFSSL_ENTER("wolfSSL_X509_to_Cert"); + WOLFSSL_ENTER("wolfSSL_X509_to_Cert"); - if (x509 == NULL || cert == NULL) { - return BAD_FUNC_ARG; - } + if (x509 == NULL || cert == NULL) { + return BAD_FUNC_ARG; + } - wc_InitCert(cert); + wc_InitCert(cert); - cert->version = (int)wolfSSL_X509_get_version(x509); + cert->version = (int)wolfSSL_X509_get_version(x509); - if (x509->notBefore.length > 0) { - cert->beforeDateSz = CertDateFromX509(cert->beforeDate, - CTC_DATE_SIZE, &x509->notBefore); - if (cert->beforeDateSz <= 0){ - WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date"); - return WOLFSSL_FAILURE; - } - } - else { - cert->beforeDateSz = 0; + if (x509->notBefore.length > 0) { + cert->beforeDateSz = CertDateFromX509(cert->beforeDate, + CTC_DATE_SIZE, &x509->notBefore); + if (cert->beforeDateSz <= 0) { + WOLFSSL_MSG("Error converting WOLFSSL_X509 not before date"); + return WOLFSSL_FAILURE; } + } + else { + cert->beforeDateSz = 0; + } - if (x509->notAfter.length > 0) { - cert->afterDateSz = CertDateFromX509(cert->afterDate, - CTC_DATE_SIZE, &x509->notAfter); - if (cert->afterDateSz <= 0){ - WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date"); - return WOLFSSL_FAILURE; - } - } - else { - cert->afterDateSz = 0; + if (x509->notAfter.length > 0) { + cert->afterDateSz = CertDateFromX509(cert->afterDate, + CTC_DATE_SIZE, &x509->notAfter); + if (cert->afterDateSz <= 0) { + WOLFSSL_MSG("Error converting WOLFSSL_X509 not after date"); + return WOLFSSL_FAILURE; } + } + else { + cert->afterDateSz = 0; + } - #ifdef WOLFSSL_ALT_NAMES - cert->altNamesSz = FlattenAltNames(cert->altNames, - sizeof(cert->altNames), x509->altNames); - #endif /* WOLFSSL_ALT_NAMES */ +#ifdef WOLFSSL_ALT_NAMES + cert->altNamesSz = FlattenAltNames(cert->altNames, + sizeof(cert->altNames), x509->altNames); +#endif /* WOLFSSL_ALT_NAMES */ - cert->sigType = wolfSSL_X509_get_signature_type(x509); - cert->keyType = x509->pubKeyOID; - cert->isCA = wolfSSL_X509_get_isCA(x509); - cert->basicConstSet = x509->basicConstSet; + cert->sigType = wolfSSL_X509_get_signature_type(x509); + cert->keyType = x509->pubKeyOID; + cert->isCA = wolfSSL_X509_get_isCA(x509); + cert->basicConstSet = x509->basicConstSet; - #ifdef WOLFSSL_CERT_EXT - if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) { - if (x509->subjKeyId) { - XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz); - } - cert->skidSz = (int)x509->subjKeyIdSz; - } - else { - WOLFSSL_MSG("Subject Key ID too large"); - WOLFSSL_ERROR_VERBOSE(BUFFER_E); - return WOLFSSL_FAILURE; +#ifdef WOLFSSL_CERT_EXT + if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) { + if (x509->subjKeyId) { + XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz); } + cert->skidSz = (int)x509->subjKeyIdSz; + } + else { + WOLFSSL_MSG("Subject Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; + } - if (x509->authKeyIdSz < sizeof(cert->akid)) { - #ifdef WOLFSSL_AKID_NAME - cert->rawAkid = 0; - if (x509->authKeyIdSrc) { - XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); - cert->akidSz = (int)x509->authKeyIdSrcSz; - cert->rawAkid = 1; - } - else - #endif - if (x509->authKeyId) { - XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); - cert->akidSz = (int)x509->authKeyIdSz; - } + if (x509->authKeyIdSz < sizeof(cert->akid)) { + #ifdef WOLFSSL_AKID_NAME + cert->rawAkid = 0; + if (x509->authKeyIdSrc) { + XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); + cert->akidSz = (int)x509->authKeyIdSrcSz; + cert->rawAkid = 1; } - else { - WOLFSSL_MSG("Auth Key ID too large"); - WOLFSSL_ERROR_VERBOSE(BUFFER_E); - return WOLFSSL_FAILURE; + else + #endif + if (x509->authKeyId) { + XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); + cert->akidSz = (int)x509->authKeyIdSz; } + } + else { + WOLFSSL_MSG("Auth Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; + } - for (i = 0; i < x509->certPoliciesNb; i++) { - /* copy the smaller of MAX macros, by default they are currently equal*/ - if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) { - XMEMCPY(cert->certPolicies[i], x509->certPolicies[i], - CTC_MAX_CERTPOL_SZ); - } - else { - XMEMCPY(cert->certPolicies[i], x509->certPolicies[i], - MAX_CERTPOL_SZ); - } + for (i = 0; i < x509->certPoliciesNb; i++) { + /* copy the smaller of MAX macros, by default they are currently equal*/ + if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) { + XMEMCPY(cert->certPolicies[i], x509->certPolicies[i], + CTC_MAX_CERTPOL_SZ); + } + else { + XMEMCPY(cert->certPolicies[i], x509->certPolicies[i], + MAX_CERTPOL_SZ); } - cert->certPoliciesNb = (word16)x509->certPoliciesNb; + } + cert->certPoliciesNb = (word16)x509->certPoliciesNb; - cert->keyUsage = x509->keyUsage; - cert->extKeyUsage = x509->extKeyUsage; - cert->nsCertType = x509->nsCertType; + cert->keyUsage = x509->keyUsage; + cert->extKeyUsage = x509->extKeyUsage; + cert->nsCertType = x509->nsCertType; - if (x509->rawCRLInfo != NULL) { - if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) { - WOLFSSL_MSG("CRL Info too large"); - WOLFSSL_ERROR_VERBOSE(BUFFER_E); - return WOLFSSL_FAILURE; - } - XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz); - cert->crlInfoSz = x509->rawCRLInfoSz; + if (x509->rawCRLInfo != NULL) { + if (x509->rawCRLInfoSz > CTC_MAX_CRLINFO_SZ) { + WOLFSSL_MSG("CRL Info too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; } + XMEMCPY(cert->crlInfo, x509->rawCRLInfo, x509->rawCRLInfoSz); + cert->crlInfoSz = x509->rawCRLInfoSz; + } - #ifdef WOLFSSL_DUAL_ALG_CERTS - /* We point to instance in x509 so DON'T need to be free'd. */ - cert->sapkiDer = x509->sapkiDer; - cert->sapkiLen = x509->sapkiLen; - cert->altSigAlgDer = x509->altSigAlgDer; - cert->altSigAlgLen = x509->altSigAlgLen; - cert->altSigValDer = x509->altSigValDer; - cert->altSigValLen = x509->altSigValLen; - #endif /* WOLFSSL_DUAL_ALG_CERTS */ - #endif /* WOLFSSL_CERT_EXT */ +#ifdef WOLFSSL_DUAL_ALG_CERTS + /* We point to instance in x509 so DON'T need to be free'd. */ + cert->sapkiDer = x509->sapkiDer; + cert->sapkiLen = x509->sapkiLen; + cert->altSigAlgDer = x509->altSigAlgDer; + cert->altSigAlgLen = x509->altSigAlgLen; + cert->altSigValDer = x509->altSigValDer; + cert->altSigValLen = x509->altSigValLen; +#endif /* WOLFSSL_DUAL_ALG_CERTS */ +#endif /* WOLFSSL_CERT_EXT */ - #ifdef WOLFSSL_CERT_REQ - /* copy over challenge password for REQ certs */ - XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE); - #endif +#ifdef WOLFSSL_CERT_REQ + /* copy over challenge password for REQ certs */ + XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE); +#endif - /* Only makes sense to do this for OPENSSL_EXTRA because without - * this define the function will error out below */ - #ifdef OPENSSL_EXTRA - if (x509->serialSz == 0 && x509->serialNumber != NULL && - /* Check if the buffer contains more than just the - * ASN tag and length */ - x509->serialNumber->length > 2) { - if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber) - != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Failed to set serial number"); - return WOLFSSL_FAILURE; - } + /* Only makes sense to do this for OPENSSL_EXTRA because without + * this define the function will error out below */ + #ifdef OPENSSL_EXTRA + if (x509->serialSz == 0 && x509->serialNumber != NULL && + /* Check if the buffer contains more than just the + * ASN tag and length */ + x509->serialNumber->length > 2) { + if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set serial number"); + return WOLFSSL_FAILURE; } - #endif + } + #endif - /* set serial number */ - if (x509->serialSz > 0) { - #if defined(OPENSSL_EXTRA) - byte serial[EXTERNAL_SERIAL_SIZE]; - int serialSz = EXTERNAL_SERIAL_SIZE; + /* set serial number */ + if (x509->serialSz > 0) { + #if defined(OPENSSL_EXTRA) + byte serial[EXTERNAL_SERIAL_SIZE]; + int serialSz = EXTERNAL_SERIAL_SIZE; - ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz); - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Serial size error"); - return WOLFSSL_FAILURE; - } + ret = wolfSSL_X509_get_serial_number(x509, serial, &serialSz); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Serial size error"); + return WOLFSSL_FAILURE; + } - if (serialSz > EXTERNAL_SERIAL_SIZE || - serialSz > CTC_SERIAL_SIZE) { - WOLFSSL_MSG("Serial size too large error"); - WOLFSSL_ERROR_VERBOSE(BUFFER_E); - return WOLFSSL_FAILURE; - } - XMEMCPY(cert->serial, serial, serialSz); - cert->serialSz = serialSz; - #else - WOLFSSL_MSG("Getting X509 serial number not supported"); + if (serialSz > EXTERNAL_SERIAL_SIZE || + serialSz > CTC_SERIAL_SIZE) { + WOLFSSL_MSG("Serial size too large error"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); return WOLFSSL_FAILURE; - #endif } + XMEMCPY(cert->serial, serial, serialSz); + cert->serialSz = serialSz; + #else + WOLFSSL_MSG("Getting X509 serial number not supported"); + return WOLFSSL_FAILURE; + #endif + } - /* copy over Name structures */ - if (x509->issuerSet) - cert->selfSigned = 0; + /* copy over Name structures */ + if (x509->issuerSet) + cert->selfSigned = 0; - #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) - ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw); +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) + ret = CopyX509NameToCert(&x509->subject, cert->sbjRaw); + if (ret < 0) { + WOLFSSL_MSG("Subject conversion error"); + return MEMORY_E; + } + if (cert->selfSigned) { + XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName)); + } + else { + ret = CopyX509NameToCert(&x509->issuer, cert->issRaw); if (ret < 0) { - WOLFSSL_MSG("Subject conversion error"); + WOLFSSL_MSG("Issuer conversion error"); return MEMORY_E; } - if (cert->selfSigned) { - XMEMCPY(cert->issRaw, cert->sbjRaw, sizeof(CertName)); - } - else { - ret = CopyX509NameToCert(&x509->issuer, cert->issRaw); - if (ret < 0) { - WOLFSSL_MSG("Issuer conversion error"); - return MEMORY_E; - } - } - #endif + } +#endif - cert->heap = x509->heap; + cert->heap = x509->heap; - (void)ret; - return WOLFSSL_SUCCESS; - } + (void)ret; + return WOLFSSL_SUCCESS; +} /* returns the sig type to use on success i.e CTC_SHAwRSA and WOLFSSL_FALURE @@ -10638,7 +10772,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( return WOLFSSL_FAILURE; } - if (pkey->type == EVP_PKEY_RSA) { + if (pkey->type == WC_EVP_PKEY_RSA) { switch (hashType) { case WC_HASH_TYPE_SHA: sigType = CTC_SHAwRSA; @@ -10673,7 +10807,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( return WOLFSSL_FAILURE; } } - else if (pkey->type == EVP_PKEY_EC) { + else if (pkey->type == WC_EVP_PKEY_EC) { switch (hashType) { case WC_HASH_TYPE_SHA: sigType = CTC_SHAwECDSA; @@ -11181,13 +11315,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( /* Get the private key object and type from pkey. */ #ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) { + if (pkey->type == WC_EVP_PKEY_RSA) { type = RSA_TYPE; key = pkey->rsa->internal; } #endif #ifdef HAVE_ECC - if (pkey->type == EVP_PKEY_EC) { + if (pkey->type == WC_EVP_PKEY_EC) { type = ECC_TYPE; key = pkey->ecc->internal; } @@ -11197,7 +11331,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( ret = wc_InitRng(&rng); if (ret != 0) return ret; - ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key, &rng); + ret = wc_SignCert_ex(certBodySz, sigType, der, (word32)derSz, type, key, + &rng); wc_FreeRng(&rng); if (ret < 0) { WOLFSSL_LEAVE("wolfSSL_X509_resign_cert", ret); @@ -11263,70 +11398,71 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } - #ifndef WC_MAX_X509_GEN - /* able to override max size until dynamic buffer created */ - #define WC_MAX_X509_GEN 4096 - #endif +#ifndef WC_MAX_X509_GEN + /* able to override max size until dynamic buffer created */ + #define WC_MAX_X509_GEN 4096 +#endif - /* returns the size of signature on success */ - int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, - const WOLFSSL_EVP_MD* md) - { - int ret; - /* @TODO dynamic set based on expected cert size */ - byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); - int derSz = WC_MAX_X509_GEN; +/* returns the size of signature on success */ +int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_MD* md) +{ + int ret; + /* @TODO dynamic set based on expected cert size */ + byte *der = (byte *)XMALLOC(WC_MAX_X509_GEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + int derSz = WC_MAX_X509_GEN; - WOLFSSL_ENTER("wolfSSL_X509_sign"); + WOLFSSL_ENTER("wolfSSL_X509_sign"); - if (x509 == NULL || pkey == NULL || md == NULL) { - ret = WOLFSSL_FAILURE; - goto out; - } + if (x509 == NULL || pkey == NULL || md == NULL) { + ret = WOLFSSL_FAILURE; + goto out; + } - x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey); - if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) != - WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Unable to make DER for X509"); - WOLFSSL_LEAVE("wolfSSL_X509_sign", ret); - (void)ret; - ret = WOLFSSL_FAILURE; - goto out; - } + x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey); + if ((ret = wolfssl_x509_make_der(x509, 0, der, &derSz, 0)) != + WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Unable to make DER for X509"); + WOLFSSL_LEAVE("wolfSSL_X509_sign", ret); + (void)ret; + ret = WOLFSSL_FAILURE; + goto out; + } - ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz, - (WOLFSSL_EVP_MD*)md, pkey); - if (ret <= 0) { - WOLFSSL_LEAVE("wolfSSL_X509_sign", ret); - ret = WOLFSSL_FAILURE; - goto out; - } + ret = wolfSSL_X509_resign_cert(x509, 0, der, WC_MAX_X509_GEN, derSz, + (WOLFSSL_EVP_MD*)md, pkey); + if (ret <= 0) { + WOLFSSL_LEAVE("wolfSSL_X509_sign", ret); + ret = WOLFSSL_FAILURE; + goto out; + } - out: - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +out: + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } + return ret; +} #if defined(OPENSSL_EXTRA) - int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx) - { - WOLFSSL_ENTER("wolfSSL_X509_sign_ctx"); - - if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } +int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx) +{ + WOLFSSL_ENTER("wolfSSL_X509_sign_ctx"); - return wolfSSL_X509_sign(x509, ctx->pctx->pkey, wolfSSL_EVP_MD_CTX_md(ctx)); + if (!x509 || !ctx || !ctx->pctx || !ctx->pctx->pkey) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } + + return wolfSSL_X509_sign(x509, ctx->pctx->pkey, + wolfSSL_EVP_MD_CTX_md(ctx)); +} #endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_CERT_GEN */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) -/* Converts from NID_* value to wolfSSL value if needed. +/* Converts from WC_NID_* value to wolfSSL value if needed. * * @param [in] nid Numeric Id of a domain name component. * @return Domain name tag values - wolfSSL internal values. @@ -11335,28 +11471,29 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( static int ConvertNIDToWolfSSL(int nid) { switch (nid) { - case NID_commonName : return ASN_COMMON_NAME; + case WC_NID_commonName : return ASN_COMMON_NAME; #ifdef WOLFSSL_CERT_NAME_ALL - case NID_name : return ASN_NAME; - case NID_givenName: return ASN_GIVEN_NAME; - case NID_dnQualifier : return ASN_DNQUALIFIER; - case NID_initials: return ASN_INITIALS; + case WC_NID_name : return ASN_NAME; + case WC_NID_givenName: return ASN_GIVEN_NAME; + case WC_NID_dnQualifier : return ASN_DNQUALIFIER; + case WC_NID_initials: return ASN_INITIALS; #endif /* WOLFSSL_CERT_NAME_ALL */ - case NID_surname : return ASN_SUR_NAME; - case NID_countryName: return ASN_COUNTRY_NAME; - case NID_localityName: return ASN_LOCALITY_NAME; - case NID_stateOrProvinceName: return ASN_STATE_NAME; - case NID_streetAddress: return ASN_STREET_ADDR; - case NID_organizationName: return ASN_ORG_NAME; - case NID_organizationalUnitName: return ASN_ORGUNIT_NAME; - case NID_emailAddress: return ASN_EMAIL_NAME; - case NID_pkcs9_contentType: return ASN_CONTENT_TYPE; - case NID_serialNumber: return ASN_SERIAL_NUMBER; - case NID_userId: return ASN_USER_ID; - case NID_businessCategory: return ASN_BUS_CAT; - case NID_domainComponent: return ASN_DOMAIN_COMPONENT; - case NID_postalCode: return ASN_POSTAL_CODE; - case NID_favouriteDrink: return ASN_FAVOURITE_DRINK; + case WC_NID_surname : return ASN_SUR_NAME; + case WC_NID_countryName: return ASN_COUNTRY_NAME; + case WC_NID_localityName: return ASN_LOCALITY_NAME; + case WC_NID_stateOrProvinceName: return ASN_STATE_NAME; + case WC_NID_streetAddress: return ASN_STREET_ADDR; + case WC_NID_organizationName: return ASN_ORG_NAME; + case WC_NID_organizationalUnitName: return ASN_ORGUNIT_NAME; + case WC_NID_emailAddress: return ASN_EMAIL_NAME; + case WC_NID_pkcs9_contentType: return ASN_CONTENT_TYPE; + case WC_NID_serialNumber: return ASN_SERIAL_NUMBER; + case WC_NID_userId: return ASN_USER_ID; + case WC_NID_businessCategory: return ASN_BUS_CAT; + case WC_NID_domainComponent: return ASN_DOMAIN_COMPONENT; + case WC_NID_postalCode: return ASN_POSTAL_CODE; + case WC_NID_rfc822Mailbox: return ASN_RFC822_MAILBOX; + case WC_NID_favouriteDrink: return ASN_FAVOURITE_DRINK; default: WOLFSSL_MSG("Attribute NID not found"); return WOLFSSL_FATAL_ERROR; @@ -11365,7 +11502,8 @@ static int ConvertNIDToWolfSSL(int nid) #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL*/ -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) /* This is to convert the x509 name structure into canonical DER format */ /* , which has the following rules: */ /* convert to UTF8 */ @@ -11555,15 +11693,16 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) type = wolfSSL_ASN1_STRING_type(data); switch (type) { - case MBSTRING_UTF8: + case WOLFSSL_MBSTRING_UTF8: type = CTC_UTF8; break; - case MBSTRING_ASC: - case V_ASN1_PRINTABLESTRING: + case WOLFSSL_MBSTRING_ASC: + case WOLFSSL_V_ASN1_PRINTABLESTRING: type = CTC_PRINTABLE; break; default: - WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default"); + WOLFSSL_MSG( + "Unknown encoding type conversion UTF8 by default"); type = CTC_UTF8; } ret = wc_EncodeName(&names[i], nameStr, (char)type, @@ -11734,96 +11873,96 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) #ifndef NO_BIO - static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp, - WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type) - { - WOLFSSL_X509* x509 = NULL; +static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp, + WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u, int type) +{ + WOLFSSL_X509* x509 = NULL; #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - unsigned char* pem = NULL; - int pemSz; - long i = 0, l, footerSz; - const char* footer = NULL; + unsigned char* pem = NULL; + int pemSz; + long i = 0, l, footerSz; + const char* footer = NULL; - WOLFSSL_ENTER("loadX509orX509REQFromPemBio"); + WOLFSSL_ENTER("loadX509orX509REQFromPemBio"); - if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) { - WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG); - return NULL; - } + if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG); + return NULL; + } - if ((l = wolfSSL_BIO_get_len(bp)) <= 0) { - /* No certificate in buffer */ + if ((l = wolfSSL_BIO_get_len(bp)) <= 0) { + /* No certificate in buffer */ #if defined (WOLFSSL_HAPROXY) - WOLFSSL_ERROR(PEM_R_NO_START_LINE); + WOLFSSL_ERROR(PEM_R_NO_START_LINE); #else - WOLFSSL_ERROR(ASN_NO_PEM_HEADER); + WOLFSSL_ERROR(ASN_NO_PEM_HEADER); #endif - return NULL; - } + return NULL; + } - pemSz = (int)l; - pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM); - if (pem == NULL) - return NULL; - XMEMSET(pem, 0, pemSz); + pemSz = (int)l; + pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM); + if (pem == NULL) + return NULL; + XMEMSET(pem, 0, pemSz); - i = 0; - if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) { - XFREE(pem, 0, DYNAMIC_TYPE_PEM); - return NULL; - } - footerSz = (long)XSTRLEN(footer); + i = 0; + if (wc_PemGetHeaderFooter(type, NULL, &footer) != 0) { + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + return NULL; + } + footerSz = (long)XSTRLEN(footer); - /* TODO: Inefficient - * reading in one byte at a time until see the footer - */ - while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) { - i++; - if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer, - footerSz) == 0) { - if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) { - /* attempt to read newline following footer */ - i++; - if (pem[i-1] == '\r') { - /* found \r , Windows line ending is \r\n so try to read one - * more byte for \n, ignoring return value */ - (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); - } + /* TODO: Inefficient + * reading in one byte at a time until see the footer + */ + while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) { + i++; + if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer, + footerSz) == 0) { + if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) { + /* attempt to read newline following footer */ + i++; + if (pem[i-1] == '\r') { + /* found \r , Windows line ending is \r\n so try to read one + * more byte for \n, ignoring return value */ + (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); } - break; } + break; } - if (l == 0) - WOLFSSL_ERROR(ASN_NO_PEM_HEADER); - if (i > pemSz) { - WOLFSSL_MSG("Error parsing PEM"); - } - else { - pemSz = (int)i; - #ifdef WOLFSSL_CERT_REQ - if (type == CERTREQ_TYPE) - x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz, - WOLFSSL_FILETYPE_PEM); - else - #endif - x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz, - WOLFSSL_FILETYPE_PEM); - } + } + if (l == 0) + WOLFSSL_ERROR(ASN_NO_PEM_HEADER); + if (i > pemSz) { + WOLFSSL_MSG("Error parsing PEM"); + } + else { + pemSz = (int)i; + #ifdef WOLFSSL_CERT_REQ + if (type == CERTREQ_TYPE) + x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz, + WOLFSSL_FILETYPE_PEM); + else + #endif + x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz, + WOLFSSL_FILETYPE_PEM); + } - if (x != NULL) { - *x = x509; - } + if (x != NULL) { + *x = x509; + } - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ - (void)bp; - (void)x; - (void)cb; - (void)u; + (void)bp; + (void)x; + (void)cb; + (void)u; - return x509; - } + return x509; +} #if defined(WOLFSSL_ACERT) @@ -11911,11 +12050,11 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) } #ifdef WOLFSSL_CERT_REQ - WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, +WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u) - { - return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE); - } +{ + return loadX509orX509REQFromPemBio(bp, x, cb, u, CERTREQ_TYPE); +} #ifndef NO_FILESYSTEM WOLFSSL_X509* wolfSSL_PEM_read_X509_REQ(XFILE fp, WOLFSSL_X509** x, @@ -11939,7 +12078,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) err = 1; } } - if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) + if (err == 0 && wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to set BIO file pointer."); err = 1; @@ -11948,9 +12087,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) ret = wolfSSL_PEM_read_bio_X509_REQ(bio, x, cb, u); } - if (bio != NULL) { - wolfSSL_BIO_free(bio); - } + wolfSSL_BIO_free(bio); return ret; } @@ -11980,17 +12117,17 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) goto err; } - if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) { + if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) { goto err; } derSz = (int)der->length; - if((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) { + if ((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) { goto err; } err: XFREE(pem, 0, DYNAMIC_TYPE_PEM); - if(der != NULL) { + if (der != NULL) { FreeDer(&der); } @@ -12011,106 +12148,107 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) - static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x, - wc_pem_password_cb *cb, void *u, int type) - { - unsigned char* pem = NULL; - int pemSz; - long i = 0, l; - void *newx509; - int derSz; - DerBuffer* der = NULL; - - WOLFSSL_ENTER("wolfSSL_PEM_read_X509"); +static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x, + wc_pem_password_cb *cb, void *u, int type) +{ + unsigned char* pem = NULL; + int pemSz; + long i = 0, l; + void *newx509; + int derSz; + DerBuffer* der = NULL; - if (fp == XBADFILE) { - WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG); - return NULL; - } - /* Read cert from file */ - i = XFTELL(fp); - if (i < 0) { - WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG); - return NULL; - } + WOLFSSL_ENTER("wolfSSL_PEM_read_X509"); - if (XFSEEK(fp, 0, XSEEK_END) != 0) - return NULL; - l = XFTELL(fp); - if (l < 0) - return NULL; - if (XFSEEK(fp, i, SEEK_SET) != 0) - return NULL; - pemSz = (int)(l - i); + if (fp == XBADFILE) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG); + return NULL; + } + /* Read cert from file */ + i = XFTELL(fp); + if (i < 0) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG); + return NULL; + } - /* check calculated length */ - if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) { - WOLFSSL_MSG("PEM_read_X509_ex file size error"); - return NULL; - } + if (XFSEEK(fp, 0, XSEEK_END) != 0) + return NULL; + l = XFTELL(fp); + if (l < 0) + return NULL; + if (XFSEEK(fp, i, SEEK_SET) != 0) + return NULL; + pemSz = (int)(l - i); - /* allocate pem buffer */ - pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM); - if (pem == NULL) - return NULL; + /* check calculated length */ + if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz <= 0) { + WOLFSSL_MSG("PEM_read_X509_ex file size error"); + return NULL; + } - if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz) - goto err_exit; + /* allocate pem buffer */ + pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM); + if (pem == NULL) + return NULL; - switch (type) { - case CERT_TYPE: - newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem, - pemSz, WOLFSSL_FILETYPE_PEM); - break; + if ((int)XFREAD((char *)pem, 1, (size_t)pemSz, fp) != pemSz) + goto err_exit; - #ifdef HAVE_CRL - case CRL_TYPE: - if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) - goto err_exit; - derSz = (int)der->length; - newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x, - (const unsigned char *)der->buffer, derSz); - if (newx509 == NULL) - goto err_exit; - FreeDer(&der); - break; - #endif + switch (type) { + case CERT_TYPE: + newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem, + pemSz, WOLFSSL_FILETYPE_PEM); + break; - default: + #ifdef HAVE_CRL + case CRL_TYPE: + if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) + goto err_exit; + derSz = (int)der->length; + newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x, + (const unsigned char *)der->buffer, derSz); + if (newx509 == NULL) goto err_exit; - } - if (x != NULL) { - *x = newx509; - } - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); - return newx509; - - err_exit: - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); - if (der != NULL) FreeDer(&der); + break; + #endif - /* unused */ - (void)cb; - (void)u; - (void)derSz; - - return NULL; + default: + goto err_exit; } - - WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, - wc_pem_password_cb *cb, - void *u) - { - return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, CERT_TYPE); + if (x != NULL) { + *x = newx509; } + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + return newx509; + +err_exit: + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + if (der != NULL) + FreeDer(&der); + + /* unused */ + (void)cb; + (void)u; + (void)derSz; + + return NULL; +} + +WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, + wc_pem_password_cb *cb, void *u) +{ + return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, + CERT_TYPE); +} #if defined(HAVE_CRL) - WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, - wc_pem_password_cb *cb, void *u) - { - return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE); - } +WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, + WOLFSSL_X509_CRL **crl, wc_pem_password_cb *cb, void *u) +{ + return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, + CRL_TYPE); +} #endif #ifdef WOLFSSL_CERT_GEN @@ -12120,14 +12258,14 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) int ret; WOLFSSL_BIO* bio; - if (x == NULL) + if (x == NULL || fp == XBADFILE) return 0; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); if (bio == NULL) return 0; - if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) { wolfSSL_BIO_free(bio); bio = NULL; } @@ -12302,7 +12440,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) "-----BEGIN X509 CRL-----")) { /* We have a crl */ WOLFSSL_MSG("Parsing crl"); - if((PemToDer((const unsigned char*) header, + if ((PemToDer((const unsigned char*) header, (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL, NULL)) < 0) { WOLFSSL_MSG("PemToDer error"); @@ -12373,7 +12511,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, pem_password_cb* cb, void* u) { - WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE); + WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, WOLFSSL_BIO_NOCLOSE); WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL; WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read"); @@ -12536,16 +12674,12 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne, int nid, int type, const unsigned char *data, int dataSz) { - WOLFSSL_ASN1_OBJECT* object; - ne->nid = nid; /* Reuse the object if already available. */ - object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); - if (object != NULL) { - /* Set the object when no error. */ - ne->object = object; + ne->object = wolfSSL_OBJ_nid2obj_ex(nid, ne->object); + if (ne->value == NULL) { + ne->value = wolfSSL_ASN1_STRING_type_new(type); } - ne->value = wolfSSL_ASN1_STRING_type_new(type); if (ne->value != NULL) { if (wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz) == WOLFSSL_SUCCESS) { @@ -12579,7 +12713,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) } nid = wolfSSL_OBJ_txt2nid(txt); - if (nid == NID_undef) { + if (nid == WC_NID_undef) { WOLFSSL_MSG("Unable to find text"); ne = NULL; } @@ -12856,7 +12990,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( if (name == NULL || field == NULL) return WOLFSSL_FAILURE; - if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef) { + if ((nid = wolfSSL_OBJ_txt2nid(field)) == WC_NID_undef) { WOLFSSL_MSG("Unable convert text to NID"); return WOLFSSL_FAILURE; } @@ -12926,7 +13060,8 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( for (idx++; idx < MAX_NAME_ENTRIES; idx++) { /* Find index of desired name */ if (name->entry[idx].set) { - if (XSTRLEN(obj->sName) == XSTRLEN(name->entry[idx].object->sName) && + if (XSTRLEN(obj->sName) == + XSTRLEN(name->entry[idx].object->sName) && XSTRNCMP((const char*) obj->sName, name->entry[idx].object->sName, obj->objSz - 1) == 0) { return idx; @@ -12977,26 +13112,26 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #ifdef OPENSSL_EXTRA - int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key) - { - WOLFSSL_ENTER("wolfSSL_X509_check_private_key"); - - if (!x509 || !key) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } +int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key) +{ + WOLFSSL_ENTER("wolfSSL_X509_check_private_key"); - #ifndef NO_CHECK_PRIVATE_KEY - return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, - x509->pubKey.buffer, x509->pubKey.length, - (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ? - WOLFSSL_SUCCESS : WOLFSSL_FAILURE; - #else - /* not compiled in */ - return WOLFSSL_SUCCESS; - #endif + if (!x509 || !key) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; } +#ifndef NO_CHECK_PRIVATE_KEY + return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, + x509->pubKey.buffer, x509->pubKey.length, + (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +#else + /* not compiled in */ + return WOLFSSL_SUCCESS; +#endif +} + #endif /* OPENSSL_EXTRA */ #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ @@ -13158,9 +13293,10 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) #endif /* !NO_BIO */ #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ -#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB) +#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) || \ + defined(HAVE_SBLIM_SFCB) WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new( WOLF_SK_COMPARE_CB(WOLFSSL_X509_NAME, cb)) @@ -13196,14 +13332,15 @@ int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk) * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on * fail */ -WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk, - int i) +WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value( + const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int i) { WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); return (WOLFSSL_X509_NAME*)wolfSSL_sk_value(sk, i); } -WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) +WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop( + WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { WOLFSSL_STACK* node; WOLFSSL_X509_NAME* name; @@ -13296,7 +13433,8 @@ WOLFSSL_X509_NAME_ENTRY* wolfSSL_sk_X509_NAME_ENTRY_value( return (WOLFSSL_X509_NAME_ENTRY*)wolfSSL_sk_value(sk, i); } -int wolfSSL_sk_X509_NAME_ENTRY_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk) +int wolfSSL_sk_X509_NAME_ENTRY_num( + const WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* sk) { if (sk == NULL) return BAD_FUNC_ARG; @@ -13421,7 +13559,7 @@ void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk) /* Adds the WOLFSSL_X509_INFO to the stack "sk". "sk" takes control of "in" and * tries to free it when the stack is free'd. * - * return 1 on success 0 on fail + * return number of elements on success 0 on fail */ int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, WOLFSSL_X509_INFO* in) @@ -13460,7 +13598,8 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( return copy; } -void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i) +void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, + int i) { WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_value"); for (; sk != NULL && i > 0; i--) @@ -13476,7 +13615,8 @@ int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s) WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_num"); if (s) { return (int)s->num; - } else { + } + else { return 0; } } @@ -13506,82 +13646,86 @@ static int get_dn_attr_by_nid(int n, const char** buf) switch(n) { - case NID_commonName : + case WC_NID_commonName : str = "CN"; len = 2; break; - case NID_countryName: + case WC_NID_countryName: str = "C"; len = 1; break; - case NID_localityName: + case WC_NID_localityName: str = "L"; len = 1; break; - case NID_stateOrProvinceName: + case WC_NID_stateOrProvinceName: str = "ST"; len = 2; break; - case NID_streetAddress: + case WC_NID_streetAddress: str = "street"; len = 6; break; - case NID_organizationName: + case WC_NID_organizationName: str = "O"; len = 1; break; - case NID_organizationalUnitName: + case WC_NID_organizationalUnitName: str = "OU"; len = 2; break; - case NID_postalCode: + case WC_NID_postalCode: str = "postalCode"; len = 10; break; - case NID_emailAddress: + case WC_NID_emailAddress: str = "emailAddress"; len = 12; break; - case NID_surname: + case WC_NID_surname: str = "SN"; len = 2; break; - case NID_givenName: + case WC_NID_givenName: str = "GN"; len = 2; break; - case NID_dnQualifier: + case WC_NID_dnQualifier: str = "dnQualifier"; len = 11; break; - case NID_name: + case WC_NID_name: str = "name"; len = 4; break; - case NID_initials: + case WC_NID_initials: str = "initials"; len = 8; break; - case NID_domainComponent: + case WC_NID_domainComponent: str = "DC"; len = 2; break; - case NID_pkcs9_contentType: + case WC_NID_pkcs9_contentType: str = "contentType"; len = 11; break; - case NID_userId: + case WC_NID_userId: str = "UID"; len = 3; break; - case NID_serialNumber: + case WC_NID_serialNumber: str = "serialNumber"; len = 12; break; - case NID_title: + case WC_NID_title: str = "title"; len = 5; break; + case WC_NID_rfc822Mailbox: + str = "mail"; + len = 4; + break; default: WOLFSSL_MSG("Attribute type not found"); str = NULL; @@ -13684,7 +13828,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, return WOLFSSL_FAILURE; XMEMSET(eqStr, 0, sizeof(eqStr)); - if (flags & XN_FLAG_SPC_EQ) { + if (flags & WOLFSSL_XN_FLAG_SPC_EQ) { eqSpace = 2; XSTRNCPY(eqStr, " = ", 4); } @@ -13704,9 +13848,10 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, int tmpSz; /* reverse name order for RFC2253 and DN_REV */ - if ((flags & XN_FLAG_RFC2253) || (flags & XN_FLAG_DN_REV)) { + if ((flags & WOLFSSL_XN_FLAG_RFC2253) || (flags & WOLFSSL_XN_FLAG_DN_REV)) { ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1); - } else { + } + else { ne = wolfSSL_X509_NAME_get_entry(name, i); } if (ne == NULL) @@ -13716,7 +13861,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, if (str == NULL) return WOLFSSL_FAILURE; - if (flags & XN_FLAG_RFC2253) { + if (flags & WOLFSSL_XN_FLAG_RFC2253) { /* escape string for RFC 2253, ret sz not counting null term */ escapeSz = wolfSSL_EscapeString_RFC2253(str->data, str->length, escaped, sizeof(escaped)); @@ -13763,10 +13908,12 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, return WOLFSSL_FAILURE; } tmpSz = len + nameStrSz + 1 + eqSpace; /* 1 for '=' */ - if (bio->type != WOLFSSL_BIO_FILE && bio->type != WOLFSSL_BIO_MEMORY) + if (bio->type != WOLFSSL_BIO_FILE && + bio->type != WOLFSSL_BIO_MEMORY) { ++tmpSz; /* include the terminating null when not writing to a * file. */ + } } if (wolfSSL_BIO_write(bio, tmp, tmpSz) != tmpSz) { @@ -13789,7 +13936,7 @@ int wolfSSL_X509_NAME_print_ex_fp(XFILE file, WOLFSSL_X509_NAME* name, WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex_fp"); - if (!(bio = wolfSSL_BIO_new_fp(file, BIO_NOCLOSE))) { + if (!(bio = wolfSSL_BIO_new_fp(file, WOLFSSL_BIO_NOCLOSE))) { WOLFSSL_MSG("wolfSSL_BIO_new_fp error"); return WOLFSSL_FAILURE; } @@ -13861,7 +14008,8 @@ WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject( return NULL; for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) { - WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(sk, i); + WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *) + wolfSSL_sk_X509_OBJECT_value(sk, i); if (obj != NULL && obj->type == type && wolfSSL_X509_NAME_cmp( wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0) @@ -13915,10 +14063,7 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s) #endif /* OPENSSL_EXTRA */ -#if defined(HAVE_EX_DATA) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \ - || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) \ - || defined(HAVE_LIGHTY)) - +#ifdef HAVE_EX_DATA_CRYPTO int wolfSSL_X509_get_ex_new_index(int idx, void *arg, WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, @@ -13926,14 +14071,13 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg, { WOLFSSL_ENTER("wolfSSL_X509_get_ex_new_index"); - return wolfssl_get_ex_new_index(CRYPTO_EX_INDEX_X509, idx, arg, + return wolfssl_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, idx, arg, new_func, dup_func, free_func); } #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(WOLFSSL_WPAS_SMALL) -void *wolfSSL_X509_get_ex_data(X509 *x509, int idx) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx) { WOLFSSL_ENTER("wolfSSL_X509_get_ex_data"); #ifdef HAVE_EX_DATA @@ -13947,12 +14091,11 @@ void *wolfSSL_X509_get_ex_data(X509 *x509, int idx) return NULL; } -int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data) +int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data) { WOLFSSL_ENTER("wolfSSL_X509_set_ex_data"); #ifdef HAVE_EX_DATA - if (x509 != NULL) - { + if (x509 != NULL) { return wolfSSL_CRYPTO_set_ex_data(&x509->ex_data, idx, data); } #else @@ -13965,7 +14108,7 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data) #ifdef HAVE_EX_DATA_CLEANUP_HOOKS int wolfSSL_X509_set_ex_data_with_cleanup( - X509 *x509, + WOLFSSL_X509 *x509, int idx, void *data, wolfSSL_ex_data_cleanup_routine_t cleanup_routine) @@ -13979,8 +14122,7 @@ int wolfSSL_X509_set_ex_data_with_cleanup( return WOLFSSL_FAILURE; } #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifndef NO_ASN @@ -14147,7 +14289,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen, return WOLFSSL_FAILURE; /* Call with NULL buffer to get required length. */ - emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress, + emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress, NULL, 0); if (emailLen < 0) return WOLFSSL_FAILURE; @@ -14158,7 +14300,7 @@ int wolfSSL_X509_check_email(WOLFSSL_X509 *x, const char *chk, size_t chkLen, if (emailBuf == NULL) return WOLFSSL_FAILURE; - emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, NID_emailAddress, + emailLen = wolfSSL_X509_NAME_get_text_by_NID(subjName, WC_NID_emailAddress, emailBuf, emailLen); if (emailLen < 0) { XFREE(emailBuf, x->heap, DYNAMIC_TYPE_OPENSSL); @@ -14205,81 +14347,6 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) -#if defined(OPENSSL_EXTRA) && \ - ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \ - defined(WOLFSSL_SIGNER_DER_CERT)) - -/** - * Find the issuing cert of the input cert. On a self-signed cert this - * function will return an error. - * @param issuer The issuer x509 struct is returned here - * @param cm The cert manager that is queried for the issuer - * @param x This cert's issuer will be queried in cm - * @return WOLFSSL_SUCCESS on success - * WOLFSSL_FAILURE on error - */ -static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, - WOLFSSL_X509 *x) -{ - Signer* ca = NULL; -#ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; -#else - DecodedCert cert[1]; -#endif - - if (cm == NULL || x == NULL || x->derCert == NULL) { - WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining " - "WOLFSSL_SIGNER_DER_CERT could solve the issue"); - return WOLFSSL_FAILURE; - } - -#ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); - if (cert == NULL) - return WOLFSSL_FAILURE; -#endif - - /* Use existing CA retrieval APIs that use DecodedCert. */ - InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap); - if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0 - && !cert->selfSigned) { - #ifndef NO_SKID - if (cert->extAuthKeyIdSet) - ca = GetCA(cm, cert->extAuthKeyId); - if (ca == NULL) - ca = GetCAByName(cm, cert->issuerHash); - #else /* NO_SKID */ - ca = GetCA(cm, cert->issuerHash); - #endif /* NO SKID */ - } - FreeDecodedCert(cert); -#ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); -#endif - - if (ca == NULL) - return WOLFSSL_FAILURE; - -#ifdef WOLFSSL_SIGNER_DER_CERT - /* populate issuer with Signer DER */ - if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer, - ca->derCert->length, cm->heap) == NULL) - return WOLFSSL_FAILURE; -#else - /* Create an empty certificate as CA doesn't have a certificate. */ - *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0, - DYNAMIC_TYPE_OPENSSL); - if (*issuer == NULL) - return WOLFSSL_FAILURE; - - InitX509((*issuer), 1, NULL); -#endif - - return WOLFSSL_SUCCESS; -} -#endif /* if defined(OPENSSL_EXTRA) && (defined(SESSION_CERTS) || \ - defined(WOLFSSL_SIGNER_DER_CERT)) */ void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) { @@ -14346,7 +14413,7 @@ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ - defined(KEEP_PEER_CERT) + defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) { WOLFSSL_ENTER("wolfSSL_X509_dup"); @@ -14364,7 +14431,8 @@ WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x) return wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer, x->derCert->length, x->heap); } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || KEEP_PEER_CERT || \ + SESSION_CERTS */ #if defined(OPENSSL_EXTRA) int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) @@ -14389,7 +14457,7 @@ long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509) WOLFSSL_ENTER("wolfSSL_X509_get_version"); - if (x509 == NULL){ + if (x509 == NULL) { WOLFSSL_MSG("invalid parameter"); return 0L; } @@ -14633,7 +14701,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) /* Regenerate since pkey->pkey.ptr may contain private key */ switch (pkey->type) { #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: { RsaKey* rsa; @@ -14659,7 +14727,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */ #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: { DsaKey* dsa; @@ -14677,12 +14745,12 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) XFREE(p, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); return WOLFSSL_FAILURE; } - cert->pubKeyOID = RSAk; + cert->pubKeyOID = DSAk; } break; #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) && !NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: { ecc_key* ecc; @@ -14709,6 +14777,7 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) default: return WOLFSSL_FAILURE; } + XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); cert->pubKey.buffer = p; cert->pubKey.length = (unsigned int)derSz; @@ -14763,10 +14832,10 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, /* Set parameters in ctx as long as ret == WOLFSSL_SUCCESS */ if (ret == WOLFSSL_SUCCESS && issuer) - ret = wolfSSL_X509_set_issuer_name(ctx->x509,&issuer->issuer); + ret = wolfSSL_X509_set_issuer_name(ctx->x509, &issuer->issuer); if (ret == WOLFSSL_SUCCESS && subject) - ret = wolfSSL_X509_set_subject_name(ctx->x509,&subject->subject); + ret = wolfSSL_X509_set_subject_name(ctx->x509, &subject->subject); if (ret == WOLFSSL_SUCCESS && req) { WOLFSSL_MSG("req not implemented."); @@ -14840,6 +14909,25 @@ void wolfSSL_X509_REQ_free(WOLFSSL_X509* req) wolfSSL_X509_free(req); } +int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version) +{ + WOLFSSL_ENTER("wolfSSL_X509_REQ_set_version"); + if ((x == NULL) || (version < 0) || (version >= INT_MAX)) { + return WOLFSSL_FAILURE; + } + x->version = (int)version; + return WOLFSSL_SUCCESS; +} + +long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req) +{ + WOLFSSL_ENTER("wolfSSL_X509_REQ_get_version"); + if (req == NULL) { + return 0; /* invalid arg */ + } + return (long)req->version; +} + int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md) { @@ -14902,20 +14990,22 @@ static int regenX509REQDerBuffer(WOLFSSL_X509* x509) { int derSz = X509_BUFFER_SZ; int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); -#ifdef WOLFSSL_SMALL_STACK +#ifndef WOLFSSL_SMALL_STACK + byte der[X509_BUFFER_SZ]; +#else byte* der; + der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (!der) { WOLFSSL_MSG("malloc failed"); return WOLFSSL_FAILURE; } -#else - byte der[X509_BUFFER_SZ]; #endif if (wolfssl_x509_make_der(x509, 1, der, &derSz, 0) == WOLFSSL_SUCCESS) { FreeDer(&x509->derCert); - if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE, x509->heap) == 0) { + if (AllocDer(&x509->derCert, (word32)derSz, CERT_TYPE, + x509->heap) == 0) { XMEMCPY(x509->derCert->buffer, der, derSz); ret = WOLFSSL_SUCCESS; } @@ -15041,13 +15131,13 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, WOLFSSL_ENTER("wolfSSL_X509_REQ_add1_attr_by_NID"); - if (!req || !bytes || type != MBSTRING_ASC) { + if (!req || !bytes || type != WOLFSSL_MBSTRING_ASC) { WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } switch (nid) { - case NID_pkcs9_challengePassword: + case WC_NID_pkcs9_challengePassword: if (len < 0) len = (int)XSTRLEN((char*)bytes); if (len < CTC_NAME_SIZE) { @@ -15060,7 +15150,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, return WOLFSSL_FAILURE; } break; - case NID_serialNumber: + case WC_NID_serialNumber: if (len < 0) len = (int)XSTRLEN((char*)bytes); if (len + 1 > EXTERNAL_SERIAL_SIZE) { @@ -15072,12 +15162,12 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, req->serialSz = len; break; - case NID_pkcs9_unstructuredName: - case NID_pkcs9_contentType: - case NID_surname: - case NID_initials: - case NID_givenName: - case NID_dnQualifier: + case WC_NID_pkcs9_unstructuredName: + case WC_NID_pkcs9_contentType: + case WC_NID_surname: + case WC_NID_initials: + case WC_NID_givenName: + case WC_NID_dnQualifier: break; default: @@ -15087,7 +15177,7 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, attr = wolfSSL_X509_ATTRIBUTE_new(); ret = wolfSSL_X509_ATTRIBUTE_set(attr, (const char*)bytes, len, - V_ASN1_PRINTABLESTRING, nid); + WOLFSSL_V_ASN1_PRINTABLESTRING, nid); if (ret != WOLFSSL_SUCCESS) { wolfSSL_X509_ATTRIBUTE_free(attr); } @@ -15272,7 +15362,9 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr) * */ WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap) { - WOLFSSL_X509_ACERT* x509; + WOLFSSL_X509_ACERT * x509 = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_new"); x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap, DYNAMIC_TYPE_X509_ACERT); @@ -15302,6 +15394,8 @@ WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void) * */ void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap) { + WOLFSSL_ENTER("wolfSSL_X509_ACERT_init"); + if (x509 == NULL) { WOLFSSL_MSG("error: InitX509Acert: null parameter"); return; @@ -15327,6 +15421,8 @@ void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509) int dynamic = 0; void * heap = NULL; + WOLFSSL_ENTER("wolfSSL_X509_ACERT_free"); + if (x509 == NULL) { WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter"); return; @@ -15341,6 +15437,11 @@ void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509) x509->holderIssuerName = NULL; } + if (x509->holderEntityName) { + FreeAltNames(x509->holderEntityName, heap); + x509->holderEntityName = NULL; + } + if (x509->AttCertIssuerName) { FreeAltNames(x509->AttCertIssuerName, heap); x509->AttCertIssuerName = NULL; @@ -15512,15 +15613,15 @@ int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) } switch (pkey->type) { - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: pkey_type = RSAk; break; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: pkey_type = ECDSAk; break; - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: pkey_type = DSAk; break; diff --git a/src/src/x509_str.c b/src/src/x509_str.c index c3d33b8..894da16 100644 --- a/src/src/x509_str.c +++ b/src/src/x509_str.c @@ -114,6 +114,80 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) #ifdef OPENSSL_EXTRA +#if ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) + +/** + * Find the issuing cert of the input cert. On a self-signed cert this + * function will return an error. + * @param issuer The issuer x509 struct is returned here + * @param cm The cert manager that is queried for the issuer + * @param x This cert's issuer will be queried in cm + * @return WOLFSSL_SUCCESS on success + * WOLFSSL_FAILURE on error + */ +static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, + WOLFSSL_X509 *x) +{ + Signer* ca = NULL; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; +#else + DecodedCert cert[1]; +#endif + + if (cm == NULL || x == NULL || x->derCert == NULL) { + WOLFSSL_MSG("No cert DER buffer or NULL cm. Defining " + "WOLFSSL_SIGNER_DER_CERT could solve the issue"); + return WOLFSSL_FAILURE; + } + +#ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + if (cert == NULL) + return WOLFSSL_FAILURE; +#endif + + /* Use existing CA retrieval APIs that use DecodedCert. */ + InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, cm->heap); + if (ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL) == 0 + && !cert->selfSigned) { + #ifndef NO_SKID + if (cert->extAuthKeyIdSet) + ca = GetCA(cm, cert->extAuthKeyId); + if (ca == NULL) + ca = GetCAByName(cm, cert->issuerHash); + #else /* NO_SKID */ + ca = GetCA(cm, cert->issuerHash); + #endif /* NO SKID */ + } + FreeDecodedCert(cert); +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); +#endif + + if (ca == NULL) + return WOLFSSL_FAILURE; + +#ifdef WOLFSSL_SIGNER_DER_CERT + /* populate issuer with Signer DER */ + if (wolfSSL_X509_d2i_ex(issuer, ca->derCert->buffer, + ca->derCert->length, cm->heap) == NULL) + return WOLFSSL_FAILURE; +#else + /* Create an empty certificate as CA doesn't have a certificate. */ + *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0, + DYNAMIC_TYPE_OPENSSL); + if (*issuer == NULL) + return WOLFSSL_FAILURE; + + InitX509((*issuer), 1, NULL); +#endif + + return WOLFSSL_SUCCESS; +} +#endif /* SESSION_CERTS || WOLFSSL_SIGNER_DER_CERT */ + WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_new"); @@ -147,7 +221,9 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, wolfSSL_sk_X509_free(ctx->chain); ctx->chain = NULL; } +#ifdef SESSION_CERTS ctx->sesChain = NULL; +#endif ctx->domain = NULL; #ifdef HAVE_EX_DATA XMEMSET(&ctx->ex_data, 0, sizeof(ctx->ex_data)); @@ -221,11 +297,11 @@ int GetX509Error(int e) /* We can't disambiguate if its the before or after date that caused * the error. Assume expired. */ case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR): - return X509_V_ERR_CRL_HAS_EXPIRED; + return WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED; case WC_NO_ERR_TRACE(CRL_CERT_REVOKED): return WOLFSSL_X509_V_ERR_CERT_REVOKED; case WC_NO_ERR_TRACE(CRL_MISSING): - return X509_V_ERR_UNABLE_TO_GET_CRL; + return WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL; case 0: case 1: return 0; @@ -239,17 +315,24 @@ int GetX509Error(int e) } } +static void SetupStoreCtxError_ex(WOLFSSL_X509_STORE_CTX* ctx, int ret, + int depth) +{ + int error = GetX509Error(ret); + + wolfSSL_X509_STORE_CTX_set_error(ctx, error); + wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); +} + static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret) { int depth = 0; - int error = GetX509Error(ret); /* Set error depth */ if (ctx->chain) depth = (int)ctx->chain->num; - wolfSSL_X509_STORE_CTX_set_error(ctx, error); - wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); + SetupStoreCtxError_ex(ctx, ret, depth); } static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) @@ -265,7 +348,8 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) if (ctx->store->verify_cb) - ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret; + ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? + WOLFSSL_SUCCESS : ret; #endif #ifndef NO_ASN_TIME @@ -290,7 +374,7 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) if (ctx->store->verify_cb) ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, - ctx) == 1 ? 0 : -1; + ctx) == 1 ? WOLFSSL_SUCCESS : -1; #endif } #endif @@ -393,21 +477,37 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* We found our issuer in the non-trusted cert list, add it * to the CM and verify the current cert against it */ + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* OpenSSL doesn't allow the cert as CA if it is not CA:TRUE for + * intermediate certs. + */ + if (!issuer->isCa) { + /* error depth is current depth + 1 */ + SetupStoreCtxError_ex(ctx, X509_V_ERR_INVALID_CA, + (ctx->chain) ? (int)(ctx->chain->num + 1) : 1); + if (ctx->store->verify_cb) { + ret = ctx->store->verify_cb(0, ctx); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + } + } else { + #endif ret = X509StoreAddCa(ctx->store, issuer, WOLFSSL_TEMP_CA); if (ret != WOLFSSL_SUCCESS) { goto exit; } - added = 1; - ret = X509StoreVerifyCert(ctx); if (ret != WOLFSSL_SUCCESS) { goto exit; } - /* Add it to the current chain and look at the issuer cert next */ wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + } + #endif ctx->current_cert = issuer; } else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { @@ -1002,11 +1102,9 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL) goto err_exit; -#if !defined(WOLFSSL_SIGNER_DER_CERT) if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL) goto err_exit; #endif -#endif #ifdef HAVE_CRL store->crl = store->cm->crl; @@ -1056,8 +1154,11 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, WOLFSSL_X509_OBJECT *obj = NULL; int cnt = store->numAdded; + /* -1 here because it is later used as an index value into the object stack. + * With there being the chance that the only object in the stack is one from + * the numAdded to the store >= is used when comparing to 0. */ i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; - while (cnt > 0 && i > 0) { + while (cnt > 0 && i >= 0) { /* The inner X509 is owned by somebody else, NULL out the reference */ obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i); if (obj != NULL) { @@ -1096,20 +1197,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) } #if defined(OPENSSL_EXTRA) if (store->certs != NULL) { - wolfSSL_sk_X509_free(store->certs); + wolfSSL_sk_X509_pop_free(store->certs, NULL); store->certs = NULL; } if (store->owned != NULL) { - wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free); + wolfSSL_sk_X509_pop_free(store->owned, NULL); store->owned = NULL; } -#if !defined(WOLFSSL_SIGNER_DER_CERT) if (store->trusted != NULL) { - wolfSSL_sk_X509_free(store->trusted); + wolfSSL_sk_X509_pop_free(store->trusted, NULL); store->trusted = NULL; } #endif -#endif #ifdef OPENSSL_ALL if (store->objs != NULL) { X509StoreFreeObjList(store, store->objs); @@ -1306,26 +1405,32 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) * CA=TRUE */ if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) { result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA); - #if !defined(WOLFSSL_SIGNER_DER_CERT) if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { - result = wolfSSL_sk_X509_push(store->trusted, x509); - if (result > 0) { - result = WOLFSSL_SUCCESS; - } - else { - result = WOLFSSL_FATAL_ERROR; + result = wolfSSL_X509_up_ref(x509); + if (result == WOLFSSL_SUCCESS) { + result = wolfSSL_sk_X509_push(store->trusted, x509); + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + wolfSSL_X509_free(x509); + } } } - #endif } else { if (store->certs != NULL) { - result = wolfSSL_sk_X509_push(store->certs, x509); - if (result > 0) { - result = WOLFSSL_SUCCESS; - } - else { - result = WOLFSSL_FATAL_ERROR; + result = wolfSSL_X509_up_ref(x509); + if (result == WOLFSSL_SUCCESS) { + result = wolfSSL_sk_X509_push(store->certs, x509); + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + wolfSSL_X509_free(x509); + } } } else { @@ -1379,7 +1484,8 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, byte *buf, word32 bufLen, int type) { - int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int ret = WOLFSSL_SUCCESS; + WOLFSSL_X509 *x509 = NULL; if (str == NULL || buf == NULL) { @@ -1389,14 +1495,18 @@ int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */ x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type); if (str->owned != NULL) { - wolfSSL_sk_X509_push(str->owned, x509); + if (wolfSSL_sk_X509_push(str->owned, x509) <= 0) { + ret = WOLFSSL_FAILURE; + } + } + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_X509_STORE_add_cert(str, x509); } - ret = wolfSSL_X509_STORE_add_cert(str, x509); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; } - if (str->owned == NULL) { + if (ret != WOLFSSL_SUCCESS || str->owned == NULL) { wolfSSL_X509_free(x509); } @@ -1745,10 +1855,18 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) cert_stack = wolfSSL_CertManagerGetCerts(store->cm); store->numAdded = 0; + if (cert_stack == NULL && wolfSSL_sk_X509_num(store->certs) > 0) { + cert_stack = wolfSSL_sk_X509_new_null(); + if (cert_stack == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_new error"); + goto err_cleanup; + } + } for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) { - wolfSSL_sk_X509_push(cert_stack, - wolfSSL_sk_X509_value(store->certs, i)); - store->numAdded++; + if (wolfSSL_sk_X509_push(cert_stack, + wolfSSL_sk_X509_value(store->certs, i)) > 0) { + store->numAdded++; + } } /* Do not modify stack until after we guarantee success to * simplify cleanup logic handling cert merging above */ diff --git a/src/wolfcrypt/src/aes.c b/src/wolfcrypt/src/aes.c index 1cb9843..cf50064 100644 --- a/src/wolfcrypt/src/aes.c +++ b/src/wolfcrypt/src/aes.c @@ -106,7 +106,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif -#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) +#if (!defined(WOLFSSL_ARMASM) || defined(__aarch64__)) && \ + !defined(WOLFSSL_RISCV_ASM) #ifdef WOLFSSL_IMX6_CAAM_BLOB /* case of possibly not using hardware acceleration for AES but using key @@ -123,7 +124,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #pragma warning(disable: 4127) #endif -#if FIPS_VERSION3_GE(6,0,0) +#if !defined(WOLFSSL_ARMASM) && FIPS_VERSION3_GE(6,0,0) const unsigned int wolfCrypt_FIPS_aes_ro_sanity[2] = { 0x1a2b3c4d, 0x00000002 }; int wolfCrypt_FIPS_AES_sanity(void) @@ -174,13 +175,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE, (uint32_t*)outBlock, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -275,13 +276,13 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE, (uint32_t*)outBlock, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, AES_BLOCK_SIZE, + ret = HAL_CRYP_AESECB_Decrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE, outBlock, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -379,7 +380,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif if (wolfSSL_CryptHwMutexLock() == 0) { - LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE, + LTC_AES_EncryptEcb(LTC_BASE, inBlock, outBlock, WC_AES_BLOCK_SIZE, key, keySize); wolfSSL_CryptHwMutexUnLock(); } @@ -402,7 +403,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif if (wolfSSL_CryptHwMutexLock() == 0) { - LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, AES_BLOCK_SIZE, + LTC_AES_DecryptEcb(LTC_BASE, inBlock, outBlock, WC_AES_BLOCK_SIZE, key, keySize, kLTC_EncryptKey); wolfSSL_CryptHwMutexUnLock(); } @@ -493,7 +494,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif /* Thread mutex protection handled in Pic32Crypto */ return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0, - outBlock, inBlock, AES_BLOCK_SIZE, + outBlock, inBlock, WC_AES_BLOCK_SIZE, PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB); } #endif @@ -511,7 +512,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif /* Thread mutex protection handled in Pic32Crypto */ return wc_Pic32AesCrypt(aes->key, aes->keylen, NULL, 0, - outBlock, inBlock, AES_BLOCK_SIZE, + outBlock, inBlock, WC_AES_BLOCK_SIZE, PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RECB); } #endif @@ -787,6 +788,26 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits } #endif /* HAVE_AES_DECRYPT */ +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + + #define NEED_AES_TABLES + + static int checkedCpuIdFlags = 0; + static word32 cpuid_flags = 0; + + static void Check_CPU_support_HwCrypto(Aes* aes) + { + if (checkedCpuIdFlags == 0) { + cpuid_flags = cpuid_get_flags(); + checkedCpuIdFlags = 1; + } + aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags); + #ifdef HAVE_AESGCM + aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags); + #endif + } + #elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) \ && !defined(WOLFSSL_QNX_CAAM)) || \ ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \ @@ -951,7 +972,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits return ret; } #endif - return AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE); + return AES_ECB_encrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE); } #endif @@ -966,7 +987,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits return ret; } #endif - return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE); + return AES_ECB_decrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE); } #endif @@ -2229,10 +2250,10 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) { word32 i; - for (i = 0; i < sz; i += AES_BLOCK_SIZE) { + for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { AesEncrypt_C(aes, in, out, aes->rounds >> 1); - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } } #endif @@ -2692,18 +2713,18 @@ static void bs_set_key(bs_word* rk, const byte* key, word32 keyLen, word32 rounds) { int i; - byte bs_key[15 * AES_BLOCK_SIZE]; - int ksSz = (rounds + 1) * AES_BLOCK_SIZE; + byte bs_key[15 * WC_AES_BLOCK_SIZE]; + int ksSz = (rounds + 1) * WC_AES_BLOCK_SIZE; bs_word block[AES_BLOCK_BITS]; /* Fist round. */ XMEMCPY(bs_key, key, keyLen); bs_expand_key(bs_key, ksSz); - for (i = 0; i < ksSz; i += AES_BLOCK_SIZE) { + for (i = 0; i < ksSz; i += WC_AES_BLOCK_SIZE) { int k; - XMEMCPY(block, bs_key + i, AES_BLOCK_SIZE); + XMEMCPY(block, bs_key + i, WC_AES_BLOCK_SIZE); for (k = BS_BLOCK_WORDS; k < AES_BLOCK_BITS; k += BS_BLOCK_WORDS) { int l; for (l = 0; l < BS_BLOCK_WORDS; l++) { @@ -2751,12 +2772,12 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, (void)r; - XMEMCPY(state, inBlock, AES_BLOCK_SIZE); - XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE); + XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE); + XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE); bs_encrypt(state, aes->bs_key, aes->rounds); - XMEMCPY(outBlock, state, AES_BLOCK_SIZE); + XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE); } #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ @@ -2838,13 +2859,13 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( printf("out = %p\n", outBlock); printf("aes->key = %p\n", aes->key); printf("aes->rounds = %d\n", aes->rounds); - printf("sz = %d\n", AES_BLOCK_SIZE); + printf("sz = %d\n", WC_AES_BLOCK_SIZE); #endif /* check alignment, decrypt doesn't need alignment */ if ((wc_ptr_t)inBlock % AESNI_ALIGN) { #ifndef NO_WOLFSSL_ALLOC_ALIGN - byte* tmp = (byte*)XMALLOC(AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap, + byte* tmp = (byte*)XMALLOC(WC_AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); byte* tmp_align; if (tmp == NULL) @@ -2852,10 +2873,10 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( tmp_align = tmp + (AESNI_ALIGN - ((wc_ptr_t)tmp % AESNI_ALIGN)); - XMEMCPY(tmp_align, inBlock, AES_BLOCK_SIZE); - AES_ECB_encrypt_AESNI(tmp_align, tmp_align, AES_BLOCK_SIZE, + XMEMCPY(tmp_align, inBlock, WC_AES_BLOCK_SIZE); + AES_ECB_encrypt_AESNI(tmp_align, tmp_align, WC_AES_BLOCK_SIZE, (byte*)aes->key, (int)aes->rounds); - XMEMCPY(outBlock, tmp_align, AES_BLOCK_SIZE); + XMEMCPY(outBlock, tmp_align, WC_AES_BLOCK_SIZE); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; #else @@ -2865,7 +2886,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( #endif } - AES_ECB_encrypt_AESNI(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key, + AES_ECB_encrypt_AESNI(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, (int)aes->rounds); return 0; @@ -2875,22 +2896,29 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( printf("Skipping AES-NI\n"); #endif } +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, + (int)aes->rounds); + return 0; + } #endif /* WOLFSSL_AESNI */ #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) - AES_ECB_encrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE); + AES_ECB_encrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE); return 0; #endif #if defined(WOLFSSL_IMXRT_DCP) if (aes->keylen == 16) { - DCPAesEcbEncrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE); + DCPAesEcbEncrypt(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE); return 0; } #endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) if (aes->useSWCrypt == 0) { - return se050_aes_crypt(aes, inBlock, outBlock, AES_BLOCK_SIZE, + return se050_aes_crypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE, AES_ENCRYPTION, kAlgorithm_SSS_AES_ECB); } #endif @@ -2913,7 +2941,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( #if defined(MAX3266X_AES) if (wc_AesGetKeySize(aes, &keySize) == 0) { return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key, - MXC_TPU_MODE_ECB, AES_BLOCK_SIZE, + MXC_TPU_MODE_ECB, WC_AES_BLOCK_SIZE, outBlock, (unsigned int)keySize); } #endif @@ -2923,7 +2951,7 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( #endif { ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock, - AES_BLOCK_SIZE); + WC_AES_BLOCK_SIZE); if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret_cb; /* fall-through when unavailable */ @@ -3223,10 +3251,10 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) { word32 i; - for (i = 0; i < sz; i += AES_BLOCK_SIZE) { + for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { AesDecrypt_C(aes, in, out, aes->rounds >> 1); - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } } #endif @@ -3532,12 +3560,12 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, (void)r; - XMEMCPY(state, inBlock, AES_BLOCK_SIZE); - XMEMSET(((byte*)state) + AES_BLOCK_SIZE, 0, sizeof(state) - AES_BLOCK_SIZE); + XMEMCPY(state, inBlock, WC_AES_BLOCK_SIZE); + XMEMSET(((byte*)state) + WC_AES_BLOCK_SIZE, 0, sizeof(state) - WC_AES_BLOCK_SIZE); bs_decrypt(state, aes->bs_key, aes->rounds); - XMEMCPY(outBlock, state, AES_BLOCK_SIZE); + XMEMCPY(outBlock, state, WC_AES_BLOCK_SIZE); } #endif @@ -3615,13 +3643,13 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( printf("out = %p\n", outBlock); printf("aes->key = %p\n", aes->key); printf("aes->rounds = %d\n", aes->rounds); - printf("sz = %d\n", AES_BLOCK_SIZE); + printf("sz = %d\n", WC_AES_BLOCK_SIZE); #endif /* if input and output same will overwrite input iv */ if ((const byte*)aes->tmp != inBlock) - XMEMCPY(aes->tmp, inBlock, AES_BLOCK_SIZE); - AES_ECB_decrypt_AESNI(inBlock, outBlock, AES_BLOCK_SIZE, (byte*)aes->key, + XMEMCPY(aes->tmp, inBlock, WC_AES_BLOCK_SIZE); + AES_ECB_decrypt_AESNI(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, (int)aes->rounds); return 0; } @@ -3630,19 +3658,26 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( printf("Skipping AES-NI\n"); #endif } +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, + (int)aes->rounds); + return 0; + } #endif /* WOLFSSL_AESNI */ #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) - return AES_ECB_decrypt(aes, inBlock, outBlock, AES_BLOCK_SIZE); + return AES_ECB_decrypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE); #endif #if defined(WOLFSSL_IMXRT_DCP) if (aes->keylen == 16) { - DCPAesEcbDecrypt(aes, outBlock, inBlock, AES_BLOCK_SIZE); + DCPAesEcbDecrypt(aes, outBlock, inBlock, WC_AES_BLOCK_SIZE); return 0; } #endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) if (aes->useSWCrypt == 0) { - return se050_aes_crypt(aes, inBlock, outBlock, AES_BLOCK_SIZE, + return se050_aes_crypt(aes, inBlock, outBlock, WC_AES_BLOCK_SIZE, AES_DECRYPTION, kAlgorithm_SSS_AES_ECB); } #endif @@ -3663,7 +3698,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #if defined(MAX3266X_AES) if (wc_AesGetKeySize(aes, &keySize) == 0) { return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key, - MXC_TPU_MODE_ECB, AES_BLOCK_SIZE, + MXC_TPU_MODE_ECB, WC_AES_BLOCK_SIZE, outBlock, (unsigned int)keySize); } #endif @@ -3674,7 +3709,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #endif { ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock, - AES_BLOCK_SIZE); + WC_AES_BLOCK_SIZE); if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret_cb; /* fall-through when unavailable */ @@ -3746,7 +3781,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( extern TX_BYTE_POOL mp_ncached; /* Non Cached memory pool */ #endif - #define AES_BUFFER_SIZE (AES_BLOCK_SIZE * 64) + #define AES_BUFFER_SIZE (WC_AES_BLOCK_SIZE * 64) static unsigned char *AESBuffIn = NULL; static unsigned char *AESBuffOut = NULL; static byte *secReg; @@ -3773,9 +3808,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( s2 = tx_byte_allocate(&mp_ncached, (void *)&AESBuffOut, AES_BUFFER_SIZE, TX_NO_WAIT); s3 = tx_byte_allocate(&mp_ncached, (void *)&secKey, - AES_BLOCK_SIZE*2, TX_NO_WAIT); + WC_AES_BLOCK_SIZE*2, TX_NO_WAIT); s4 = tx_byte_allocate(&mp_ncached, (void *)&secReg, - AES_BLOCK_SIZE, TX_NO_WAIT); + WC_AES_BLOCK_SIZE, TX_NO_WAIT); if (s1 || s2 || s3 || s4 || s5) return BAD_FUNC_ARG; @@ -3805,7 +3840,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) @@ -4103,9 +4138,9 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( ret = wc_AesSetIV(aes, iv); if (iv) - XMEMCPY(iv_aes, iv, AES_BLOCK_SIZE); + XMEMCPY(iv_aes, iv, WC_AES_BLOCK_SIZE); else - XMEMSET(iv_aes, 0, AES_BLOCK_SIZE); + XMEMSET(iv_aes, 0, WC_AES_BLOCK_SIZE); ret = SaSi_AesSetIv(&aes->ctx.user_ctx, iv_aes); @@ -4474,9 +4509,9 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) wc_FreeRng(&rng); if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); else - XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); + XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE); switch (keylen) { case AES_128_KEY_SIZE: keyType = CAAM_KEYTYPE_AES128; break; @@ -4580,6 +4615,14 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } #endif /* WOLFSSL_AESNI */ + #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + Check_CPU_support_HwCrypto(aes); + if (aes->use_aes_hw_crypto) { + return AES_set_key_AARCH64(userKey, keylen, aes, dir); + } + #endif + #ifdef WOLFSSL_KCAPI_AES XMEMCPY(aes->devKey, userKey, keylen); if (aes->init != 0) { @@ -4662,8 +4705,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } #endif - ret = wc_AesSetIV(aes, iv); - #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; @@ -4743,9 +4784,9 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #endif if (iv) - XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); else - XMEMSET(aes->reg, 0, AES_BLOCK_SIZE); + XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) @@ -4875,10 +4916,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret = 0; CRYP_HandleTypeDef hcryp; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -4896,7 +4937,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_CBC; - ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); + ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE); #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; @@ -4906,14 +4947,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in, - blocks * AES_BLOCK_SIZE, + blocks * WC_AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -4921,7 +4962,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); HAL_CRYP_DeInit(&hcryp); @@ -4935,10 +4976,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int ret = 0; CRYP_HandleTypeDef hcryp; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -4955,11 +4996,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* if input and output same will overwrite input iv */ - XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_CBC; - ByteReverseWords(aes->reg, aes->reg, AES_BLOCK_SIZE); + ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE); #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_KEYDERIVATION_DECRYPT; hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_CBC; @@ -4970,14 +5011,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #else ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in, - blocks * AES_BLOCK_SIZE, + blocks * WC_AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -4985,7 +5026,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); HAL_CRYP_DeInit(&hcryp); wolfSSL_CryptHwMutexUnLock(); @@ -5003,10 +5044,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) CRYP_InitTypeDef cryptInit; CRYP_KeyInitTypeDef keyInit; CRYP_IVInitTypeDef ivInit; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5031,7 +5072,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* set iv */ iv = aes->reg; CRYP_IVStructInit(&ivInit); - ByteReverseWords(iv, iv, AES_BLOCK_SIZE); + ByteReverseWords(iv, iv, WC_AES_BLOCK_SIZE); ivInit.CRYP_IV0Left = iv[0]; ivInit.CRYP_IV0Right = iv[1]; ivInit.CRYP_IV1Left = iv[2]; @@ -5064,11 +5105,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) *(uint32_t*)&out[12] = CRYP_DataOut(); /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); - sz -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } /* disable crypto processor */ @@ -5087,10 +5128,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) CRYP_InitTypeDef cryptInit; CRYP_KeyInitTypeDef keyInit; CRYP_IVInitTypeDef ivInit; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5107,7 +5148,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* if input and output same will overwrite input iv */ - XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); /* reset registers to their default values */ CRYP_DeInit(); @@ -5132,7 +5173,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) /* set iv */ iv = aes->reg; CRYP_IVStructInit(&ivInit); - ByteReverseWords(iv, iv, AES_BLOCK_SIZE); + ByteReverseWords(iv, iv, WC_AES_BLOCK_SIZE); ivInit.CRYP_IV0Left = iv[0]; ivInit.CRYP_IV0Right = iv[1]; ivInit.CRYP_IV1Left = iv[2]; @@ -5160,10 +5201,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) *(uint32_t*)&out[12] = CRYP_DataOut(); /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } /* disable crypto processor */ @@ -5191,7 +5232,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return BAD_FUNC_ARG; /*wrong pointer*/ #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5202,7 +5243,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) secDesc->length1 = 0x0; secDesc->pointer1 = NULL; - secDesc->length2 = AES_BLOCK_SIZE; + secDesc->length2 = WC_AES_BLOCK_SIZE; secDesc->pointer2 = (byte *)secReg; /* Initial Vector */ switch(aes->rounds) { @@ -5226,7 +5267,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #endif while (sz) { secDesc->header = descHeader; - XMEMCPY(secReg, aes->reg, AES_BLOCK_SIZE); + XMEMCPY(secReg, aes->reg, WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS sz -= AES_BUFFER_SIZE; #else @@ -5244,8 +5285,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMCPY(AESBuffIn, pi, size); if(descHeader == SEC_DESC_AES_CBC_DECRYPT) { - XMEMCPY((void*)aes->tmp, (void*)&(pi[size-AES_BLOCK_SIZE]), - AES_BLOCK_SIZE); + XMEMCPY((void*)aes->tmp, (void*)&(pi[size-WC_AES_BLOCK_SIZE]), + WC_AES_BLOCK_SIZE); } /* Point SEC to the location of the descriptor */ @@ -5270,10 +5311,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMCPY(po, AESBuffOut, size); if (descHeader == SEC_DESC_AES_CBC_ENCRYPT) { - XMEMCPY((void*)aes->reg, (void*)&(po[size-AES_BLOCK_SIZE]), - AES_BLOCK_SIZE); + XMEMCPY((void*)aes->reg, (void*)&(po[size-WC_AES_BLOCK_SIZE]), + WC_AES_BLOCK_SIZE); } else { - XMEMCPY((void*)aes->reg, (void*)aes->tmp, AES_BLOCK_SIZE); + XMEMCPY((void*)aes->reg, (void*)aes->tmp, WC_AES_BLOCK_SIZE); } pi += size; @@ -5302,10 +5343,10 @@ int wc_AesSetIV(Aes* aes, const byte* iv) word32 keySize; status_t status; byte *iv, *enc_key; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5323,13 +5364,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv) status = wolfSSL_CryptHwMutexLock(); if (status != 0) return status; - status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE, + status = LTC_AES_EncryptCbc(LTC_BASE, in, out, blocks * WC_AES_BLOCK_SIZE, iv, enc_key, keySize); wolfSSL_CryptHwMutexUnLock(); /* store iv for next call */ if (status == kStatus_Success) { - XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); } return (status == kStatus_Success) ? 0 : -1; @@ -5341,11 +5382,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) word32 keySize; status_t status; byte* iv, *dec_key; - byte temp_block[AES_BLOCK_SIZE]; - word32 blocks = (sz / AES_BLOCK_SIZE); + byte temp_block[WC_AES_BLOCK_SIZE]; + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5361,18 +5402,18 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* get IV for next call */ - XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); status = wolfSSL_CryptHwMutexLock(); if (status != 0) return status; - status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * AES_BLOCK_SIZE, + status = LTC_AES_DecryptCbc(LTC_BASE, in, out, blocks * WC_AES_BLOCK_SIZE, iv, dec_key, keySize, kLTC_EncryptKey); wolfSSL_CryptHwMutexUnLock(); /* store IV for next call */ if (status == kStatus_Success) { - XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE); } return (status == kStatus_Success) ? 0 : -1; @@ -5384,12 +5425,12 @@ int wc_AesSetIV(Aes* aes, const byte* iv) { int offset = 0; byte *iv; - byte temp_block[AES_BLOCK_SIZE]; - word32 blocks = (sz / AES_BLOCK_SIZE); + byte temp_block[WC_AES_BLOCK_SIZE]; + word32 blocks = (sz / WC_AES_BLOCK_SIZE); int ret; #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5399,19 +5440,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv) iv = (byte*)aes->reg; while (blocks--) { - XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE); /* XOR block with IV for CBC */ - xorbuf(temp_block, iv, AES_BLOCK_SIZE); + xorbuf(temp_block, iv, WC_AES_BLOCK_SIZE); ret = wc_AesEncrypt(aes, temp_block, out + offset); if (ret != 0) return ret; - offset += AES_BLOCK_SIZE; + offset += WC_AES_BLOCK_SIZE; /* store IV for next block */ - XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(iv, out + offset - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); } return 0; @@ -5422,11 +5463,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int ret; int offset = 0; byte* iv; - byte temp_block[AES_BLOCK_SIZE]; - word32 blocks = (sz / AES_BLOCK_SIZE); + byte temp_block[WC_AES_BLOCK_SIZE]; + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { return BAD_LENGTH_E; } #endif @@ -5436,19 +5477,19 @@ int wc_AesSetIV(Aes* aes, const byte* iv) iv = (byte*)aes->reg; while (blocks--) { - XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE); ret = wc_AesDecrypt(aes, in + offset, out + offset); if (ret != 0) return ret; /* XOR block with IV for CBC */ - xorbuf(out + offset, iv, AES_BLOCK_SIZE); + xorbuf(out + offset, iv, WC_AES_BLOCK_SIZE); /* store IV for next block */ - XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE); - offset += AES_BLOCK_SIZE; + offset += WC_AES_BLOCK_SIZE; } return 0; @@ -5467,7 +5508,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* Always enforce a length check */ - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS return BAD_LENGTH_E; #else @@ -5489,7 +5530,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) (unsigned int)keySize); /* store iv for next call */ if (status == 0) { - XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); } return (status == 0) ? 0 : -1; } @@ -5500,14 +5541,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) word32 keySize; int status; byte *iv; - byte temp_block[AES_BLOCK_SIZE]; + byte temp_block[WC_AES_BLOCK_SIZE]; if ((in == NULL) || (out == NULL) || (aes == NULL)) { return BAD_FUNC_ARG; } /* Always enforce a length check */ - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS return BAD_LENGTH_E; #else @@ -5525,14 +5566,14 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } /* get IV for next call */ - XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(temp_block, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key, MXC_TPU_MODE_CBC, sz, out, keySize); /* store iv for next call */ if (status == 0) { - XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE); } return (status == 0) ? 0 : -1; } @@ -5550,7 +5591,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) return 0; /* hardware fails on input that is not a multiple of AES block size */ - if (sz % AES_BLOCK_SIZE != 0) { + if (sz % WC_AES_BLOCK_SIZE != 0) { #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS return BAD_LENGTH_E; #else @@ -5559,13 +5600,13 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } ret = wc_Pic32AesCrypt( - aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE, + aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC); /* store iv for next call */ if (ret == 0) { - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); } return ret; @@ -5574,29 +5615,29 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret; - byte scratch[AES_BLOCK_SIZE]; + byte scratch[WC_AES_BLOCK_SIZE]; if (sz == 0) return 0; /* hardware fails on input that is not a multiple of AES block size */ - if (sz % AES_BLOCK_SIZE != 0) { + if (sz % WC_AES_BLOCK_SIZE != 0) { #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS return BAD_LENGTH_E; #else return BAD_FUNC_ARG; #endif } - XMEMCPY(scratch, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(scratch, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); ret = wc_Pic32AesCrypt( - aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE, + aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCBC); /* store iv for next call */ if (ret == 0) { - XMEMCPY((byte*)aes->reg, scratch, AES_BLOCK_SIZE); + XMEMCPY((byte*)aes->reg, scratch, WC_AES_BLOCK_SIZE); } return ret; @@ -5661,9 +5702,9 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return 0; } - blocks = sz / AES_BLOCK_SIZE; + blocks = sz / WC_AES_BLOCK_SIZE; #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS - if (sz % AES_BLOCK_SIZE) { + if (sz % WC_AES_BLOCK_SIZE) { WOLFSSL_ERROR_VERBOSE(BAD_LENGTH_E); return BAD_LENGTH_E; } @@ -5695,7 +5736,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #elif defined(HAVE_INTEL_QA) return IntelQaSymAesCbcEncrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, - (byte*)aes->reg, AES_BLOCK_SIZE); + (byte*)aes->reg, WC_AES_BLOCK_SIZE); #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_ENCRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; @@ -5745,7 +5786,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* check alignment, decrypt doesn't need alignment */ if ((wc_ptr_t)in % AESNI_ALIGN) { #ifndef NO_WOLFSSL_ALLOC_ALIGN - byte* tmp = (byte*)XMALLOC(sz + AES_BLOCK_SIZE + AESNI_ALIGN, + byte* tmp = (byte*)XMALLOC(sz + WC_AES_BLOCK_SIZE + AESNI_ALIGN, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); byte* tmp_align; if (tmp == NULL) @@ -5756,7 +5797,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) AES_CBC_encrypt_AESNI(tmp_align, tmp_align, (byte*)aes->reg, sz, (byte*)aes->key, (int)aes->rounds); /* store iv for next call */ - XMEMCPY(aes->reg, tmp_align + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, tmp_align + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); XMEMCPY(out, tmp_align, sz); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -5771,24 +5812,32 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) AES_CBC_encrypt_AESNI(in, out, (byte*)aes->reg, sz, (byte*)aes->key, (int)aes->rounds); /* store iv for next call */ - XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); ret = 0; } } else + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (int)aes->rounds); + ret = 0; + } + else #endif { ret = 0; while (blocks--) { - xorbuf((byte*)aes->reg, in, AES_BLOCK_SIZE); + xorbuf((byte*)aes->reg, in, WC_AES_BLOCK_SIZE); ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg); if (ret != 0) break; - XMEMCPY(out, aes->reg, AES_BLOCK_SIZE); + XMEMCPY(out, aes->reg, WC_AES_BLOCK_SIZE); - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; } } @@ -5829,8 +5878,8 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } #endif - blocks = sz / AES_BLOCK_SIZE; - if (sz % AES_BLOCK_SIZE) { + blocks = sz / WC_AES_BLOCK_SIZE; + if (sz % WC_AES_BLOCK_SIZE) { #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS return BAD_LENGTH_E; #else @@ -5864,7 +5913,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #elif defined(HAVE_INTEL_QA) return IntelQaSymAesCbcDecrypt(&aes->asyncDev, out, in, sz, (const byte*)aes->devKey, aes->keylen, - (byte*)aes->reg, AES_BLOCK_SIZE); + (byte*)aes->reg, WC_AES_BLOCK_SIZE); #elif defined(WOLFSSL_ASYNC_CRYPT_SW) if (wc_AsyncSwInit(&aes->asyncDev, ASYNC_SW_AES_CBC_DECRYPT)) { WC_ASYNC_SW* sw = &aes->asyncDev.sw; @@ -5901,7 +5950,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif /* if input and output same will overwrite input iv */ - XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); #if defined(WOLFSSL_AESNI_BY4) || defined(WOLFSSL_X86_BUILD) AES_CBC_decrypt_AESNI_by4(in, out, (byte*)aes->reg, sz, (byte*)aes->key, aes->rounds); @@ -5913,7 +5962,15 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) (int)aes->rounds); #endif /* WOLFSSL_AESNI_BYx */ /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); + ret = 0; + } + else + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (int)aes->rounds); ret = 0; } else @@ -5922,76 +5979,76 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) ret = 0; #ifdef WC_AES_BITSLICED if (in != out) { - unsigned char dec[AES_BLOCK_SIZE * BS_WORD_SIZE]; + unsigned char dec[WC_AES_BLOCK_SIZE * BS_WORD_SIZE]; while (blocks > BS_WORD_SIZE) { - AesDecryptBlocks_C(aes, in, dec, AES_BLOCK_SIZE * BS_WORD_SIZE); - xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE); - xorbufout(out + AES_BLOCK_SIZE, dec + AES_BLOCK_SIZE, in, - AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)); - XMEMCPY(aes->reg, in + (AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)), - AES_BLOCK_SIZE); - in += AES_BLOCK_SIZE * BS_WORD_SIZE; - out += AES_BLOCK_SIZE * BS_WORD_SIZE; + AesDecryptBlocks_C(aes, in, dec, WC_AES_BLOCK_SIZE * BS_WORD_SIZE); + xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE); + xorbufout(out + WC_AES_BLOCK_SIZE, dec + WC_AES_BLOCK_SIZE, in, + WC_AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)); + XMEMCPY(aes->reg, in + (WC_AES_BLOCK_SIZE * (BS_WORD_SIZE - 1)), + WC_AES_BLOCK_SIZE); + in += WC_AES_BLOCK_SIZE * BS_WORD_SIZE; + out += WC_AES_BLOCK_SIZE * BS_WORD_SIZE; blocks -= BS_WORD_SIZE; } if (blocks > 0) { - AesDecryptBlocks_C(aes, in, dec, blocks * AES_BLOCK_SIZE); - xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE); - xorbufout(out + AES_BLOCK_SIZE, dec + AES_BLOCK_SIZE, in, - AES_BLOCK_SIZE * (blocks - 1)); - XMEMCPY(aes->reg, in + (AES_BLOCK_SIZE * (blocks - 1)), - AES_BLOCK_SIZE); + AesDecryptBlocks_C(aes, in, dec, blocks * WC_AES_BLOCK_SIZE); + xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE); + xorbufout(out + WC_AES_BLOCK_SIZE, dec + WC_AES_BLOCK_SIZE, in, + WC_AES_BLOCK_SIZE * (blocks - 1)); + XMEMCPY(aes->reg, in + (WC_AES_BLOCK_SIZE * (blocks - 1)), + WC_AES_BLOCK_SIZE); blocks = 0; } } else { - unsigned char dec[AES_BLOCK_SIZE * BS_WORD_SIZE]; + unsigned char dec[WC_AES_BLOCK_SIZE * BS_WORD_SIZE]; int i; while (blocks > BS_WORD_SIZE) { - AesDecryptBlocks_C(aes, in, dec, AES_BLOCK_SIZE * BS_WORD_SIZE); - XMEMCPY(aes->tmp, in + (BS_WORD_SIZE - 1) * AES_BLOCK_SIZE, - AES_BLOCK_SIZE); + AesDecryptBlocks_C(aes, in, dec, WC_AES_BLOCK_SIZE * BS_WORD_SIZE); + XMEMCPY(aes->tmp, in + (BS_WORD_SIZE - 1) * WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE); for (i = BS_WORD_SIZE-1; i >= 1; i--) { - xorbufout(out + i * AES_BLOCK_SIZE, - dec + i * AES_BLOCK_SIZE, in + (i - 1) * AES_BLOCK_SIZE, - AES_BLOCK_SIZE); + xorbufout(out + i * WC_AES_BLOCK_SIZE, + dec + i * WC_AES_BLOCK_SIZE, in + (i - 1) * WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE); } - xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE); - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); - in += AES_BLOCK_SIZE * BS_WORD_SIZE; - out += AES_BLOCK_SIZE * BS_WORD_SIZE; + in += WC_AES_BLOCK_SIZE * BS_WORD_SIZE; + out += WC_AES_BLOCK_SIZE * BS_WORD_SIZE; blocks -= BS_WORD_SIZE; } if (blocks > 0) { - AesDecryptBlocks_C(aes, in, dec, blocks * AES_BLOCK_SIZE); - XMEMCPY(aes->tmp, in + (blocks - 1) * AES_BLOCK_SIZE, - AES_BLOCK_SIZE); + AesDecryptBlocks_C(aes, in, dec, blocks * WC_AES_BLOCK_SIZE); + XMEMCPY(aes->tmp, in + (blocks - 1) * WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE); for (i = blocks-1; i >= 1; i--) { - xorbufout(out + i * AES_BLOCK_SIZE, - dec + i * AES_BLOCK_SIZE, in + (i - 1) * AES_BLOCK_SIZE, - AES_BLOCK_SIZE); + xorbufout(out + i * WC_AES_BLOCK_SIZE, + dec + i * WC_AES_BLOCK_SIZE, in + (i - 1) * WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE); } - xorbufout(out, dec, aes->reg, AES_BLOCK_SIZE); - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + xorbufout(out, dec, aes->reg, WC_AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); blocks = 0; } } #else while (blocks--) { - XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE); + XMEMCPY(aes->tmp, in, WC_AES_BLOCK_SIZE); ret = wc_AesDecrypt(aes, in, out); if (ret != 0) return ret; - xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE); + xorbuf(out, (byte*)aes->reg, WC_AES_BLOCK_SIZE); /* store iv for next call */ - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; } #endif } @@ -6018,7 +6075,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #ifdef WOLFSSL_STM32_CUBEMX CRYP_HandleTypeDef hcryp; #ifdef STM32_HAL_V2 - word32 iv[AES_BLOCK_SIZE/sizeof(word32)]; + word32 iv[WC_AES_BLOCK_SIZE/sizeof(word32)]; #endif #else word32 *iv; @@ -6040,7 +6097,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_CTR; - ByteReverseWords(iv, aes->reg, AES_BLOCK_SIZE); + ByteReverseWords(iv, aes->reg, WC_AES_BLOCK_SIZE); hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)iv; #elif defined(STM32_CRYPTO_AES_ONLY) hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; @@ -6053,13 +6110,13 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) HAL_CRYP_Init(&hcryp); #if defined(STM32_HAL_V2) - ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, AES_BLOCK_SIZE, + ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, WC_AES_BLOCK_SIZE, (uint32_t*)out, STM32_HAL_TIMEOUT); #elif defined(STM32_CRYPTO_AES_ONLY) - ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, AES_BLOCK_SIZE, + ret = HAL_CRYPEx_AES(&hcryp, (byte*)in, WC_AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #else - ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, AES_BLOCK_SIZE, + ret = HAL_CRYP_AESCTR_Encrypt(&hcryp, (byte*)in, WC_AES_BLOCK_SIZE, out, STM32_HAL_TIMEOUT); #endif if (ret != HAL_OK) { @@ -6134,11 +6191,11 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int wc_AesCtrEncryptBlock(Aes* aes, byte* out, const byte* in) { - word32 tmpIv[AES_BLOCK_SIZE / sizeof(word32)]; - XMEMCPY(tmpIv, aes->reg, AES_BLOCK_SIZE); + word32 tmpIv[WC_AES_BLOCK_SIZE / sizeof(word32)]; + XMEMCPY(tmpIv, aes->reg, WC_AES_BLOCK_SIZE); return wc_Pic32AesCrypt( - aes->key, aes->keylen, tmpIv, AES_BLOCK_SIZE, - out, in, AES_BLOCK_SIZE, + aes->key, aes->keylen, tmpIv, WC_AES_BLOCK_SIZE, + out, in, WC_AES_BLOCK_SIZE, PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_RCTR); } @@ -6158,7 +6215,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } /* consume any unused bytes left in aes->tmp */ - tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; + tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left; while (aes->left && sz) { *(out++) = *(in++) ^ *(tmp++); aes->left--; @@ -6215,7 +6272,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { /* in network byte order so start at end and work back */ int i; - for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { + for (i = WC_AES_BLOCK_SIZE - 1; i >= 0; i--) { if (++inOutCtr[i]) /* we're done unless we overflow */ return; } @@ -6224,7 +6281,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* Software AES - CTR Encrypt */ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - byte scratch[AES_BLOCK_SIZE]; + byte scratch[WC_AES_BLOCK_SIZE]; int ret = 0; word32 processed; @@ -6248,61 +6305,69 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* consume any unused bytes left in aes->tmp */ processed = min(aes->left, sz); - xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, + xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, processed); out += processed; in += processed; aes->left -= processed; sz -= processed; + #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_CTR_encrypt_AARCH64(aes, out, in, sz); + return 0; + } + #endif + VECTOR_REGISTERS_PUSH; #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ !defined(XTRANSFORM_AESCTRBLOCK) - if (in != out && sz >= AES_BLOCK_SIZE) { - word32 blocks = sz / AES_BLOCK_SIZE; + if (in != out && sz >= WC_AES_BLOCK_SIZE) { + word32 blocks = sz / WC_AES_BLOCK_SIZE; byte* counter = (byte*)aes->reg; byte* c = out; while (blocks--) { - XMEMCPY(c, counter, AES_BLOCK_SIZE); - c += AES_BLOCK_SIZE; + XMEMCPY(c, counter, WC_AES_BLOCK_SIZE); + c += WC_AES_BLOCK_SIZE; IncrementAesCounter(counter); } /* reset number of blocks and then do encryption */ - blocks = sz / AES_BLOCK_SIZE; - wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); - xorbuf(out, in, AES_BLOCK_SIZE * blocks); - in += AES_BLOCK_SIZE * blocks; - out += AES_BLOCK_SIZE * blocks; - sz -= blocks * AES_BLOCK_SIZE; + blocks = sz / WC_AES_BLOCK_SIZE; + wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks); + xorbuf(out, in, WC_AES_BLOCK_SIZE * blocks); + in += WC_AES_BLOCK_SIZE * blocks; + out += WC_AES_BLOCK_SIZE * blocks; + sz -= blocks * WC_AES_BLOCK_SIZE; } else #endif { #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("wc_AesCtrEncrypt scratch", scratch, - AES_BLOCK_SIZE); + WC_AES_BLOCK_SIZE); #endif /* do as many block size ops as possible */ - while (sz >= AES_BLOCK_SIZE) { + while (sz >= WC_AES_BLOCK_SIZE) { #ifdef XTRANSFORM_AESCTRBLOCK XTRANSFORM_AESCTRBLOCK(aes, out, in); #else ret = wc_AesEncrypt(aes, (byte*)aes->reg, scratch); if (ret != 0) break; - xorbuf(scratch, in, AES_BLOCK_SIZE); - XMEMCPY(out, scratch, AES_BLOCK_SIZE); + xorbuf(scratch, in, WC_AES_BLOCK_SIZE); + XMEMCPY(out, scratch, WC_AES_BLOCK_SIZE); #endif IncrementAesCounter((byte*)aes->reg); - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; aes->left = 0; } - ForceZero(scratch, AES_BLOCK_SIZE); + ForceZero(scratch, WC_AES_BLOCK_SIZE); } /* handle non block size remaining and store unused byte count in left */ @@ -6310,16 +6375,16 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); if (ret == 0) { IncrementAesCounter((byte*)aes->reg); - aes->left = AES_BLOCK_SIZE - sz; + aes->left = WC_AES_BLOCK_SIZE - sz; xorbufout(out, in, aes->tmp, sz); } } if (ret < 0) - ForceZero(scratch, AES_BLOCK_SIZE); + ForceZero(scratch, WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(scratch, AES_BLOCK_SIZE); + wc_MemZero_Check(scratch, WC_AES_BLOCK_SIZE); #endif VECTOR_REGISTERS_POP; @@ -6343,7 +6408,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif /* NEED_AES_CTR_SOFT */ #endif /* WOLFSSL_AES_COUNTER */ -#endif /* !WOLFSSL_ARMASM && ! WOLFSSL_RISCV_ASM */ +#endif /* !WOLFSSL_RISCV_ASM */ /* @@ -6374,15 +6439,15 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #ifdef WOLFSSL_AESGCM_STREAM /* Access initialization counter data. */ - #define AES_INITCTR(aes) ((aes)->streamData + 0 * AES_BLOCK_SIZE) + #define AES_INITCTR(aes) ((aes)->streamData + 0 * WC_AES_BLOCK_SIZE) /* Access counter data. */ - #define AES_COUNTER(aes) ((aes)->streamData + 1 * AES_BLOCK_SIZE) + #define AES_COUNTER(aes) ((aes)->streamData + 1 * WC_AES_BLOCK_SIZE) /* Access tag data. */ - #define AES_TAG(aes) ((aes)->streamData + 2 * AES_BLOCK_SIZE) + #define AES_TAG(aes) ((aes)->streamData + 2 * WC_AES_BLOCK_SIZE) /* Access last GHASH block. */ - #define AES_LASTGBLOCK(aes) ((aes)->streamData + 3 * AES_BLOCK_SIZE) + #define AES_LASTGBLOCK(aes) ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE) /* Access last encrypted block. */ - #define AES_LASTBLOCK(aes) ((aes)->streamData + 4 * AES_BLOCK_SIZE) + #define AES_LASTBLOCK(aes) ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE) #endif #if defined(HAVE_COLDFIRE_SEC) @@ -6390,8 +6455,8 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #endif -#ifdef WOLFSSL_ARMASM - /* implementation is located in wolfcrypt/src/port/arm/armv8-aes.c */ +#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) + /* implemented in wolfcrypt/src/port/arm/rmv8-aes.c */ #elif defined(WOLFSSL_RISCV_ASM) /* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ @@ -6413,7 +6478,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr) int i; /* in network byte order so start at end and work back */ - for (i = AES_BLOCK_SIZE - 1; i >= AES_BLOCK_SIZE - CTR_SZ; i--) { + for (i = WC_AES_BLOCK_SIZE - 1; i >= WC_AES_BLOCK_SIZE - CTR_SZ; i--) { if (++inOutCtr[i]) /* we're done unless we overflow */ return; } @@ -6444,9 +6509,9 @@ static WC_INLINE void RIGHTSHIFTX(byte* x) { int i; int carryIn = 0; - byte borrow = (0x00 - (x[15] & 0x01)) & 0xE1; + byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U); - for (i = 0; i < AES_BLOCK_SIZE; i++) { + for (i = 0; i < WC_AES_BLOCK_SIZE; i++) { int carryOut = (x[i] & 0x01) << 7; x[i] = (byte) ((x[i] >> 1) | carryIn); carryIn = carryOut; @@ -6462,23 +6527,23 @@ static WC_INLINE void RIGHTSHIFTX(byte* x) void GenerateM0(Gcm* gcm) { int i, j; - byte (*m)[AES_BLOCK_SIZE] = gcm->M0; + byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0; - XMEMCPY(m[128], gcm->H, AES_BLOCK_SIZE); + XMEMCPY(m[128], gcm->H, WC_AES_BLOCK_SIZE); for (i = 64; i > 0; i /= 2) { - XMEMCPY(m[i], m[i*2], AES_BLOCK_SIZE); + XMEMCPY(m[i], m[i*2], WC_AES_BLOCK_SIZE); RIGHTSHIFTX(m[i]); } for (i = 2; i < 256; i *= 2) { for (j = 1; j < i; j++) { - XMEMCPY(m[i+j], m[i], AES_BLOCK_SIZE); - xorbuf(m[i+j], m[j], AES_BLOCK_SIZE); + XMEMCPY(m[i+j], m[i], WC_AES_BLOCK_SIZE); + xorbuf(m[i+j], m[j], WC_AES_BLOCK_SIZE); } } - XMEMSET(m[0], 0, AES_BLOCK_SIZE); + XMEMSET(m[0], 0, WC_AES_BLOCK_SIZE); } #elif defined(GCM_TABLE_4BIT) @@ -6498,49 +6563,49 @@ void GenerateM0(Gcm* gcm) #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) int i; #endif - byte (*m)[AES_BLOCK_SIZE] = gcm->M0; + byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0; /* 0 times -> 0x0 */ - XMEMSET(m[0x0], 0, AES_BLOCK_SIZE); + XMEMSET(m[0x0], 0, WC_AES_BLOCK_SIZE); /* 1 times -> 0x8 */ - XMEMCPY(m[0x8], gcm->H, AES_BLOCK_SIZE); + XMEMCPY(m[0x8], gcm->H, WC_AES_BLOCK_SIZE); /* 2 times -> 0x4 */ - XMEMCPY(m[0x4], m[0x8], AES_BLOCK_SIZE); + XMEMCPY(m[0x4], m[0x8], WC_AES_BLOCK_SIZE); RIGHTSHIFTX(m[0x4]); /* 4 times -> 0x2 */ - XMEMCPY(m[0x2], m[0x4], AES_BLOCK_SIZE); + XMEMCPY(m[0x2], m[0x4], WC_AES_BLOCK_SIZE); RIGHTSHIFTX(m[0x2]); /* 8 times -> 0x1 */ - XMEMCPY(m[0x1], m[0x2], AES_BLOCK_SIZE); + XMEMCPY(m[0x1], m[0x2], WC_AES_BLOCK_SIZE); RIGHTSHIFTX(m[0x1]); /* 0x3 */ - XMEMCPY(m[0x3], m[0x2], AES_BLOCK_SIZE); - xorbuf (m[0x3], m[0x1], AES_BLOCK_SIZE); + XMEMCPY(m[0x3], m[0x2], WC_AES_BLOCK_SIZE); + xorbuf (m[0x3], m[0x1], WC_AES_BLOCK_SIZE); /* 0x5 -> 0x7 */ - XMEMCPY(m[0x5], m[0x4], AES_BLOCK_SIZE); - xorbuf (m[0x5], m[0x1], AES_BLOCK_SIZE); - XMEMCPY(m[0x6], m[0x4], AES_BLOCK_SIZE); - xorbuf (m[0x6], m[0x2], AES_BLOCK_SIZE); - XMEMCPY(m[0x7], m[0x4], AES_BLOCK_SIZE); - xorbuf (m[0x7], m[0x3], AES_BLOCK_SIZE); + XMEMCPY(m[0x5], m[0x4], WC_AES_BLOCK_SIZE); + xorbuf (m[0x5], m[0x1], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0x6], m[0x4], WC_AES_BLOCK_SIZE); + xorbuf (m[0x6], m[0x2], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0x7], m[0x4], WC_AES_BLOCK_SIZE); + xorbuf (m[0x7], m[0x3], WC_AES_BLOCK_SIZE); /* 0x9 -> 0xf */ - XMEMCPY(m[0x9], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0x9], m[0x1], AES_BLOCK_SIZE); - XMEMCPY(m[0xa], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0xa], m[0x2], AES_BLOCK_SIZE); - XMEMCPY(m[0xb], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0xb], m[0x3], AES_BLOCK_SIZE); - XMEMCPY(m[0xc], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0xc], m[0x4], AES_BLOCK_SIZE); - XMEMCPY(m[0xd], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0xd], m[0x5], AES_BLOCK_SIZE); - XMEMCPY(m[0xe], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0xe], m[0x6], AES_BLOCK_SIZE); - XMEMCPY(m[0xf], m[0x8], AES_BLOCK_SIZE); - xorbuf (m[0xf], m[0x7], AES_BLOCK_SIZE); + XMEMCPY(m[0x9], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0x9], m[0x1], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0xa], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0xa], m[0x2], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0xb], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0xb], m[0x3], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0xc], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0xc], m[0x4], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0xd], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0xd], m[0x5], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0xe], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0xe], m[0x6], WC_AES_BLOCK_SIZE); + XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE); + xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE); #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) for (i = 0; i < 16; i++) { @@ -6555,7 +6620,7 @@ void GenerateM0(Gcm* gcm) int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) { int ret; - byte iv[AES_BLOCK_SIZE]; + byte iv[WC_AES_BLOCK_SIZE]; #ifdef WOLFSSL_IMX6_CAAM_BLOB byte local[32]; @@ -6587,7 +6652,7 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH)); aes->gcm.aadLen = 0; #endif - XMEMSET(iv, 0, AES_BLOCK_SIZE); + XMEMSET(iv, 0, WC_AES_BLOCK_SIZE); ret = wc_AesSetKey(aes, key, len, iv, AES_ENCRYPTION); #ifdef WOLFSSL_AESGCM_STREAM aes->gcmKeySet = 1; @@ -6603,6 +6668,13 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) return ret; #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (ret == 0 && aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + AES_GCM_set_key_AARCH64(aes, iv); + } + else +#endif #if !defined(FREESCALE_LTC_AES_GCM) if (ret == 0) { VECTOR_REGISTERS_PUSH; @@ -6698,34 +6770,34 @@ void AES_GCM_decrypt_avx2(const unsigned char *in, unsigned char *out, #if defined(GCM_SMALL) static void GMULT(byte* X, byte* Y) { - byte Z[AES_BLOCK_SIZE]; - byte V[AES_BLOCK_SIZE]; + byte Z[WC_AES_BLOCK_SIZE]; + byte V[WC_AES_BLOCK_SIZE]; int i, j; - XMEMSET(Z, 0, AES_BLOCK_SIZE); - XMEMCPY(V, X, AES_BLOCK_SIZE); - for (i = 0; i < AES_BLOCK_SIZE; i++) + XMEMSET(Z, 0, WC_AES_BLOCK_SIZE); + XMEMCPY(V, X, WC_AES_BLOCK_SIZE); + for (i = 0; i < WC_AES_BLOCK_SIZE; i++) { byte y = Y[i]; for (j = 0; j < 8; j++) { if (y & 0x80) { - xorbuf(Z, V, AES_BLOCK_SIZE); + xorbuf(Z, V, WC_AES_BLOCK_SIZE); } RIGHTSHIFTX(V); y = y << 1; } } - XMEMCPY(X, Z, AES_BLOCK_SIZE); + XMEMCPY(X, Z, WC_AES_BLOCK_SIZE); } void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, byte* s, word32 sSz) { - byte x[AES_BLOCK_SIZE]; - byte scratch[AES_BLOCK_SIZE]; + byte x[WC_AES_BLOCK_SIZE]; + byte scratch[WC_AES_BLOCK_SIZE]; word32 blocks, partial; byte* h; @@ -6734,38 +6806,38 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, } h = gcm->H; - XMEMSET(x, 0, AES_BLOCK_SIZE); + XMEMSET(x, 0, WC_AES_BLOCK_SIZE); /* Hash in A, the Additional Authentication Data */ if (aSz != 0 && a != NULL) { - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; while (blocks--) { - xorbuf(x, a, AES_BLOCK_SIZE); + xorbuf(x, a, WC_AES_BLOCK_SIZE); GMULT(x, h); - a += AES_BLOCK_SIZE; + a += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); XMEMCPY(scratch, a, partial); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, h); } } /* Hash in C, the Ciphertext */ if (cSz != 0 && c != NULL) { - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; while (blocks--) { - xorbuf(x, c, AES_BLOCK_SIZE); + xorbuf(x, c, WC_AES_BLOCK_SIZE); GMULT(x, h); - c += AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); XMEMCPY(scratch, c, partial); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, h); } } @@ -6773,7 +6845,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, /* Hash in the lengths of A and C in bits */ FlattenSzInBits(&scratch[0], aSz); FlattenSzInBits(&scratch[8], cSz); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, h); /* Copy the result into s. */ @@ -6796,7 +6868,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ GMULT(AES_TAG(aes), aes->gcm.H); \ } \ while (0) @@ -6871,17 +6943,17 @@ ALIGN16 static const byte R[256][2] = { {0xbc, 0xf8}, {0xbd, 0x3a}, {0xbf, 0x7c}, {0xbe, 0xbe} }; -static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE]) +static void GMULT(byte *x, byte m[256][WC_AES_BLOCK_SIZE]) { #if !defined(WORD64_AVAILABLE) || defined(BIG_ENDIAN_ORDER) int i, j; - byte Z[AES_BLOCK_SIZE]; + byte Z[WC_AES_BLOCK_SIZE]; byte a; XMEMSET(Z, 0, sizeof(Z)); for (i = 15; i > 0; i--) { - xorbuf(Z, m[x[i]], AES_BLOCK_SIZE); + xorbuf(Z, m[x[i]], WC_AES_BLOCK_SIZE); a = Z[15]; for (j = 15; j > 0; j--) { @@ -6891,11 +6963,11 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE]) Z[0] = R[a][0]; Z[1] ^= R[a][1]; } - xorbuf(Z, m[x[0]], AES_BLOCK_SIZE); + xorbuf(Z, m[x[0]], WC_AES_BLOCK_SIZE); - XMEMCPY(x, Z, AES_BLOCK_SIZE); + XMEMCPY(x, Z, WC_AES_BLOCK_SIZE); #elif defined(WC_32BIT_CPU) - byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE]; + byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE]; byte a; word32* pZ; word32* pm; @@ -6927,7 +6999,7 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE]) px[0] = pZ[0] ^ pm[0]; px[1] = pZ[1] ^ pm[1]; px[2] = pZ[2] ^ pm[2]; px[3] = pZ[3] ^ pm[3]; #else - byte Z[AES_BLOCK_SIZE + AES_BLOCK_SIZE]; + byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE]; byte a; word64* pZ; word64* pm; @@ -6959,46 +7031,46 @@ static void GMULT(byte *x, byte m[256][AES_BLOCK_SIZE]) void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, byte* s, word32 sSz) { - byte x[AES_BLOCK_SIZE]; - byte scratch[AES_BLOCK_SIZE]; + byte x[WC_AES_BLOCK_SIZE]; + byte scratch[WC_AES_BLOCK_SIZE]; word32 blocks, partial; if (gcm == NULL) { return; } - XMEMSET(x, 0, AES_BLOCK_SIZE); + XMEMSET(x, 0, WC_AES_BLOCK_SIZE); /* Hash in A, the Additional Authentication Data */ if (aSz != 0 && a != NULL) { - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; while (blocks--) { - xorbuf(x, a, AES_BLOCK_SIZE); + xorbuf(x, a, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); - a += AES_BLOCK_SIZE; + a += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); XMEMCPY(scratch, a, partial); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); } } /* Hash in C, the Ciphertext */ if (cSz != 0 && c != NULL) { - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; while (blocks--) { - xorbuf(x, c, AES_BLOCK_SIZE); + xorbuf(x, c, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); - c += AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); XMEMCPY(scratch, c, partial); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); } } @@ -7006,7 +7078,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, /* Hash in the lengths of A and C in bits */ FlattenSzInBits(&scratch[0], aSz); FlattenSzInBits(&scratch[8], cSz); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); /* Copy the result into s. */ @@ -7029,7 +7101,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ GMULT(AES_TAG(aes), aes->gcm.M0); \ } \ while (0) @@ -7082,10 +7154,10 @@ static const word16 R[32] = { * [0..15] * H */ #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) -static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE]) +static void GMULT(byte *x, byte m[16][WC_AES_BLOCK_SIZE]) { int i, j, n; - byte Z[AES_BLOCK_SIZE]; + byte Z[WC_AES_BLOCK_SIZE]; byte a; XMEMSET(Z, 0, sizeof(Z)); @@ -7093,9 +7165,9 @@ static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE]) for (i = 15; i >= 0; i--) { for (n = 0; n < 2; n++) { if (n == 0) - xorbuf(Z, m[x[i] & 0xf], AES_BLOCK_SIZE); + xorbuf(Z, m[x[i] & 0xf], WC_AES_BLOCK_SIZE); else { - xorbuf(Z, m[x[i] >> 4], AES_BLOCK_SIZE); + xorbuf(Z, m[x[i] >> 4], WC_AES_BLOCK_SIZE); if (i == 0) break; } @@ -7110,10 +7182,10 @@ static void GMULT(byte *x, byte m[16][AES_BLOCK_SIZE]) } } - XMEMCPY(x, Z, AES_BLOCK_SIZE); + XMEMCPY(x, Z, WC_AES_BLOCK_SIZE); } #elif defined(WC_32BIT_CPU) -static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) +static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE]) { int i; word32 z8[4] = {0, 0, 0, 0}; @@ -7187,7 +7259,7 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) x8[0] = z8[0]; x8[1] = z8[1]; x8[2] = z8[2]; x8[3] = z8[3]; } #else -static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) +static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE]) { int i; word64 z8[2] = {0, 0}; @@ -7259,46 +7331,46 @@ static WC_INLINE void GMULT(byte *x, byte m[32][AES_BLOCK_SIZE]) void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32 cSz, byte* s, word32 sSz) { - byte x[AES_BLOCK_SIZE]; - byte scratch[AES_BLOCK_SIZE]; + byte x[WC_AES_BLOCK_SIZE]; + byte scratch[WC_AES_BLOCK_SIZE]; word32 blocks, partial; if (gcm == NULL) { return; } - XMEMSET(x, 0, AES_BLOCK_SIZE); + XMEMSET(x, 0, WC_AES_BLOCK_SIZE); /* Hash in A, the Additional Authentication Data */ if (aSz != 0 && a != NULL) { - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; while (blocks--) { - xorbuf(x, a, AES_BLOCK_SIZE); + xorbuf(x, a, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); - a += AES_BLOCK_SIZE; + a += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); XMEMCPY(scratch, a, partial); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); } } /* Hash in C, the Ciphertext */ if (cSz != 0 && c != NULL) { - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; while (blocks--) { - xorbuf(x, c, AES_BLOCK_SIZE); + xorbuf(x, c, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); - c += AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(scratch, 0, AES_BLOCK_SIZE); + XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); XMEMCPY(scratch, c, partial); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); } } @@ -7306,7 +7378,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, /* Hash in the lengths of A and C in bits */ FlattenSzInBits(&scratch[0], aSz); FlattenSzInBits(&scratch[8], cSz); - xorbuf(x, scratch, AES_BLOCK_SIZE); + xorbuf(x, scratch, WC_AES_BLOCK_SIZE); GMULT(x, gcm->M0); /* Copy the result into s. */ @@ -7320,6 +7392,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_INIT_EXTRA(aes) WC_DO_NOTHING +#if !defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) /* GHASH one block of data.. * * XOR block into tag and GMULT with H using pre-computed table. @@ -7329,10 +7403,11 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_ONE_BLOCK(aes, block) \ do { \ - xorbuf(AES_TAG(aes), block, AES_BLOCK_SIZE); \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ GMULT(AES_TAG(aes), (aes)->gcm.M0); \ } \ while (0) +#endif #endif /* WOLFSSL_AESGCM_STREAM */ #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) @@ -7385,31 +7460,31 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, return; } - XMEMCPY(bigH, gcm->H, AES_BLOCK_SIZE); + XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(bigH, bigH, AES_BLOCK_SIZE); + ByteReverseWords64(bigH, bigH, WC_AES_BLOCK_SIZE); #endif /* Hash in A, the Additional Authentication Data */ if (aSz != 0 && a != NULL) { word64 bigA[2]; - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; while (blocks--) { - XMEMCPY(bigA, a, AES_BLOCK_SIZE); + XMEMCPY(bigA, a, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE); + ByteReverseWords64(bigA, bigA, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigA[0]; x[1] ^= bigA[1]; GMULT(x, bigH); - a += AES_BLOCK_SIZE; + a += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(bigA, 0, AES_BLOCK_SIZE); + XMEMSET(bigA, 0, WC_AES_BLOCK_SIZE); XMEMCPY(bigA, a, partial); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(bigA, bigA, AES_BLOCK_SIZE); + ByteReverseWords64(bigA, bigA, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigA[0]; x[1] ^= bigA[1]; @@ -7427,8 +7502,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, /* Hash in C, the Ciphertext */ if (cSz != 0 && c != NULL) { word64 bigC[2]; - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; #ifdef OPENSSL_EXTRA /* Start from last AAD partial tag */ if(gcm->aadLen) { @@ -7437,20 +7512,20 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, } #endif while (blocks--) { - XMEMCPY(bigC, c, AES_BLOCK_SIZE); + XMEMCPY(bigC, c, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE); + ByteReverseWords64(bigC, bigC, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigC[0]; x[1] ^= bigC[1]; GMULT(x, bigH); - c += AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(bigC, 0, AES_BLOCK_SIZE); + XMEMSET(bigC, 0, WC_AES_BLOCK_SIZE); XMEMCPY(bigC, c, partial); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(bigC, bigC, AES_BLOCK_SIZE); + ByteReverseWords64(bigC, bigC, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigC[0]; x[1] ^= bigC[1]; @@ -7475,7 +7550,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, GMULT(x, bigH); } #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64(x, x, AES_BLOCK_SIZE); + ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); #endif XMEMCPY(s, x, sSz); } @@ -7490,7 +7565,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in] aes AES GCM object. */ #define GHASH_INIT_EXTRA(aes) \ - ByteReverseWords64((word64*)aes->gcm.H, (word64*)aes->gcm.H, AES_BLOCK_SIZE) + ByteReverseWords64((word64*)aes->gcm.H, (word64*)aes->gcm.H, WC_AES_BLOCK_SIZE) /* GHASH one block of data.. * @@ -7504,8 +7579,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word64* x = (word64*)AES_TAG(aes); \ word64* h = (word64*)aes->gcm.H; \ word64 block64[2]; \ - XMEMCPY(block64, block, AES_BLOCK_SIZE); \ - ByteReverseWords64(block64, block64, AES_BLOCK_SIZE); \ + XMEMCPY(block64, block, WC_AES_BLOCK_SIZE); \ + ByteReverseWords64(block64, block64, WC_AES_BLOCK_SIZE); \ x[0] ^= block64[0]; \ x[1] ^= block64[1]; \ GMULT(x, h); \ @@ -7534,7 +7609,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, x[0] ^= len[0]; \ x[1] ^= len[1]; \ GMULT(x, h); \ - ByteReverseWords64(x, x, AES_BLOCK_SIZE); \ + ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); \ } \ while (0) #else @@ -7557,7 +7632,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, x[0] ^= len[0]; \ x[1] ^= len[1]; \ GMULT(x, h); \ - ByteReverseWords64(x, x, AES_BLOCK_SIZE); \ + ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); \ } \ while (0) #endif @@ -7582,7 +7657,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word64* x = (word64*)AES_TAG(aes); \ word64* h = (word64*)aes->gcm.H; \ word64 block64[2]; \ - XMEMCPY(block64, block, AES_BLOCK_SIZE); \ + XMEMCPY(block64, block, WC_AES_BLOCK_SIZE); \ x[0] ^= block64[0]; \ x[1] ^= block64[1]; \ GMULT(x, h); \ @@ -7702,33 +7777,33 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, return; } - XMEMCPY(bigH, gcm->H, AES_BLOCK_SIZE); + XMEMCPY(bigH, gcm->H, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(bigH, bigH, AES_BLOCK_SIZE); + ByteReverseWords(bigH, bigH, WC_AES_BLOCK_SIZE); #endif /* Hash in A, the Additional Authentication Data */ if (aSz != 0 && a != NULL) { word32 bigA[4]; - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; while (blocks--) { - XMEMCPY(bigA, a, AES_BLOCK_SIZE); + XMEMCPY(bigA, a, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE); + ByteReverseWords(bigA, bigA, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigA[0]; x[1] ^= bigA[1]; x[2] ^= bigA[2]; x[3] ^= bigA[3]; GMULT(x, bigH); - a += AES_BLOCK_SIZE; + a += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(bigA, 0, AES_BLOCK_SIZE); + XMEMSET(bigA, 0, WC_AES_BLOCK_SIZE); XMEMCPY(bigA, a, partial); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(bigA, bigA, AES_BLOCK_SIZE); + ByteReverseWords(bigA, bigA, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigA[0]; x[1] ^= bigA[1]; @@ -7741,25 +7816,25 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, /* Hash in C, the Ciphertext */ if (cSz != 0 && c != NULL) { word32 bigC[4]; - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; while (blocks--) { - XMEMCPY(bigC, c, AES_BLOCK_SIZE); + XMEMCPY(bigC, c, WC_AES_BLOCK_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE); + ByteReverseWords(bigC, bigC, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigC[0]; x[1] ^= bigC[1]; x[2] ^= bigC[2]; x[3] ^= bigC[3]; GMULT(x, bigH); - c += AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } if (partial != 0) { - XMEMSET(bigC, 0, AES_BLOCK_SIZE); + XMEMSET(bigC, 0, WC_AES_BLOCK_SIZE); XMEMCPY(bigC, c, partial); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(bigC, bigC, AES_BLOCK_SIZE); + ByteReverseWords(bigC, bigC, WC_AES_BLOCK_SIZE); #endif x[0] ^= bigC[0]; x[1] ^= bigC[1]; @@ -7786,7 +7861,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, GMULT(x, bigH); } #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords(x, x, AES_BLOCK_SIZE); + ByteReverseWords(x, x, WC_AES_BLOCK_SIZE); #endif XMEMCPY(s, x, sSz); } @@ -7800,7 +7875,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. */ #define GHASH_INIT_EXTRA(aes) \ - ByteReverseWords((word32*)aes->gcm.H, (word32*)aes->gcm.H, AES_BLOCK_SIZE) + ByteReverseWords((word32*)aes->gcm.H, (word32*)aes->gcm.H, WC_AES_BLOCK_SIZE) /* GHASH one block of data.. * @@ -7814,8 +7889,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->gcm.H; \ word32 bigEnd[4]; \ - XMEMCPY(bigEnd, block, AES_BLOCK_SIZE); \ - ByteReverseWords(bigEnd, bigEnd, AES_BLOCK_SIZE); \ + XMEMCPY(bigEnd, block, WC_AES_BLOCK_SIZE); \ + ByteReverseWords(bigEnd, bigEnd, WC_AES_BLOCK_SIZE); \ x[0] ^= bigEnd[0]; \ x[1] ^= bigEnd[1]; \ x[2] ^= bigEnd[2]; \ @@ -7844,7 +7919,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, x[2] ^= len[2]; \ x[3] ^= len[3]; \ GMULT(x, h); \ - ByteReverseWords(x, x, AES_BLOCK_SIZE); \ + ByteReverseWords(x, x, WC_AES_BLOCK_SIZE); \ } \ while (0) #else @@ -7866,7 +7941,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->gcm.H; \ word32 block32[4]; \ - XMEMCPY(block32, block, AES_BLOCK_SIZE); \ + XMEMCPY(block32, block, WC_AES_BLOCK_SIZE); \ x[0] ^= block32[0]; \ x[1] ^= block32[1]; \ x[2] ^= block32[2]; \ @@ -7910,7 +7985,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_LEN_BLOCK(aes) \ do { \ - byte scratch[AES_BLOCK_SIZE]; \ + byte scratch[WC_AES_BLOCK_SIZE]; \ FlattenSzInBits(&scratch[0], (aes)->aSz); \ FlattenSzInBits(&scratch[8], (aes)->cSz); \ GHASH_ONE_BLOCK(aes, scratch); \ @@ -7924,12 +7999,21 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ static void GHASH_INIT(Aes* aes) { /* Set tag to all zeros as initial value. */ - XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE); + XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE); /* Reset counts of AAD and cipher text. */ aes->aOver = 0; aes->cOver = 0; - /* Extra initialization based on implementation. */ - GHASH_INIT_EXTRA(aes); +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + ; /* Don't do extra initialization. */ + } + else +#endif + { + /* Extra initialization based on implementation. */ + GHASH_INIT_EXTRA(aes); + } } /* Update the GHASH with AAD and/or cipher text. @@ -7953,14 +8037,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, /* Check if we have unprocessed data. */ if (aes->aOver > 0) { /* Calculate amount we can use - fill up the block. */ - byte sz = AES_BLOCK_SIZE - aes->aOver; + byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver); if (sz > aSz) { sz = (byte)aSz; } /* Copy extra into last GHASH block array and update count. */ XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz); - aes->aOver += sz; - if (aes->aOver == AES_BLOCK_SIZE) { + aes->aOver = (byte)(aes->aOver + sz); + if (aes->aOver == WC_AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); /* Reset count. */ @@ -7972,12 +8056,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, } /* Calculate number of blocks of AAD and the leftover. */ - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; /* GHASH full blocks now. */ while (blocks--) { GHASH_ONE_BLOCK(aes, a); - a += AES_BLOCK_SIZE; + a += WC_AES_BLOCK_SIZE; } if (partial != 0) { /* Cache the partial block. */ @@ -7988,7 +8072,7 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, if (aes->aOver > 0 && cSz > 0 && c != NULL) { /* No more AAD coming and we have a partial block. */ /* Fill the rest of the block with zeros. */ - byte sz = AES_BLOCK_SIZE - aes->aOver; + byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver); XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, sz); /* GHASH last AAD block. */ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); @@ -8002,14 +8086,14 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, aes->cSz += cSz; if (aes->cOver > 0) { /* Calculate amount we can use - fill up the block. */ - byte sz = AES_BLOCK_SIZE - aes->cOver; + byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver); if (sz > cSz) { sz = (byte)cSz; } XMEMCPY(AES_LASTGBLOCK(aes) + aes->cOver, c, sz); /* Update count of unused encrypted counter. */ - aes->cOver += sz; - if (aes->cOver == AES_BLOCK_SIZE) { + aes->cOver = (byte)(aes->cOver + sz); + if (aes->cOver == WC_AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); /* Reset count. */ @@ -8021,12 +8105,12 @@ static void GHASH_UPDATE(Aes* aes, const byte* a, word32 aSz, const byte* c, } /* Calculate number of blocks of cipher text and the leftover. */ - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; /* GHASH full blocks now. */ while (blocks--) { GHASH_ONE_BLOCK(aes, c); - c += AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } if (partial != 0) { /* Cache the partial block. */ @@ -8055,7 +8139,7 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) } if (over > 0) { /* Zeroize the unused part of the block. */ - XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over); + XMEMSET(AES_LASTGBLOCK(aes) + over, 0, (size_t)WC_AES_BLOCK_SIZE - over); /* Hash the last block of cipher text. */ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); } @@ -8063,7 +8147,7 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) GHASH_LEN_BLOCK(aes); /* Copy the result into s. */ XMEMCPY(s, AES_TAG(aes), sSz); - /* reset aes->gcm.H in case of re-use */ + /* reset aes->gcm.H in case of reuse */ GHASH_INIT_EXTRA(aes); } #endif /* WOLFSSL_AESGCM_STREAM */ @@ -8079,7 +8163,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, word32 keySize; /* argument checks */ - if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) { + if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0) { return BAD_FUNC_ARG; } @@ -8125,16 +8209,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( word32 keySize; #ifdef WOLFSSL_STM32_CUBEMX int status = HAL_OK; - word32 blocks = sz / AES_BLOCK_SIZE; - word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; + word32 blocks = sz / WC_AES_BLOCK_SIZE; + word32 partialBlock[WC_AES_BLOCK_SIZE/sizeof(word32)]; #else int status = SUCCESS; #endif - word32 partial = sz % AES_BLOCK_SIZE; - word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; - word32 ctrInit[AES_BLOCK_SIZE/sizeof(word32)]; - word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; - word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; + word32 partial = sz % WC_AES_BLOCK_SIZE; + word32 tag[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 ctrInit[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 ctr[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 authhdr[WC_AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; int authPadSz, wasAlloc = 0, useSwGhash = 0; @@ -8148,21 +8232,31 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( return ret; #endif - XMEMSET(ctr, 0, AES_BLOCK_SIZE); + XMEMSET(ctr, 0, WC_AES_BLOCK_SIZE); if (ivSz == GCM_NONCE_MID_SZ) { byte* pCtr = (byte*)ctr; XMEMCPY(ctr, iv, ivSz); - pCtr[AES_BLOCK_SIZE - 1] = 1; + pCtr[WC_AES_BLOCK_SIZE - 1] = 1; } else { - GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); + GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, WC_AES_BLOCK_SIZE); } XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */ /* Authentication buffer - must be 4-byte multiple zero padded */ authPadSz = authInSz % sizeof(word32); +#ifdef WOLFSSL_STM32MP13 + /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a + * minimum of 16 bytes for the auth + */ + if ((authInSz > 0) && (authInSz < 16)) { + authPadSz = 16 - authInSz; + } +#endif if (authPadSz != 0) { - authPadSz = authInSz + sizeof(word32) - authPadSz; + if (authPadSz < authInSz + sizeof(word32)) { + authPadSz = authInSz + sizeof(word32) - authPadSz; + } if (authPadSz <= sizeof(authhdr)) { authInPadded = (byte*)authhdr; } @@ -8185,11 +8279,12 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( /* for cases where hardware cannot be used for authTag calculate it */ /* if IV is not 12 calculate GHASH using software */ if (ivSz != GCM_NONCE_MID_SZ - #ifndef CRYP_HEADERWIDTHUNIT_BYTE + #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13) /* or hardware that does not support partial block */ || sz == 0 || partial != 0 #endif - #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL) + #if (!defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)) \ + && !defined(STM32_AESGCM_PARTIAL) /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -8204,13 +8299,14 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( if (ret != 0) { return ret; } + #ifdef WOLFSSL_STM32_CUBEMX hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; - #ifdef CRYP_HEADERWIDTHUNIT_BYTE + #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(WOLFSSL_STM32MP13) /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */ hcryp.Init.HeaderSize = authInSz; #else @@ -8220,27 +8316,27 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( /* allows repeated calls to HAL_CRYP_Encrypt */ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; #endif - ByteReverseWords(ctr, ctr, AES_BLOCK_SIZE); + ByteReverseWords(ctr, ctr, WC_AES_BLOCK_SIZE); hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; HAL_CRYP_Init(&hcryp); #ifndef CRYP_KEYIVCONFIG_ONCE /* GCM payload phase - can handle partial blocks */ status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); #else /* GCM payload phase - blocks */ if (blocks) { status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT); } /* GCM payload phase - partial remainder */ if (status == HAL_OK && (partial != 0 || blocks == 0)) { XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial); status = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)partialBlock, partial, (uint32_t*)partialBlock, STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial); } #endif if (status == HAL_OK && !useSwGhash) { @@ -8270,16 +8366,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE; if (blocks) { status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in, - (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial); status = HAL_CRYPEx_AES_Auth(&hcryp, (uint8_t*)partialBlock, partial, (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK && !useSwGhash) { /* GCM final phase */ @@ -8292,15 +8388,15 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( if (blocks) { /* GCM payload phase - blocks */ status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (byte*)in, - (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial); status = HAL_CRYPEx_AESGCM_Encrypt(&hcryp, (uint8_t*)partialBlock, partial, (uint8_t*)partialBlock, STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK && !useSwGhash) { /* Compute the authTag */ @@ -8369,20 +8465,20 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( const byte* authIn, word32 authInSz) { int ret = 0; - word32 blocks = sz / AES_BLOCK_SIZE; - word32 partial = sz % AES_BLOCK_SIZE; + word32 blocks = sz / WC_AES_BLOCK_SIZE; + word32 partial = sz % WC_AES_BLOCK_SIZE; const byte* p = in; byte* c = out; - ALIGN16 byte counter[AES_BLOCK_SIZE]; - ALIGN16 byte initialCounter[AES_BLOCK_SIZE]; - ALIGN16 byte scratch[AES_BLOCK_SIZE]; + ALIGN16 byte counter[WC_AES_BLOCK_SIZE]; + ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE]; + ALIGN16 byte scratch[WC_AES_BLOCK_SIZE]; if (ivSz == GCM_NONCE_MID_SZ) { /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ XMEMCPY(counter, iv, ivSz); XMEMSET(counter + GCM_NONCE_MID_SZ, 0, - AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); - counter[AES_BLOCK_SIZE - 1] = 1; + WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); + counter[WC_AES_BLOCK_SIZE - 1] = 1; } else { /* Counter is GHASH of IV. */ @@ -8390,21 +8486,21 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( word32 aadTemp = aes->gcm.aadLen; aes->gcm.aadLen = 0; #endif - GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE); + GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE); #ifdef OPENSSL_EXTRA aes->gcm.aadLen = aadTemp; #endif } - XMEMCPY(initialCounter, counter, AES_BLOCK_SIZE); + XMEMCPY(initialCounter, counter, WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_PIC32MZ_CRYPT if (blocks) { /* use initial IV for HW, but don't use it below */ - XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, counter, WC_AES_BLOCK_SIZE); ret = wc_Pic32AesCrypt( - aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE, - out, in, (blocks * AES_BLOCK_SIZE), + aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE, + out, in, (blocks * WC_AES_BLOCK_SIZE), PIC32_ENCRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM); if (ret != 0) return ret; @@ -8418,15 +8514,15 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( if (c != p && blocks > 0) { /* can not handle inline encryption */ while (blocks--) { IncrementGcmCounter(counter); - XMEMCPY(c, counter, AES_BLOCK_SIZE); - c += AES_BLOCK_SIZE; + XMEMCPY(c, counter, WC_AES_BLOCK_SIZE); + c += WC_AES_BLOCK_SIZE; } /* reset number of blocks and then do encryption */ - blocks = sz / AES_BLOCK_SIZE; - wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); - xorbuf(out, p, AES_BLOCK_SIZE * blocks); - p += AES_BLOCK_SIZE * blocks; + blocks = sz / WC_AES_BLOCK_SIZE; + wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks); + xorbuf(out, p, WC_AES_BLOCK_SIZE * blocks); + p += WC_AES_BLOCK_SIZE * blocks; } else #endif /* HAVE_AES_ECB && !WOLFSSL_PIC32MZ_CRYPT */ @@ -8437,10 +8533,10 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( ret = wc_AesEncrypt(aes, counter, scratch); if (ret != 0) return ret; - xorbufout(c, scratch, p, AES_BLOCK_SIZE); + xorbufout(c, scratch, p, WC_AES_BLOCK_SIZE); #endif - p += AES_BLOCK_SIZE; - c += AES_BLOCK_SIZE; + p += WC_AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } } @@ -8476,7 +8572,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, int ret; /* argument checks */ - if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || + if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ((authTagSz > 0) && (authTag == NULL)) || ((authInSz > 0) && (authIn == NULL))) { @@ -8578,6 +8674,14 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } } else +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + AES_GCM_encrypt_AARCH64(aes, out, in, sz, iv, ivSz, authTag, authTagSz, + authIn, authInSz); + ret = 0; + } + else #endif /* WOLFSSL_AESNI */ { ret = AES_GCM_encrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz, @@ -8607,7 +8711,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* If the sz is non-zero, both in and out must be set. If sz is 0, * in and out are don't cares, as this is is the GMAC case. */ if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || - authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 || + authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 || ivSz == 0 || ((authInSz > 0) && (authIn == NULL))) { return BAD_FUNC_ARG; @@ -8644,18 +8748,18 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( #ifdef WOLFSSL_STM32_CUBEMX int status = HAL_OK; CRYP_HandleTypeDef hcryp; - word32 blocks = sz / AES_BLOCK_SIZE; + word32 blocks = sz / WC_AES_BLOCK_SIZE; #else int status = SUCCESS; word32 keyCopy[AES_256_KEY_SIZE/sizeof(word32)]; #endif word32 keySize; - word32 partial = sz % AES_BLOCK_SIZE; - word32 tag[AES_BLOCK_SIZE/sizeof(word32)]; - word32 tagExpected[AES_BLOCK_SIZE/sizeof(word32)]; - word32 partialBlock[AES_BLOCK_SIZE/sizeof(word32)]; - word32 ctr[AES_BLOCK_SIZE/sizeof(word32)]; - word32 authhdr[AES_BLOCK_SIZE/sizeof(word32)]; + word32 partial = sz % WC_AES_BLOCK_SIZE; + word32 tag[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 tagExpected[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 partialBlock[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 ctr[WC_AES_BLOCK_SIZE/sizeof(word32)]; + word32 authhdr[WC_AES_BLOCK_SIZE/sizeof(word32)]; byte* authInPadded = NULL; int authPadSz, wasAlloc = 0, tagComputed = 0; @@ -8669,14 +8773,14 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( return ret; #endif - XMEMSET(ctr, 0, AES_BLOCK_SIZE); + XMEMSET(ctr, 0, WC_AES_BLOCK_SIZE); if (ivSz == GCM_NONCE_MID_SZ) { byte* pCtr = (byte*)ctr; XMEMCPY(ctr, iv, ivSz); - pCtr[AES_BLOCK_SIZE - 1] = 1; + pCtr[WC_AES_BLOCK_SIZE - 1] = 1; } else { - GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, AES_BLOCK_SIZE); + GHASH(&aes->gcm, NULL, 0, iv, ivSz, (byte*)ctr, WC_AES_BLOCK_SIZE); } /* Make copy of expected authTag, which could get corrupted in some @@ -8693,14 +8797,24 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( authPadSz = authInSz; } +#ifdef WOLFSSL_STM32MP13 + /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a + * minimum of 16 bytes for the auth + */ + if ((authInSz > 0) && (authInSz < 16)) { + authPadSz = 16 - authInSz; + } +#endif + /* for cases where hardware cannot be used for authTag calculate it */ /* if IV is not 12 calculate GHASH using software */ if (ivSz != GCM_NONCE_MID_SZ - #ifndef CRYP_HEADERWIDTHUNIT_BYTE + #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13) /* or hardware that does not support partial block */ || sz == 0 || partial != 0 #endif - #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(STM32_AESGCM_PARTIAL) + #if (!defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)) \ + && !defined(STM32_AESGCM_PARTIAL) /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -8746,7 +8860,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; - #ifdef CRYP_HEADERWIDTHUNIT_BYTE + #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(WOLFSSL_STM32MP13) /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */ hcryp.Init.HeaderSize = authInSz; #else @@ -8756,26 +8870,26 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( /* allows repeated calls to HAL_CRYP_Decrypt */ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; #endif - ByteReverseWords(ctr, ctr, AES_BLOCK_SIZE); + ByteReverseWords(ctr, ctr, WC_AES_BLOCK_SIZE); hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; HAL_CRYP_Init(&hcryp); #ifndef CRYP_KEYIVCONFIG_ONCE status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); #else /* GCM payload phase - blocks */ if (blocks) { status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, - (blocks * AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE), (uint32_t*)out, STM32_HAL_TIMEOUT); } /* GCM payload phase - partial remainder */ if (status == HAL_OK && (partial != 0 || blocks == 0)) { XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial); status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)partialBlock, partial, (uint32_t*)partialBlock, STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial); } #endif if (status == HAL_OK && !tagComputed) { @@ -8805,16 +8919,16 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( hcryp.Init.GCMCMACPhase = CRYP_PAYLOAD_PHASE; if (blocks) { status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)in, - (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } } if (status == HAL_OK && (partial != 0 || (sz > 0 && blocks == 0))) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial); status = HAL_CRYPEx_AES_Auth(&hcryp, (byte*)partialBlock, partial, (byte*)partialBlock, STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK && tagComputed == 0) { /* GCM final phase */ @@ -8827,15 +8941,15 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( if (blocks) { /* GCM payload phase - blocks */ status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)in, - (blocks * AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); + (blocks * WC_AES_BLOCK_SIZE), out, STM32_HAL_TIMEOUT); } if (status == HAL_OK && (partial != 0 || blocks == 0)) { /* GCM payload phase - partial remainder */ XMEMSET(partialBlock, 0, sizeof(partialBlock)); - XMEMCPY(partialBlock, in + (blocks * AES_BLOCK_SIZE), partial); + XMEMCPY(partialBlock, in + (blocks * WC_AES_BLOCK_SIZE), partial); status = HAL_CRYPEx_AESGCM_Decrypt(&hcryp, (byte*)partialBlock, partial, (byte*)partialBlock, STM32_HAL_TIMEOUT); - XMEMCPY(out + (blocks * AES_BLOCK_SIZE), partialBlock, partial); + XMEMCPY(out + (blocks * WC_AES_BLOCK_SIZE), partialBlock, partial); } if (status == HAL_OK && tagComputed == 0) { /* Compute the authTag */ @@ -8900,22 +9014,22 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( const byte* authIn, word32 authInSz) { int ret; - word32 blocks = sz / AES_BLOCK_SIZE; - word32 partial = sz % AES_BLOCK_SIZE; + word32 blocks = sz / WC_AES_BLOCK_SIZE; + word32 partial = sz % WC_AES_BLOCK_SIZE; const byte* c = in; byte* p = out; - ALIGN16 byte counter[AES_BLOCK_SIZE]; - ALIGN16 byte scratch[AES_BLOCK_SIZE]; - ALIGN16 byte Tprime[AES_BLOCK_SIZE]; - ALIGN16 byte EKY0[AES_BLOCK_SIZE]; + ALIGN16 byte counter[WC_AES_BLOCK_SIZE]; + ALIGN16 byte scratch[WC_AES_BLOCK_SIZE]; + ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE]; + ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE]; sword32 res; if (ivSz == GCM_NONCE_MID_SZ) { /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ XMEMCPY(counter, iv, ivSz); XMEMSET(counter + GCM_NONCE_MID_SZ, 0, - AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); - counter[AES_BLOCK_SIZE - 1] = 1; + WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); + counter[WC_AES_BLOCK_SIZE - 1] = 1; } else { /* Counter is GHASH of IV. */ @@ -8923,7 +9037,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( word32 aadTemp = aes->gcm.aadLen; aes->gcm.aadLen = 0; #endif - GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE); + GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE); #ifdef OPENSSL_EXTRA aes->gcm.aadLen = aadTemp; #endif @@ -8960,11 +9074,11 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( #if defined(WOLFSSL_PIC32MZ_CRYPT) if (blocks) { /* use initial IV for HW, but don't use it below */ - XMEMCPY(aes->reg, counter, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, counter, WC_AES_BLOCK_SIZE); ret = wc_Pic32AesCrypt( - aes->key, aes->keylen, aes->reg, AES_BLOCK_SIZE, - out, in, (blocks * AES_BLOCK_SIZE), + aes->key, aes->keylen, aes->reg, WC_AES_BLOCK_SIZE, + out, in, (blocks * WC_AES_BLOCK_SIZE), PIC32_DECRYPTION, PIC32_ALGO_AES, PIC32_CRYPTOALGO_AES_GCM); if (ret != 0) return ret; @@ -8978,16 +9092,16 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( if (c != p && blocks > 0) { /* can not handle inline decryption */ while (blocks--) { IncrementGcmCounter(counter); - XMEMCPY(p, counter, AES_BLOCK_SIZE); - p += AES_BLOCK_SIZE; + XMEMCPY(p, counter, WC_AES_BLOCK_SIZE); + p += WC_AES_BLOCK_SIZE; } /* reset number of blocks and then do encryption */ - blocks = sz / AES_BLOCK_SIZE; + blocks = sz / WC_AES_BLOCK_SIZE; - wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); - xorbuf(out, c, AES_BLOCK_SIZE * blocks); - c += AES_BLOCK_SIZE * blocks; + wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks); + xorbuf(out, c, WC_AES_BLOCK_SIZE * blocks); + c += WC_AES_BLOCK_SIZE * blocks; } else #endif /* HAVE_AES_ECB && !PIC32MZ */ @@ -8998,10 +9112,10 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( ret = wc_AesEncrypt(aes, counter, scratch); if (ret != 0) return ret; - xorbufout(p, scratch, c, AES_BLOCK_SIZE); + xorbufout(p, scratch, c, WC_AES_BLOCK_SIZE); #endif - p += AES_BLOCK_SIZE; - c += AES_BLOCK_SIZE; + p += WC_AES_BLOCK_SIZE; + c += WC_AES_BLOCK_SIZE; } } @@ -9046,7 +9160,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* If the sz is non-zero, both in and out must be set. If sz is 0, * in and out are don't cares, as this is is the GMAC case. */ if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || - authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 || + authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 || ivSz == 0) { return BAD_FUNC_ARG; @@ -9152,6 +9266,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } } else +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + ret = AES_GCM_decrypt_AARCH64(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); + } + else #endif /* WOLFSSL_AESNI */ { ret = AES_GCM_decrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz, @@ -9175,15 +9296,15 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, */ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz) { - ALIGN32 byte counter[AES_BLOCK_SIZE]; + ALIGN32 byte counter[WC_AES_BLOCK_SIZE]; int ret; if (ivSz == GCM_NONCE_MID_SZ) { /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ XMEMCPY(counter, iv, ivSz); XMEMSET(counter + GCM_NONCE_MID_SZ, 0, - AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); - counter[AES_BLOCK_SIZE - 1] = 1; + WC_AES_BLOCK_SIZE - GCM_NONCE_MID_SZ - 1); + counter[WC_AES_BLOCK_SIZE - 1] = 1; } else { /* Counter is GHASH of IV. */ @@ -9191,14 +9312,14 @@ static WARN_UNUSED_RESULT int AesGcmInit_C(Aes* aes, const byte* iv, word32 ivSz word32 aadTemp = aes->gcm.aadLen; aes->gcm.aadLen = 0; #endif - GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, AES_BLOCK_SIZE); + GHASH(&aes->gcm, NULL, 0, iv, ivSz, counter, WC_AES_BLOCK_SIZE); #ifdef OPENSSL_EXTRA aes->gcm.aadLen = aadTemp; #endif } /* Copy in the counter for use with cipher. */ - XMEMCPY(AES_COUNTER(aes), counter, AES_BLOCK_SIZE); + XMEMCPY(AES_COUNTER(aes), counter, WC_AES_BLOCK_SIZE); /* Encrypt initial counter into a buffer for GCM. */ ret = wc_AesEncrypt(aes, counter, AES_INITCTR(aes)); if (ret != 0) @@ -9231,12 +9352,12 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C( /* Check if previous encrypted block was not used up. */ if (aes->over > 0) { - byte pSz = AES_BLOCK_SIZE - aes->over; + byte pSz = (byte)(WC_AES_BLOCK_SIZE - aes->over); if (pSz > sz) pSz = (byte)sz; /* Use some/all of last encrypted block. */ xorbufout(out, AES_LASTBLOCK(aes) + aes->over, in, pSz); - aes->over = (aes->over + pSz) & (AES_BLOCK_SIZE - 1); + aes->over = (aes->over + pSz) & (WC_AES_BLOCK_SIZE - 1); /* Some data used. */ sz -= pSz; @@ -9246,8 +9367,8 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C( /* Calculate the number of blocks needing to be encrypted and any leftover. */ - blocks = sz / AES_BLOCK_SIZE; - partial = sz & (AES_BLOCK_SIZE - 1); + blocks = sz / WC_AES_BLOCK_SIZE; + partial = sz & (WC_AES_BLOCK_SIZE - 1); #if defined(HAVE_AES_ECB) /* Some hardware acceleration can gain performance from doing AES encryption @@ -9259,33 +9380,33 @@ static WARN_UNUSED_RESULT int AesGcmCryptUpdate_C( /* Place incrementing counter blocks into cipher text. */ for (b = 0; b < blocks; b++) { IncrementGcmCounter(AES_COUNTER(aes)); - XMEMCPY(out + b * AES_BLOCK_SIZE, AES_COUNTER(aes), AES_BLOCK_SIZE); + XMEMCPY(out + b * WC_AES_BLOCK_SIZE, AES_COUNTER(aes), WC_AES_BLOCK_SIZE); } /* Encrypt counter blocks. */ - wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); + wc_AesEcbEncrypt(aes, out, out, WC_AES_BLOCK_SIZE * blocks); /* XOR in plaintext. */ - xorbuf(out, in, AES_BLOCK_SIZE * blocks); + xorbuf(out, in, WC_AES_BLOCK_SIZE * blocks); /* Skip over processed data. */ - in += AES_BLOCK_SIZE * blocks; - out += AES_BLOCK_SIZE * blocks; + in += WC_AES_BLOCK_SIZE * blocks; + out += WC_AES_BLOCK_SIZE * blocks; } else #endif /* HAVE_AES_ECB */ { /* Encrypt block by block. */ while (blocks--) { - ALIGN32 byte scratch[AES_BLOCK_SIZE]; + ALIGN32 byte scratch[WC_AES_BLOCK_SIZE]; IncrementGcmCounter(AES_COUNTER(aes)); /* Encrypt counter into a buffer. */ ret = wc_AesEncrypt(aes, AES_COUNTER(aes), scratch); if (ret != 0) return ret; /* XOR plain text into encrypted counter into cipher text buffer. */ - xorbufout(out, scratch, in, AES_BLOCK_SIZE); + xorbufout(out, scratch, in, WC_AES_BLOCK_SIZE); /* Data complete. */ - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } } @@ -9323,7 +9444,7 @@ static WARN_UNUSED_RESULT int AesGcmFinal_C( aes->gcm.aadLen = aes->aSz; #endif /* Zeroize last block to protect sensitive data. */ - ForceZero(AES_LASTBLOCK(aes), AES_BLOCK_SIZE); + ForceZero(AES_LASTBLOCK(aes), WC_AES_BLOCK_SIZE); return 0; } @@ -9408,7 +9529,7 @@ static WARN_UNUSED_RESULT int AesGcmInit_aesni( aes->aSz = 0; aes->cSz = 0; /* Set tag to all zeros as initial value. */ - XMEMSET(AES_TAG(aes), 0, AES_BLOCK_SIZE); + XMEMSET(AES_TAG(aes), 0, WC_AES_BLOCK_SIZE); /* Reset counts of AAD and cipher text. */ aes->aOver = 0; aes->cOver = 0; @@ -9458,14 +9579,14 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni( /* Check if we have unprocessed data. */ if (aes->aOver > 0) { /* Calculate amount we can use - fill up the block. */ - byte sz = AES_BLOCK_SIZE - aes->aOver; + byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->aOver); if (sz > aSz) { sz = (byte)aSz; } /* Copy extra into last GHASH block array and update count. */ XMEMCPY(AES_LASTGBLOCK(aes) + aes->aOver, a, sz); - aes->aOver += sz; - if (aes->aOver == AES_BLOCK_SIZE) { + aes->aOver = (byte)(aes->aOver + sz); + if (aes->aOver == WC_AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -9494,30 +9615,30 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni( } /* Calculate number of blocks of AAD and the leftover. */ - blocks = aSz / AES_BLOCK_SIZE; - partial = aSz % AES_BLOCK_SIZE; + blocks = aSz / WC_AES_BLOCK_SIZE; + partial = aSz % WC_AES_BLOCK_SIZE; if (blocks > 0) { /* GHASH full blocks now. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { - AES_GCM_aad_update_avx2(a, blocks * AES_BLOCK_SIZE, + AES_GCM_aad_update_avx2(a, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H); } else #endif #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { - AES_GCM_aad_update_avx1(a, blocks * AES_BLOCK_SIZE, + AES_GCM_aad_update_avx1(a, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H); } else #endif { - AES_GCM_aad_update_aesni(a, blocks * AES_BLOCK_SIZE, + AES_GCM_aad_update_aesni(a, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H); } /* Skip over to end of AAD blocks. */ - a += blocks * AES_BLOCK_SIZE; + a += blocks * WC_AES_BLOCK_SIZE; } if (partial != 0) { /* Cache the partial block. */ @@ -9529,7 +9650,7 @@ static WARN_UNUSED_RESULT int AesGcmAadUpdate_aesni( /* No more AAD coming and we have a partial block. */ /* Fill the rest of the block with zeros. */ XMEMSET(AES_LASTGBLOCK(aes) + aes->aOver, 0, - AES_BLOCK_SIZE - aes->aOver); + (size_t)WC_AES_BLOCK_SIZE - aes->aOver); /* GHASH last AAD block. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -9587,7 +9708,7 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni( aes->cSz += cSz; if (aes->cOver > 0) { /* Calculate amount we can use - fill up the block. */ - byte sz = AES_BLOCK_SIZE - aes->cOver; + byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver); if (sz > cSz) { sz = (byte)cSz; } @@ -9595,8 +9716,8 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni( xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, p, sz); XMEMCPY(c, AES_LASTGBLOCK(aes) + aes->cOver, sz); /* Update count of unused encrypted counter. */ - aes->cOver += sz; - if (aes->cOver == AES_BLOCK_SIZE) { + aes->cOver = (byte)(aes->cOver + sz); + if (aes->cOver == WC_AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -9626,14 +9747,14 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni( } /* Calculate number of blocks of plaintext and the leftover. */ - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; if (blocks > 0) { /* Encrypt and GHASH full blocks now. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_encrypt_update_avx2((byte*)aes->key, (int)aes->rounds, - c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, + c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, AES_COUNTER(aes)); } else @@ -9641,23 +9762,23 @@ static WARN_UNUSED_RESULT int AesGcmEncryptUpdate_aesni( #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { AES_GCM_encrypt_update_avx1((byte*)aes->key, (int)aes->rounds, - c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, + c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, AES_COUNTER(aes)); } else #endif { AES_GCM_encrypt_update_aesni((byte*)aes->key, (int)aes->rounds, - c, p, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, + c, p, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, AES_COUNTER(aes)); } /* Skip over to end of blocks. */ - p += blocks * AES_BLOCK_SIZE; - c += blocks * AES_BLOCK_SIZE; + p += blocks * WC_AES_BLOCK_SIZE; + c += blocks * WC_AES_BLOCK_SIZE; } if (partial != 0) { /* Encrypt the counter - XOR in zeros as proxy for plaintext. */ - XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE); + XMEMSET(AES_LASTGBLOCK(aes), 0, WC_AES_BLOCK_SIZE); #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_encrypt_block_avx2((byte*)aes->key, (int)aes->rounds, @@ -9711,7 +9832,7 @@ static WARN_UNUSED_RESULT int AesGcmEncryptFinal_aesni( } if (over > 0) { /* Fill the rest of the block with zeros. */ - XMEMSET(AES_LASTGBLOCK(aes) + over, 0, AES_BLOCK_SIZE - over); + XMEMSET(AES_LASTGBLOCK(aes) + over, 0, (size_t)WC_AES_BLOCK_SIZE - over); /* GHASH last cipher block. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -9818,7 +9939,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni( aes->cSz += cSz; if (aes->cOver > 0) { /* Calculate amount we can use - fill up the block. */ - byte sz = AES_BLOCK_SIZE - aes->cOver; + byte sz = (byte)(WC_AES_BLOCK_SIZE - aes->cOver); if (sz > cSz) { sz = (byte)cSz; } @@ -9828,8 +9949,8 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni( xorbuf(AES_LASTGBLOCK(aes) + aes->cOver, c, sz); XMEMCPY(p, AES_LASTGBLOCK(aes) + aes->cOver, sz); /* Update count of unused encrypted counter. */ - aes->cOver += sz; - if (aes->cOver == AES_BLOCK_SIZE) { + aes->cOver = (byte)(aes->cOver + sz); + if (aes->cOver == WC_AES_BLOCK_SIZE) { /* We have filled up the block and can process. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -9859,14 +9980,14 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni( } /* Calculate number of blocks of plaintext and the leftover. */ - blocks = cSz / AES_BLOCK_SIZE; - partial = cSz % AES_BLOCK_SIZE; + blocks = cSz / WC_AES_BLOCK_SIZE; + partial = cSz % WC_AES_BLOCK_SIZE; if (blocks > 0) { /* Decrypt and GHASH full blocks now. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_decrypt_update_avx2((byte*)aes->key, (int)aes->rounds, - p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, + p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, AES_COUNTER(aes)); } else @@ -9874,23 +9995,23 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni( #ifdef HAVE_INTEL_AVX1 if (IS_INTEL_AVX1(intel_flags)) { AES_GCM_decrypt_update_avx1((byte*)aes->key, (int)aes->rounds, - p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, + p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, AES_COUNTER(aes)); } else #endif { AES_GCM_decrypt_update_aesni((byte*)aes->key, (int)aes->rounds, - p, c, blocks * AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, + p, c, blocks * WC_AES_BLOCK_SIZE, AES_TAG(aes), aes->gcm.H, AES_COUNTER(aes)); } /* Skip over to end of blocks. */ - c += blocks * AES_BLOCK_SIZE; - p += blocks * AES_BLOCK_SIZE; + c += blocks * WC_AES_BLOCK_SIZE; + p += blocks * WC_AES_BLOCK_SIZE; } if (partial != 0) { /* Encrypt the counter - XOR in zeros as proxy for cipher text. */ - XMEMSET(AES_LASTGBLOCK(aes), 0, AES_BLOCK_SIZE); + XMEMSET(AES_LASTGBLOCK(aes), 0, WC_AES_BLOCK_SIZE); #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { AES_GCM_encrypt_block_avx2((byte*)aes->key, (int)aes->rounds, @@ -9951,7 +10072,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptFinal_aesni( } if (over > 0) { /* Zeroize the unused part of the block. */ - XMEMSET(lastBlock + over, 0, AES_BLOCK_SIZE - over); + XMEMSET(lastBlock + over, 0, (size_t)WC_AES_BLOCK_SIZE - over); /* Hash the last block of cipher text. */ #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -10029,7 +10150,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) if ((ret == 0) && (aes->streamData == NULL)) { /* Allocate buffers for streaming. */ - aes->streamData_sz = 5 * AES_BLOCK_SIZE; + aes->streamData_sz = 5 * WC_AES_BLOCK_SIZE; aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap, DYNAMIC_TYPE_AES); if (aes->streamData == NULL) { @@ -10045,7 +10166,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, if (ret == 0) { /* Set the IV passed in if it is smaller than a block. */ - if ((iv != NULL) && (ivSz <= AES_BLOCK_SIZE)) { + if ((iv != NULL) && (ivSz <= WC_AES_BLOCK_SIZE)) { XMEMMOVE((byte*)aes->reg, iv, ivSz); aes->nonceSz = ivSz; } @@ -10066,7 +10187,20 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, RESTORE_VECTOR_REGISTERS(); } else - #endif + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_GCM_init_AARCH64(aes, iv, ivSz); + + /* Reset state fields. */ + aes->over = 0; + aes->aSz = 0; + aes->cSz = 0; + /* Initialization for GHASH. */ + GHASH_INIT(aes); + } + else + #endif /* WOLFSSL_AESNI */ { ret = AesGcmInit_C(aes, iv, ivSz); } @@ -10192,6 +10326,13 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, RESTORE_VECTOR_REGISTERS(); } else + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_GCM_crypt_update_AARCH64(aes, out, in, sz); + GHASH_UPDATE_AARCH64(aes, authIn, authInSz, out, sz); + } + else #endif { /* Encrypt the plaintext. */ @@ -10222,7 +10363,7 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz) int ret = 0; /* Check validity of parameters. */ - if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) || + if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) || (authTagSz == 0)) { ret = BAD_FUNC_ARG; } @@ -10245,6 +10386,12 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz) RESTORE_VECTOR_REGISTERS(); } else + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_GCM_final_AARCH64(aes, authTag, authTagSz); + } + else #endif { ret = AesGcmFinal_C(aes, authTag, authTagSz); @@ -10328,6 +10475,13 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, RESTORE_VECTOR_REGISTERS(); } else + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + GHASH_UPDATE_AARCH64(aes, authIn, authInSz, in, sz); + AES_GCM_crypt_update_AARCH64(aes, out, in, sz); + } + else #endif { /* Update the authentication tag with any authentication data and @@ -10356,7 +10510,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz) int ret = 0; /* Check validity of parameters. */ - if ((aes == NULL) || (authTag == NULL) || (authTagSz > AES_BLOCK_SIZE) || + if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) || (authTagSz == 0)) { ret = BAD_FUNC_ARG; } @@ -10379,9 +10533,20 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz) RESTORE_VECTOR_REGISTERS(); } else + #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE]; + AES_GCM_final_AARCH64(aes, calcTag, authTagSz); + /* Check calculated tag matches the one passed in. */ + if (ConstantCompare(authTag, calcTag, (int)authTagSz) != 0) { + ret = AES_GCM_AUTH_E; + } + } + else #endif { - ALIGN32 byte calcTag[AES_BLOCK_SIZE]; + ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE]; /* Calculate authentication tag. */ ret = AesGcmFinal_C(aes, calcTag, authTagSz); if (ret == 0) { @@ -10567,7 +10732,7 @@ int wc_GmacVerify(const byte* key, word32 keySz, #endif if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) || - authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) { + authTag == NULL || authTagSz == 0 || authTagSz > WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } @@ -10655,8 +10820,8 @@ int wc_AesCcmCheckTagSize(int sz) return 0; } -#ifdef WOLFSSL_ARMASM - /* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */ +#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) + /* implemented in wolfcrypt/src/port/arm/rmv8-aes.c */ #elif defined(WOLFSSL_RISCV_ASM) /* implementation located in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ @@ -10786,10 +10951,10 @@ static WARN_UNUSED_RESULT int roll_x( int ret; /* process the bulk of the data */ - while (inSz >= AES_BLOCK_SIZE) { - xorbuf(out, in, AES_BLOCK_SIZE); - in += AES_BLOCK_SIZE; - inSz -= AES_BLOCK_SIZE; + while (inSz >= WC_AES_BLOCK_SIZE) { + xorbuf(out, in, WC_AES_BLOCK_SIZE); + in += WC_AES_BLOCK_SIZE; + inSz -= WC_AES_BLOCK_SIZE; ret = wc_AesEncrypt(aes, out, out); if (ret != 0) @@ -10835,7 +11000,7 @@ static WARN_UNUSED_RESULT int roll_auth( */ /* start fill out the rest of the first block */ - remainder = AES_BLOCK_SIZE - authLenSz; + remainder = WC_AES_BLOCK_SIZE - authLenSz; if (inSz >= remainder) { /* plenty of bulk data to fill the remainder of this block */ xorbuf(out + authLenSz, in, remainder); @@ -10862,7 +11027,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz) word32 i; for (i = 0; i < lenSz; i++) { - if (++B[AES_BLOCK_SIZE - 1 - i] != 0) return; + if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) return; } } @@ -10872,23 +11037,23 @@ static WC_INLINE void AesCcmCtrIncSet4(byte* B, word32 lenSz) word32 i; /* B+1 = B */ - XMEMCPY(B + AES_BLOCK_SIZE * 1, B, AES_BLOCK_SIZE); + XMEMCPY(B + WC_AES_BLOCK_SIZE * 1, B, WC_AES_BLOCK_SIZE); /* B+2,B+3 = B,B+1 */ - XMEMCPY(B + AES_BLOCK_SIZE * 2, B, AES_BLOCK_SIZE * 2); + XMEMCPY(B + WC_AES_BLOCK_SIZE * 2, B, WC_AES_BLOCK_SIZE * 2); for (i = 0; i < lenSz; i++) { - if (++B[AES_BLOCK_SIZE * 2 - 1 - i] != 0) break; + if (++B[WC_AES_BLOCK_SIZE * 2 - 1 - i] != 0) break; } - B[AES_BLOCK_SIZE * 3 - 1] += 2; - if (B[AES_BLOCK_SIZE * 3 - 1] < 2) { + B[WC_AES_BLOCK_SIZE * 3 - 1] = (byte)(B[WC_AES_BLOCK_SIZE * 3 - 1] + 2U); + if (B[WC_AES_BLOCK_SIZE * 3 - 1] < 2U) { for (i = 1; i < lenSz; i++) { - if (++B[AES_BLOCK_SIZE * 3 - 1 - i] != 0) break; + if (++B[WC_AES_BLOCK_SIZE * 3 - 1 - i] != 0) break; } } - B[AES_BLOCK_SIZE * 4 - 1] += 3; - if (B[AES_BLOCK_SIZE * 4 - 1] < 3) { + B[WC_AES_BLOCK_SIZE * 4 - 1] = (byte)(B[WC_AES_BLOCK_SIZE * 4 - 1] + 3U); + if (B[WC_AES_BLOCK_SIZE * 4 - 1] < 3U) { for (i = 1; i < lenSz; i++) { - if (++B[AES_BLOCK_SIZE * 4 - 1 - i] != 0) break; + if (++B[WC_AES_BLOCK_SIZE * 4 - 1 - i] != 0) break; } } } @@ -10897,10 +11062,10 @@ static WC_INLINE void AesCcmCtrInc4(byte* B, word32 lenSz) { word32 i; - B[AES_BLOCK_SIZE - 1] += 4; - if (B[AES_BLOCK_SIZE - 1] < 4) { + B[WC_AES_BLOCK_SIZE - 1] = (byte)(B[WC_AES_BLOCK_SIZE - 1] + 4U); + if (B[WC_AES_BLOCK_SIZE - 1] < 4U) { for (i = 1; i < lenSz; i++) { - if (++B[AES_BLOCK_SIZE - 1 - i] != 0) break; + if (++B[WC_AES_BLOCK_SIZE - 1 - i] != 0) break; } } } @@ -10914,11 +11079,11 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz) { #ifdef WOLFSSL_AESNI - ALIGN128 byte A[AES_BLOCK_SIZE * 4]; - ALIGN128 byte B[AES_BLOCK_SIZE * 4]; + ALIGN128 byte A[WC_AES_BLOCK_SIZE * 4]; + ALIGN128 byte B[WC_AES_BLOCK_SIZE * 4]; #else - byte A[AES_BLOCK_SIZE]; - byte B[AES_BLOCK_SIZE]; + byte A[WC_AES_BLOCK_SIZE]; + byte B[WC_AES_BLOCK_SIZE]; #endif byte lenSz; word32 i; @@ -10929,7 +11094,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, /* sanity check on arguments */ if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) || nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 || - authTagSz > AES_BLOCK_SIZE) + authTagSz > WC_AES_BLOCK_SIZE) return BAD_FUNC_ARG; /* Sanity check on authIn to prevent segfault in xorbuf() where @@ -10958,14 +11123,14 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, XMEMSET(A, 0, sizeof(A)); XMEMCPY(B+1, nonce, nonceSz); - lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; + lenSz = (byte)(WC_AES_BLOCK_SIZE - 1U - nonceSz); B[0] = (byte)((authInSz > 0 ? 64 : 0) + (8 * (((byte)authTagSz - 2) / 2)) + (lenSz - 1)); for (i = 0; i < lenSz; i++) { if (mask && i >= wordSz) mask = 0x00; - B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); + B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); } #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -10988,9 +11153,9 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, if (ret == 0) { XMEMCPY(authTag, A, authTagSz); - B[0] = lenSz - 1; + B[0] = (byte)(lenSz - 1U); for (i = 0; i < lenSz; i++) - B[AES_BLOCK_SIZE - 1 - i] = 0; + B[WC_AES_BLOCK_SIZE - 1 - i] = 0; ret = wc_AesEncrypt(aes, B, A); } @@ -11000,35 +11165,35 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } #ifdef WOLFSSL_AESNI if ((ret == 0) && aes->use_aesni) { - while (inSz >= AES_BLOCK_SIZE * 4) { + while (inSz >= WC_AES_BLOCK_SIZE * 4) { AesCcmCtrIncSet4(B, lenSz); - AES_ECB_encrypt_AESNI(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key, + AES_ECB_encrypt_AESNI(B, A, WC_AES_BLOCK_SIZE * 4, (byte*)aes->key, (int)aes->rounds); - xorbuf(A, in, AES_BLOCK_SIZE * 4); - XMEMCPY(out, A, AES_BLOCK_SIZE * 4); + xorbuf(A, in, WC_AES_BLOCK_SIZE * 4); + XMEMCPY(out, A, WC_AES_BLOCK_SIZE * 4); - inSz -= AES_BLOCK_SIZE * 4; - in += AES_BLOCK_SIZE * 4; - out += AES_BLOCK_SIZE * 4; + inSz -= WC_AES_BLOCK_SIZE * 4; + in += WC_AES_BLOCK_SIZE * 4; + out += WC_AES_BLOCK_SIZE * 4; AesCcmCtrInc4(B, lenSz); } } #endif if (ret == 0) { - while (inSz >= AES_BLOCK_SIZE) { + while (inSz >= WC_AES_BLOCK_SIZE) { ret = wc_AesEncrypt(aes, B, A); if (ret != 0) break; - xorbuf(A, in, AES_BLOCK_SIZE); - XMEMCPY(out, A, AES_BLOCK_SIZE); + xorbuf(A, in, WC_AES_BLOCK_SIZE); + XMEMCPY(out, A, WC_AES_BLOCK_SIZE); AesCcmCtrInc(B, lenSz); - inSz -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + inSz -= WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } } if ((ret == 0) && (inSz > 0)) { @@ -11060,11 +11225,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* authIn, word32 authInSz) { #ifdef WOLFSSL_AESNI - ALIGN128 byte B[AES_BLOCK_SIZE * 4]; - ALIGN128 byte A[AES_BLOCK_SIZE * 4]; + ALIGN128 byte B[WC_AES_BLOCK_SIZE * 4]; + ALIGN128 byte A[WC_AES_BLOCK_SIZE * 4]; #else - byte A[AES_BLOCK_SIZE]; - byte B[AES_BLOCK_SIZE]; + byte A[WC_AES_BLOCK_SIZE]; + byte B[WC_AES_BLOCK_SIZE]; #endif byte* o; byte lenSz; @@ -11076,7 +11241,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, /* sanity check on arguments */ if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) || nonce == NULL || authTag == NULL || nonceSz < 7 || nonceSz > 13 || - authTagSz > AES_BLOCK_SIZE) + authTagSz > WC_AES_BLOCK_SIZE) return BAD_FUNC_ARG; /* Sanity check on authIn to prevent segfault in xorbuf() where @@ -11107,11 +11272,11 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, oSz = inSz; XMEMSET(A, 0, sizeof A); XMEMCPY(B+1, nonce, nonceSz); - lenSz = AES_BLOCK_SIZE - 1 - (byte)nonceSz; + lenSz = (byte)(WC_AES_BLOCK_SIZE - 1U - nonceSz); - B[0] = lenSz - 1; + B[0] = (byte)(lenSz - 1U); for (i = 0; i < lenSz; i++) - B[AES_BLOCK_SIZE - 1 - i] = 0; + B[WC_AES_BLOCK_SIZE - 1 - i] = 0; B[15] = 1; #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -11123,34 +11288,34 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, #ifdef WOLFSSL_AESNI if (aes->use_aesni) { - while (oSz >= AES_BLOCK_SIZE * 4) { + while (oSz >= WC_AES_BLOCK_SIZE * 4) { AesCcmCtrIncSet4(B, lenSz); - AES_ECB_encrypt_AESNI(B, A, AES_BLOCK_SIZE * 4, (byte*)aes->key, + AES_ECB_encrypt_AESNI(B, A, WC_AES_BLOCK_SIZE * 4, (byte*)aes->key, (int)aes->rounds); - xorbuf(A, in, AES_BLOCK_SIZE * 4); - XMEMCPY(o, A, AES_BLOCK_SIZE * 4); + xorbuf(A, in, WC_AES_BLOCK_SIZE * 4); + XMEMCPY(o, A, WC_AES_BLOCK_SIZE * 4); - oSz -= AES_BLOCK_SIZE * 4; - in += AES_BLOCK_SIZE * 4; - o += AES_BLOCK_SIZE * 4; + oSz -= WC_AES_BLOCK_SIZE * 4; + in += WC_AES_BLOCK_SIZE * 4; + o += WC_AES_BLOCK_SIZE * 4; AesCcmCtrInc4(B, lenSz); } } #endif - while (oSz >= AES_BLOCK_SIZE) { + while (oSz >= WC_AES_BLOCK_SIZE) { ret = wc_AesEncrypt(aes, B, A); if (ret != 0) break; - xorbuf(A, in, AES_BLOCK_SIZE); - XMEMCPY(o, A, AES_BLOCK_SIZE); + xorbuf(A, in, WC_AES_BLOCK_SIZE); + XMEMCPY(o, A, WC_AES_BLOCK_SIZE); AesCcmCtrInc(B, lenSz); - oSz -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - o += AES_BLOCK_SIZE; + oSz -= WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + o += WC_AES_BLOCK_SIZE; } if ((ret == 0) && (inSz > 0)) @@ -11160,7 +11325,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, xorbuf(A, in, oSz); XMEMCPY(o, A, oSz); for (i = 0; i < lenSz; i++) - B[AES_BLOCK_SIZE - 1 - i] = 0; + B[WC_AES_BLOCK_SIZE - 1 - i] = 0; ret = wc_AesEncrypt(aes, B, A); } @@ -11174,7 +11339,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, for (i = 0; i < lenSz; i++) { if (mask && i >= wordSz) mask = 0x00; - B[AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); + B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); } ret = wc_AesEncrypt(aes, B, A); @@ -11188,9 +11353,9 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, ret = roll_x(aes, o, oSz, A); if (ret == 0) { - B[0] = lenSz - 1; + B[0] = (byte)(lenSz - 1U); for (i = 0; i < lenSz; i++) - B[AES_BLOCK_SIZE - 1 - i] = 0; + B[WC_AES_BLOCK_SIZE - 1 - i] = 0; ret = wc_AesEncrypt(aes, B, B); } @@ -11664,6 +11829,12 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt( AES_ECB_encrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds); } else +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds); + } + else #endif { #ifdef NEED_AES_TABLES @@ -11671,12 +11842,12 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt( #else word32 i; - for (i = 0; i < sz; i += AES_BLOCK_SIZE) { + for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { ret = wc_AesEncryptDirect(aes, out, in); if (ret != 0) break; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } #endif } @@ -11716,6 +11887,12 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt( AES_ECB_decrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds); } else +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds); + } + else #endif { #ifdef NEED_AES_TABLES @@ -11723,12 +11900,12 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt( #else word32 i; - for (i = 0; i < sz; i += AES_BLOCK_SIZE) { + for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { ret = wc_AesDecryptDirect(aes, out, in); if (ret != 0) break; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; } #endif } @@ -11743,7 +11920,7 @@ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - if ((sz % AES_BLOCK_SIZE) != 0) { + if ((sz % WC_AES_BLOCK_SIZE) != 0) { return BAD_LENGTH_E; } @@ -11755,7 +11932,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { if ((in == NULL) || (out == NULL) || (aes == NULL)) return BAD_FUNC_ARG; - if ((sz % AES_BLOCK_SIZE) != 0) { + if ((sz % WC_AES_BLOCK_SIZE) != 0) { return BAD_LENGTH_E; } @@ -11791,10 +11968,10 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( /* consume any unused bytes left in aes->tmp */ processed = min(aes->left, sz); - xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed); + xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, processed); #ifdef WOLFSSL_AES_CFB if (mode == AES_CFB_MODE) { - XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, out, processed); + XMEMCPY((byte*)aes->reg + WC_AES_BLOCK_SIZE - aes->left, out, processed); } #endif aes->left -= processed; @@ -11804,26 +11981,26 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( VECTOR_REGISTERS_PUSH; - while (sz >= AES_BLOCK_SIZE) { + while (sz >= WC_AES_BLOCK_SIZE) { /* Using aes->tmp here for inline case i.e. in=out */ ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); if (ret != 0) break; #ifdef WOLFSSL_AES_OFB if (mode == AES_OFB_MODE) { - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); } #endif - xorbuf((byte*)aes->tmp, in, AES_BLOCK_SIZE); + xorbuf((byte*)aes->tmp, in, WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CFB if (mode == AES_CFB_MODE) { - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); } #endif - XMEMCPY(out, aes->tmp, AES_BLOCK_SIZE); - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; + XMEMCPY(out, aes->tmp, WC_AES_BLOCK_SIZE); + out += WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; aes->left = 0; } @@ -11832,11 +12009,11 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackEncrypt( ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); } if ((ret == 0) && sz) { - aes->left = AES_BLOCK_SIZE; + aes->left = WC_AES_BLOCK_SIZE; tmp = (byte*)aes->tmp; #ifdef WOLFSSL_AES_OFB if (mode == AES_OFB_MODE) { - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); } #endif @@ -11881,13 +12058,14 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( /* check if more input needs copied over to aes->reg */ if (aes->left && sz && mode == AES_CFB_MODE) { word32 size = min(aes->left, sz); - XMEMCPY((byte*)aes->reg + AES_BLOCK_SIZE - aes->left, in, size); + XMEMCPY((byte*)aes->reg + WC_AES_BLOCK_SIZE - aes->left, in, size); } #endif /* consume any unused bytes left in aes->tmp */ processed = min(aes->left, sz); - xorbufout(out, in, (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left, processed); + xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, + processed); aes->left -= processed; out += processed; in += processed; @@ -11895,26 +12073,26 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( VECTOR_REGISTERS_PUSH; - while (sz > AES_BLOCK_SIZE) { + while (sz > WC_AES_BLOCK_SIZE) { /* Using aes->tmp here for inline case i.e. in=out */ ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); if (ret != 0) break; #ifdef WOLFSSL_AES_OFB if (mode == AES_OFB_MODE) { - XMEMCPY((byte*)aes->reg, (byte*)aes->tmp, AES_BLOCK_SIZE); + XMEMCPY((byte*)aes->reg, (byte*)aes->tmp, WC_AES_BLOCK_SIZE); } #endif - xorbuf((byte*)aes->tmp, in, AES_BLOCK_SIZE); + xorbuf((byte*)aes->tmp, in, WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_AES_CFB if (mode == AES_CFB_MODE) { - XMEMCPY(aes->reg, in, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, in, WC_AES_BLOCK_SIZE); } #endif - XMEMCPY(out, (byte*)aes->tmp, AES_BLOCK_SIZE); - out += AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; + XMEMCPY(out, (byte*)aes->tmp, WC_AES_BLOCK_SIZE); + out += WC_AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; aes->left = 0; } @@ -11930,11 +12108,11 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( #endif #ifdef WOLFSSL_AES_OFB if (mode == AES_OFB_MODE) { - XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); } #endif - aes->left = AES_BLOCK_SIZE - sz; + aes->left = WC_AES_BLOCK_SIZE - sz; xorbufout(out, in, aes->tmp, sz); } @@ -11981,27 +12159,27 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } #endif /* HAVE_AES_DECRYPT */ - -/* shift the whole AES_BLOCK_SIZE array left by 8 or 1 bits */ +#ifndef WOLFSSL_NO_AES_CFB_1_8 +/* shift the whole WC_AES_BLOCK_SIZE array left by 8 or 1 bits */ static void shiftLeftArray(byte* ary, byte shift) { int i; if (shift == WOLFSSL_BIT_SIZE) { /* shifting over by 8 bits */ - for (i = 0; i < AES_BLOCK_SIZE - 1; i++) { + for (i = 0; i < WC_AES_BLOCK_SIZE - 1; i++) { ary[i] = ary[i+1]; } ary[i] = 0; } else { /* shifting over by 7 or less bits */ - for (i = 0; i < AES_BLOCK_SIZE - 1; i++) { - byte carry = ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift)); - carry >>= (WOLFSSL_BIT_SIZE - shift); + for (i = 0; i < WC_AES_BLOCK_SIZE - 1; i++) { + byte carry = (byte)(ary[i+1] & (0XFF << (WOLFSSL_BIT_SIZE - shift))); + carry = (byte)(carry >> (WOLFSSL_BIT_SIZE - shift)); ary[i] = (byte)((ary[i] << shift) + carry); } - ary[i] = ary[i] << shift; + ary[i] = (byte)(ary[i] << shift); } } @@ -12032,12 +12210,12 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8( /* LSB + CAT */ shiftLeftArray(pt, WOLFSSL_BIT_SIZE); - pt[AES_BLOCK_SIZE - 1] = in[0]; + pt[WC_AES_BLOCK_SIZE - 1] = in[0]; } /* MSB + XOR */ #ifdef BIG_ENDIAN_ORDER - ByteReverseWords(aes->tmp, aes->tmp, AES_BLOCK_SIZE); + ByteReverseWords(aes->tmp, aes->tmp, WC_AES_BLOCK_SIZE); #endif out[0] = (byte)(aes->tmp[0] ^ in[0]); if (dir == AES_ENCRYPTION) { @@ -12045,7 +12223,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB8( /* LSB + CAT */ shiftLeftArray(pt, WOLFSSL_BIT_SIZE); - pt[AES_BLOCK_SIZE - 1] = out[0]; + pt[WC_AES_BLOCK_SIZE - 1] = out[0]; } out += 1; @@ -12087,19 +12265,19 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1( pt = (byte*)aes->reg; /* LSB + CAT */ - tmp = (0X01 << bit) & in[0]; - tmp = tmp >> bit; + tmp = (byte)((0X01U << bit) & in[0]); + tmp = (byte)(tmp >> bit); tmp &= 0x01; shiftLeftArray((byte*)aes->reg, 1); - pt[AES_BLOCK_SIZE - 1] |= tmp; + pt[WC_AES_BLOCK_SIZE - 1] |= tmp; } /* MSB + XOR */ - tmp = (0X01 << bit) & in[0]; + tmp = (byte)((0X01U << bit) & in[0]); pt = (byte*)aes->tmp; - tmp = (pt[0] >> 7) ^ (tmp >> bit); + tmp = (byte)((pt[0] >> 7) ^ (tmp >> bit)); tmp &= 0x01; - cur |= (tmp << bit); + cur = (byte)(cur | (tmp << bit)); if (dir == AES_ENCRYPTION) { @@ -12107,7 +12285,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1( /* LSB + CAT */ shiftLeftArray((byte*)aes->reg, 1); - pt[AES_BLOCK_SIZE - 1] |= tmp; + pt[WC_AES_BLOCK_SIZE - 1] |= tmp; } bit--; @@ -12116,7 +12294,7 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackCFB1( out += 1; in += 1; sz -= 1; - bit = 7; + bit = 7U; cur = 0; } else { @@ -12199,6 +12377,7 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz) return wc_AesFeedbackCFB8(aes, out, in, sz, AES_DECRYPTION); } #endif /* HAVE_AES_DECRYPT */ +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB @@ -12286,7 +12465,7 @@ int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out, int ret = 0; byte t[KEYWRAP_BLOCK_SIZE]; - byte tmp[AES_BLOCK_SIZE]; + byte tmp[WC_AES_BLOCK_SIZE]; /* n must be at least 2 64-bit blocks, output size is (n + 1) 8 bytes (64-bit) */ if (aes == NULL || in == NULL || inSz < 2*KEYWRAP_BLOCK_SIZE || @@ -12394,7 +12573,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out, int ret = 0; byte t[KEYWRAP_BLOCK_SIZE]; - byte tmp[AES_BLOCK_SIZE]; + byte tmp[WC_AES_BLOCK_SIZE]; const byte* expIv; const byte defaultIV[] = { @@ -12715,16 +12894,16 @@ int wc_AesXtsEncryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector) { byte* pt; - byte i[AES_BLOCK_SIZE]; + byte i[WC_AES_BLOCK_SIZE]; - XMEMSET(i, 0, AES_BLOCK_SIZE); + XMEMSET(i, 0, WC_AES_BLOCK_SIZE); #ifdef BIG_ENDIAN_ORDER sector = ByteReverseWord64(sector); #endif pt = (byte*)§or; XMEMCPY(i, pt, sizeof(word64)); - return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, AES_BLOCK_SIZE); + return wc_AesXtsEncrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE); } @@ -12743,16 +12922,16 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, word64 sector) { byte* pt; - byte i[AES_BLOCK_SIZE]; + byte i[WC_AES_BLOCK_SIZE]; - XMEMSET(i, 0, AES_BLOCK_SIZE); + XMEMSET(i, 0, WC_AES_BLOCK_SIZE); #ifdef BIG_ENDIAN_ORDER sector = ByteReverseWord64(sector); #endif pt = (byte*)§or; XMEMCPY(i, pt, sizeof(word64)); - return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, AES_BLOCK_SIZE); + return wc_AesXtsDecrypt(aes, out, in, sz, (const byte*)i, WC_AES_BLOCK_SIZE); } #ifdef WOLFSSL_AESNI @@ -12816,35 +12995,36 @@ void AES_XTS_decrypt_update_avx1(const unsigned char *in, unsigned char *out, wo #endif /* WOLFSSL_AESNI */ -#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) #ifdef HAVE_AES_ECB /* helper function for encrypting / decrypting full buffer at once */ static WARN_UNUSED_RESULT int _AesXtsHelper( Aes* aes, byte* out, const byte* in, word32 sz, int dir) { word32 outSz = sz; - word32 totalSz = (sz / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; /* total bytes */ + word32 totalSz = (sz / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE; /* total bytes */ byte* pt = out; - outSz -= AES_BLOCK_SIZE; + outSz -= WC_AES_BLOCK_SIZE; while (outSz > 0) { word32 j; byte carry = 0; /* multiply by shift left and propagate carry */ - for (j = 0; j < AES_BLOCK_SIZE && outSz > 0; j++, outSz--) { + for (j = 0; j < WC_AES_BLOCK_SIZE && outSz > 0; j++, outSz--) { byte tmpC; tmpC = (pt[j] >> 7) & 0x01; - pt[j+AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry); + pt[j+WC_AES_BLOCK_SIZE] = (byte)((pt[j] << 1) + carry); carry = tmpC; } if (carry) { - pt[AES_BLOCK_SIZE] ^= GF_XTS; + pt[WC_AES_BLOCK_SIZE] ^= GF_XTS; } - pt += AES_BLOCK_SIZE; + pt += WC_AES_BLOCK_SIZE; } xorbuf(out, in, totalSz); @@ -12885,7 +13065,7 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, const byte* i) { int ret; - byte tweak_block[AES_BLOCK_SIZE]; + byte tweak_block[WC_AES_BLOCK_SIZE]; ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i); if (ret != 0) @@ -12927,13 +13107,13 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, byte *i) { int ret = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); Aes *aes = &xaes->aes; #ifdef HAVE_AES_ECB /* encrypt all of buffer at once when possible */ if (in != out) { /* can not handle inline */ - XMEMCPY(out, i, AES_BLOCK_SIZE); + XMEMCPY(out, i, WC_AES_BLOCK_SIZE); if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0) return ret; } @@ -12947,18 +13127,18 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, if (in == out) #endif { /* check for if inline */ - byte buf[AES_BLOCK_SIZE]; + byte buf[WC_AES_BLOCK_SIZE]; - XMEMCPY(buf, in, AES_BLOCK_SIZE); - xorbuf(buf, i, AES_BLOCK_SIZE); + XMEMCPY(buf, in, WC_AES_BLOCK_SIZE); + xorbuf(buf, i, WC_AES_BLOCK_SIZE); ret = wc_AesEncryptDirect(aes, out, buf); if (ret != 0) return ret; } - xorbuf(out, i, AES_BLOCK_SIZE); + xorbuf(out, i, WC_AES_BLOCK_SIZE); /* multiply by shift left and propagate carry */ - for (j = 0; j < AES_BLOCK_SIZE; j++) { + for (j = 0; j < WC_AES_BLOCK_SIZE; j++) { byte tmpC; tmpC = (i[j] >> 7) & 0x01; @@ -12969,18 +13149,18 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, i[0] ^= GF_XTS; } - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; blocks--; } /* stealing operation of XTS to handle left overs */ if (sz > 0) { - byte buf[AES_BLOCK_SIZE]; + byte buf[WC_AES_BLOCK_SIZE]; - XMEMCPY(buf, out - AES_BLOCK_SIZE, AES_BLOCK_SIZE); - if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */ + XMEMCPY(buf, out - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + if (sz >= WC_AES_BLOCK_SIZE) { /* extra sanity check before copy */ return BUFFER_E; } if (in != out) { @@ -12988,17 +13168,17 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, XMEMCPY(buf, in, sz); } else { - byte buf2[AES_BLOCK_SIZE]; + byte buf2[WC_AES_BLOCK_SIZE]; XMEMCPY(buf2, buf, sz); XMEMCPY(buf, in, sz); XMEMCPY(out, buf2, sz); } - xorbuf(buf, i, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf); + xorbuf(buf, i, WC_AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(aes, out - WC_AES_BLOCK_SIZE, buf); if (ret == 0) - xorbuf(out - AES_BLOCK_SIZE, i, AES_BLOCK_SIZE); + xorbuf(out - WC_AES_BLOCK_SIZE, i, WC_AES_BLOCK_SIZE); } return ret; @@ -13011,7 +13191,7 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, * in input plain text buffer to encrypt * sz size of both out and in buffers * i value to use for tweak - * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * iSz size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input * adds a sanity check on how the user calls the function. * * returns 0 on success @@ -13029,8 +13209,8 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, #if FIPS_VERSION3_GE(6,0,0) /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is - * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to - * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes) + * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes) */ if (sz > FIPS_AES_XTS_MAX_BYTES_PER_TWEAK) { WOLFSSL_MSG("Request exceeds allowed bytes per SP800-38E"); @@ -13045,11 +13225,11 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, return BAD_FUNC_ARG; } - if (iSz < AES_BLOCK_SIZE) { + if (iSz < WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } - if (sz < AES_BLOCK_SIZE) { + if (sz < WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("Plain text input too small for encryption"); return BAD_FUNC_ARG; } @@ -13078,6 +13258,13 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, RESTORE_VECTOR_REGISTERS(); } else +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_XTS_encrypt_AARCH64(xaes, out, in, sz, i); + ret = 0; + } + else #endif { ret = AesXtsEncrypt_sw(xaes, out, in, sz, i); @@ -13093,7 +13280,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, * * xaes AES keys to use for block encrypt/decrypt * i readwrite value to use for tweak - * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * iSz size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input * adds a sanity check on how the user calls the function. * * returns 0 on success @@ -13109,7 +13296,7 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz, return BAD_FUNC_ARG; } - if (iSz < AES_BLOCK_SIZE) { + if (iSz < WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } @@ -13120,7 +13307,7 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz, return BAD_FUNC_ARG; } - XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE); + XMEMCPY(stream->tweak_block, i, WC_AES_BLOCK_SIZE); stream->bytes_crypted_with_this_tweak = 0; { @@ -13156,16 +13343,16 @@ int wc_AesXtsEncryptInit(XtsAes* xaes, const byte* i, word32 iSz, /* Block-streaming AES-XTS * - * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple - * of AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate(). - * wc_AesXtsEncryptFinal() can handle any length >= AES_BLOCK_SIZE. + * Note that sz must be >= WC_AES_BLOCK_SIZE in each call, and must be a multiple + * of WC_AES_BLOCK_SIZE in each call to wc_AesXtsEncryptUpdate(). + * wc_AesXtsEncryptFinal() can handle any length >= WC_AES_BLOCK_SIZE. * * xaes AES keys to use for block encrypt/decrypt * out output buffer to hold cipher text * in input plain text buffer to encrypt - * sz size of both out and in buffers -- must be >= AES_BLOCK_SIZE. + * sz size of both out and in buffers -- must be >= WC_AES_BLOCK_SIZE. * i value to use for tweak - * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * iSz size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input * adds a sanity check on how the user calls the function. * * returns 0 on success @@ -13187,12 +13374,12 @@ static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s aes = &xaes->aes; #endif - if (sz < AES_BLOCK_SIZE) { + if (sz < WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("Plain text input too small for encryption"); return BAD_FUNC_ARG; } - if (stream->bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U)) + if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U)) { WOLFSSL_MSG("Call to AesXtsEncryptUpdate after previous finalizing call"); return BAD_FUNC_ARG; @@ -13204,8 +13391,8 @@ static int AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s #endif #if FIPS_VERSION3_GE(6,0,0) /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is - * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to - * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes) + * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes) */ if (stream->bytes_crypted_with_this_tweak > FIPS_AES_XTS_MAX_BYTES_PER_TWEAK) @@ -13252,7 +13439,7 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, { if (stream == NULL) return BAD_FUNC_ARG; - if (sz & ((word32)AES_BLOCK_SIZE - 1U)) + if (sz & ((word32)WC_AES_BLOCK_SIZE - 1U)) return BAD_FUNC_ARG; return AesXtsEncryptUpdate(xaes, out, in, sz, stream); } @@ -13271,9 +13458,9 @@ int wc_AesXtsEncryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz, * after finalization. */ stream->bytes_crypted_with_this_tweak |= 1U; - ForceZero(stream->tweak_block, AES_BLOCK_SIZE); + ForceZero(stream->tweak_block, WC_AES_BLOCK_SIZE); #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(stream->tweak_block, AES_BLOCK_SIZE); + wc_MemZero_Check(stream->tweak_block, WC_AES_BLOCK_SIZE); #endif return ret; } @@ -13300,7 +13487,7 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, const byte* i) { int ret; - byte tweak_block[AES_BLOCK_SIZE]; + byte tweak_block[WC_AES_BLOCK_SIZE]; ret = wc_AesEncryptDirect(&xaes->tweak, tweak_block, i); if (ret != 0) @@ -13329,7 +13516,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte *i) { int ret = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS Aes *aes = &xaes->aes_decrypt; #else @@ -13337,7 +13524,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, #endif word32 j; byte carry = 0; - byte stl = (sz % AES_BLOCK_SIZE); + byte stl = (sz % WC_AES_BLOCK_SIZE); /* if Stealing then break out of loop one block early to handle special * case */ @@ -13348,7 +13535,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, #ifdef HAVE_AES_ECB /* decrypt all of buffer at once when possible */ if (in != out) { /* can not handle inline */ - XMEMCPY(out, i, AES_BLOCK_SIZE); + XMEMCPY(out, i, WC_AES_BLOCK_SIZE); if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0) return ret; } @@ -13359,18 +13546,18 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, if (in == out) #endif { /* check for if inline */ - byte buf[AES_BLOCK_SIZE]; + byte buf[WC_AES_BLOCK_SIZE]; - XMEMCPY(buf, in, AES_BLOCK_SIZE); - xorbuf(buf, i, AES_BLOCK_SIZE); + XMEMCPY(buf, in, WC_AES_BLOCK_SIZE); + xorbuf(buf, i, WC_AES_BLOCK_SIZE); ret = wc_AesDecryptDirect(aes, out, buf); if (ret != 0) return ret; } - xorbuf(out, i, AES_BLOCK_SIZE); + xorbuf(out, i, WC_AES_BLOCK_SIZE); /* multiply by shift left and propagate carry */ - for (j = 0; j < AES_BLOCK_SIZE; j++) { + for (j = 0; j < WC_AES_BLOCK_SIZE; j++) { byte tmpC; tmpC = (i[j] >> 7) & 0x01; @@ -13382,19 +13569,19 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, } carry = 0; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; blocks--; } /* stealing operation of XTS to handle left overs */ - if (sz >= AES_BLOCK_SIZE) { - byte buf[AES_BLOCK_SIZE]; - byte tmp2[AES_BLOCK_SIZE]; + if (sz >= WC_AES_BLOCK_SIZE) { + byte buf[WC_AES_BLOCK_SIZE]; + byte tmp2[WC_AES_BLOCK_SIZE]; /* multiply by shift left and propagate carry */ - for (j = 0; j < AES_BLOCK_SIZE; j++) { + for (j = 0; j < WC_AES_BLOCK_SIZE; j++) { byte tmpC; tmpC = (i[j] >> 7) & 0x01; @@ -13405,33 +13592,33 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, tmp2[0] ^= GF_XTS; } - XMEMCPY(buf, in, AES_BLOCK_SIZE); - xorbuf(buf, tmp2, AES_BLOCK_SIZE); + XMEMCPY(buf, in, WC_AES_BLOCK_SIZE); + xorbuf(buf, tmp2, WC_AES_BLOCK_SIZE); ret = wc_AesDecryptDirect(aes, out, buf); if (ret != 0) return ret; - xorbuf(out, tmp2, AES_BLOCK_SIZE); + xorbuf(out, tmp2, WC_AES_BLOCK_SIZE); /* tmp2 holds partial | last */ - XMEMCPY(tmp2, out, AES_BLOCK_SIZE); - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - sz -= AES_BLOCK_SIZE; + XMEMCPY(tmp2, out, WC_AES_BLOCK_SIZE); + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + sz -= WC_AES_BLOCK_SIZE; /* Make buffer with end of cipher text | last */ - XMEMCPY(buf, tmp2, AES_BLOCK_SIZE); - if (sz >= AES_BLOCK_SIZE) { /* extra sanity check before copy */ + XMEMCPY(buf, tmp2, WC_AES_BLOCK_SIZE); + if (sz >= WC_AES_BLOCK_SIZE) { /* extra sanity check before copy */ return BUFFER_E; } XMEMCPY(buf, in, sz); XMEMCPY(out, tmp2, sz); - xorbuf(buf, i, AES_BLOCK_SIZE); + xorbuf(buf, i, WC_AES_BLOCK_SIZE); ret = wc_AesDecryptDirect(aes, tmp2, buf); if (ret != 0) return ret; - xorbuf(tmp2, i, AES_BLOCK_SIZE); - XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE); + xorbuf(tmp2, i, WC_AES_BLOCK_SIZE); + XMEMCPY(out - WC_AES_BLOCK_SIZE, tmp2, WC_AES_BLOCK_SIZE); } return ret; @@ -13444,7 +13631,7 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, * in input cipher text buffer to decrypt * sz size of both out and in buffers * i value to use for tweak - * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * iSz size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input * adds a sanity check on how the user calls the function. * * returns 0 on success @@ -13466,10 +13653,10 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, #endif /* FIPS TODO: SP800-38E - Restrict data unit to 2^20 blocks per key. A block is - * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to - * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes or + * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes or * 134,217,728-bits) Add helpful printout and message along with BAD_FUNC_ARG - * return whenever sz / AES_BLOCK_SIZE > 1,048,576 or equal to that and sz is + * return whenever sz / WC_AES_BLOCK_SIZE > 1,048,576 or equal to that and sz is * not a sequence of complete blocks. */ @@ -13478,11 +13665,11 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, return BAD_FUNC_ARG; } - if (iSz < AES_BLOCK_SIZE) { + if (iSz < WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } - if (sz < AES_BLOCK_SIZE) { + if (sz < WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("Cipher text input too small for decryption"); return BAD_FUNC_ARG; } @@ -13511,6 +13698,13 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, RESTORE_VECTOR_REGISTERS(); } else +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_XTS_decrypt_AARCH64(xaes, out, in, sz, i); + ret = 0; + } + else #endif { ret = AesXtsDecrypt_sw(xaes, out, in, sz, i); @@ -13526,7 +13720,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, * * xaes AES keys to use for block encrypt/decrypt * i readwrite value to use for tweak - * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input + * iSz size of i buffer, should always be WC_AES_BLOCK_SIZE but having this input * adds a sanity check on how the user calls the function. * * returns 0 on success @@ -13552,11 +13746,11 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, const byte* i, word32 iSz, return BAD_FUNC_ARG; } - if (iSz < AES_BLOCK_SIZE) { + if (iSz < WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } - XMEMCPY(stream->tweak_block, i, AES_BLOCK_SIZE); + XMEMCPY(stream->tweak_block, i, WC_AES_BLOCK_SIZE); stream->bytes_crypted_with_this_tweak = 0; { @@ -13593,15 +13787,15 @@ int wc_AesXtsDecryptInit(XtsAes* xaes, const byte* i, word32 iSz, /* Block-streaming AES-XTS * - * Note that sz must be >= AES_BLOCK_SIZE in each call, and must be a multiple - * of AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate(). - * wc_AesXtsDecryptFinal() can handle any length >= AES_BLOCK_SIZE. + * Note that sz must be >= WC_AES_BLOCK_SIZE in each call, and must be a multiple + * of WC_AES_BLOCK_SIZE in each call to wc_AesXtsDecryptUpdate(). + * wc_AesXtsDecryptFinal() can handle any length >= WC_AES_BLOCK_SIZE. * * xaes AES keys to use for block encrypt/decrypt * out output buffer to hold plain text * in input cipher text buffer to decrypt * sz size of both out and in buffers - * i tweak buffer of size AES_BLOCK_SIZE. + * i tweak buffer of size WC_AES_BLOCK_SIZE. * * returns 0 on success */ @@ -13625,12 +13819,12 @@ static int AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 s #endif #endif - if (sz < AES_BLOCK_SIZE) { + if (sz < WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("Cipher text input too small for decryption"); return BAD_FUNC_ARG; } - if (stream->bytes_crypted_with_this_tweak & ((word32)AES_BLOCK_SIZE - 1U)) + if (stream->bytes_crypted_with_this_tweak & ((word32)WC_AES_BLOCK_SIZE - 1U)) { WOLFSSL_MSG("Call to AesXtsDecryptUpdate after previous finalizing call"); return BAD_FUNC_ARG; @@ -13680,7 +13874,7 @@ int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, { if (stream == NULL) return BAD_FUNC_ARG; - if (sz & ((word32)AES_BLOCK_SIZE - 1U)) + if (sz & ((word32)WC_AES_BLOCK_SIZE - 1U)) return BAD_FUNC_ARG; return AesXtsDecryptUpdate(xaes, out, in, sz, stream); } @@ -13695,20 +13889,19 @@ int wc_AesXtsDecryptFinal(XtsAes* xaes, byte* out, const byte* in, word32 sz, ret = AesXtsDecryptUpdate(xaes, out, in, sz, stream); else ret = 0; - ForceZero(stream->tweak_block, AES_BLOCK_SIZE); + ForceZero(stream->tweak_block, WC_AES_BLOCK_SIZE); /* force the count odd, to assure error on attempt to AesXtsEncryptUpdate() * after finalization. */ stream->bytes_crypted_with_this_tweak |= 1U; #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(stream->tweak_block, AES_BLOCK_SIZE); + wc_MemZero_Check(stream->tweak_block, WC_AES_BLOCK_SIZE); #endif return ret; } #endif /* WOLFSSL_AESXTS_STREAM */ - -#endif /* !WOLFSSL_ARMASM || WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#endif /* Same as wc_AesXtsEncryptSector but the sector gets incremented by one every * sectorSz bytes @@ -13734,7 +13927,7 @@ int wc_AesXtsEncryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in, return BAD_FUNC_ARG; } - if (sz < AES_BLOCK_SIZE) { + if (sz < WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("Cipher text input too small for encryption"); return BAD_FUNC_ARG; } @@ -13783,7 +13976,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in, return BAD_FUNC_ARG; } - if (sz < AES_BLOCK_SIZE) { + if (sz < WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("Cipher text input too small for decryption"); return BAD_FUNC_ARG; } @@ -13825,10 +14018,10 @@ static WARN_UNUSED_RESULT int S2V( int i; Cmac* cmac; #else - byte tmp[3][AES_BLOCK_SIZE]; + byte tmp[3][WC_AES_BLOCK_SIZE]; Cmac cmac[1]; #endif - word32 macSz = AES_BLOCK_SIZE; + word32 macSz = WC_AES_BLOCK_SIZE; int ret = 0; byte tmpi = 0; word32 ai; @@ -13836,7 +14029,7 @@ static WARN_UNUSED_RESULT int S2V( #ifdef WOLFSSL_SMALL_STACK for (i = 0; i < 3; ++i) { - tmp[i] = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp[i] = (byte*)XMALLOC(WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp[i] == NULL) { ret = MEMORY_E; break; @@ -13853,10 +14046,10 @@ static WARN_UNUSED_RESULT int S2V( } if (ret == 0) { - XMEMSET(tmp[1], 0, AES_BLOCK_SIZE); - XMEMSET(tmp[2], 0, AES_BLOCK_SIZE); + XMEMSET(tmp[1], 0, WC_AES_BLOCK_SIZE); + XMEMSET(tmp[2], 0, WC_AES_BLOCK_SIZE); - ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], AES_BLOCK_SIZE, + ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], WC_AES_BLOCK_SIZE, key, keySz); } @@ -13868,8 +14061,8 @@ static WARN_UNUSED_RESULT int S2V( assoc[ai].assocSz, key, keySz); if (ret != 0) break; - xorbuf(tmp[1-tmpi], tmp[tmpi], AES_BLOCK_SIZE); - tmpi = 1 - tmpi; + xorbuf(tmp[1-tmpi], tmp[tmpi], WC_AES_BLOCK_SIZE); + tmpi = (byte)(1 - tmpi); } /* Add nonce as final AD. See RFC 5297 Section 3. */ @@ -13878,20 +14071,20 @@ static WARN_UNUSED_RESULT int S2V( ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, nonce, nonceSz, key, keySz); if (ret == 0) { - xorbuf(tmp[1-tmpi], tmp[tmpi], AES_BLOCK_SIZE); + xorbuf(tmp[1-tmpi], tmp[tmpi], WC_AES_BLOCK_SIZE); } - tmpi = 1 - tmpi; + tmpi = (byte)(1U - tmpi); } /* For simplicity of the remaining code, make sure the "final" result is always in tmp[0]. */ if (tmpi == 1) { - XMEMCPY(tmp[0], tmp[1], AES_BLOCK_SIZE); + XMEMCPY(tmp[0], tmp[1], WC_AES_BLOCK_SIZE); } } if (ret == 0) { - if (dataSz >= AES_BLOCK_SIZE) { + if (dataSz >= WC_AES_BLOCK_SIZE) { #ifdef WOLFSSL_SMALL_STACK cmac = (Cmac*)XMALLOC(sizeof(Cmac), NULL, DYNAMIC_TYPE_CMAC); @@ -13907,14 +14100,14 @@ static WARN_UNUSED_RESULT int S2V( ((unsigned char *)cmac) + sizeof(Aes), sizeof(Cmac) - sizeof(Aes)); #endif - xorbuf(tmp[0], data + (dataSz - AES_BLOCK_SIZE), - AES_BLOCK_SIZE); + xorbuf(tmp[0], data + (dataSz - WC_AES_BLOCK_SIZE), + WC_AES_BLOCK_SIZE); ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL); if (ret == 0) { - ret = wc_CmacUpdate(cmac, data, dataSz - AES_BLOCK_SIZE); + ret = wc_CmacUpdate(cmac, data, dataSz - WC_AES_BLOCK_SIZE); } if (ret == 0) { - ret = wc_CmacUpdate(cmac, tmp[0], AES_BLOCK_SIZE); + ret = wc_CmacUpdate(cmac, tmp[0], WC_AES_BLOCK_SIZE); } if (ret == 0) { ret = wc_CmacFinal(cmac, out, &macSz); @@ -13929,13 +14122,13 @@ static WARN_UNUSED_RESULT int S2V( else { XMEMCPY(tmp[2], data, dataSz); tmp[2][dataSz] |= 0x80; - zeroBytes = AES_BLOCK_SIZE - (dataSz + 1); + zeroBytes = WC_AES_BLOCK_SIZE - (dataSz + 1); if (zeroBytes != 0) { XMEMSET(tmp[2] + dataSz + 1, 0, zeroBytes); } ShiftAndXorRb(tmp[1], tmp[0]); - xorbuf(tmp[1], tmp[2], AES_BLOCK_SIZE); - ret = wc_AesCmacGenerate(out, &macSz, tmp[1], AES_BLOCK_SIZE, key, + xorbuf(tmp[1], tmp[2], WC_AES_BLOCK_SIZE); + ret = wc_AesCmacGenerate(out, &macSz, tmp[1], WC_AES_BLOCK_SIZE, key, keySz); } } @@ -13963,7 +14156,7 @@ static WARN_UNUSED_RESULT int AesSivCipher( #else Aes aes[1]; #endif - byte sivTmp[AES_BLOCK_SIZE]; + byte sivTmp[WC_AES_BLOCK_SIZE]; if (key == NULL || siv == NULL || out == NULL) { WOLFSSL_MSG("Bad parameter"); @@ -13983,11 +14176,11 @@ static WARN_UNUSED_RESULT int AesSivCipher( WOLFSSL_MSG("S2V failed."); } else { - XMEMCPY(siv, sivTmp, AES_BLOCK_SIZE); + XMEMCPY(siv, sivTmp, WC_AES_BLOCK_SIZE); } } else { - XMEMCPY(sivTmp, siv, AES_BLOCK_SIZE); + XMEMCPY(sivTmp, siv, WC_AES_BLOCK_SIZE); } } @@ -14025,7 +14218,7 @@ static WARN_UNUSED_RESULT int AesSivCipher( WOLFSSL_MSG("S2V failed."); } - if (XMEMCMP(siv, sivTmp, AES_BLOCK_SIZE) != 0) { + if (XMEMCMP(siv, sivTmp, WC_AES_BLOCK_SIZE) != 0) { WOLFSSL_MSG("Computed SIV doesn't match received SIV."); ret = AES_SIV_AUTH_E; } @@ -14283,7 +14476,7 @@ int wc_AesEaxInit(AesEax* eax, goto out; } - cmacSize = AES_BLOCK_SIZE; + cmacSize = WC_AES_BLOCK_SIZE; if ((ret = wc_CmacFinal(&eax->nonceCmac, eax->nonceCmacFinal, &cmacSize)) != 0) { @@ -14300,7 +14493,7 @@ int wc_AesEaxInit(AesEax* eax, * provided * H' = OMAC^1_K(H) */ - eax->prefixBuf[AES_BLOCK_SIZE-1] = 1; + eax->prefixBuf[WC_AES_BLOCK_SIZE-1] = 1; if ((ret = wc_InitCmac(&eax->aadCmac, key, keySz, @@ -14327,7 +14520,7 @@ int wc_AesEaxInit(AesEax* eax, * updated in subsequent calls to encrypt/decrypt * C' = OMAC^2_K(C) */ - eax->prefixBuf[AES_BLOCK_SIZE-1] = 2; + eax->prefixBuf[WC_AES_BLOCK_SIZE-1] = 2; if ((ret = wc_InitCmac(&eax->ciphertextCmac, key, keySz, @@ -14475,12 +14668,12 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz) int ret; word32 i; - if (eax == NULL || authTag == NULL || authTagSz > AES_BLOCK_SIZE) { + if (eax == NULL || authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } /* Complete the OMAC for the ciphertext */ - cmacSize = AES_BLOCK_SIZE; + cmacSize = WC_AES_BLOCK_SIZE; if ((ret = wc_CmacFinalNoFree(&eax->ciphertextCmac, eax->ciphertextCmacFinal, &cmacSize)) != 0) { @@ -14488,7 +14681,7 @@ int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz) } /* Complete the OMAC for auth data */ - cmacSize = AES_BLOCK_SIZE; + cmacSize = WC_AES_BLOCK_SIZE; if ((ret = wc_CmacFinalNoFree(&eax->aadCmac, eax->aadCmacFinal, &cmacSize)) != 0) { @@ -14529,15 +14722,15 @@ int wc_AesEaxDecryptFinal(AesEax* eax, #if defined(WOLFSSL_SMALL_STACK) byte *authTag; #else - byte authTag[AES_BLOCK_SIZE]; + byte authTag[WC_AES_BLOCK_SIZE]; #endif - if (eax == NULL || authIn == NULL || authInSz > AES_BLOCK_SIZE) { + if (eax == NULL || authIn == NULL || authInSz > WC_AES_BLOCK_SIZE) { return BAD_FUNC_ARG; } /* Complete the OMAC for the ciphertext */ - cmacSize = AES_BLOCK_SIZE; + cmacSize = WC_AES_BLOCK_SIZE; if ((ret = wc_CmacFinalNoFree(&eax->ciphertextCmac, eax->ciphertextCmacFinal, &cmacSize)) != 0) { @@ -14545,7 +14738,7 @@ int wc_AesEaxDecryptFinal(AesEax* eax, } /* Complete the OMAC for auth data */ - cmacSize = AES_BLOCK_SIZE; + cmacSize = WC_AES_BLOCK_SIZE; if ((ret = wc_CmacFinalNoFree(&eax->aadCmac, eax->aadCmacFinal, &cmacSize)) != 0) { @@ -14553,7 +14746,7 @@ int wc_AesEaxDecryptFinal(AesEax* eax, } #if defined(WOLFSSL_SMALL_STACK) - authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + authTag = (byte*)XMALLOC(WC_AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (authTag == NULL) { return MEMORY_E; } diff --git a/src/wolfcrypt/src/asn.c b/src/wolfcrypt/src/asn.c index 0c52002..6335df3 100644 --- a/src/wolfcrypt/src/asn.c +++ b/src/wolfcrypt/src/asn.c @@ -105,6 +105,8 @@ ASN Options: * WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature * algorithms in certificates to have NULL parameter instead of empty. * DO NOT enable this unless required for interoperability. + * WOLFSSL_ASN_EXTRA: Make more ASN.1 APIs available regardless of internal + * usage. */ #include @@ -1271,8 +1273,8 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, /* Fill number with all of data. */ *data->data.u16 = 0; for (i = 0; i < len; i++) { - *data->data.u16 <<= 8; - *data->data.u16 |= input[idx + (word32)i] ; + *data->data.u16 = (word16)(*data->data.u16 << 8U); + *data->data.u16 = (word16)(*data->data.u16 | input[idx + (word32)i]); } break; case ASN_DATA_TYPE_WORD32: @@ -3176,7 +3178,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx, } -#ifndef NO_PWDBASED +#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA) /* Decode small integer, 32 bits or less. * * @param [in] input Buffer of BER data. @@ -3241,8 +3243,10 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx) return ret; #endif } +#endif /* !NO_PWDBASED || WOLFSSL_ASN_EXTRA */ +#ifndef NO_PWDBASED #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \ defined(HAVE_PKCS12) /* Set small integer, 32 bits or less. DER encoding with no leading 0s @@ -4597,6 +4601,7 @@ static const byte dnsSRVOid[] = {43, 6, 1, 5, 5, 7, 8, 7}; /* Pilot attribute types (0.9.2342.19200300.100.1.*) */ #define PLT_ATTR_TYPE_OID_BASE(num) {9, 146, 38, 137, 147, 242, 44, 100, 1, num} static const byte uidOid[] = PLT_ATTR_TYPE_OID_BASE(1); /* user id */ +static const byte rfc822Mlbx[] = PLT_ATTR_TYPE_OID_BASE(3); /* RFC822 mailbox */ static const byte fvrtDrk[] = PLT_ATTR_TYPE_OID_BASE(5);/* favourite drink*/ #endif @@ -5549,7 +5554,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) #ifdef WOLFSSL_APACHE_HTTPD case oidCertNameType: switch (id) { - case NID_id_on_dnsSRV: + case WC_NID_id_on_dnsSRV: oid = dnsSRVOid; *oidSz = sizeof(dnsSRVOid); break; @@ -6412,7 +6417,7 @@ enum { RSAPSSPARAMSASN_IDX_SALTLEN, RSAPSSPARAMSASN_IDX_SALTLENINT, RSAPSSPARAMSASN_IDX_TRAILER, - RSAPSSPARAMSASN_IDX_TRAILERINT, + RSAPSSPARAMSASN_IDX_TRAILERINT }; /* Number of items in ASN.1 template for an algorithm identifier. */ @@ -8146,7 +8151,7 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz) case AES256CBCb: *id = PBE_AES256_CBC; if (blockSz != NULL) { - *blockSz = AES_BLOCK_SIZE; + *blockSz = WC_AES_BLOCK_SIZE; } break; #endif @@ -8154,7 +8159,7 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz) case AES128CBCb: *id = PBE_AES128_CBC; if (blockSz != NULL) { - *blockSz = AES_BLOCK_SIZE; + *blockSz = WC_AES_BLOCK_SIZE; } break; #endif @@ -8635,12 +8640,12 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, pbeOidBuf = pbes2; pbeOidBufSz = sizeof(pbes2); /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */ - kdfLen = 2 + sizeof(pbkdf2Oid) + 2 + innerLen; + kdfLen = 2U + (word32)sizeof(pbkdf2Oid) + 2U + innerLen; /* enc = OBJ enc_alg OCT iv */ - encLen = 2 + (word32)encOidSz + 2 + (word32)blockSz; + encLen = 2U + (word32)encOidSz + 2U + (word32)blockSz; /* pbe = OBJ pbse2 SEQ [ SEQ [ kdf ] SEQ [ enc ] ] */ - pbeLen = (word32)(2 + sizeof(pbes2) + 2 + 2 + (size_t)kdfLen + 2 + - (size_t)encLen); + pbeLen = 2U + (word32)sizeof(pbes2) + 2U + 2U + kdfLen + 2U + + encLen; ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz); } @@ -8710,7 +8715,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, idx += SetSequence(kdfLen, out + idx); idx += (word32)SetObjectId((int)sizeof(pbkdf2Oid), out + idx); XMEMCPY(out + idx, pbkdf2Oid, sizeof(pbkdf2Oid)); - idx += sizeof(pbkdf2Oid); + idx += (word32)sizeof(pbkdf2Oid); } idx += SetSequence(innerLen, out + idx); idx += SetOctetString(saltSz, out + idx); @@ -11969,8 +11974,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, if (ret == 0) { /* Calculate the size of the encoded public point. */ PRIVATE_KEY_UNLOCK(); - #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) + #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) /* in earlier versions of FIPS the get length functionality is not * available with compressed keys */ pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES; @@ -13102,7 +13106,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_commonName + WC_NID_commonName #endif }, /* Surname */ @@ -13119,7 +13123,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_surname + WC_NID_surname #endif }, /* Serial Number */ @@ -13136,7 +13140,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_serialNumber + WC_NID_serialNumber #endif }, /* Country Name */ @@ -13153,7 +13157,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_countryName + WC_NID_countryName #endif }, /* Locality Name */ @@ -13170,7 +13174,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_localityName + WC_NID_localityName #endif }, /* State Name */ @@ -13187,7 +13191,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_stateOrProvinceName + WC_NID_stateOrProvinceName #endif }, /* Street Address */ @@ -13204,7 +13208,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_streetAddress + WC_NID_streetAddress #endif }, /* Organization Name */ @@ -13221,7 +13225,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_organizationName + WC_NID_organizationName #endif }, /* Organization Unit Name */ @@ -13238,7 +13242,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_organizationalUnitName + WC_NID_organizationalUnitName #endif }, /* Title */ @@ -13306,7 +13310,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_businessCategory + WC_NID_businessCategory #endif }, /* Undefined */ @@ -13340,7 +13344,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_postalCode + WC_NID_postalCode #endif }, /* User Id */ @@ -13357,7 +13361,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_userId + WC_NID_userId #endif }, #ifdef WOLFSSL_CERT_NAME_ALL @@ -13375,7 +13379,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_name + WC_NID_name #endif }, /* Given Name, id 42 */ @@ -13392,7 +13396,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_givenName + WC_NID_givenName #endif }, /* initials, id 43 */ @@ -13409,7 +13413,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_initials + WC_NID_initials #endif }, /* DN Qualifier Name, id 46 */ @@ -13426,7 +13430,7 @@ static const CertNameData certNameSubject[] = { #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE - NID_dnQualifier + WC_NID_dnQualifier #endif }, #endif /* WOLFSSL_CERT_NAME_ALL */ @@ -13544,7 +13548,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) { int i, j, ret = 0; - int nameSz = 0; + word16 nameSz = 0; #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) int nid = 0; #endif @@ -13553,7 +13557,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) word32 idx = 0; word16 tmpName[MAX_OID_SZ]; char oidName[MAX_OID_SZ]; - char* finalName; + char* finalName = NULL; if (entry == NULL || entry->type != ASN_RID_TYPE) { return BAD_FUNC_ARG; @@ -13611,7 +13615,10 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } if (ret == 0) { - nameSz = (int)XSTRLEN((const char*)finalName); + nameSz = (word16)XSTRLEN((const char*)finalName); + if (nameSz > MAX_OID_SZ) { + return BUFFER_E; + } entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap, DYNAMIC_TYPE_ALTNAME); @@ -13863,7 +13870,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, typeStr = WOLFSSL_EMAIL_ADDR; typeStrLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_emailAddress; + *nid = WC_NID_emailAddress; #endif } else if (oidSz == sizeof(uidOid) && XMEMCMP(oid, uidOid, oidSz) == 0) { @@ -13872,7 +13879,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, typeStr = WOLFSSL_USER_ID; typeStrLen = sizeof(WOLFSSL_USER_ID) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_userId; + *nid = WC_NID_userId; #endif } else if (oidSz == sizeof(dcOid) && XMEMCMP(oid, dcOid, oidSz) == 0) { @@ -13881,7 +13888,16 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, typeStr = WOLFSSL_DOMAIN_COMPONENT; typeStrLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_domainComponent; + *nid = WC_NID_domainComponent; + #endif + } + else if (oidSz == sizeof(rfc822Mlbx) && XMEMCMP(oid, rfc822Mlbx, oidSz) == 0) { + /* Set the RFC822 mailbox, type string, length and NID. */ + id = ASN_RFC822_MAILBOX; + typeStr = WOLFSSL_RFC822_MAILBOX; + typeStrLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1; + #ifdef WOLFSSL_X509_NAME_AVAILABLE + *nid = WC_NID_rfc822Mailbox; #endif } else if (oidSz == sizeof(fvrtDrk) && XMEMCMP(oid, fvrtDrk, oidSz) == 0) { @@ -13890,7 +13906,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, typeStr = WOLFSSL_FAVOURITE_DRINK; typeStrLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_favouriteDrink; + *nid = WC_NID_favouriteDrink; #endif } #ifdef WOLFSSL_CERT_REQ @@ -13901,7 +13917,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, typeStr = WOLFSSL_CONTENT_TYPE; typeStrLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_pkcs9_contentType; + *nid = WC_NID_pkcs9_contentType; #endif } #endif @@ -13921,14 +13937,14 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, typeStr = WOLFSSL_JOI_C; typeStrLen = sizeof(WOLFSSL_JOI_C) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_jurisdictionCountryName; + *nid = WC_NID_jurisdictionCountryName; #endif /* WOLFSSL_X509_NAME_AVAILABLE */ } else if (oid[ASN_JOI_PREFIX_SZ] == ASN_JOI_ST) { typeStr = WOLFSSL_JOI_ST; typeStrLen = sizeof(WOLFSSL_JOI_ST) - 1; #ifdef WOLFSSL_X509_NAME_AVAILABLE - *nid = NID_jurisdictionStateOrProvinceName; + *nid = WC_NID_jurisdictionStateOrProvinceName; #endif /* WOLFSSL_X509_NAME_AVAILABLE */ } else { @@ -14063,7 +14079,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, byte id = 0; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - int nid = NID_undef; + int nid = WC_NID_undef; int enc; #endif /* OPENSSL_EXTRA */ @@ -14146,7 +14162,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_commonName; + nid = WC_NID_commonName; #endif /* OPENSSL_EXTRA */ } #ifdef WOLFSSL_CERT_NAME_ALL @@ -14163,7 +14179,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_name; + nid = WC_NID_name; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_INITIALS) { @@ -14179,7 +14195,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_initials; + nid = WC_NID_initials; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_GIVEN_NAME) { @@ -14195,7 +14211,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_givenName; + nid = WC_NID_givenName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_DNQUALIFIER) { @@ -14211,7 +14227,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_dnQualifier; + nid = WC_NID_dnQualifier; #endif /* OPENSSL_EXTRA */ } #endif /* WOLFSSL_CERT_NAME_ALL */ @@ -14235,7 +14251,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_surname; + nid = WC_NID_surname; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_COUNTRY_NAME) { @@ -14258,7 +14274,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_countryName; + nid = WC_NID_countryName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_LOCALITY_NAME) { @@ -14281,7 +14297,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_localityName; + nid = WC_NID_localityName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_STATE_NAME) { @@ -14304,7 +14320,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_stateOrProvinceName; + nid = WC_NID_stateOrProvinceName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_ORG_NAME) { @@ -14327,7 +14343,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_organizationName; + nid = WC_NID_organizationName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_ORGUNIT_NAME) { @@ -14350,7 +14366,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_organizationalUnitName; + nid = WC_NID_organizationalUnitName; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_SERIAL_NUMBER) { @@ -14373,7 +14389,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_serialNumber; + nid = WC_NID_serialNumber; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_USER_ID) { @@ -14389,7 +14405,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_userId; + nid = WC_NID_userId; #endif /* OPENSSL_EXTRA */ } #ifdef WOLFSSL_CERT_EXT @@ -14406,7 +14422,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_streetAddress; + nid = WC_NID_streetAddress; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_BUS_CAT) { @@ -14421,7 +14437,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_businessCategory; + nid = WC_NID_businessCategory; #endif /* OPENSSL_EXTRA */ } else if (id == ASN_POSTAL_CODE) { @@ -14437,7 +14453,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_postalCode; + nid = WC_NID_postalCode; #endif /* OPENSSL_EXTRA */ } #endif /* WOLFSSL_CERT_EXT */ @@ -14476,7 +14492,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_jurisdictionCountryName; + nid = WC_NID_jurisdictionCountryName; #endif /* OPENSSL_EXTRA */ } @@ -14494,7 +14510,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_jurisdictionStateOrProvinceName; + nid = WC_NID_jurisdictionStateOrProvinceName; #endif /* OPENSSL_EXTRA */ } @@ -14564,7 +14580,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_emailAddress; + nid = WC_NID_emailAddress; #endif /* OPENSSL_EXTRA */ } @@ -14576,7 +14592,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_userId; + nid = WC_NID_userId; #endif /* OPENSSL_EXTRA */ break; case ASN_DOMAIN_COMPONENT: @@ -14585,7 +14601,16 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_domainComponent; + nid = WC_NID_domainComponent; + #endif /* OPENSSL_EXTRA */ + break; + case ASN_RFC822_MAILBOX: + copy = WOLFSSL_RFC822_MAILBOX; + copyLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_rfc822Mailbox; #endif /* OPENSSL_EXTRA */ break; case ASN_FAVOURITE_DRINK: @@ -14594,7 +14619,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_favouriteDrink; + nid = WC_NID_favouriteDrink; #endif /* OPENSSL_EXTRA */ break; case ASN_CONTENT_TYPE: @@ -14603,7 +14628,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) \ && !defined(WOLFCRYPT_ONLY) - nid = NID_pkcs9_contentType; + nid = WC_NID_pkcs9_contentType; #endif /* OPENSSL_EXTRA */ break; default: @@ -14632,17 +14657,17 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, !defined(WOLFCRYPT_ONLY) switch (b) { case CTC_UTF8: - enc = MBSTRING_UTF8; + enc = WOLFSSL_MBSTRING_UTF8; break; case CTC_PRINTABLE: - enc = V_ASN1_PRINTABLESTRING; + enc = WOLFSSL_V_ASN1_PRINTABLESTRING; break; default: WOLFSSL_MSG("Unknown encoding type, using UTF8 by default"); - enc = MBSTRING_UTF8; + enc = WOLFSSL_MBSTRING_UTF8; } - if (nid != NID_undef) { + if (nid != WC_NID_undef) { if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc, &input[srcIdx], strLen, -1, -1) != WOLFSSL_SUCCESS) { @@ -14772,14 +14797,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, /* Convert BER tag to a OpenSSL type. */ switch (tag) { case CTC_UTF8: - enc = MBSTRING_UTF8; + enc = WOLFSSL_MBSTRING_UTF8; break; case CTC_PRINTABLE: - enc = V_ASN1_PRINTABLESTRING; + enc = WOLFSSL_V_ASN1_PRINTABLESTRING; break; default: WOLFSSL_MSG("Unknown encoding type, default UTF8"); - enc = MBSTRING_UTF8; + enc = WOLFSSL_MBSTRING_UTF8; } if (nid != 0) { /* Add an entry to the X509_NAME. */ @@ -16115,7 +16140,6 @@ word32 SetOthername(void *name, byte *output) WOLFSSL_ASN1_OTHERNAME *nm = (WOLFSSL_ASN1_OTHERNAME *)name; char *nameStr = NULL; word32 nameSz = 0; - word32 len = 0; if ((nm == NULL) || (nm->value == NULL)) { WOLFSSL_MSG("otherName value is NULL"); @@ -16125,11 +16149,13 @@ word32 SetOthername(void *name, byte *output) nameStr = nm->value->value.utf8string->data; nameSz = (word32)nm->value->value.utf8string->length; - len = nm->type_id->objSz + - SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) + - SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz; - - if (output != NULL) { + if (output == NULL) { + return nm->type_id->objSz + + SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, NULL, 0) + + SetHeader(CTC_UTF8, nameSz, NULL, 0) + nameSz; + } + else { + const byte *output_start = output; /* otherName OID */ XMEMCPY(output, nm->type_id->obj, nm->type_id->objSz); output += nm->type_id->objSz; @@ -16137,12 +16163,19 @@ word32 SetOthername(void *name, byte *output) output += SetHeader(ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC, nameSz + 2, output, 0); + /* work around false positive from -fstack-protector */ + PRAGMA_GCC_DIAG_PUSH + PRAGMA_GCC("GCC diagnostic ignored \"-Wstringop-overflow\"") + output += SetHeader(CTC_UTF8, nameSz, output, 0); + PRAGMA_GCC_DIAG_POP + XMEMCPY(output, nameStr, nameSz); - } - return len; + output += nameSz; + return (word32)(output - output_start); + } } #endif /* OPENSSL_EXTRA */ @@ -16620,7 +16653,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, } else if ((ret = wc_Md2Hash(buf, bufSz, digest)) == 0) { *typeH = MD2h; - *digestSz = MD2_DIGEST_SIZE; + *digestSz = WC_MD2_DIGEST_SIZE; } break; #endif @@ -21826,7 +21859,7 @@ enum { #ifdef WC_RSA_PSS RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ, #endif - RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY, + RPKCERTASN_IDX_SPUBKEYINFO_PUBKEY }; #endif /* HAVE_RPK */ @@ -24052,7 +24085,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer } } else { - cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1, + cert->maxPathLen = (byte)min(cert->ca->maxPathLen - 1U, cert->maxPathLen); } } @@ -24158,16 +24191,16 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer if ((ret == 0) && cert->extAltSigAlgSet && cert->extAltSigValSet) { #ifndef WOLFSSL_SMALL_STACK - byte der[MAX_CERT_VERIFY_SZ]; + byte der[WC_MAX_CERT_VERIFY_SZ]; #else - byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap, + byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap, DYNAMIC_TYPE_DCERT); if (der == NULL) { ret = MEMORY_E; } else #endif /* ! WOLFSSL_SMALL_STACK */ { - ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ); + ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ); if (ret > 0) { ret = ConfirmSignature(&cert->sigCtx, der, ret, @@ -24231,16 +24264,16 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer if ((ret == 0) && cert->extAltSigAlgSet && cert->extAltSigValSet) { #ifndef WOLFSSL_SMALL_STACK - byte der[MAX_CERT_VERIFY_SZ]; + byte der[WC_MAX_CERT_VERIFY_SZ]; #else - byte *der = (byte*)XMALLOC(MAX_CERT_VERIFY_SZ, cert->heap, + byte *der = (byte*)XMALLOC(WC_MAX_CERT_VERIFY_SZ, cert->heap, DYNAMIC_TYPE_DCERT); if (der == NULL) { ret = MEMORY_E; } else #endif /* ! WOLFSSL_SMALL_STACK */ { - ret = wc_GeneratePreTBS(cert, der, MAX_CERT_VERIFY_SZ); + ret = wc_GeneratePreTBS(cert, der, WC_MAX_CERT_VERIFY_SZ); if (ret > 0) { ret = ConfirmSignature(&cert->sigCtx, der, ret, @@ -25804,9 +25837,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #if !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_AES_DECRYPT) if (info->cipherType == WC_CIPHER_AES_CBC) { - if (der->length > AES_BLOCK_SIZE) { + if (der->length > WC_AES_BLOCK_SIZE) { padVal = der->buffer[der->length-1]; - if (padVal <= AES_BLOCK_SIZE) { + if (padVal <= WC_AES_BLOCK_SIZE) { der->length -= (word32)padVal; } } @@ -25817,14 +25850,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } #ifdef OPENSSL_EXTRA if (ret) { - PEMerr(0, PEM_R_BAD_DECRYPT); + WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_DECRYPT_E); } #endif ForceZero(password, (word32)passwordSz); } #ifdef OPENSSL_EXTRA else { - PEMerr(0, PEM_R_BAD_PASSWORD_READ); + WOLFSSL_PEMerr(0, WOLFSSL_PEM_R_BAD_PASSWORD_READ_E); } #endif @@ -26987,7 +27020,7 @@ static int wc_SetCert_LoadDer(Cert* cert, const byte* der, word32 derSz, #ifndef NO_ASN_TIME static WC_INLINE byte itob(int number) { - return (byte)number + 0x30; + return (byte)(number + 0x30); } @@ -28083,6 +28116,10 @@ static int EncodeName(EncodedName* name, const char* nameStr, thisLen += (int)sizeof(uidOid); firstSz = (int)sizeof(uidOid); break; + case ASN_RFC822_MAILBOX: + thisLen += (int)sizeof(rfc822Mlbx); + firstSz = (int)sizeof(rfc822Mlbx); + break; case ASN_FAVOURITE_DRINK: thisLen += (int)sizeof(fvrtDrk); firstSz = (int)sizeof(fvrtDrk); @@ -28148,6 +28185,12 @@ static int EncodeName(EncodedName* name, const char* nameStr, /* str type */ name->encoded[idx++] = nameTag; break; + case ASN_RFC822_MAILBOX: + XMEMCPY(name->encoded + idx, rfc822Mlbx, sizeof(rfc822Mlbx)); + idx += (int)sizeof(rfc822Mlbx); + /* str type */ + name->encoded[idx++] = nameTag; + break; case ASN_FAVOURITE_DRINK: XMEMCPY(name->encoded + idx, fvrtDrk, sizeof(fvrtDrk)); idx += (int)sizeof(fvrtDrk); @@ -28244,6 +28287,10 @@ static int EncodeName(EncodedName* name, const char* nameStr, oid = uidOid; oidSz = sizeof(uidOid); break; + case ASN_RFC822_MAILBOX: + oid = rfc822Mlbx; + oidSz = sizeof(rfc822Mlbx); + break; case ASN_FAVOURITE_DRINK: oid = fvrtDrk; oidSz = sizeof(fvrtDrk); @@ -28567,6 +28614,12 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, sizeof(uidOid), (byte)GetNameType(name, i), (const byte*)GetOneCertName(name, i), nameLen[i]); } + else if (type == ASN_RFC822_MAILBOX) { + /* Copy RFC822 mailbox data into dynamic vars. */ + SetRdnItems(namesASN + idx, dataASN + idx, rfc822Mlbx, + sizeof(rfc822Mlbx), (byte)GetNameType(name, i), + (const byte*)GetOneCertName(name, i), nameLen[i]); + } else if (type == ASN_FAVOURITE_DRINK) { /* Copy favourite drink data into dynamic vars. */ SetRdnItems(namesASN + idx, dataASN + idx, fvrtDrk, @@ -33379,7 +33432,8 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) return BUFFER_E; } - out[idx++] += (byte)val; + out[idx] = (byte)(out[idx] + val); + ++idx; } else { word32 tb = 0; @@ -34320,7 +34374,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, byte version = 0; int ret = 0; int curve_id = ECC_CURVE_DEF; -#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2) +#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(WOLFSSL_SM2) word32 algId = 0; word32 eccOid = 0; #endif @@ -34330,7 +34384,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, ret = BAD_FUNC_ARG; } -#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2) +#if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(WOLFSSL_SM2) /* if has pkcs8 header skip it */ if (ToTraditionalInline_ex2(input, inOutIdx, inSz, &algId, &eccOid) < 0) { /* ignore error, did not have pkcs8 header */ @@ -35307,9 +35361,10 @@ enum { || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \ || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) + int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, const byte** privKey, word32* privKeyLen, - const byte** pubKey, word32* pubKeyLen, int keyType) + const byte** pubKey, word32* pubKeyLen, int* inOutKeyType) { #ifndef WOLFSSL_ASN_TEMPLATE word32 oid; @@ -35323,7 +35378,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, #endif if (input == NULL || inOutIdx == NULL || inSz == 0 || - privKey == NULL || privKeyLen == NULL) { + privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) { #ifdef WOLFSSL_ASN_TEMPLATE FREE_ASNGETDATA(dataASN, NULL); #endif @@ -35337,14 +35392,22 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) return ASN_PARSE_E; if (version != 0) { - WOLFSSL_MSG("Unrecognized version of ED25519 private key"); + WOLFSSL_MSG("Unrecognized version of private key"); return ASN_PARSE_E; } if (GetAlgoId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) return ASN_PARSE_E; - if (oid != (word32)keyType) + + /* If user supplies ANONk (0) key type, we want to auto-detect from + * DER and copy it back to user */ + if (*inOutKeyType == ANONk) { + *inOutKeyType = oid; + } + /* Otherwise strictly validate against the expected type */ + else if (oid != (word32)*inOutKeyType) { return ASN_PARSE_E; + } if (GetOctetString(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; @@ -35394,10 +35457,21 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, return 0; #else if (ret == 0) { - /* Require OID. */ - word32 oidSz; - const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz); - GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oid, oidSz); + /* If user supplies an expected keyType (algorithm OID sum), attempt to + * process DER accordingly */ + if (*inOutKeyType != ANONk) { + word32 oidSz; + /* Explicit OID check - use expected type */ + const byte* oidDerBytes = OidFromId((word32)*inOutKeyType, + oidKeyType, &oidSz); + GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidDerBytes, + oidSz); + } + else { + /* Auto-detect OID using template */ + GetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidKeyType); + } + /* Parse full private key. */ ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input, inOutIdx, inSz); @@ -35410,6 +35484,12 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, ret = ASN_PARSE_E; } } + + /* Store detected OID if requested */ + if (ret == 0 && *inOutKeyType == ANONk) { + *inOutKeyType = + (int)dataASN[EDKEYASN_IDX_PKEYALGO_OID].data.oid.sum; + } } if (ret == 0) { /* Import private value. */ @@ -35450,7 +35530,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, if (ret == 0) { ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr, - &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, keyType); + &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType); } if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) { ret = BUFFER_E; @@ -35473,7 +35553,7 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, } int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, - const byte** pubKey, word32* pubKeyLen, int keyType) + const byte** pubKey, word32* pubKeyLen, int *inOutKeyType) { int ret = 0; #ifndef WOLFSSL_ASN_TEMPLATE @@ -35485,7 +35565,7 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, #endif if (input == NULL || inSz == 0 || inOutIdx == NULL || - pubKey == NULL || pubKeyLen == NULL) { + pubKey == NULL || pubKeyLen == NULL || inOutKeyType == NULL) { return BAD_FUNC_ARG; } @@ -35498,8 +35578,16 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, if (GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz) < 0) return ASN_PARSE_E; - if (oid != (word32)keyType) + + /* If user supplies ANONk (0) key type, we want to auto-detect from + * DER and copy it back to user */ + if (*inOutKeyType == ANONk) { + *inOutKeyType = oid; + } + /* Otherwise strictly validate against the expected type */ + else if (oid != (word32)*inOutKeyType) { return ASN_PARSE_E; + } /* key header */ ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL); @@ -35519,12 +35607,21 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, CALLOC_ASNGETDATA(dataASN, publicKeyASN_Length, ret, NULL); if (ret == 0) { - /* Require OID. */ - word32 oidSz; - const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz); - - GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oid, oidSz); - /* Decode Ed25519 private key. */ + /* If user supplies an expected keyType (algorithm OID sum), attempt to + * process DER accordingly */ + if (*inOutKeyType != ANONk) { + word32 oidSz; + /* Explicit OID check - use expected type */ + const byte* oidDerBytes = OidFromId((word32)*inOutKeyType, + oidKeyType, &oidSz); + GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oidDerBytes, + oidSz); + } + else { + /* Auto-detect OID using template */ + GetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oidKeyType); + } + /* Decode public key. */ ret = GetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, 1, input, inOutIdx, inSz); if (ret != 0) @@ -35532,6 +35629,12 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, /* check that input buffer is exhausted */ if (*inOutIdx != inSz) ret = ASN_PARSE_E; + + /* Store detected OID if requested */ + if (ret == 0 && *inOutKeyType == ANONk) { + *inOutKeyType = + (int)dataASN[PUBKEYASN_IDX_ALGOID_OID].data.oid.sum; + } } /* Check that the all the buffer was used. */ if ((ret == 0) && @@ -35546,6 +35649,7 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, FREE_ASNGETDATA(dataASN, NULL); #endif /* WOLFSSL_ASN_TEMPLATE */ return ret; + } int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, @@ -35561,7 +35665,7 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, if (ret == 0) { ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKeyPtr, - &pubKeyPtrLen, keyType); + &pubKeyPtrLen, &keyType); } if ((ret == 0) && (pubKeyPtrLen > *pubKeyLen)) { ret = BUFFER_E; @@ -35661,6 +35765,55 @@ int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx, } return ret; } + +/* Decode Curve25519 key from DER format - can handle private only, + * public only, or private+public key pairs. + * return 0 on success, negative on error */ +int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz) +{ + int ret; + byte privKey[CURVE25519_KEYSIZE]; + byte pubKey[CURVE25519_PUB_KEY_SIZE]; + word32 privKeyLen = CURVE25519_KEYSIZE; + word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE; + + /* sanity check */ + if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) { + return BAD_FUNC_ARG; + } + + /* Try to decode as private key first (may include public) */ + ret = DecodeAsymKey(input, inOutIdx, inSz, privKey, &privKeyLen, + pubKey, &pubKeyLen, X25519k); + + if (ret == 0) { + /* Successfully decoded private key */ + if (pubKeyLen > 0) { + /* Have both private and public */ + ret = wc_curve25519_import_private_raw(privKey, privKeyLen, + pubKey, pubKeyLen, key); + } + else { + /* Private only */ + ret = wc_curve25519_import_private(privKey, privKeyLen, key); + } + } + else { + /* Try decoding as public key */ + *inOutIdx = 0; /* Reset index */ + pubKeyLen = CURVE25519_KEYSIZE; + ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, + pubKey, &pubKeyLen, X25519k); + if (ret == 0) { + /* Successfully decoded public key */ + ret = wc_curve25519_import_public(pubKey, pubKeyLen, key); + } + } + + return ret; +} + #endif /* HAVE_CURVE25519 && HAVE_ED25519_KEY_IMPORT */ @@ -35868,6 +36021,63 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, } return ret; } + +/* Export Curve25519 key to DER format - handles private only, public only, + * or private+public key pairs based on what's set in the key structure. + * Returns length written on success, negative on error */ +int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, int withAlg) +{ + int ret; + byte privKey[CURVE25519_KEYSIZE]; + byte pubKey[CURVE25519_PUB_KEY_SIZE]; + word32 privKeyLen = CURVE25519_KEYSIZE; + word32 pubKeyLen = CURVE25519_PUB_KEY_SIZE; + + if (key == NULL) { + return BAD_FUNC_ARG; + } + + /* Check what we have in the key structure */ + if (key->privSet) { + /* Export private key to buffer */ + ret = wc_curve25519_export_private_raw(key, privKey, &privKeyLen); + if (ret != 0) { + return ret; + } + + if (key->pubSet) { + /* Export public key if available */ + ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen); + if (ret != 0) { + return ret; + } + /* Export both private and public */ + ret = SetAsymKeyDer(privKey, privKeyLen, + pubKey, pubKeyLen, + output, inLen, X25519k); + } + else { + /* Export private only */ + ret = SetAsymKeyDer(privKey, privKeyLen, + NULL, 0, + output, inLen, X25519k); + } + } + else if (key->pubSet) { + /* Export public key only */ + ret = wc_curve25519_export_public(key, pubKey, &pubKeyLen); + if (ret == 0) { + ret = SetAsymKeyDerPublic(pubKey, pubKeyLen, + output, inLen, X25519k, withAlg); + } + } + else { + /* Neither public nor private key is set */ + ret = BAD_FUNC_ARG; + } + + return ret; +} #endif /* HAVE_CURVE25519 && HAVE_CURVE25519_KEY_EXPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) @@ -38547,7 +38757,6 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) } #endif - #ifndef WOLFSSL_ASN_TEMPLATE static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32* inOutIdx, word32 sz) @@ -38739,7 +38948,34 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx, } #endif } - /* TODO: Parse CRL Number extension */ + else if (oid == CRL_NUMBER_OID) { + #ifdef WOLFSSL_SMALL_STACK + mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL, + DYNAMIC_TYPE_BIGINT); + if (m == NULL) { + ret = MEMORY_E; + } + #else + mp_int m[1]; + #endif + + if (ret == 0) { + if (mp_init(m) != MP_OKAY) { + ret = MP_INIT_E; + } + } + if (ret == 0) { + ret = GetInt(m, buf, &idx, maxIdx); + } + if (ret == 0) { + dcrl->crlNumber = (int)m->dp[0]; + } + + mp_free(m); + #ifdef WOLFSSL_SMALL_STACK + XFREE(m, NULL, DYNAMIC_TYPE_BIGINT); + #endif + } /* TODO: check criticality */ /* Move index on to next extension. */ idx += (word32)length; @@ -38839,10 +39075,8 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, int ret = 0; int len; word32 idx = 0; -#ifdef WC_RSA_PSS const byte* sigParams = NULL; int sigParamsSz = 0; -#endif WOLFSSL_MSG("ParseCRL"); @@ -40470,12 +40704,12 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, void* heap) { + WOLFSSL_MSG("InitDecodedAcert"); + if (acert == NULL) { return; } - WOLFSSL_MSG("InitDecodedAcert"); - XMEMSET(acert, 0, sizeof(DecodedAcert)); acert->heap = heap; acert->source = source; /* don't own */ @@ -40493,12 +40727,12 @@ void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, */ void FreeDecodedAcert(DecodedAcert * acert) { + WOLFSSL_MSG("FreeDecodedAcert"); + if (acert == NULL) { return; } - WOLFSSL_MSG("FreeDecodedAcert"); - if (acert->holderIssuerName) { FreeAltNames(acert->holderIssuerName, acert->heap); acert->holderIssuerName = NULL; @@ -40666,6 +40900,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx, * * @param [in] input Buffer holding encoded data. * @param [in] sz Size of encoded data in bytes. + * @param [in] tag ASN.1 tag value expected in header. * @param [in, out] cert Decoded certificate object. * @param [in, out] entries Linked list of DNS name entries. * @@ -40677,7 +40912,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx, * @return MEMORY_E when dynamic memory allocation fails. */ static int DecodeAcertGeneralNames(const byte* input, word32 sz, - DecodedAcert* acert, + byte tag, DecodedAcert* acert, DNS_entry** entries) { word32 idx = 0; @@ -40685,28 +40920,35 @@ static int DecodeAcertGeneralNames(const byte* input, word32 sz, int ret = 0; word32 numNames = 0; - /* Get SEQUENCE and expect all data to be accounted for. */ - if (GetASN_Sequence(input, &idx, &length, sz, 1) != 0) { - WOLFSSL_MSG("\tBad Sequence"); + if (GetASNHeader(input, tag, &idx, &length, sz) <= 0) { + WOLFSSL_MSG("error: acert general names: bad header"); return ASN_PARSE_E; } if (length == 0) { - /* There is supposed to be a non-empty sequence here. */ - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + WOLFSSL_MSG("error: acert general names: zero length"); return ASN_PARSE_E; } if ((word32)length + idx != sz) { + #ifdef DEBUG_WOLFSSL + WOLFSSL_MSG_EX("error: acert general names: got %d, expected %d", + (word32)length + idx, sz); + #endif return ASN_PARSE_E; } while ((ret == 0) && (idx < sz)) { ASNGetData dataASN[altNameASN_Length]; + /* Not sure what a reasonable max would be for attribute certs, + * therefore observing WOLFSSL_MAX_ALT_NAMES limit. */ numNames++; if (numNames > WOLFSSL_MAX_ALT_NAMES) { - WOLFSSL_MSG("error: acert: too many subject alternative names"); + #ifdef DEBUG_WOLFSSL + WOLFSSL_MSG_EX("error: acert general names: too many names, %d", + numNames); + #endif ret = ASN_ALT_NAME_E; break; } @@ -40762,13 +41004,15 @@ static const ASNItem HolderASN[] = /* Holder root sequence. */ /* HOLDER_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* Holder Option 0:*/ + /* baseCertificateID [0] IssuerSerial OPTIONAL */ /* ISSUERSERIAL_SEQ */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 2 }, /* issuer GeneralNames, */ /* GN_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 }, /* serial CertificateSerialNumber */ /* SERIAL_INT */ { 2, ASN_INTEGER, 0, 0, 0 }, - /* Holder Option 1:*/ -/* GN_SEQ */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 }, + /* Holder Option 1: */ + /* entityName [1] GeneralNames OPTIONAL */ +/* ENTITYNAME_SEQ */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 1, 2 }, }; enum { @@ -40807,6 +41051,10 @@ static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert) return BUFFER_E; } + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + printf("debug: decode holder: holder len: %d\n", len); + #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ + CALLOC_ASNGETDATA(dataASN, HolderASN_Length, ret, acert->heap); if (ret != 0) { @@ -40840,20 +41088,50 @@ static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert) * Use the HOLDER_IDX_GN_SEQ offset for input. */ const byte * gn_input = NULL; word32 gn_len = 0; - word32 holder_index = HOLDER_IDX_GN_SEQ; + byte tag = 0x00; /* Determine which tag was seen. */ if (dataASN[HOLDER_IDX_GN_SEQ].tag != 0) { - gn_input = input + dataASN[holder_index].offset; - gn_len = dataASN[holder_index].length + 2; - } - else { - gn_input = input; - gn_len = len; + gn_input = input + dataASN[HOLDER_IDX_GN_SEQ].offset; + gn_len = dataASN[HOLDER_IDX_GN_SEQ].length; + tag = dataASN[HOLDER_IDX_GN_SEQ].tag; + + if (gn_len >= ASN_LONG_LENGTH) { + gn_len += 3; + } + else { + gn_len += 2; + } + + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + printf("debug: decode holder: holder index: %d\n", + HOLDER_IDX_GN_SEQ); + #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ + + ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, acert, + &acert->holderIssuerName); } - ret = DecodeAcertGeneralNames(gn_input, gn_len, acert, - &acert->holderIssuerName); + if (dataASN[HOLDER_IDX_GN_SEQ_OPT1].tag != 0) { + gn_input = input + dataASN[HOLDER_IDX_GN_SEQ_OPT1].offset; + gn_len = dataASN[HOLDER_IDX_GN_SEQ_OPT1].length; + tag = dataASN[HOLDER_IDX_GN_SEQ_OPT1].tag; + + if (gn_len >= ASN_LONG_LENGTH) { + gn_len += 3; + } + else { + gn_len += 2; + } + + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + printf("debug: decode holder: holder index: %d\n", + HOLDER_IDX_GN_SEQ_OPT1); + #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ + + ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, acert, + &acert->holderEntityName); + } if (ret != 0) { WOLFSSL_MSG("error: Holder: DecodeAcertGeneralNames failed"); @@ -40866,7 +41144,14 @@ static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert) return 0; } -/* From RFC 5755. +/* Note on AttCertIssuer field. ACERTs are supposed to follow + * v2form, but some (acert_bc1.pem) follow v1form. Because + * of the limited set of example ACERTs, the v1form will be + * tolerated for now but the field will not be parsed. + * + * More info from RFC below: + * + * From RFC 5755. * 4.2.3. Issuer * * ACs conforming to this profile MUST use the v2Form choice, which MUST @@ -40907,7 +41192,6 @@ enum { #define AttCertIssuerASN_Length (sizeof(AttCertIssuerASN) / sizeof(ASNItem)) /* Decode the AttCertIssuer Field of an x509 attribute certificate. - * * * @param [in] input Buffer containing encoded AttCertIssuer field. * @param [in] len Length of Holder field. @@ -40928,6 +41212,7 @@ static int DecodeAttCertIssuer(const byte* input, word32 len, word32 idx = 0; const byte * gn_input = NULL; word32 gn_len = 0; + byte tag = 0x00; if (input == NULL || len <= 0 || cert == NULL) { return BUFFER_E; @@ -40951,9 +41236,17 @@ static int DecodeAttCertIssuer(const byte* input, word32 len, /* Now parse the GeneralNames field. * Use the HOLDER_IDX_GN_SEQ offset for input. */ gn_input = input + dataASN[ATTCERTISSUER_IDX_GN_SEQ].offset; - gn_len = dataASN[ATTCERTISSUER_IDX_GN_SEQ].length + 2; + gn_len = dataASN[ATTCERTISSUER_IDX_GN_SEQ].length; + tag = dataASN[ATTCERTISSUER_IDX_GN_SEQ].tag; - ret = DecodeAcertGeneralNames(gn_input, gn_len, cert, + if (gn_len >= ASN_LONG_LENGTH) { + gn_len += 3; + } + else { + gn_len += 2; + } + + ret = DecodeAcertGeneralNames(gn_input, gn_len, tag, cert, &cert->AttCertIssuerName); if (ret != 0) { @@ -40981,8 +41274,10 @@ static const ASNItem AcertASN[] = /* holder Holder */ /* ACINFO_HOLDER_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 }, /* issuer AttCertIssuer */ -/* ACINFO_CHOICE_SEQ */ { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 2 }, -/* ACINFO_ISSUER_SEQ */ { 2, ASN_SEQUENCE | 0, 1, 0, 2 }, + /* v2Form [0] V2Form */ +/* ACINFO_ISSUER_V2FORM */ { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 2 }, + /* v1Form GeneralNames */ +/* ACINFO_ISSUER_V1FORM */ { 2, ASN_SEQUENCE, 1, 0, 2 }, /* signature AlgorithmIdentifier */ /* AlgorithmIdentifier ::= SEQUENCE */ /* ACINFO_ALGOID_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, @@ -41028,8 +41323,9 @@ enum { ACERT_IDX_ACINFO_VER_INT, /* ACINFO holder and issuer */ ACERT_IDX_ACINFO_HOLDER_SEQ, - ACERT_IDX_ACINFO_CHOICE_SEQ, - ACERT_IDX_ACINFO_ISSUER_SEQ, + /* The issuer should be in V2 form, but tolerate V1 for now. */ + ACERT_IDX_ACINFO_ISSUER_V2, + ACERT_IDX_ACINFO_ISSUER_V1, /* ACINFO sig alg*/ ACERT_IDX_ACINFO_ALGOID_SEQ, ACERT_IDX_ACINFO_ALGOID_OID, @@ -41087,6 +41383,8 @@ int ParseX509Acert(DecodedAcert* acert, int verify) byte version = 0; word32 serialSz = EXTERNAL_SERIAL_SIZE; + WOLFSSL_MSG("ParseX509Acert"); + if (acert == NULL) { return BAD_FUNC_ARG; } @@ -41235,8 +41533,14 @@ int ParseX509Acert(DecodedAcert* acert, int verify) /* Determine which issuer tag was seen. We need this to determine * the holder_input. */ - i_issuer = (dataASN[ACERT_IDX_ACINFO_CHOICE_SEQ].tag != 0) ? - ACERT_IDX_ACINFO_CHOICE_SEQ : ACERT_IDX_ACINFO_ISSUER_SEQ; + i_issuer = (dataASN[ACERT_IDX_ACINFO_ISSUER_V2].tag != 0) ? + ACERT_IDX_ACINFO_ISSUER_V2 : ACERT_IDX_ACINFO_ISSUER_V1; + + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + printf("debug: parse acert: issuer index: %d\n", i_issuer); + printf("debug: parse acert: issuer seq offset: %d\n", + dataASN[i_issuer].offset); + #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ holder_input = acert->source + dataASN[i_holder].offset; holder_len = dataASN[i_issuer].offset - dataASN[i_holder].offset; @@ -41248,13 +41552,9 @@ int ParseX509Acert(DecodedAcert* acert, int verify) return ret; } - #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE - printf("debug: parse acert:issuer index: %d\n", i_issuer); - #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ - GetASN_GetConstRef(&dataASN[i_issuer], &issuer_input, &issuer_len); - if (i_issuer == ACERT_IDX_ACINFO_CHOICE_SEQ && issuer_len > 0) { + if (i_issuer == ACERT_IDX_ACINFO_ISSUER_V2 && issuer_len > 0) { /* Try to decode the AttCertIssuer as well. */ ret = DecodeAttCertIssuer(issuer_input, issuer_len, acert); @@ -41373,6 +41673,8 @@ int VerifyX509Acert(const byte* der, word32 derSz, const byte * sigParams = NULL; word32 sigParamsSz = 0; + WOLFSSL_MSG("ParseX509Acert"); + if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) { WOLFSSL_MSG("error: VerifyX509Acert: bad args"); return BAD_FUNC_ARG; diff --git a/src/wolfcrypt/src/bio.c b/src/wolfcrypt/src/bio.c index ac4eb03..b265456 100644 --- a/src/wolfcrypt/src/bio.c +++ b/src/wolfcrypt/src/bio.c @@ -146,7 +146,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { bio->wrSz = bio->wrSzReset; } else { @@ -163,7 +163,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && - !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { + !(bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY)) { /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, @@ -200,6 +200,7 @@ int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b) } #ifndef WOLFCRYPT_ONLY +#ifndef NO_TLS /* Helper function to read from WOLFSSL_BIO_SSL type * * returns the number of bytes read on success @@ -231,10 +232,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return ret; } +#endif /* !NO_TLS */ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, (unsigned int)sz) != WOLFSSL_SUCCESS) { @@ -249,7 +251,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) } return sz; } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY */ /* Used to read data from a WOLFSSL_BIO structure @@ -331,7 +333,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif /* !NO_FILESYSTEM */ break; case WOLFSSL_BIO_SSL: - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) ret = wolfSSL_BIO_SSL_read(bio, buf, len, front); #else WOLFSSL_MSG("WOLFSSL_BIO_SSL used with WOLFCRYPT_ONLY"); @@ -500,7 +502,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } #endif /* WOLFSSL_BASE64_ENCODE */ -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) /* Helper function for writing to a WOLFSSL_BIO_SSL type * * returns the amount written in bytes on success @@ -531,7 +533,7 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, } return ret; } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY && !NO_TLS */ /* Writes to a WOLFSSL_BIO_BIO type. * @@ -601,7 +603,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("one of input parameters is null"); return WOLFSSL_FAILURE; } - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { return WOLFSSL_FAILURE; } @@ -642,7 +644,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; @@ -746,7 +748,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif /* !NO_FILESYSTEM */ break; case WOLFSSL_BIO_SSL: - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) /* already got eof, again is error */ if (front->eof) { ret = WOLFSSL_FATAL_ERROR; @@ -823,7 +825,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) bio = bio->next; } -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) exit_chain: #endif @@ -866,23 +868,23 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) } switch(cmd) { - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: + case WOLFSSL_BIO_CTRL_PENDING: + case WOLFSSL_BIO_CTRL_WPENDING: ret = (long)wolfSSL_BIO_ctrl_pending(bio); break; - case BIO_CTRL_INFO: + case WOLFSSL_BIO_CTRL_INFO: ret = (long)wolfSSL_BIO_get_mem_data(bio, parg); break; - case BIO_CTRL_FLUSH: + case WOLFSSL_BIO_CTRL_FLUSH: ret = (long)wolfSSL_BIO_flush(bio); break; - case BIO_CTRL_RESET: + case WOLFSSL_BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; #ifdef WOLFSSL_HAVE_BIO_ADDR - case BIO_CTRL_DGRAM_CONNECT: - case BIO_CTRL_DGRAM_SET_PEER: + case WOLFSSL_BIO_CTRL_DGRAM_CONNECT: + case WOLFSSL_BIO_CTRL_DGRAM_SET_PEER: { socklen_t addr_size; if (parg == NULL) { @@ -899,7 +901,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) break; } - case BIO_CTRL_DGRAM_SET_CONNECTED: + case WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED: if (parg == NULL) { wolfSSL_BIO_ADDR_clear(&bio->peer_addr); bio->connected = 0; @@ -916,7 +918,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) ret = WOLFSSL_SUCCESS; break; - case BIO_CTRL_DGRAM_QUERY_MTU: + case WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU: ret = 0; /* not implemented */ break; @@ -1371,7 +1373,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) int closeFlag) { if (!bio || !bufMem || - (closeFlag != BIO_NOCLOSE && closeFlag != BIO_CLOSE)) + (closeFlag != WOLFSSL_BIO_NOCLOSE && closeFlag != WOLFSSL_BIO_CLOSE)) return BAD_FUNC_ARG; if (bio->mem_buf) @@ -1379,7 +1381,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) wolfSSL_BUF_MEM_free(bio->mem_buf); bio->mem_buf = bufMem; - bio->shutdown = closeFlag; + bio->shutdown = closeFlag ? WOLFSSL_BIO_CLOSE : WOLFSSL_BIO_NOCLOSE; bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; @@ -1717,7 +1719,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) case WOLFSSL_BIO_MEMORY: bio->rdIdx = 0; - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { bio->wrIdx = bio->wrSzReset; bio->wrSz = bio->wrSzReset; } @@ -1826,7 +1828,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + if (bio->ptr.fh != XBADFILE && bio->shutdown == WOLFSSL_BIO_CLOSE) { XFCLOSE(bio->ptr.fh); } @@ -1839,7 +1841,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } - bio->shutdown = BIO_CLOSE; + bio->shutdown = WOLFSSL_BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2201,7 +2203,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio->method != NULL && bio->method->ctrlCb != NULL) { WOLFSSL_MSG("Calling custom BIO flush callback"); - return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL); + return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_FLUSH, 0, NULL); } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) @@ -2387,7 +2389,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->type = WOLFSSL_BIO_SOCKET; } else { - BIO_free(bio); + wolfSSL_BIO_free(bio); bio = NULL; } } @@ -2477,7 +2479,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } b->num.fd = sfd; - b->shutdown = BIO_CLOSE; + b->shutdown = WOLFSSL_BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2506,7 +2508,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } b->num.fd = sfd; - b->shutdown = BIO_CLOSE; + b->shutdown = WOLFSSL_BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; @@ -2516,7 +2518,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } /* Create a socket BIO for using the accept'ed connection */ - new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE); + new_bio = wolfSSL_BIO_new_socket(newfd, WOLFSSL_BIO_CLOSE); if (new_bio == NULL) { WOLFSSL_MSG("wolfSSL_BIO_new_socket error"); CloseSocket(newfd); @@ -2560,6 +2562,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return ret; } +#ifndef NO_TLS long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b) { WOLFSSL_ENTER("wolfSSL_BIO_do_handshake"); @@ -2595,7 +2598,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (b->ptr.ssl != NULL) { int rc = wolfSSL_shutdown(b->ptr.ssl); - if (rc == SSL_SHUTDOWN_NOT_DONE) { + if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ wolfSSL_shutdown(b->ptr.ssl); @@ -2605,6 +2608,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("BIO has no SSL pointer set."); } } +#endif long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { @@ -2682,7 +2686,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else wolfSSL_set_connect_state(ssl); } - if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) != + if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to set SSL pointer in BIO."); err = 1; @@ -2831,13 +2835,20 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) #else bio->method = method; #endif - bio->shutdown = BIO_CLOSE; /* default to close things */ + bio->shutdown = WOLFSSL_BIO_CLOSE; /* default to close things */ if ((bio->type == WOLFSSL_BIO_SOCKET) || (bio->type == WOLFSSL_BIO_DGRAM)) { bio->num.fd = SOCKET_INVALID; - } else { + } + else if (bio->type == WOLFSSL_BIO_FILE) { +#ifndef NO_FILESYSTEM + bio->ptr.fh = XBADFILE; +#endif + bio->num.fd = SOCKET_INVALID; + } + else { bio->num.length = 0; } bio->init = 1; @@ -2916,7 +2927,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { XMEMCPY(bio->ptr.mem_buf_data, buf, len); - bio->flags |= BIO_FLAGS_MEM_RDONLY; + bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2994,7 +3005,9 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } #ifndef NO_FILESYSTEM - if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { + if (bio->type == WOLFSSL_BIO_FILE && + bio->shutdown == WOLFSSL_BIO_CLOSE) + { if (bio->ptr.fh) { XFCLOSE(bio->ptr.fh); } @@ -3007,7 +3020,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } #endif - if (bio->shutdown != BIO_NOCLOSE) { + if (bio->shutdown != WOLFSSL_BIO_NOCLOSE) { if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr.mem_buf_data != NULL) { @@ -3409,7 +3422,7 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) if (fp == XBADFILE) return WOLFSSL_BAD_FILE; - if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(b, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { XFCLOSE(fp); return WOLFSSL_BAD_FILE; } @@ -3446,7 +3459,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) return bio; } - if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { XFCLOSE(fp); wolfSSL_BIO_free(bio); bio = NULL; diff --git a/src/wolfcrypt/src/camellia.c b/src/wolfcrypt/src/camellia.c index 3425177..bd9ae1b 100644 --- a/src/wolfcrypt/src/camellia.c +++ b/src/wolfcrypt/src/camellia.c @@ -1466,7 +1466,7 @@ static void camellia_decrypt256(const u32 *subkey, u32 *io) static void Camellia_EncryptBlock(const word32 keyBitLength, const unsigned char *plaintext, - const KEY_TABLE_TYPE keyTable, + const WC_CAMELLIA_KEY_TABLE_TYPE keyTable, unsigned char *ciphertext) { u32 tmp[4]; @@ -1497,7 +1497,7 @@ static void Camellia_EncryptBlock(const word32 keyBitLength, static void Camellia_DecryptBlock(const word32 keyBitLength, const unsigned char *ciphertext, - const KEY_TABLE_TYPE keyTable, + const WC_CAMELLIA_KEY_TABLE_TYPE keyTable, unsigned char *plaintext) { u32 tmp[4]; @@ -1529,13 +1529,13 @@ static void Camellia_DecryptBlock(const word32 keyBitLength, /* wolfCrypt wrappers to the Camellia code */ -int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv) +int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, const byte* iv) { int ret = 0; if (cam == NULL) return BAD_FUNC_ARG; - XMEMSET(cam->key, 0, CAMELLIA_TABLE_BYTE_LEN); + XMEMSET(cam->key, 0, WC_CAMELLIA_TABLE_BYTE_LEN); switch (len) { case 16: @@ -1560,21 +1560,21 @@ int wc_CamelliaSetKey(Camellia* cam, const byte* key, word32 len, const byte* iv } -int wc_CamelliaSetIV(Camellia* cam, const byte* iv) +int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv) { if (cam == NULL) return BAD_FUNC_ARG; if (iv) - XMEMCPY(cam->reg, iv, CAMELLIA_BLOCK_SIZE); + XMEMCPY(cam->reg, iv, WC_CAMELLIA_BLOCK_SIZE); else - XMEMSET(cam->reg, 0, CAMELLIA_BLOCK_SIZE); + XMEMSET(cam->reg, 0, WC_CAMELLIA_BLOCK_SIZE); return 0; } -int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in) +int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in) { if (cam == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -1585,7 +1585,7 @@ int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, const byte* in) } -int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in) +int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in) { if (cam == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -1596,44 +1596,44 @@ int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, const byte* in) } -int wc_CamelliaCbcEncrypt(Camellia* cam, byte* out, const byte* in, word32 sz) +int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz) { word32 blocks; if (cam == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; } - blocks = sz / CAMELLIA_BLOCK_SIZE; + blocks = sz / WC_CAMELLIA_BLOCK_SIZE; while (blocks--) { - xorbuf((byte*)cam->reg, in, CAMELLIA_BLOCK_SIZE); + xorbuf((byte*)cam->reg, in, WC_CAMELLIA_BLOCK_SIZE); Camellia_EncryptBlock(cam->keySz, (byte*)cam->reg, cam->key, (byte*)cam->reg); - XMEMCPY(out, cam->reg, CAMELLIA_BLOCK_SIZE); + XMEMCPY(out, cam->reg, WC_CAMELLIA_BLOCK_SIZE); - out += CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; + out += WC_CAMELLIA_BLOCK_SIZE; + in += WC_CAMELLIA_BLOCK_SIZE; } return 0; } -int wc_CamelliaCbcDecrypt(Camellia* cam, byte* out, const byte* in, word32 sz) +int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz) { word32 blocks; if (cam == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; } - blocks = sz / CAMELLIA_BLOCK_SIZE; + blocks = sz / WC_CAMELLIA_BLOCK_SIZE; while (blocks--) { - XMEMCPY(cam->tmp, in, CAMELLIA_BLOCK_SIZE); + XMEMCPY(cam->tmp, in, WC_CAMELLIA_BLOCK_SIZE); Camellia_DecryptBlock(cam->keySz, (byte*)cam->tmp, cam->key, out); - xorbuf(out, (byte*)cam->reg, CAMELLIA_BLOCK_SIZE); - XMEMCPY(cam->reg, cam->tmp, CAMELLIA_BLOCK_SIZE); + xorbuf(out, (byte*)cam->reg, WC_CAMELLIA_BLOCK_SIZE); + XMEMCPY(cam->reg, cam->tmp, WC_CAMELLIA_BLOCK_SIZE); - out += CAMELLIA_BLOCK_SIZE; - in += CAMELLIA_BLOCK_SIZE; + out += WC_CAMELLIA_BLOCK_SIZE; + in += WC_CAMELLIA_BLOCK_SIZE; } return 0; diff --git a/src/wolfcrypt/src/chacha.c b/src/wolfcrypt/src/chacha.c index 84b26eb..ba9aa53 100644 --- a/src/wolfcrypt/src/chacha.c +++ b/src/wolfcrypt/src/chacha.c @@ -76,7 +76,7 @@ Public domain. /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */ #elif defined(WOLFSSL_RISCV_ASM) - /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */ + /* implementation located in wolfcrypt/src/port/riscv/riscv-64-chacha.c */ #else diff --git a/src/wolfcrypt/src/cmac.c b/src/wolfcrypt/src/cmac.c index 52c1d2d..2f5d5d4 100644 --- a/src/wolfcrypt/src/cmac.c +++ b/src/wolfcrypt/src/cmac.c @@ -90,7 +90,7 @@ void ShiftAndXorRb(byte* out, byte* in) xorRb = (in[0] & 0x80) != 0; - for (i = 1, j = AES_BLOCK_SIZE - 1; i <= AES_BLOCK_SIZE; i++, j--) { + for (i = 1, j = WC_AES_BLOCK_SIZE - 1; i <= WC_AES_BLOCK_SIZE; i++, j--) { last = (in[j] & 0x80) ? 1 : 0; out[j] = (byte)((in[j] << 1) | mask); mask = last; @@ -165,14 +165,14 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, } if (ret == 0) { - byte l[AES_BLOCK_SIZE]; + byte l[WC_AES_BLOCK_SIZE]; - XMEMSET(l, 0, AES_BLOCK_SIZE); + XMEMSET(l, 0, WC_AES_BLOCK_SIZE); ret = wc_AesEncryptDirect(&cmac->aes, l, l); if (ret == 0) { ShiftAndXorRb(cmac->k1, l); ShiftAndXorRb(cmac->k2, cmac->k1); - ForceZero(l, AES_BLOCK_SIZE); + ForceZero(l, WC_AES_BLOCK_SIZE); } } break; @@ -227,21 +227,21 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) case WC_CMAC_AES: { while ((ret == 0) && (inSz != 0)) { - word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); + word32 add = min(inSz, WC_AES_BLOCK_SIZE - cmac->bufferSz); XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); cmac->bufferSz += add; in += add; inSz -= add; - if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { + if (cmac->bufferSz == WC_AES_BLOCK_SIZE && inSz != 0) { if (cmac->totalSz != 0) { - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE); } ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); if (ret == 0) { - cmac->totalSz += AES_BLOCK_SIZE; + cmac->totalSz += WC_AES_BLOCK_SIZE; cmac->bufferSz = 0; } } @@ -313,30 +313,30 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) const byte* subKey; word32 remainder; - if (cmac->bufferSz == AES_BLOCK_SIZE) { + if (cmac->bufferSz == WC_AES_BLOCK_SIZE) { subKey = cmac->k1; } else { /* ensure we will have a valid remainder value */ - if (cmac->bufferSz > AES_BLOCK_SIZE) { + if (cmac->bufferSz > WC_AES_BLOCK_SIZE) { ret = BAD_STATE_E; break; } - remainder = AES_BLOCK_SIZE - cmac->bufferSz; + remainder = WC_AES_BLOCK_SIZE - cmac->bufferSz; if (remainder == 0) { - remainder = AES_BLOCK_SIZE; + remainder = WC_AES_BLOCK_SIZE; } if (remainder > 1) { - XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, + XMEMSET(cmac->buffer + WC_AES_BLOCK_SIZE - remainder, 0, remainder); } - cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; + cmac->buffer[WC_AES_BLOCK_SIZE - remainder] = 0x80; subKey = cmac->k2; } - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); + xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE); + xorbuf(cmac->buffer, subKey, WC_AES_BLOCK_SIZE); ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); if (ret == 0) { XMEMCPY(out, cmac->digest, *outSz); @@ -473,7 +473,7 @@ int wc_AesCmacVerify_ex(Cmac* cmac, void* heap, int devId) { int ret = 0; - byte a[AES_BLOCK_SIZE]; + byte a[WC_AES_BLOCK_SIZE]; word32 aSz = sizeof(a); int compareRet; diff --git a/src/wolfcrypt/src/coding.c b/src/wolfcrypt/src/coding.c index aa87ae7..7071796 100644 --- a/src/wolfcrypt/src/coding.c +++ b/src/wolfcrypt/src/coding.c @@ -99,7 +99,7 @@ static WC_INLINE byte Base64_Char2Val(byte c) byte v; byte mask; - c -= BASE64_MIN; + c = (byte)(c - BASE64_MIN); mask = (byte)((((byte)(0x3f - c)) >> 7) - 1); /* Load a value from the first cache line and use when mask set. */ v = (byte)(base64Decode[ c & 0x3f ] & mask); @@ -297,8 +297,10 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 maxSz, if (raw) basic = e; - else + else if (e < sizeof(base64Encode)) basic = base64Encode[e]; + else + return BAD_FUNC_ARG; /* check whether to escape. Only escape for EncodeEsc */ if (escaped == WC_ESC_NL_ENC) { @@ -507,7 +509,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return BAD_FUNC_ARG; if (inLen == 1 && *outLen && in) { - byte b = in[inIdx++] - BASE16_MIN; /* 0 starts at 0x30 */ + byte b = (byte)(in[inIdx++] - BASE16_MIN); /* 0 starts at 0x30 */ /* sanity check */ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) @@ -531,8 +533,8 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return BAD_FUNC_ARG; while (inLen) { - byte b = in[inIdx++] - BASE16_MIN; /* 0 starts at 0x30 */ - byte b2 = in[inIdx++] - BASE16_MIN; + byte b = (byte)(in[inIdx++] - BASE16_MIN); /* 0 starts at 0x30 */ + byte b2 = (byte)(in[inIdx++] - BASE16_MIN); /* sanity checks */ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) @@ -570,14 +572,14 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) byte lb = in[i] & 0x0f; /* ASCII value */ - hb += '0'; + hb = (byte)(hb + '0'); if (hb > '9') - hb += 7; + hb = (byte)(hb + 7U); /* ASCII value */ - lb += '0'; + lb = (byte)(lb + '0'); if (lb>'9') - lb += 7; + lb = (byte)(lb + 7U); out[outIdx++] = hb; out[outIdx++] = lb; diff --git a/src/wolfcrypt/src/cpuid.c b/src/wolfcrypt/src/cpuid.c index 6722386..a9f1533 100644 --- a/src/wolfcrypt/src/cpuid.c +++ b/src/wolfcrypt/src/cpuid.c @@ -28,7 +28,8 @@ #include -#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL) +#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL) || \ + defined(HAVE_CPUID_AARCH64) static word32 cpuid_check = 0; static word32 cpuid_flags = 0; #endif @@ -101,6 +102,210 @@ cpuid_check = 1; } } +#elif defined(HAVE_CPUID_AARCH64) + +#define CPUID_AARCH64_FEAT_AES ((word64)1 << 4) +#define CPUID_AARCH64_FEAT_AES_PMULL ((word64)1 << 5) +#define CPUID_AARCH64_FEAT_SHA256 ((word64)1 << 12) +#define CPUID_AARCH64_FEAT_SHA256_512 ((word64)1 << 13) +#define CPUID_AARCH64_FEAT_RDM ((word64)1 << 28) +#define CPUID_AARCH64_FEAT_SHA3 ((word64)1 << 32) +#define CPUID_AARCH64_FEAT_SM3 ((word64)1 << 36) +#define CPUID_AARCH64_FEAT_SM4 ((word64)1 << 40) + +#ifdef WOLFSSL_AARCH64_PRIVILEGE_MODE + /* https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers + * /ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0 */ + + void cpuid_set_flags(void) + { + if (!cpuid_check) { + word64 features; + + __asm__ __volatile ( + "mrs %[feat], ID_AA64ISAR0_EL1\n" + : [feat] "=r" (features) + : + : + ); + + if (features & CPUID_AARCH64_FEAT_AES) + cpuid_flags |= CPUID_AES; + if (features & CPUID_AARCH64_FEAT_AES_PMULL) { + cpuid_flags |= CPUID_AES; + cpuid_flags |= CPUID_PMULL; + } + if (features & CPUID_AARCH64_FEAT_SHA256) + cpuid_flags |= CPUID_SHA256; + if (features & CPUID_AARCH64_FEAT_SHA256_512) + cpuid_flags |= CPUID_SHA256 | CPUID_SHA512; + if (features & CPUID_AARCH64_FEAT_RDM) + cpuid_flags |= CPUID_RDM; + if (features & CPUID_AARCH64_FEAT_SHA3) + cpuid_flags |= CPUID_SHA3; + if (features & CPUID_AARCH64_FEAT_SM3) + cpuid_flags |= CPUID_SM3; + if (features & CPUID_AARCH64_FEAT_SM4) + cpuid_flags |= CPUID_SM4; + + cpuid_check = 1; + } + } +#elif defined(__linux__) + /* https://community.arm.com/arm-community-blogs/b/operating-systems-blog/ + * posts/runtime-detection-of-cpu-features-on-an-armv8-a-cpu */ + + #include + #include + + void cpuid_set_flags(void) + { + if (!cpuid_check) { + word64 hwcaps = getauxval(AT_HWCAP); + + if (hwcaps & HWCAP_AES) + cpuid_flags |= CPUID_AES; + if (hwcaps & HWCAP_PMULL) + cpuid_flags |= CPUID_PMULL; + if (hwcaps & HWCAP_SHA2) + cpuid_flags |= CPUID_SHA256; + if (hwcaps & HWCAP_SHA512) + cpuid_flags |= CPUID_SHA512; + if (hwcaps & HWCAP_ASIMDRDM) + cpuid_flags |= CPUID_RDM; + if (hwcaps & HWCAP_SHA3) + cpuid_flags |= CPUID_SHA3; + if (hwcaps & HWCAP_SM3) + cpuid_flags |= CPUID_SM3; + if (hwcaps & HWCAP_SM4) + cpuid_flags |= CPUID_SM4; + + cpuid_check = 1; + } + } +#elif defined(__ANDROID__) || defined(ANDROID) + /* https://community.arm.com/arm-community-blogs/b/operating-systems-blog/ + * posts/runtime-detection-of-cpu-features-on-an-armv8-a-cpu */ + + #include "cpu-features.h" + + void cpuid_set_flags(void) + { + if (!cpuid_check) { + word64 features = android_getCpuFeatures(); + + if (features & ANDROID_CPU_ARM_FEATURE_AES) + cpuid_flags |= CPUID_AES; + if (features & ANDROID_CPU_ARM_FEATURE_PMULL) + cpuid_flags |= CPUID_PMULL; + if (features & ANDROID_CPU_ARM_FEATURE_SHA2) + cpuid_flags |= CPUID_SHA256; + + cpuid_check = 1; + } + } +#elif defined(__APPLE__) + /* https://developer.apple.com/documentation/kernel/1387446-sysctlbyname/ + * determining_instruction_set_characteristics */ + + #include + + static word64 cpuid_get_sysctlbyname(const char* name) + { + word64 ret = 0; + size_t size = sizeof(ret); + + sysctlbyname(name, &ret, &size, NULL, 0); + + return ret; + } + + void cpuid_set_flags(void) + { + if (!cpuid_check) { + if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_AES") != 0) + cpuid_flags |= CPUID_AES; + if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_PMULL") != 0) + cpuid_flags |= CPUID_PMULL; + if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA256") != 0) + cpuid_flags |= CPUID_SHA256; + if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA512") != 0) + cpuid_flags |= CPUID_SHA512; + if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_RDM") != 0) + cpuid_flags |= CPUID_RDM; + if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA3") != 0) + cpuid_flags |= CPUID_SHA3; + #ifdef WOLFSSL_ARMASM_CRYPTO_SM3 + cpuid_flags |= CPUID_SM3; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SM4 + cpuid_flags |= CPUID_SM4; + #endif + + cpuid_check = 1; + } + } +#elif defined(__FreeBSD__) || defined(__OpenBSD__) + /* https://man.freebsd.org/cgi/man.cgi?elf_aux_info(3) */ + + #include + + void cpuid_set_flags(void) + { + if (!cpuid_check) { + word64 features = 0; + + elf_aux_info(AT_HWCAP, &features, sizeof(features)); + + if (features & CPUID_AARCH64_FEAT_AES) + cpuid_flags |= CPUID_AES; + if (features & CPUID_AARCH64_FEAT_PMULL) + cpuid_flags |= CPUID_PMULL; + if (features & CPUID_AARCH64_FEAT_SHA256) + cpuid_flags |= CPUID_SHA256; + if (features & CPUID_AARCH64_FEAT_SHA256_512) + cpuid_flags |= CPUID_SHA256 | CPUID_SHA512; + if (features & CPUID_AARCH64_FEAT_RDM) + cpuid_flags |= CPUID_RDM; + if (features & CPUID_AARCH64_FEAT_SHA3) + cpuid_flags |= CPUID_SHA3; + if (features & CPUID_AARCH64_FEAT_SM3) + cpuid_flags |= CPUID_SM3; + if (features & CPUID_AARCH64_FEAT_SM4) + cpuid_flags |= CPUID_SM4; + + cpuid_check = 1; + } + } +#else + void cpuid_set_flags(void) + { + if (!cpuid_check) { + #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + cpuid_flags |= CPUID_AES; + cpuid_flags |= CPUID_PMULL; + cpuid_flags |= CPUID_SHA256; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512 + cpuid_flags |= CPUID_SHA512; + #endif + #ifndef WOLFSSL_AARCH64_NO_SQRMLSH + cpuid_flags |= CPUID_RDM; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + cpuid_flags |= CPUID_SHA3; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SM3 + cpuid_flags |= CPUID_SM3; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SM4 + cpuid_flags |= CPUID_SM4; + #endif + + cpuid_check = 1; + } + } +#endif #elif defined(HAVE_CPUID) void cpuid_set_flags(void) { diff --git a/src/wolfcrypt/src/cryptocb.c b/src/wolfcrypt/src/cryptocb.c index 4b903dd..973b4f9 100644 --- a/src/wolfcrypt/src/cryptocb.c +++ b/src/wolfcrypt/src/cryptocb.c @@ -65,7 +65,7 @@ typedef struct CryptoCb { CryptoDevCallbackFunc cb; void* ctx; } CryptoCb; -static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS]; +static WC_THREADSHARED CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS]; #ifdef WOLF_CRYPTO_CB_FIND static CryptoDevCallbackFind CryptoCb_FindCb = NULL; @@ -85,6 +85,7 @@ static const char* GetAlgoTypeStr(int algo) case WC_ALGO_TYPE_SEED: return "Seed"; case WC_ALGO_TYPE_HMAC: return "HMAC"; case WC_ALGO_TYPE_CMAC: return "CMAC"; + case WC_ALGO_TYPE_CERT: return "Cert"; } return NULL; } @@ -445,8 +446,8 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, #ifdef WOLF_CRYPTO_CB_RSA_PAD int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, - word32* outLen, int type, RsaKey* key, WC_RNG* rng, - RsaPadding *padding) + word32* outLen, int type, RsaKey* key, WC_RNG* rng, + RsaPadding *padding) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; @@ -458,9 +459,8 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, /* locate registered callback */ dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK); - if (padding) { - switch(padding->pad_type) { -#ifndef NO_PKCS11_RSA_PKCS + if (padding != NULL) { + switch (padding->pad_type) { case WC_RSA_PKCSV15_PAD: pk_type = WC_PK_TYPE_RSA_PKCS; break; @@ -470,7 +470,6 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, case WC_RSA_OAEP_PAD: pk_type = WC_PK_TYPE_RSA_OAEP; break; -#endif /* NO_PKCS11_RSA_PKCS */ default: pk_type = WC_PK_TYPE_RSA; } @@ -497,7 +496,7 @@ int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif +#endif /* WOLF_CRYPTO_CB_RSA_PAD */ #ifdef WOLFSSL_KEY_GEN int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) @@ -1801,6 +1800,37 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz) } #endif /* !WC_NO_RNG */ +#ifndef NO_CERTS +int wc_CryptoCb_GetCert(int devId, const char *label, word32 labelLen, + const byte *id, word32 idLen, byte** out, + word32* outSz, int *format, void *heap) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_CERT); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CERT; + cryptoInfo.cert.label = label; + cryptoInfo.cert.labelLen = labelLen; + cryptoInfo.cert.id = id; + cryptoInfo.cert.idLen = idLen; + cryptoInfo.cert.heap = heap; + cryptoInfo.cert.certDataOut = out; + cryptoInfo.cert.certSz = outSz; + cryptoInfo.cert.certFormatOut = format; + cryptoInfo.cert.heap = heap; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* ifndef NO_CERTS */ + #if defined(WOLFSSL_CMAC) int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in, word32 inSz, byte* out, word32* outSz, int type, diff --git a/src/wolfcrypt/src/curve25519.c b/src/wolfcrypt/src/curve25519.c index 7641055..8f409da 100644 --- a/src/wolfcrypt/src/curve25519.c +++ b/src/wolfcrypt/src/curve25519.c @@ -54,7 +54,7 @@ #if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif diff --git a/src/wolfcrypt/src/des3.c b/src/wolfcrypt/src/des3.c index 93bdde2..d6c3923 100644 --- a/src/wolfcrypt/src/des3.c +++ b/src/wolfcrypt/src/des3.c @@ -163,8 +163,13 @@ STM32_HAL_TIMEOUT); } /* save off IV */ - des->reg[0] = hcryp.Instance->IV0LR; - des->reg[1] = hcryp.Instance->IV0RR; + #ifdef WOLFSSL_STM32MP13 + des->reg[0] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0LR; + des->reg[1] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0RR; + #else + des->reg[0] = hcryp.Instance->IV0LR; + des->reg[1] = hcryp.Instance->IV0RR; + #endif #else while (sz > 0) { /* if input and output same will overwrite input iv */ @@ -324,8 +329,13 @@ STM32_HAL_TIMEOUT); } /* save off IV */ - des->reg[0] = hcryp.Instance->IV0LR; - des->reg[1] = hcryp.Instance->IV0RR; + #ifdef WOLFSSL_STM32MP13 + des->reg[0] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0LR; + des->reg[1] = ((CRYP_TypeDef *)(hcryp.Instance))->IV0RR; + #else + des->reg[0] = hcryp.Instance->IV0LR; + des->reg[1] = hcryp.Instance->IV0RR; + #endif #else while (sz > 0) { if (dir == DES_ENCRYPTION) { diff --git a/src/wolfcrypt/src/dh.c b/src/wolfcrypt/src/dh.c index 610b4b6..5258e82 100644 --- a/src/wolfcrypt/src/dh.c +++ b/src/wolfcrypt/src/dh.c @@ -67,7 +67,7 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif diff --git a/src/wolfcrypt/src/dilithium.c b/src/wolfcrypt/src/dilithium.c index ce01042..6391da4 100644 --- a/src/wolfcrypt/src/dilithium.c +++ b/src/wolfcrypt/src/dilithium.c @@ -2761,8 +2761,8 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, word16 n = kappa + r; /* Step 4: Append to seed and squeeze out data. */ - seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = n; - seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = n >> 8; + seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)n; + seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = (byte)(n >> 8); ret = dilithium_squeeze256(shake256, seed, DILITHIUM_Y_SEED_SZ, v, DILITHIUM_MAX_V_BLOCKS); if (ret == 0) { @@ -9501,6 +9501,29 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, #ifndef WOLFSSL_DILITHIUM_NO_ASN1 +/* Maps ASN.1 OID to wolfCrypt security level macros */ +static int mapOidToSecLevel(word32 oid) +{ + switch (oid) { + case ML_DSA_LEVEL2k: + return WC_ML_DSA_44; + case ML_DSA_LEVEL3k: + return WC_ML_DSA_65; + case ML_DSA_LEVEL5k: + return WC_ML_DSA_87; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + case DILITHIUM_LEVEL2k: + return WC_ML_DSA_44_DRAFT; + case DILITHIUM_LEVEL3k: + return WC_ML_DSA_65_DRAFT; + case DILITHIUM_LEVEL5k: + return WC_ML_DSA_87_DRAFT; +#endif + default: + return ASN_UNKNOWN_OID_E; + } +} + #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) /* Decode the DER encoded Dilithium key. @@ -9508,11 +9531,19 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, * @param [in] input Array holding DER encoded data. * @param [in, out] inOutIdx On in, index into array of start of DER encoding. * On out, index into array after DER encoding. - * @param [in, out] key Dilithium key to store key. - * @param [in] inSz Total size of data in array. + * @param [in, out] key Dilithium key structure to hold the decoded key. + * If the security level is set in the key structure + * on input, the DER key will be decoded as such and + * will fail if there is a mismatch. If the level + * and parameters are not set in the key structure on + * input, the level will be detected from the DER + * file based on the algorithm OID, appropriately + * decoded, then updated in the key structure on + * output. Auto-detection of the security level is + * not supported if compiled for FIPS 204 draft mode. + * @param [in] inSz Total size of the input DER buffer array. * @return 0 on success. * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. - * @return BAD_FUNC_ARG when level not set. * @return Other negative on parse error. */ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, @@ -9557,15 +9588,27 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, keytype = ML_DSA_LEVEL5k; } else { - /* Level not set. */ - ret = BAD_FUNC_ARG; + /* Level not set by caller, decode from DER */ + keytype = ANONk; /* 0, not a valid key type in this situation*/ } } if (ret == 0) { /* Decode the asymmetric key and get out private and public key data. */ - ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen, - &pubKey, &pubKeyLen, keytype); + ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, + &privKey, &privKeyLen, + &pubKey, &pubKeyLen, &keytype); + if (ret == 0 +#ifdef WOLFSSL_WC_DILITHIUM + && key->params == NULL +#endif + ) { + /* Set the security level based on the decoded key. */ + ret = mapOidToSecLevel(keytype); + if (ret > 0) { + ret = wc_dilithium_set_level(key, ret); + } + } } if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ @@ -9756,7 +9799,17 @@ static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type, * @param [in] input Array holding DER encoded data. * @param [in, out] inOutIdx On in, index into array of start of DER encoding. * On out, index into array after DER encoding. - * @param [in, out] key Dilithium key to store key. + * @param [in, out] key Dilithium key structure to hold the decoded key. + * If the security level is set in the key structure + * on input, the DER key will be decoded as such + * and will fail if there is a mismatch. If the level + * and parameters are not set in the key structure on + * input, the level will be detected from the DER + * file based on the algorithm OID, appropriately + * decoded, then updated in the key structure on + * output. Auto-detection of the security level is + * not supported if compiled for FIPS 204 + * draft mode. * @param [in] inSz Total size of data in array. * @return 0 on success. * @return BAD_FUNC_ARG when input, inOutIdx or key is NULL or inSz is 0. @@ -9818,13 +9871,25 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, keytype = ML_DSA_LEVEL5k; } else { - /* Level not set. */ - ret = BAD_FUNC_ARG; + /* Level not set by caller, decode from DER */ + keytype = ANONk; /* 0, not a valid key type in this situation*/ } if (ret == 0) { /* Decode the asymmetric key and get out public key data. */ - ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey, - &pubKeyLen, keytype); + ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, + &pubKey, &pubKeyLen, + &keytype); + if (ret == 0 +#ifdef WOLFSSL_WC_DILITHIUM + && key->params == NULL +#endif + ) { + /* Set the security level based on the decoded key. */ + ret = mapOidToSecLevel(keytype); + if (ret > 0) { + ret = wc_dilithium_set_level(key, ret); + } + } } #else /* Get OID sum for level. */ diff --git a/src/wolfcrypt/src/dsa.c b/src/wolfcrypt/src/dsa.c index 6ed4435..7fb7945 100644 --- a/src/wolfcrypt/src/dsa.c +++ b/src/wolfcrypt/src/dsa.c @@ -45,7 +45,7 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif @@ -173,7 +173,7 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) return MEMORY_E; } - SAVE_VECTOR_REGISTERS(); + SAVE_VECTOR_REGISTERS(;); #ifdef WOLFSSL_SMALL_STACK if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) @@ -1112,32 +1112,32 @@ int wc_DsaVerify_ex(const byte* digest, word32 digestSz, const byte* sig, #ifdef WOLFSSL_SMALL_STACK if (s) { - if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E)) mp_clear(s); XFREE(s, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (r) { - if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E)) mp_clear(r); XFREE(r, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (u1) { - if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E)) mp_clear(u1); XFREE(u1, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (u2) { - if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E)) mp_clear(u2); XFREE(u2, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (w) { - if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E)) mp_clear(w); XFREE(w, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (v) { - if (ret != WC_NO_ERR_TRACE(MP_INIT_E)) + if (ret != WC_NO_ERR_TRACE(MP_INIT_E) && ret != WC_NO_ERR_TRACE(MEMORY_E)) mp_clear(v); XFREE(v, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/src/wolfcrypt/src/ecc.c b/src/wolfcrypt/src/ecc.c index da6505c..f010568 100644 --- a/src/wolfcrypt/src/ecc.c +++ b/src/wolfcrypt/src/ecc.c @@ -104,6 +104,9 @@ Possible ECC enable options: * unmasked copy is computed and stored each time it is * needed. * default: off + * WOLFSSL_CHECK_VER_FAULTS + * Sanity check on verification steps in case of faults. + * default: off */ /* @@ -231,7 +234,7 @@ ECC Curve Sizes: #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif @@ -1642,7 +1645,7 @@ static void wc_ecc_curve_cache_free_spec_item(ecc_curve_spec* curve, mp_int* ite #endif mp_clear(item); } - curve->load_mask &= ~mask; + curve->load_mask = (byte)(curve->load_mask & ~mask); } static void wc_ecc_curve_cache_free_spec(ecc_curve_spec* curve) { @@ -8880,9 +8883,12 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, #endif mp_int* e; mp_int* v = NULL; /* Will be w. */ +#if defined(WOLFSSL_CHECK_VER_FAULTS) && defined(WOLFSSL_NO_MALLOC) + mp_int u1tmp[1]; + mp_int u2tmp[1]; +#endif mp_int* u1 = NULL; /* Will be e. */ mp_int* u2 = NULL; /* Will be w. */ - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM_V) err = wc_ecc_alloc_mpint(key, &key->e); if (err != 0) { @@ -8970,13 +8976,33 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, #endif if (err == MP_OKAY) { +#ifdef WOLFSSL_CHECK_VER_FAULTS + #ifndef WOLFSSL_NO_MALLOC + u1 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); + u2 = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); + if (u1 == NULL || u2 == NULL) + err = MEMORY_E; + #else + u1 = u1tmp; + u2 = u2tmp; + #endif +#else u1 = e; u2 = w; +#endif v = w; } if (err == MP_OKAY) { err = INIT_MP_INT_SIZE(w, ECC_KEY_MAX_BITS_NONULLCHECK(key)); } +#ifdef WOLFSSL_CHECK_VER_FAULTS + if (err == MP_OKAY) { + err = INIT_MP_INT_SIZE(u1, ECC_KEY_MAX_BITS_NONULLCHECK(key)); + } + if (err == MP_OKAY) { + err = INIT_MP_INT_SIZE(u2, ECC_KEY_MAX_BITS_NONULLCHECK(key)); + } +#endif /* allocate points */ if (err == MP_OKAY) { @@ -9000,10 +9026,22 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, if (err == MP_OKAY) err = mp_mulmod(e, w, curve->order, u1); +#ifdef WOLFSSL_CHECK_VER_FAULTS + if (err == MP_OKAY && mp_iszero(e) != MP_YES && mp_cmp(u1, e) == MP_EQ) { + err = BAD_STATE_E; + } +#endif + /* u2 = rw */ if (err == MP_OKAY) err = mp_mulmod(r, w, curve->order, u2); +#ifdef WOLFSSL_CHECK_VER_FAULTS + if (err == MP_OKAY && mp_cmp(u2, w) == MP_EQ) { + err = BAD_STATE_E; + } +#endif + /* find mG and mQ */ if (err == MP_OKAY) err = mp_copy(curve->Gx, mG->x); @@ -9031,16 +9069,35 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, #ifndef ECC_SHAMIR if (err == MP_OKAY) { + #ifdef WOLFSSL_CHECK_VER_FAULTS + ecc_point mG1, mQ1; + wc_ecc_copy_point(mQ, &mQ1); + wc_ecc_copy_point(mG, &mG1); + #endif + mp_digit mp = 0; if (!mp_iszero((MP_INT_SIZE*)u1)) { /* compute u1*mG + u2*mQ = mG */ err = wc_ecc_mulmod_ex(u1, mG, mG, curve->Af, curve->prime, 0, key->heap); + #ifdef WOLFSSL_CHECK_VER_FAULTS + if (err == MP_OKAY && wc_ecc_cmp_point(mG, &mG1) == MP_EQ) { + err = BAD_STATE_E; + } + + /* store new value for comparing with after add operation */ + wc_ecc_copy_point(mG, &mG1); + #endif if (err == MP_OKAY) { err = wc_ecc_mulmod_ex(u2, mQ, mQ, curve->Af, curve->prime, 0, key->heap); } + #ifdef WOLFSSL_CHECK_VER_FAULTS + if (err == MP_OKAY && wc_ecc_cmp_point(mQ, &mQ1) == MP_EQ) { + err = BAD_STATE_E; + } + #endif /* find the montgomery mp */ if (err == MP_OKAY) @@ -9050,6 +9107,14 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, if (err == MP_OKAY) err = ecc_projective_add_point_safe(mQ, mG, mG, curve->Af, curve->prime, mp, NULL); + #ifdef WOLFSSL_CHECK_VER_FAULTS + if (err == MP_OKAY && wc_ecc_cmp_point(mG, &mG1) == MP_EQ) { + err = BAD_STATE_E; + } + if (err == MP_OKAY && wc_ecc_cmp_point(mG, mQ) == MP_EQ) { + err = BAD_STATE_E; + } + #endif } else { /* compute 0*mG + u2*mQ = mG */ @@ -9072,6 +9137,7 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, } #endif /* ECC_SHAMIR */ #endif /* FREESCALE_LTC_ECC */ + /* v = X_x1 mod n */ if (err == MP_OKAY) err = mp_mod(mG->x, curve->order, v); @@ -9080,6 +9146,11 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, if (err == MP_OKAY) { if (mp_cmp(v, r) == MP_EQ) *res = 1; +#ifdef WOLFSSL_CHECK_VER_FAULTS + /* redundant comparison as sanity check that first one happened */ + if (*res == 1 && mp_cmp(r, v) != MP_EQ) + *res = 0; +#endif } /* cleanup */ @@ -9089,6 +9160,14 @@ static int ecc_verify_hash(mp_int *r, mp_int *s, const byte* hash, mp_clear(e); mp_clear(w); FREE_MP_INT_SIZE(w, key->heap, DYNAMIC_TYPE_ECC); +#ifdef WOLFSSL_CHECK_VER_FAULTS + mp_clear(u1); + mp_clear(u2); +#ifndef WOLFSSL_NO_MALLOC + XFREE(u1, key->heap, DYNAMIC_TYPE_ECC); + XFREE(u2, key->heap, DYNAMIC_TYPE_ECC); +#endif +#endif #if !defined(WOLFSSL_ASYNC_CRYPT) || !defined(HAVE_CAVIUM_V) FREE_MP_INT_SIZE(e_lcl, key->heap, DYNAMIC_TYPE_ECC); #endif @@ -12593,20 +12672,22 @@ static int build_lut(int idx, mp_int* a, mp_int* modulus, mp_digit mp, /* make all single bit entries */ for (x = 1; x < FP_LUT; x++) { - if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x, - fp_cache[idx].LUT[1<x) != MP_OKAY) || - (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y, - fp_cache[idx].LUT[1<y) != MP_OKAY) || - (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z, - fp_cache[idx].LUT[1<z) != MP_OKAY)){ + if ((mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->x, + fp_cache[idx].LUT[(unsigned int)(1 << x )]->x) != MP_OKAY) || + (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->y, + fp_cache[idx].LUT[(unsigned int)(1 << x )]->y) != MP_OKAY) || + (mp_copy(fp_cache[idx].LUT[(unsigned int)(1 << (x-1))]->z, + fp_cache[idx].LUT[(unsigned int)(1 << x )]->z) != MP_OKAY)) { err = MP_INIT_E; goto errout; } else { /* now double it bitlen/FP_LUT times */ for (y = 0; y < lut_gap; y++) { - if ((err = ecc_projective_dbl_point_safe(fp_cache[idx].LUT[1<>3] >> (bitpos&7)) & 1) << y; + z |= (((word32)kb[bitpos>>3U] >> (bitpos&7U)) & 1U) << y; bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid the mult in each loop */ } @@ -13062,8 +13143,8 @@ static int accel_fp_mul2add(int idx1, int idx2, offset by x bits from the start */ bitpos = (unsigned)x; for (y = zA = zB = 0; y < FP_LUT; y++) { - zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y; - zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y; + zA |= (((word32)kb[0][bitpos>>3U] >> (bitpos&7U)) & 1U) << y; + zB |= (((word32)kb[1][bitpos>>3U] >> (bitpos&7U)) & 1U) << y; bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid the mult in each loop */ } @@ -13173,7 +13254,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, ecc_point* C, mp_int* a, mp_int* modulus, void* heap) { int idx1 = -1, idx2 = -1, err, mpInit = 0; - mp_digit mp; + mp_digit mp = 0; #ifdef WOLFSSL_SMALL_STACK mp_int *mu = (mp_int *)XMALLOC(sizeof *mu, NULL, DYNAMIC_TYPE_ECC_BUFFER); @@ -13321,7 +13402,7 @@ int wc_ecc_mulmod_ex(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, { #if !defined(WOLFSSL_SP_MATH) int idx, err = MP_OKAY; - mp_digit mp; + mp_digit mp = 0; #ifdef WOLFSSL_SMALL_STACK mp_int *mu = NULL; #else @@ -13497,7 +13578,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, { #if !defined(WOLFSSL_SP_MATH) int idx, err = MP_OKAY; - mp_digit mp; + mp_digit mp = 0; #ifdef WOLFSSL_SMALL_STACK mp_int *mu = NULL; #else @@ -14073,12 +14154,12 @@ static int ecc_get_key_sizes(ecEncCtx* ctx, int* encKeySz, int* ivSz, case ecAES_128_CBC: *encKeySz = KEY_SIZE_128; *ivSz = IV_SIZE_128; - *blockSz = AES_BLOCK_SIZE; + *blockSz = WC_AES_BLOCK_SIZE; break; case ecAES_256_CBC: *encKeySz = KEY_SIZE_256; *ivSz = IV_SIZE_128; - *blockSz = AES_BLOCK_SIZE; + *blockSz = WC_AES_BLOCK_SIZE; break; #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) @@ -14375,7 +14456,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, case ecAES_256_CTR: { #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) - byte ctr_iv[AES_BLOCK_SIZE]; + byte ctr_iv[WC_AES_BLOCK_SIZE]; #ifndef WOLFSSL_SMALL_STACK Aes aes[1]; #else @@ -14390,7 +14471,7 @@ int wc_ecc_encrypt_ex(ecc_key* privKey, ecc_key* pubKey, const byte* msg, /* Include 4 byte counter starting at all zeros. */ XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE); XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0, - AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE); + WC_AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE); ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { @@ -14852,11 +14933,11 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif ret = wc_AesInit(aes, NULL, INVALID_DEVID); if (ret == 0) { - byte ctr_iv[AES_BLOCK_SIZE]; + byte ctr_iv[WC_AES_BLOCK_SIZE]; /* Make a 16 byte IV from the bytes passed in. */ XMEMCPY(ctr_iv, encIv, WOLFSSL_ECIES_GEN_IV_SIZE); XMEMSET(ctr_iv + WOLFSSL_ECIES_GEN_IV_SIZE, 0, - AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE); + WC_AES_BLOCK_SIZE - WOLFSSL_ECIES_GEN_IV_SIZE); ret = wc_AesSetKey(aes, encKey, (word32)encKeySz, ctr_iv, AES_ENCRYPTION); if (ret == 0) { diff --git a/src/wolfcrypt/src/eccsi.c b/src/wolfcrypt/src/eccsi.c index 2be700f..79b7a65 100644 --- a/src/wolfcrypt/src/eccsi.c +++ b/src/wolfcrypt/src/eccsi.c @@ -46,7 +46,7 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif diff --git a/src/wolfcrypt/src/ed25519.c b/src/wolfcrypt/src/ed25519.c index 09777dd..fd80f86 100644 --- a/src/wolfcrypt/src/ed25519.c +++ b/src/wolfcrypt/src/ed25519.c @@ -48,6 +48,7 @@ #include #include +#include #include #include #ifdef NO_INLINE @@ -628,6 +629,35 @@ int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, #ifdef HAVE_ED25519_VERIFY #ifndef WOLFSSL_SE050 + +#ifdef WOLFSSL_CHECK_VER_FAULTS +static const byte sha512_empty[] = { + 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, + 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, + 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, + 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, + 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, + 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, + 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, + 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e +}; + +/* sanity check that hash operation happened + * returns 0 on success */ +static int ed25519_hash_check(ed25519_key* key, byte* h) +{ + (void)key; /* passing in key in case other hash algroithms are used */ + + if (XMEMCMP(h, sha512_empty, WC_SHA512_DIGEST_SIZE) != 0) { + return 0; + } + else { + return BAD_STATE_E; + } +} +#endif + + /* sig is array of bytes containing the signature sigLen is the length of sig byte array @@ -675,6 +705,22 @@ static int ed25519_verify_msg_init_with_sha(const byte* sig, word32 sigLen, } if (ret == 0) ret = ed25519_hash_update(key, sha, sig, ED25519_SIG_SIZE/2); + +#ifdef WOLFSSL_CHECK_VER_FAULTS + /* sanity check that hash operation happened */ + if (ret == 0) { + byte h[WC_MAX_DIGEST_SIZE]; + + ret = wc_Sha512GetHash(sha, h); + if (ret == 0) { + ret = ed25519_hash_check(key, h); + if (ret != 0) { + WOLFSSL_MSG("Unexpected initial state of hash found"); + } + } + } +#endif + if (ret == 0) ret = ed25519_hash_update(key, sha, key->p, ED25519_PUB_KEY_SIZE); @@ -791,7 +837,16 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen, ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2); if (ret != 0) { ret = SIG_VERIFY_E; - } else { + } + +#ifdef WOLFSSL_CHECK_VER_FAULTS + /* redundant comparison as sanity check that first one happened */ + if (ret == 0 && ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2) != 0) { + ret = SIG_VERIFY_E; + } +#endif + + if (ret == 0) { /* set the verification status */ *res = 1; } diff --git a/src/wolfcrypt/src/error.c b/src/wolfcrypt/src/error.c index deedcbe..0deb668 100644 --- a/src/wolfcrypt/src/error.c +++ b/src/wolfcrypt/src/error.c @@ -44,6 +44,9 @@ const char* wc_GetErrorString(int error) { switch ((enum wolfCrypt_ErrorCodes)error) { + case WC_FAILURE: + return "wolfCrypt generic failure"; + case MP_MEM : return "MP integer dynamic memory allocation failed"; @@ -642,11 +645,14 @@ const char* wc_GetErrorString(int error) case PBKDF2_KAT_FIPS_E: return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure"; + case DEADLOCK_AVERTED_E: + return "Deadlock averted -- retry the call"; + case MAX_CODE_E: + case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: default: return "unknown error number"; - } } @@ -660,4 +666,3 @@ void wc_ErrorString(int error, char* buffer) buffer[WOLFSSL_MAX_ERROR_SZ-1] = 0; } #endif /* !NO_ERROR_STRINGS */ - diff --git a/src/wolfcrypt/src/evp.c b/src/wolfcrypt/src/evp.c index 808aa04..c3eb12e 100644 --- a/src/wolfcrypt/src/evp.c +++ b/src/wolfcrypt/src/evp.c @@ -41,7 +41,6 @@ #include #endif - #include #include #include @@ -53,67 +52,67 @@ static const struct s_ent { const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, NID_md4, "MD4"}, + {WC_HASH_TYPE_MD4, WC_NID_md4, "MD4"}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, NID_md5, "MD5"}, + {WC_HASH_TYPE_MD5, WC_NID_md5, "MD5"}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"}, - {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */ + {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA1"}, + {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */ #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"}, + {WC_HASH_TYPE_SHA224, WC_NID_sha224, "SHA224"}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"}, + {WC_HASH_TYPE_SHA256, WC_NID_sha256, "SHA256"}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"}, + {WC_HASH_TYPE_SHA384, WC_NID_sha384, "SHA384"}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"}, + {WC_HASH_TYPE_SHA512, WC_NID_sha512, "SHA512"}, #endif /* WOLFSSL_SHA512 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - {WC_HASH_TYPE_SHA512_224, NID_sha512_224, "SHA512_224"}, + {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, "SHA512_224"}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - {WC_HASH_TYPE_SHA512_256, NID_sha512_256, "SHA512_256"}, + {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, "SHA512_256"}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, "SHA3_224"}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, "SHA3_256"}, #endif #ifndef WOLFSSL_NOSHA3_384 - {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, "SHA3_384"}, #endif #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, "SHA3_512"}, #endif #ifdef WOLFSSL_SM3 - {WC_HASH_TYPE_SM3, NID_sm3, "SM3"}, + {WC_HASH_TYPE_SM3, WC_NID_sm3, "SM3"}, #endif /* WOLFSSL_SHA512 */ #ifdef HAVE_BLAKE2 - {WC_HASH_TYPE_BLAKE2B, NID_blake2b512, "BLAKE2B512"}, + {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, "BLAKE2B512"}, #endif #ifdef HAVE_BLAKE2S - {WC_HASH_TYPE_BLAKE2S, NID_blake2s256, "BLAKE2S256"}, + {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, "BLAKE2S256"}, #endif #ifdef WOLFSSL_SHAKE128 - {WC_HASH_TYPE_SHAKE128, NID_shake128, "SHAKE128"}, + {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, "SHAKE128"}, #endif #ifdef WOLFSSL_SHAKE256 - {WC_HASH_TYPE_SHAKE256, NID_shake256, "SHAKE256"}, + {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, "SHAKE256"}, #endif {WC_HASH_TYPE_NONE, 0, NULL} }; @@ -158,6 +157,7 @@ static const struct s_ent { (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; #endif @@ -177,6 +177,7 @@ static const struct s_ent { #ifdef WOLFSSL_AES_256 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; @@ -287,21 +288,21 @@ static const struct pkey_type_name_ent { int type; const char *name; } pkey_type_names[] = { - { EVP_PKEY_RSA, "RSA" }, - { EVP_PKEY_EC, "EC" }, - { EVP_PKEY_DH, "DH" }, - { EVP_PKEY_DSA, "DSA" } + { WC_EVP_PKEY_RSA, "RSA" }, + { WC_EVP_PKEY_EC, "EC" }, + { WC_EVP_PKEY_DH, "DH" }, + { WC_EVP_PKEY_DSA, "DSA" } }; static int pkey_type_by_name(const char *name) { unsigned int i; if (name == NULL) - return EVP_PKEY_NONE; + return WC_EVP_PKEY_NONE; for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) { if (XSTRCMP(name, pkey_type_names[i].name) == 0) return pkey_type_names[i].type; } - return EVP_PKEY_NONE; + return WC_EVP_PKEY_NONE; } int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { @@ -311,7 +312,7 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { return WOLFSSL_FAILURE; type = pkey_type_by_name(name); - if (type == EVP_PKEY_NONE) + if (type == WC_EVP_PKEY_NONE) return WOLFSSL_FAILURE; return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; @@ -319,8 +320,8 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0) -#define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 -#define EVP_PKEY_PRINT_DIGITS_PER_LINE 15 +#define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 +#define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); @@ -346,81 +347,81 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) switch (cipherType(c)) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: return 16; - case AES_192_CBC_TYPE: return 24; - case AES_256_CBC_TYPE: return 32; + case WC_AES_128_CBC_TYPE: return 16; + case WC_AES_192_CBC_TYPE: return 24; + case WC_AES_256_CBC_TYPE: return 32; #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: return 16; - case AES_192_CFB1_TYPE: return 24; - case AES_256_CFB1_TYPE: return 32; - case AES_128_CFB8_TYPE: return 16; - case AES_192_CFB8_TYPE: return 24; - case AES_256_CFB8_TYPE: return 32; - case AES_128_CFB128_TYPE: return 16; - case AES_192_CFB128_TYPE: return 24; - case AES_256_CFB128_TYPE: return 32; + case WC_AES_128_CFB1_TYPE: return 16; + case WC_AES_192_CFB1_TYPE: return 24; + case WC_AES_256_CFB1_TYPE: return 32; + case WC_AES_128_CFB8_TYPE: return 16; + case WC_AES_192_CFB8_TYPE: return 24; + case WC_AES_256_CFB8_TYPE: return 32; + case WC_AES_128_CFB128_TYPE: return 16; + case WC_AES_192_CFB128_TYPE: return 24; + case WC_AES_256_CFB128_TYPE: return 32; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: return 16; - case AES_192_OFB_TYPE: return 24; - case AES_256_OFB_TYPE: return 32; + case WC_AES_128_OFB_TYPE: return 16; + case WC_AES_192_OFB_TYPE: return 24; + case WC_AES_256_OFB_TYPE: return 32; #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) /* Two keys for XTS. */ - case AES_128_XTS_TYPE: return 16 * 2; - case AES_256_XTS_TYPE: return 32 * 2; + case WC_AES_128_XTS_TYPE: return 16 * 2; + case WC_AES_256_XTS_TYPE: return 32 * 2; #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: return 16; - case AES_192_GCM_TYPE: return 24; - case AES_256_GCM_TYPE: return 32; + case WC_AES_128_GCM_TYPE: return 16; + case WC_AES_192_GCM_TYPE: return 24; + case WC_AES_256_GCM_TYPE: return 32; #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: return 16; - case AES_192_CCM_TYPE: return 24; - case AES_256_CCM_TYPE: return 32; + case WC_AES_128_CCM_TYPE: return 16; + case WC_AES_192_CCM_TYPE: return 24; + case WC_AES_256_CCM_TYPE: return 32; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: return 16; - case AES_192_CTR_TYPE: return 24; - case AES_256_CTR_TYPE: return 32; + case WC_AES_128_CTR_TYPE: return 16; + case WC_AES_192_CTR_TYPE: return 24; + case WC_AES_256_CTR_TYPE: return 32; #endif #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: return 16; - case AES_192_ECB_TYPE: return 24; - case AES_256_ECB_TYPE: return 32; + case WC_AES_128_ECB_TYPE: return 16; + case WC_AES_192_ECB_TYPE: return 24; + case WC_AES_256_ECB_TYPE: return 32; #endif #endif /* !NO_AES */ #ifndef NO_DES3 - case DES_CBC_TYPE: return 8; - case DES_EDE3_CBC_TYPE: return 24; - case DES_ECB_TYPE: return 8; - case DES_EDE3_ECB_TYPE: return 24; + case WC_DES_CBC_TYPE: return 8; + case WC_DES_EDE3_CBC_TYPE: return 24; + case WC_DES_ECB_TYPE: return 8; + case WC_DES_EDE3_ECB_TYPE: return 24; #endif #ifndef NO_RC4 - case ARC4_TYPE: return 16; + case WC_ARC4_TYPE: return 16; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: return 32; + case WC_CHACHA20_POLY1305_TYPE: return 32; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ; + case WC_CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: return 16; + case WC_SM4_ECB_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: return 16; + case WC_SM4_CBC_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: return 16; + case WC_SM4_CTR_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: return 16; + case WC_SM4_GCM_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: return 16; + case WC_SM4_CCM_TYPE: return 16; #endif default: return 0; @@ -603,9 +604,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, switch (ctx->cipherType) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: if (ctx->enc) ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -613,16 +614,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); break; #endif #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: if (ctx->enc) ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -630,9 +631,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: if (ctx->enc) ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -640,10 +641,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_CFB) - #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: + #if !defined(WOLFSSL_NO_AES_CFB_1_8) + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: if (ctx->enc) ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in, inl * WOLFSSL_BIT_SIZE); @@ -652,19 +653,19 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, inl * WOLFSSL_BIT_SIZE); break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: if (ctx->enc) ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl); else ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl); break; - #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: if (ctx->enc) ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -672,8 +673,8 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: if (ctx->enc) ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl, ctx->iv, (word32)ctx->ivSz); @@ -684,34 +685,34 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, #endif #endif /* !NO_AES */ #ifndef NO_DES3 - case DES_CBC_TYPE: + case WC_DES_CBC_TYPE: if (ctx->enc) ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); else ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); break; - case DES_EDE3_CBC_TYPE: + case WC_DES_EDE3_CBC_TYPE: if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); else ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); break; #if defined(WOLFSSL_DES_ECB) - case DES_ECB_TYPE: + case WC_DES_ECB_TYPE: ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); break; - case DES_EDE3_ECB_TYPE: + case WC_DES_EDE3_ECB_TYPE: ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); break; #endif #endif #ifndef NO_RC4 - case ARC4_TYPE: + case WC_ARC4_TYPE: wc_Arc4Process(&ctx->cipher.arc4, out, in, inl); break; #endif #if defined(WOLFSSL_SM4_ECB) - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: if (ctx->enc) wc_Sm4EcbEncrypt(&ctx->cipher.sm4, out, in, inl); else @@ -719,7 +720,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_SM4_CBC) - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: if (ctx->enc) wc_Sm4CbcEncrypt(&ctx->cipher.sm4, out, in, inl); else @@ -727,7 +728,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_SM4_CTR) - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: wc_Sm4CtrEncrypt(&ctx->cipher.sm4, out, in, inl); break; #endif @@ -783,7 +784,7 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, #if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM) #if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM) - if (ctx->cipherType == SM4_GCM_TYPE) + if (ctx->cipherType == WC_SM4_GCM_TYPE) #endif { int ret = 0; @@ -1059,29 +1060,29 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, switch (ctx->cipherType) { #if !defined(NO_AES) && defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: /* if out == NULL, in/inl contains the additional auth data */ return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */ #if !defined(NO_AES) && defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: /* if out == NULL, in/inl contains the * additional auth data */ return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl); #endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */ #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: /* if out == NULL, in/inl contains the additional auth data */ return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl); #endif /* defined(HAVE_ARIA) */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: if (out == NULL) { if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in, (word32)inl) != 0) { @@ -1106,7 +1107,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, } #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: if (wc_Chacha_Process(&ctx->cipher.chacha, out, in, (word32)inl) != 0) { WOLFSSL_MSG("wc_ChaCha_Process failed"); @@ -1116,12 +1117,12 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, return WOLFSSL_SUCCESS; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: /* if out == NULL, in/inl contains the additional auth data */ return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: /* if out == NULL, in/inl contains the * additional auth data */ return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl); @@ -1274,9 +1275,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, switch (ctx->cipherType) { #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: #ifndef WOLFSSL_AESGCM_STREAM if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { @@ -1347,7 +1348,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, } else { /* Clear IV, since IV reuse is not recommended for AES GCM. */ - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); } if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { ret = WOLFSSL_FAILURE; @@ -1358,9 +1359,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) { @@ -1406,7 +1407,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, else { /* Clear IV, since IV reuse is not recommended * for AES CCM. */ - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); } if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { ret = WOLFSSL_FAILURE; @@ -1417,9 +1418,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) @@ -1471,7 +1472,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) || * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly, ctx->authTag) != 0) { WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed"); @@ -1484,7 +1485,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, break; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) @@ -1535,7 +1536,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, break; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) @@ -1660,20 +1661,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, */ if (FALSE #ifdef HAVE_AESGCM - || ctx->cipherType == AES_128_GCM_TYPE || - ctx->cipherType == AES_192_GCM_TYPE || - ctx->cipherType == AES_256_GCM_TYPE + || ctx->cipherType == WC_AES_128_GCM_TYPE || + ctx->cipherType == WC_AES_192_GCM_TYPE || + ctx->cipherType == WC_AES_256_GCM_TYPE #endif #ifdef HAVE_AESCCM - || ctx->cipherType == AES_128_CCM_TYPE || - ctx->cipherType == AES_192_CCM_TYPE || - ctx->cipherType == AES_256_CCM_TYPE + || ctx->cipherType == WC_AES_128_CCM_TYPE || + ctx->cipherType == WC_AES_192_CCM_TYPE || + ctx->cipherType == WC_AES_256_CCM_TYPE #endif #ifdef WOLFSSL_SM4_GCM - || ctx->cipherType == SM4_GCM_TYPE + || ctx->cipherType == WC_SM4_GCM_TYPE #endif #ifdef WOLFSSL_SM4_CCM - || ctx->cipherType == SM4_CCM_TYPE + || ctx->cipherType == WC_SM4_CCM_TYPE #endif ) { tmp = ctx->authIvGenEnable; @@ -1688,20 +1689,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0)) if (FALSE #ifdef HAVE_AESGCM - || ctx->cipherType == AES_128_GCM_TYPE || - ctx->cipherType == AES_192_GCM_TYPE || - ctx->cipherType == AES_256_GCM_TYPE + || ctx->cipherType == WC_AES_128_GCM_TYPE || + ctx->cipherType == WC_AES_192_GCM_TYPE || + ctx->cipherType == WC_AES_256_GCM_TYPE #endif #ifdef HAVE_AESCCM - || ctx->cipherType == AES_128_CCM_TYPE || - ctx->cipherType == AES_192_CCM_TYPE || - ctx->cipherType == AES_256_CCM_TYPE + || ctx->cipherType == WC_AES_128_CCM_TYPE || + ctx->cipherType == WC_AES_192_CCM_TYPE || + ctx->cipherType == WC_AES_256_CCM_TYPE #endif #ifdef WOLFSSL_SM4_GCM - || ctx->cipherType == SM4_GCM_TYPE + || ctx->cipherType == WC_SM4_GCM_TYPE #endif #ifdef WOLFSSL_SM4_CCM - || ctx->cipherType == SM4_CCM_TYPE + || ctx->cipherType == WC_SM4_CCM_TYPE #endif ) { ctx->authIvGenEnable = (tmp == 1); @@ -1769,75 +1770,75 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: #endif #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: #endif - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: #endif /* !NO_AES */ #ifndef NO_DES3 - case DES_CBC_TYPE: - case DES_ECB_TYPE: - case DES_EDE3_CBC_TYPE: - case DES_EDE3_ECB_TYPE: + case WC_DES_CBC_TYPE: + case WC_DES_ECB_TYPE: + case WC_DES_EDE3_CBC_TYPE: + case WC_DES_EDE3_ECB_TYPE: #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: #endif return ctx->block_size; #endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */ @@ -1851,193 +1852,195 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) if (cipher == NULL) return 0; /* dummy for #ifdef */ #ifndef NO_DES3 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC)) - return DES_CBC_TYPE; + return WC_DES_CBC_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC)) - return DES_EDE3_CBC_TYPE; + return WC_DES_EDE3_CBC_TYPE; #if !defined(NO_DES3) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB)) - return DES_ECB_TYPE; + return WC_DES_ECB_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB)) - return DES_EDE3_ECB_TYPE; + return WC_DES_EDE3_ECB_TYPE; #endif /* NO_DES3 && HAVE_AES_ECB */ #endif #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC)) - return AES_128_CBC_TYPE; + return WC_AES_128_CBC_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC)) - return AES_192_CBC_TYPE; + return WC_AES_192_CBC_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC)) - return AES_256_CBC_TYPE; + return WC_AES_256_CBC_TYPE; #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if defined(HAVE_AESGCM) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM)) - return AES_128_GCM_TYPE; + return WC_AES_128_GCM_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM)) - return AES_192_GCM_TYPE; + return WC_AES_192_GCM_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM)) - return AES_256_GCM_TYPE; + return WC_AES_256_GCM_TYPE; #endif #endif /* HAVE_AESGCM */ #if defined(HAVE_AESCCM) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CCM)) - return AES_128_CCM_TYPE; + return WC_AES_128_CCM_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CCM)) - return AES_192_CCM_TYPE; + return WC_AES_192_CCM_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CCM)) - return AES_256_CCM_TYPE; + return WC_AES_256_CCM_TYPE; #endif #endif /* HAVE_AESCCM */ #if defined(WOLFSSL_AES_COUNTER) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR)) - return AES_128_CTR_TYPE; + return WC_AES_128_CTR_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR)) - return AES_192_CTR_TYPE; + return WC_AES_192_CTR_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR)) - return AES_256_CTR_TYPE; + return WC_AES_256_CTR_TYPE; #endif #endif /* HAVE_AES_CBC */ #if defined(HAVE_AES_ECB) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB)) - return AES_128_ECB_TYPE; + return WC_AES_128_ECB_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB)) - return AES_192_ECB_TYPE; + return WC_AES_192_ECB_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB)) - return AES_256_ECB_TYPE; + return WC_AES_256_ECB_TYPE; #endif #endif /*HAVE_AES_CBC */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS)) - return AES_128_XTS_TYPE; + return WC_AES_128_XTS_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS)) - return AES_256_XTS_TYPE; + return WC_AES_256_XTS_TYPE; #endif #endif /* WOLFSSL_AES_XTS */ #if defined(WOLFSSL_AES_CFB) +#ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1)) - return AES_128_CFB1_TYPE; + return WC_AES_128_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1)) - return AES_192_CFB1_TYPE; + return WC_AES_192_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1)) - return AES_256_CFB1_TYPE; + return WC_AES_256_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8)) - return AES_128_CFB8_TYPE; + return WC_AES_128_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8)) - return AES_192_CFB8_TYPE; + return WC_AES_192_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8)) - return AES_256_CFB8_TYPE; + return WC_AES_256_CFB8_TYPE; #endif +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128)) - return AES_128_CFB128_TYPE; + return WC_AES_128_CFB128_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128)) - return AES_192_CFB128_TYPE; + return WC_AES_192_CFB128_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128)) - return AES_256_CFB128_TYPE; + return WC_AES_256_CFB128_TYPE; #endif #endif /*HAVE_AES_CBC */ #if defined(WOLFSSL_AES_OFB) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB)) - return AES_128_OFB_TYPE; + return WC_AES_128_OFB_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB)) - return AES_192_OFB_TYPE; + return WC_AES_192_OFB_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB)) - return AES_256_OFB_TYPE; + return WC_AES_256_OFB_TYPE; #endif #endif #endif /* !NO_AES */ #if defined(HAVE_ARIA) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM)) - return ARIA_128_GCM_TYPE; + return WC_ARIA_128_GCM_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM)) - return ARIA_192_GCM_TYPE; + return WC_ARIA_192_GCM_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM)) - return ARIA_256_GCM_TYPE; + return WC_ARIA_256_GCM_TYPE; #endif /* HAVE_ARIA */ #ifndef NO_RC4 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4)) - return ARC4_TYPE; + return WC_ARC4_TYPE; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20_POLY1305)) - return CHACHA20_POLY1305_TYPE; + return WC_CHACHA20_POLY1305_TYPE; #endif #ifdef HAVE_CHACHA else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20)) - return CHACHA20_TYPE; + return WC_CHACHA20_TYPE; #endif #ifdef WOLFSSL_SM4_ECB else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_ECB)) - return SM4_ECB_TYPE; + return WC_SM4_ECB_TYPE; #endif #ifdef WOLFSSL_SM4_CBC else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CBC)) - return SM4_CBC_TYPE; + return WC_SM4_CBC_TYPE; #endif #ifdef WOLFSSL_SM4_CTR else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CTR)) - return SM4_CTR_TYPE; + return WC_SM4_CTR_TYPE; #endif #ifdef WOLFSSL_SM4_GCM else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_GCM)) - return SM4_GCM_TYPE; + return WC_SM4_GCM_TYPE; #endif #ifdef WOLFSSL_SM4_CCM else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CCM)) - return SM4_CCM_TYPE; + return WC_SM4_CCM_TYPE; #endif else return 0; @@ -2051,107 +2054,107 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) switch (cipherType(cipher)) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: - return AES_BLOCK_SIZE; + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: + return WC_AES_BLOCK_SIZE; #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: return 1; #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: return 1; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: return 1; #endif #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: - return AES_BLOCK_SIZE; + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: + return WC_AES_BLOCK_SIZE; #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: return 1; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: return 1; #endif #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: return 1; #endif #endif /* NO_AES */ #ifndef NO_RC4 - case ARC4_TYPE: + case WC_ARC4_TYPE: return 1; #endif #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: return 1; #endif #ifndef NO_DES3 - case DES_CBC_TYPE: return 8; - case DES_EDE3_CBC_TYPE: return 8; - case DES_ECB_TYPE: return 8; - case DES_EDE3_ECB_TYPE: return 8; + case WC_DES_CBC_TYPE: return 8; + case WC_DES_EDE3_CBC_TYPE: return 8; + case WC_DES_ECB_TYPE: return 8; + case WC_DES_EDE3_ECB_TYPE: return 8; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: return 1; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: return 1; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: return 1; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: return 1; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: return 1; #endif @@ -2165,107 +2168,107 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) switch (cipherType(cipher)) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: return WOLFSSL_EVP_CIPH_CBC_MODE; #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: return WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: return WOLFSSL_EVP_CIPH_CCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: return WOLFSSL_EVP_CIPH_CTR_MODE; #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: return WOLFSSL_EVP_CIPH_CFB_MODE; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: return WOLFSSL_EVP_CIPH_OFB_MODE; #endif #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: return WOLFSSL_EVP_CIPH_XTS_MODE; #endif - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; #endif /* !NO_AES */ #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: return WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #ifndef NO_DES3 - case DES_CBC_TYPE: - case DES_EDE3_CBC_TYPE: + case WC_DES_CBC_TYPE: + case WC_DES_EDE3_CBC_TYPE: return WOLFSSL_EVP_CIPH_CBC_MODE; - case DES_ECB_TYPE: - case DES_EDE3_ECB_TYPE: + case WC_DES_ECB_TYPE: + case WC_DES_EDE3_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; #endif #ifndef NO_RC4 - case ARC4_TYPE: - return EVP_CIPH_STREAM_CIPHER; + case WC_ARC4_TYPE: + return WOLFSSL_EVP_CIPH_STREAM_CIPHER; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: return WOLFSSL_EVP_CIPH_STREAM_CIPHER | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: return WOLFSSL_EVP_CIPH_STREAM_CIPHER; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: return WOLFSSL_EVP_CIPH_CBC_MODE; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: return WOLFSSL_EVP_CIPH_CTR_MODE; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: return WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: return WOLFSSL_EVP_CIPH_CCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif @@ -2374,7 +2377,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX)); ctx->pkey = pkey; #if !defined(NO_RSA) - ctx->padding = RSA_PKCS1_PADDING; + ctx->padding = WC_RSA_PKCS1_PADDING; ctx->md = NULL; #endif #ifdef HAVE_ECC @@ -2416,7 +2419,7 @@ int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding) * returns WOLFSSL_SUCCESS on success. */ int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx, - const EVP_MD* md) + const WOLFSSL_EVP_MD* md) { if (ctx == NULL) return 0; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_signature_md"); @@ -2468,7 +2471,7 @@ int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx) return WOLFSSL_FAILURE; } wolfSSL_EVP_PKEY_free(ctx->peerKey); - ctx->op = EVP_PKEY_OP_DERIVE; + ctx->op = WC_EVP_PKEY_OP_DERIVE; ctx->padding = 0; ctx->nbits = 0; return WOLFSSL_SUCCESS; @@ -2478,7 +2481,7 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY { WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer"); - if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) { + if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE) { return WOLFSSL_FAILURE; } wolfSSL_EVP_PKEY_free(ctx->peerKey); @@ -2513,14 +2516,14 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive"); - if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey - && ctx->pkey->type != EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type - != EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) { + if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey + && ctx->pkey->type != WC_EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type + != WC_EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) { return WOLFSSL_FAILURE; } switch (ctx->pkey->type) { #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: /* Use DH */ if (!ctx->pkey->dh || !ctx->peerKey->dh) { return WOLFSSL_FAILURE; @@ -2553,7 +2556,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ break; #endif #if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: /* Use ECDH */ if (!ctx->pkey->ecc || !ctx->peerKey->ecc) { return WOLFSSL_FAILURE; @@ -2621,7 +2624,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ break; #endif #ifdef HAVE_HKDF - case EVP_PKEY_HKDF: + case WC_EVP_PKEY_HKDF: (void)len; hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd); @@ -2629,7 +2632,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ WOLFSSL_MSG("Invalid hash type for HKDF."); return WOLFSSL_FAILURE; } - if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { + if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, @@ -2638,7 +2641,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_FAILURE; } } - else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { + else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, key) != 0) { @@ -2655,7 +2658,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ *keylen = (size_t)hkdfHashSz; } } - else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { + else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, @@ -2711,7 +2714,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, WOLFSSL_MSG("Bad argument."); ret = WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) { + if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) { WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF."); ret = WOLFSSL_FAILURE; } @@ -2746,7 +2749,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, WOLFSSL_MSG("Bad argument."); ret = WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) { + if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) { WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF."); ret = WOLFSSL_FAILURE; } @@ -2781,7 +2784,7 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx, WOLFSSL_MSG("Bad argument."); ret = WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) { + if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) { WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF."); ret = WOLFSSL_FAILURE; } @@ -2831,9 +2834,10 @@ int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode) } if (ret == WOLFSSL_SUCCESS && - mode != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND && - mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY && - mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { + mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND && + mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY && + mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) + { WOLFSSL_MSG("Invalid HKDF mode."); ret = WOLFSSL_FAILURE; } @@ -2881,7 +2885,7 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: if (out == NULL) { if (ctx->pkey->rsa == NULL) { WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL."); @@ -2910,8 +2914,8 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, } #endif /* NO_RSA */ - case EVP_PKEY_EC: - WOLFSSL_MSG("EVP_PKEY_EC not implemented."); + case WC_EVP_PKEY_EC: + WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented."); FALL_THROUGH; default: break; @@ -2932,10 +2936,10 @@ int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) if (ctx == NULL) return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init"); switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_DECRYPT; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_DECRYPT; return WOLFSSL_SUCCESS; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -2970,8 +2974,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, return 0; } - if (ctx->op != EVP_PKEY_OP_ENCRYPT) { - WOLFSSL_MSG("ctx->op must be set to EVP_PKEY_OP_ENCRYPT. Use " + if (ctx->op != WC_EVP_PKEY_OP_ENCRYPT) { + WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_ENCRYPT. Use " "wolfSSL_EVP_PKEY_encrypt_init."); return WOLFSSL_FAILURE; } @@ -2984,7 +2988,7 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: if (out == NULL) { if (ctx->pkey->rsa == NULL) { WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL."); @@ -3014,8 +3018,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, } #endif /* NO_RSA */ - case EVP_PKEY_EC: - WOLFSSL_MSG("EVP_PKEY_EC not implemented"); + case WC_EVP_PKEY_EC: + WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented"); FALL_THROUGH; default: break; @@ -3037,10 +3041,10 @@ int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init"); switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_ENCRYPT; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_ENCRYPT; return WOLFSSL_SUCCESS; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -3065,22 +3069,22 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx) switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_SIGN; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_SIGN; ret = WOLFSSL_SUCCESS; break; #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: - ctx->op = EVP_PKEY_OP_SIGN; + case WC_EVP_PKEY_DSA: + ctx->op = WC_EVP_PKEY_OP_SIGN; ret = WOLFSSL_SUCCESS; break; #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: - ctx->op = EVP_PKEY_OP_SIGN; + case WC_EVP_PKEY_EC: + ctx->op = WC_EVP_PKEY_OP_SIGN; ret = WOLFSSL_SUCCESS; break; #endif /* HAVE_ECC */ @@ -3103,7 +3107,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, { WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign"); - if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen) + if (!ctx || ctx->op != WC_EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen) return WOLFSSL_FAILURE; (void)sig; @@ -3113,7 +3117,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { unsigned int usiglen = (unsigned int)*siglen; if (!sig) { int len; @@ -3138,7 +3142,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: { + case WC_EVP_PKEY_DSA: { int bytes; int ret; if (!ctx->pkey->dsa) @@ -3165,7 +3169,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int ret; WOLFSSL_ECDSA_SIG *ecdsaSig; if (!sig) { @@ -3227,20 +3231,20 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx) switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_VERIFY; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_VERIFY; return WOLFSSL_SUCCESS; #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: - ctx->op = EVP_PKEY_OP_VERIFY; + case WC_EVP_PKEY_DSA: + ctx->op = WC_EVP_PKEY_OP_VERIFY; return WOLFSSL_SUCCESS; #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: - ctx->op = EVP_PKEY_OP_VERIFY; + case WC_EVP_PKEY_EC: + ctx->op = WC_EVP_PKEY_OP_VERIFY; return WOLFSSL_SUCCESS; #endif /* HAVE_ECC */ @@ -3264,19 +3268,19 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, { WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify"); - if (!ctx || ctx->op != EVP_PKEY_OP_VERIFY || !ctx->pkey) + if (!ctx || ctx->op != WC_EVP_PKEY_OP_VERIFY || !ctx->pkey) return WOLFSSL_FAILURE; switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs, (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa, ctx->padding); #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: { + case WC_EVP_PKEY_DSA: { int dsacheck = 0; if (wolfSSL_DSA_do_verify(tbs, (unsigned char *)sig, ctx->pkey->dsa, &dsacheck) != WOLFSSL_SUCCESS || dsacheck != 1) @@ -3286,7 +3290,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int ret; WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG( NULL, (const unsigned char **)&sig, (long)siglen); @@ -3334,7 +3338,7 @@ int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx, { WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid"); #ifdef HAVE_ECC - if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) { + if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == WC_EVP_PKEY_EC) { ctx->curveNID = nid; return WOLFSSL_SUCCESS; } @@ -3367,7 +3371,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx, if (ret == WOLFSSL_SUCCESS && *pkey == NULL) { /* Only ECC is supported currently. */ - if (ctx->pkey == NULL || ctx->pkey->type != EVP_PKEY_EC) { + if (ctx->pkey == NULL || ctx->pkey->type != WC_EVP_PKEY_EC) { WOLFSSL_MSG("Key not set or key type not supported."); ret = WOLFSSL_FAILURE; } @@ -3388,7 +3392,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx, #ifdef HAVE_ECC /* For ECC parameter generation we just need to set the group, which * wolfSSL_EC_KEY_new_by_curve_name will do. */ - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: (*pkey)->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID); if ((*pkey)->ecc == NULL) { WOLFSSL_MSG("Failed to create WOLFSSL_EC_KEY."); @@ -3451,9 +3455,9 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, pkey = *ppkey; if (pkey == NULL) { if (ctx->pkey == NULL || - (ctx->pkey->type != EVP_PKEY_EC && - ctx->pkey->type != EVP_PKEY_RSA && - ctx->pkey->type != EVP_PKEY_DH)) { + (ctx->pkey->type != WC_EVP_PKEY_EC && + ctx->pkey->type != WC_EVP_PKEY_RSA && + ctx->pkey->type != WC_EVP_PKEY_DH)) { WOLFSSL_MSG("Key not set or key type not supported"); return WOLFSSL_FAILURE; } @@ -3467,7 +3471,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, switch (pkey->type) { #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT, NULL, NULL); if (pkey->rsa) { @@ -3479,7 +3483,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: /* pkey->ecc may not be NULL, if, for example, it was populated by a * prior call to wolfSSL_EVP_PKEY_paramgen. */ if (pkey->ecc == NULL) { @@ -3494,7 +3498,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, break; #endif #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: pkey->dh = wolfSSL_DH_new(); if (pkey->dh) { pkey->ownDh = 1; @@ -3540,12 +3544,12 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) switch (pkey->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); #endif /* !NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (pkey->dsa == NULL || (!pkey->dsa->exSet && SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS)) @@ -3554,7 +3558,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { WOLFSSL_MSG("No ECC key has been set"); break; @@ -3579,7 +3583,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, return WOLFSSL_FAILURE; } - if (to->type == EVP_PKEY_NONE) { + if (to->type == WC_EVP_PKEY_NONE) { to->type = from->type; } else if (to->type != from->type) { @@ -3589,7 +3593,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, switch(from->type) { #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (from->ecc) { if (!to->ecc) { if ((to->ecc = wolfSSL_EC_KEY_new()) == NULL) { @@ -3609,7 +3613,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, break; #endif #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (from->dsa) { WOLFSSL_BIGNUM* cpy; if (!to->dsa) { @@ -3651,7 +3655,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, break; #endif #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: if (from->dh) { WOLFSSL_BIGNUM* cpy; if (!to->dh) { @@ -3693,7 +3697,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, break; #endif #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: #endif default: WOLFSSL_MSG("Copy parameters not available for this key type"); @@ -3740,13 +3744,13 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) /* get size based on key type */ switch (a->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)); b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)); break; #endif /* !NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (a->ecc == NULL || a->ecc->internal == NULL || b->ecc == NULL || b->ecc->internal == NULL) { return ret; @@ -3885,23 +3889,23 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx) type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey)); switch (type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: - WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented"); + case WC_EVP_PKEY_RSA: + WOLFSSL_MSG("WC_EVP_PKEY_RSA not yet implemented"); return WOLFSSL_FAILURE; #endif #if defined(HAVE_ECC) - case EVP_PKEY_EC: - WOLFSSL_MSG("EVP_PKEY_EC not yet implemented"); + case WC_EVP_PKEY_EC: + WOLFSSL_MSG("WC_EVP_PKEY_EC not yet implemented"); return WOLFSSL_FAILURE; #endif #if !defined(NO_DSA) - case EVP_PKEY_DSA: - WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented"); + case WC_EVP_PKEY_DSA: + WOLFSSL_MSG("WC_EVP_PKEY_DSA not yet implemented"); return WOLFSSL_FAILURE; #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey); if (dh_key != NULL) { ret = DH_param_check(dh_key); @@ -4001,7 +4005,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, switch (pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { int nid; const WOLFSSL_EVP_MD *ctxmd; @@ -4017,7 +4021,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, } #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: { + case WC_EVP_PKEY_DSA: { int bytes; ret = wolfSSL_DSA_do_sign(md, sigret, pkey->dsa); /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */ @@ -4034,7 +4038,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, } #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize, pkey->ecc); if (ecdsaSig == NULL) @@ -4115,7 +4119,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { int nid; const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); if (ctxmd == NULL) break; @@ -4126,7 +4130,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, } #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG( NULL, (const unsigned char **)&sig, (long)siglen); if (ecdsaSig == NULL) @@ -4137,7 +4141,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, return ret; } #endif - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -4162,7 +4166,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e, (void)e; - if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0)) + if (type != WC_EVP_PKEY_HMAC || (key == NULL && keylen != 0)) return NULL; pkey = wolfSSL_EVP_PKEY_new(); @@ -4228,7 +4232,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, XMEMCPY(pkey->pkey.ptr, priv, (size_t)len); } pkey->pkey_sz = (int)len; - pkey->type = pkey->save_type = EVP_PKEY_CMAC; + pkey->type = pkey->save_type = WC_EVP_PKEY_CMAC; pkey->cmacCtx = ctx; } } @@ -4354,7 +4358,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, } } - if (pkey->type == EVP_PKEY_HMAC) { + if (pkey->type == WC_EVP_PKEY_HMAC) { int hashType; int ret; size_t keySz = 0; @@ -4581,7 +4585,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, } } #ifndef NO_RSA - else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) { + else if (ctx->pctx->pkey->type == WC_EVP_PKEY_RSA) { if (sig == NULL) { *siglen = (size_t)wolfSSL_RSA_size(ctx->pctx->pkey->rsa); return WOLFSSL_SUCCESS; @@ -4589,7 +4593,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, } #endif /* !NO_RSA */ #ifdef HAVE_ECC - else if (ctx->pctx->pkey->type == EVP_PKEY_EC) { + else if (ctx->pctx->pkey->type == WC_EVP_PKEY_EC) { if (sig == NULL) { /* SEQ + INT + INT */ *siglen = (size_t)ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx]. @@ -4615,7 +4619,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, /* Sign the digest. */ switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { unsigned int sigSz = (unsigned int)*siglen; int nid; const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); @@ -4633,7 +4637,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int len; WOLFSSL_ECDSA_SIG *ecdsaSig; ecdsaSig = wolfSSL_ECDSA_do_sign(digest, (int)hashLen, @@ -4718,7 +4722,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, /* Verify the signature with the digest. */ switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { int nid; const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); if (md == NULL) @@ -4733,7 +4737,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int ret; WOLFSSL_ECDSA_SIG *ecdsaSig; ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen); @@ -4955,159 +4959,161 @@ static const struct cipher{ #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, + {WC_AES_128_CBC_TYPE, EVP_AES_128_CBC, WC_NID_aes_128_cbc}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc}, + {WC_AES_192_CBC_TYPE, EVP_AES_192_CBC, WC_NID_aes_192_cbc}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc}, + {WC_AES_256_CBC_TYPE, EVP_AES_256_CBC, WC_NID_aes_256_cbc}, #endif #endif #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 - {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1}, + {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1}, + {WC_AES_192_CFB1_TYPE, EVP_AES_192_CFB1, WC_NID_aes_192_cfb1}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1}, + {WC_AES_256_CFB1_TYPE, EVP_AES_256_CFB1, WC_NID_aes_256_cfb1}, #endif #ifdef WOLFSSL_AES_128 - {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8}, + {WC_AES_128_CFB8_TYPE, EVP_AES_128_CFB8, WC_NID_aes_128_cfb8}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8}, + {WC_AES_192_CFB8_TYPE, EVP_AES_192_CFB8, WC_NID_aes_192_cfb8}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8}, + {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8}, #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 - {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128}, + {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128}, + {WC_AES_192_CFB128_TYPE, EVP_AES_192_CFB128, WC_NID_aes_192_cfb128}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128}, - #endif + {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128}, #endif + #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 - {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb}, + {WC_AES_128_OFB_TYPE, EVP_AES_128_OFB, WC_NID_aes_128_ofb}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb}, + {WC_AES_192_OFB_TYPE, EVP_AES_192_OFB, WC_NID_aes_192_ofb}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb}, + {WC_AES_256_OFB_TYPE, EVP_AES_256_OFB, WC_NID_aes_256_ofb}, #endif #endif #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 - {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts}, + {WC_AES_128_XTS_TYPE, EVP_AES_128_XTS, WC_NID_aes_128_xts}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts}, + {WC_AES_256_XTS_TYPE, EVP_AES_256_XTS, WC_NID_aes_256_xts}, #endif #endif #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 - {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm}, + {WC_AES_128_GCM_TYPE, EVP_AES_128_GCM, WC_NID_aes_128_gcm}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm}, + {WC_AES_192_GCM_TYPE, EVP_AES_192_GCM, WC_NID_aes_192_gcm}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm}, + {WC_AES_256_GCM_TYPE, EVP_AES_256_GCM, WC_NID_aes_256_gcm}, #endif #endif #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 - {AES_128_CCM_TYPE, EVP_AES_128_CCM, NID_aes_128_ccm}, + {WC_AES_128_CCM_TYPE, EVP_AES_128_CCM, WC_NID_aes_128_ccm}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CCM_TYPE, EVP_AES_192_CCM, NID_aes_192_ccm}, + {WC_AES_192_CCM_TYPE, EVP_AES_192_CCM, WC_NID_aes_192_ccm}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CCM_TYPE, EVP_AES_256_CCM, NID_aes_256_ccm}, + {WC_AES_256_CCM_TYPE, EVP_AES_256_CCM, WC_NID_aes_256_ccm}, #endif #endif #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 - {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr}, + {WC_AES_128_CTR_TYPE, EVP_AES_128_CTR, WC_NID_aes_128_ctr}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr}, + {WC_AES_192_CTR_TYPE, EVP_AES_192_CTR, WC_NID_aes_192_ctr}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr}, + {WC_AES_256_CTR_TYPE, EVP_AES_256_CTR, WC_NID_aes_256_ctr}, #endif #endif #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 - {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb}, + {WC_AES_128_ECB_TYPE, EVP_AES_128_ECB, WC_NID_aes_128_ecb}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb}, + {WC_AES_192_ECB_TYPE, EVP_AES_192_ECB, WC_NID_aes_192_ecb}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb}, + {WC_AES_256_ECB_TYPE, EVP_AES_256_ECB, WC_NID_aes_256_ecb}, #endif #endif #endif #ifdef HAVE_ARIA - {ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, NID_aria_128_gcm}, - {ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, NID_aria_192_gcm}, - {ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, NID_aria_256_gcm}, + {WC_ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, WC_NID_aria_128_gcm}, + {WC_ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, WC_NID_aria_192_gcm}, + {WC_ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, WC_NID_aria_256_gcm}, #endif #ifndef NO_DES3 - {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc}, - {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb}, + {WC_DES_CBC_TYPE, EVP_DES_CBC, WC_NID_des_cbc}, + {WC_DES_ECB_TYPE, EVP_DES_ECB, WC_NID_des_ecb}, - {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc}, - {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb}, + {WC_DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, WC_NID_des_ede3_cbc}, + {WC_DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, WC_NID_des_ede3_ecb}, #endif #ifndef NO_RC4 - {ARC4_TYPE, EVP_ARC4, NID_undef}, + {WC_ARC4_TYPE, EVP_ARC4, WC_NID_undef}, #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - {CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, NID_chacha20_poly1305}, + {WC_CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, WC_NID_chacha20_poly1305}, #endif #ifdef HAVE_CHACHA - {CHACHA20_TYPE, EVP_CHACHA20, NID_chacha20}, + {WC_CHACHA20_TYPE, EVP_CHACHA20, WC_NID_chacha20}, #endif #ifdef WOLFSSL_SM4_ECB - {SM4_ECB_TYPE, EVP_SM4_ECB, NID_sm4_ecb}, + {WC_SM4_ECB_TYPE, EVP_SM4_ECB, WC_NID_sm4_ecb}, #endif #ifdef WOLFSSL_SM4_CBC - {SM4_CBC_TYPE, EVP_SM4_CBC, NID_sm4_cbc}, + {WC_SM4_CBC_TYPE, EVP_SM4_CBC, WC_NID_sm4_cbc}, #endif #ifdef WOLFSSL_SM4_CTR - {SM4_CTR_TYPE, EVP_SM4_CTR, NID_sm4_ctr}, + {WC_SM4_CTR_TYPE, EVP_SM4_CTR, WC_NID_sm4_ctr}, #endif #ifdef WOLFSSL_SM4_GCM - {SM4_GCM_TYPE, EVP_SM4_GCM, NID_sm4_gcm}, + {WC_SM4_GCM_TYPE, EVP_SM4_GCM, WC_NID_sm4_gcm}, #endif #ifdef WOLFSSL_SM4_CCM - {SM4_CCM_TYPE, EVP_SM4_CCM, NID_sm4_ccm}, + {WC_SM4_CCM_TYPE, EVP_SM4_CCM, WC_NID_sm4_ccm}, #endif { 0, NULL, 0} @@ -5293,128 +5299,128 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - case NID_aes_128_cbc: + case WC_NID_aes_128_cbc: return wolfSSL_EVP_aes_128_cbc(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_cbc: + case WC_NID_aes_192_cbc: return wolfSSL_EVP_aes_192_cbc(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_cbc: + case WC_NID_aes_256_cbc: return wolfSSL_EVP_aes_256_cbc(); #endif #endif #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 - case NID_aes_128_ctr: + case WC_NID_aes_128_ctr: return wolfSSL_EVP_aes_128_ctr(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_ctr: + case WC_NID_aes_192_ctr: return wolfSSL_EVP_aes_192_ctr(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_ctr: + case WC_NID_aes_256_ctr: return wolfSSL_EVP_aes_256_ctr(); #endif #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 - case NID_aes_128_ecb: + case WC_NID_aes_128_ecb: return wolfSSL_EVP_aes_128_ecb(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_ecb: + case WC_NID_aes_192_ecb: return wolfSSL_EVP_aes_192_ecb(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_ecb: + case WC_NID_aes_256_ecb: return wolfSSL_EVP_aes_256_ecb(); #endif #endif /* HAVE_AES_ECB */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 - case NID_aes_128_gcm: + case WC_NID_aes_128_gcm: return wolfSSL_EVP_aes_128_gcm(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_gcm: + case WC_NID_aes_192_gcm: return wolfSSL_EVP_aes_192_gcm(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_gcm: + case WC_NID_aes_256_gcm: return wolfSSL_EVP_aes_256_gcm(); #endif #endif #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 - case NID_aes_128_ccm: + case WC_NID_aes_128_ccm: return wolfSSL_EVP_aes_128_ccm(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_ccm: + case WC_NID_aes_192_ccm: return wolfSSL_EVP_aes_192_ccm(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_ccm: + case WC_NID_aes_256_ccm: return wolfSSL_EVP_aes_256_ccm(); #endif #endif #endif #ifdef HAVE_ARIA - case NID_aria_128_gcm: + case WC_NID_aria_128_gcm: return wolfSSL_EVP_aria_128_gcm(); - case NID_aria_192_gcm: + case WC_NID_aria_192_gcm: return wolfSSL_EVP_aria_192_gcm(); - case NID_aria_256_gcm: + case WC_NID_aria_256_gcm: return wolfSSL_EVP_aria_256_gcm(); #endif #ifndef NO_DES3 - case NID_des_cbc: + case WC_NID_des_cbc: return wolfSSL_EVP_des_cbc(); #ifdef WOLFSSL_DES_ECB - case NID_des_ecb: + case WC_NID_des_ecb: return wolfSSL_EVP_des_ecb(); #endif - case NID_des_ede3_cbc: + case WC_NID_des_ede3_cbc: return wolfSSL_EVP_des_ede3_cbc(); #ifdef WOLFSSL_DES_ECB - case NID_des_ede3_ecb: + case WC_NID_des_ede3_ecb: return wolfSSL_EVP_des_ede3_ecb(); #endif #endif /*NO_DES3*/ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case NID_chacha20_poly1305: + case WC_NID_chacha20_poly1305: return wolfSSL_EVP_chacha20_poly1305(); #endif #ifdef HAVE_CHACHA - case NID_chacha20: + case WC_NID_chacha20: return wolfSSL_EVP_chacha20(); #endif #ifdef WOLFSSL_SM4_ECB - case NID_sm4_ecb: + case WC_NID_sm4_ecb: return wolfSSL_EVP_sm4_ecb(); #endif #ifdef WOLFSSL_SM4_CBC - case NID_sm4_cbc: + case WC_NID_sm4_cbc: return wolfSSL_EVP_sm4_cbc(); #endif #ifdef WOLFSSL_SM4_CTR - case NID_sm4_ctr: + case WC_NID_sm4_ctr: return wolfSSL_EVP_sm4_ctr(); #endif #ifdef WOLFSSL_SM4_GCM - case NID_sm4_gcm: + case WC_NID_sm4_gcm: return wolfSSL_EVP_sm4_gcm(); #endif #ifdef WOLFSSL_SM4_CCM - case NID_sm4_ccm: + case WC_NID_sm4_ccm: return wolfSSL_EVP_sm4_ccm(); #endif @@ -5622,7 +5628,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) { @@ -5670,7 +5676,7 @@ void wolfSSL_EVP_init(void) return EVP_AES_256_CFB8; } #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) @@ -5992,22 +5998,22 @@ void wolfSSL_EVP_init(void) WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_ctrl"); switch(type) { - case EVP_CTRL_INIT: + case WOLFSSL_EVP_CTRL_INIT: wolfSSL_EVP_CIPHER_CTX_init(ctx); if(ctx) ret = WOLFSSL_SUCCESS; break; - case EVP_CTRL_SET_KEY_LENGTH: + case WOLFSSL_EVP_CTRL_SET_KEY_LENGTH: ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); break; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \ (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - case EVP_CTRL_AEAD_SET_IVLEN: + case WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE) { + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) { if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) { break; } @@ -6015,7 +6021,7 @@ void wolfSSL_EVP_init(void) else #endif /* HAVE_CHACHA && HAVE_POLY1305 */ #if defined(WOLFSSL_SM4_GCM) - if (ctx->cipherType == SM4_GCM_TYPE) { + if (ctx->cipherType == WC_SM4_GCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6023,7 +6029,7 @@ void wolfSSL_EVP_init(void) else #endif #if defined(WOLFSSL_SM4_CCM) - if (ctx->cipherType == SM4_CCM_TYPE) { + if (ctx->cipherType == WC_SM4_CCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6031,7 +6037,7 @@ void wolfSSL_EVP_init(void) else #endif { - if (arg <= 0 || arg > AES_BLOCK_SIZE) + if (arg <= 0 || arg > WC_AES_BLOCK_SIZE) break; } ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); @@ -6039,7 +6045,7 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM) || \ (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - case EVP_CTRL_AEAD_SET_IV_FIXED: + case WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; if (arg == -1) { @@ -6098,7 +6104,7 @@ void wolfSSL_EVP_init(void) * EVP_CipherInit between each iteration. The IV is incremented for * each subsequent EVP_Cipher call to prevent IV reuse. */ - case EVP_CTRL_GCM_IV_GEN: + case WOLFSSL_EVP_CTRL_GCM_IV_GEN: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; if (!ctx->authIvGenEnable) { @@ -6134,11 +6140,11 @@ void wolfSSL_EVP_init(void) break; #endif /* (HAVE_AESGCM || WOLFSSL_SM4_GCM) && !_WIN32 && !HAVE_SELFTEST && * !HAVE_FIPS || FIPS_VERSION >= 2)*/ - case EVP_CTRL_AEAD_SET_TAG: + case WOLFSSL_EVP_CTRL_AEAD_SET_TAG: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE) { + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) { if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) { break; } @@ -6152,7 +6158,7 @@ void wolfSSL_EVP_init(void) else #endif /* HAVE_CHACHA && HAVE_POLY1305 */ #if defined(WOLFSSL_SM4_GCM) - if (ctx->cipherType == SM4_GCM_TYPE) { + if (ctx->cipherType == WC_SM4_GCM_TYPE) { if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) { break; } @@ -6165,7 +6171,7 @@ void wolfSSL_EVP_init(void) else #endif #if defined(WOLFSSL_SM4_CCM) - if (ctx->cipherType == SM4_CCM_TYPE) { + if (ctx->cipherType == WC_SM4_CCM_TYPE) { if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) { break; } @@ -6186,12 +6192,12 @@ void wolfSSL_EVP_init(void) ret = WOLFSSL_SUCCESS; break; } - case EVP_CTRL_AEAD_GET_TAG: + case WOLFSSL_EVP_CTRL_AEAD_GET_TAG: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE) { + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) { if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) { break; } @@ -6199,7 +6205,7 @@ void wolfSSL_EVP_init(void) else #endif /* HAVE_CHACHA && HAVE_POLY1305 */ #if defined(WOLFSSL_SM4_GCM) - if (ctx->cipherType == SM4_GCM_TYPE) { + if (ctx->cipherType == WC_SM4_GCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6207,7 +6213,7 @@ void wolfSSL_EVP_init(void) else #endif #if defined(WOLFSSL_SM4_CCM) - if (ctx->cipherType == SM4_CCM_TYPE) { + if (ctx->cipherType == WC_SM4_CCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6215,7 +6221,7 @@ void wolfSSL_EVP_init(void) else #endif { - if (arg <= 0 || arg > AES_BLOCK_SIZE) + if (arg <= 0 || arg > WC_AES_BLOCK_SIZE) break; } @@ -6252,62 +6258,62 @@ void wolfSSL_EVP_init(void) defined(WOLFSSL_AES_XTS) #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: #endif /* HAVE_AESGCM */ #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: #endif /* HAVE_AESCCM */ #ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: #endif #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: #endif #ifdef WOLFSSL_AES_CFB - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: #endif #ifdef WOLFSSL_AES_OFB - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: #endif wc_AesFree(&ctx->cipher.aes); ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: wc_AesXtsFree(&ctx->cipher.xts); ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #endif #endif /* AES */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: { int result = wc_AriaFreeCrypt(&ctx->cipher.aria); if (result != 0) { @@ -6324,19 +6330,19 @@ void wolfSSL_EVP_init(void) #ifdef WOLFSSL_SM4 switch (ctx->cipherType) { #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: #endif wc_Sm4Free(&ctx->cipher.sm4); } @@ -6462,7 +6468,7 @@ void wolfSSL_EVP_init(void) /* wc_AesSetKey clear aes.reg if iv == NULL. Keep IV for openSSL compatibility */ if (iv == NULL) - XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); + XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, WC_AES_BLOCK_SIZE); if (direct) { #if defined(WOLFSSL_AES_DIRECT) ret = wc_AesSetKeyDirect(aes, key, len, iv, dir); @@ -6474,7 +6480,7 @@ void wolfSSL_EVP_init(void) ret = wc_AesSetKey(aes, key, len, iv, dir); } if (iv == NULL) - XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); + XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, WC_AES_BLOCK_SIZE); return ret; } #endif /* AES_ANY_SIZE && AES_SET_KEY */ @@ -6492,8 +6498,8 @@ void wolfSSL_EVP_init(void) ctx->authIn = NULL; ctx->authInSz = 0; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->authTagSz = WC_AES_BLOCK_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; } @@ -6505,26 +6511,26 @@ void wolfSSL_EVP_init(void) } #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_GCM_TYPE || + if (ctx->cipherType == WC_AES_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) { WOLFSSL_MSG("EVP_AES_128_GCM"); - ctx->cipherType = AES_128_GCM_TYPE; + ctx->cipherType = WC_AES_128_GCM_TYPE; ctx->keyLen = AES_128_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_GCM_TYPE || + if (ctx->cipherType == WC_AES_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) { WOLFSSL_MSG("EVP_AES_192_GCM"); - ctx->cipherType = AES_192_GCM_TYPE; + ctx->cipherType = WC_AES_192_GCM_TYPE; ctx->keyLen = AES_192_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_GCM_TYPE || + if (ctx->cipherType == WC_AES_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) { WOLFSSL_MSG("EVP_AES_256_GCM"); - ctx->cipherType = AES_256_GCM_TYPE; + ctx->cipherType = WC_AES_256_GCM_TYPE; ctx->keyLen = AES_256_KEY_SIZE; } #endif @@ -6697,8 +6703,8 @@ void wolfSSL_EVP_init(void) ctx->authIn = NULL; ctx->authInSz = 0; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->authTagSz = WC_AES_BLOCK_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; } @@ -6710,26 +6716,26 @@ void wolfSSL_EVP_init(void) } #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CCM_TYPE || + if (ctx->cipherType == WC_AES_128_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))) { WOLFSSL_MSG("EVP_AES_128_CCM"); - ctx->cipherType = AES_128_CCM_TYPE; + ctx->cipherType = WC_AES_128_CCM_TYPE; ctx->keyLen = AES_128_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CCM_TYPE || + if (ctx->cipherType == WC_AES_192_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))) { WOLFSSL_MSG("EVP_AES_192_CCM"); - ctx->cipherType = AES_192_CCM_TYPE; + ctx->cipherType = WC_AES_192_CCM_TYPE; ctx->keyLen = AES_192_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CCM_TYPE || + if (ctx->cipherType == WC_AES_256_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))) { WOLFSSL_MSG("EVP_AES_256_CCM"); - ctx->cipherType = AES_256_CCM_TYPE; + ctx->cipherType = WC_AES_256_CCM_TYPE; ctx->keyLen = AES_256_KEY_SIZE; } #endif @@ -6822,20 +6828,20 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->cipherType == ARIA_128_GCM_TYPE || + if (ctx->cipherType == WC_ARIA_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) { WOLFSSL_MSG("EVP_ARIA_128_GCM"); - ctx->cipherType = ARIA_128_GCM_TYPE; + ctx->cipherType = WC_ARIA_128_GCM_TYPE; ctx->keyLen = ARIA_128_KEY_SIZE; - } else if (ctx->cipherType == ARIA_192_GCM_TYPE || + } else if (ctx->cipherType == WC_ARIA_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) { WOLFSSL_MSG("EVP_ARIA_192_GCM"); - ctx->cipherType = ARIA_192_GCM_TYPE; + ctx->cipherType = WC_ARIA_192_GCM_TYPE; ctx->keyLen = ARIA_192_KEY_SIZE; - } else if (ctx->cipherType == ARIA_256_GCM_TYPE || + } else if (ctx->cipherType == WC_ARIA_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) { WOLFSSL_MSG("EVP_ARIA_256_GCM"); - ctx->cipherType = ARIA_256_GCM_TYPE; + ctx->cipherType = WC_ARIA_256_GCM_TYPE; ctx->keyLen = ARIA_256_KEY_SIZE; } else { WOLFSSL_MSG("Unrecognized cipher type"); @@ -6846,8 +6852,8 @@ void wolfSSL_EVP_init(void) ctx->authIn = NULL; ctx->authInSz = 0; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->authTagSz = WC_AES_BLOCK_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; } @@ -6859,13 +6865,13 @@ void wolfSSL_EVP_init(void) } switch(ctx->cipherType) { - case ARIA_128_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY); break; - case ARIA_192_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY); break; - case ARIA_256_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY); break; default: @@ -6931,15 +6937,15 @@ void wolfSSL_EVP_init(void) #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CBC_TYPE || + if (ctx->cipherType == WC_AES_128_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) { WOLFSSL_MSG("EVP_AES_128_CBC"); - ctx->cipherType = AES_128_CBC_TYPE; + ctx->cipherType = WC_AES_128_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -6961,15 +6967,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CBC_TYPE || + if (ctx->cipherType == WC_AES_192_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) { WOLFSSL_MSG("EVP_AES_192_CBC"); - ctx->cipherType = AES_192_CBC_TYPE; + ctx->cipherType = WC_AES_192_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -6991,15 +6997,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CBC_TYPE || + if (ctx->cipherType == WC_AES_256_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) { WOLFSSL_MSG("EVP_AES_256_CBC"); - ctx->cipherType = AES_256_CBC_TYPE; + ctx->cipherType = WC_AES_256_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7029,15 +7035,15 @@ void wolfSSL_EVP_init(void) || FIPS_VERSION_GE(2,0)) if (FALSE #ifdef WOLFSSL_AES_128 - || ctx->cipherType == AES_128_GCM_TYPE || + || ctx->cipherType == WC_AES_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM)) #endif #ifdef WOLFSSL_AES_192 - || ctx->cipherType == AES_192_GCM_TYPE || + || ctx->cipherType == WC_AES_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM)) #endif #ifdef WOLFSSL_AES_256 - || ctx->cipherType == AES_256_GCM_TYPE || + || ctx->cipherType == WC_AES_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM)) #endif ) { @@ -7053,15 +7059,15 @@ void wolfSSL_EVP_init(void) || FIPS_VERSION_GE(2,0)) if (FALSE #ifdef WOLFSSL_AES_128 - || ctx->cipherType == AES_128_CCM_TYPE || + || ctx->cipherType == WC_AES_128_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM)) #endif #ifdef WOLFSSL_AES_192 - || ctx->cipherType == AES_192_CCM_TYPE || + || ctx->cipherType == WC_AES_192_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM)) #endif #ifdef WOLFSSL_AES_256 - || ctx->cipherType == AES_256_CCM_TYPE || + || ctx->cipherType == WC_AES_256_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM)) #endif ) @@ -7075,15 +7081,15 @@ void wolfSSL_EVP_init(void) * HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CTR_TYPE || + if (ctx->cipherType == WC_AES_128_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) { WOLFSSL_MSG("EVP_AES_128_CTR"); ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; - ctx->cipherType = AES_128_CTR_TYPE; + ctx->cipherType = WC_AES_128_CTR_TYPE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 16; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -7108,15 +7114,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CTR_TYPE || + if (ctx->cipherType == WC_AES_192_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) { WOLFSSL_MSG("EVP_AES_192_CTR"); - ctx->cipherType = AES_192_CTR_TYPE; + ctx->cipherType = WC_AES_192_CTR_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 24; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -7141,15 +7147,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CTR_TYPE || + if (ctx->cipherType == WC_AES_256_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) { WOLFSSL_MSG("EVP_AES_256_CTR"); - ctx->cipherType = AES_256_CTR_TYPE; + ctx->cipherType = WC_AES_256_CTR_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 32; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -7176,14 +7182,14 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_ECB_TYPE || + if (ctx->cipherType == WC_AES_128_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) { WOLFSSL_MSG("EVP_AES_128_ECB"); - ctx->cipherType = AES_128_ECB_TYPE; + ctx->cipherType = WC_AES_128_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7200,14 +7206,14 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_ECB_TYPE || + if (ctx->cipherType == WC_AES_192_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) { WOLFSSL_MSG("EVP_AES_192_ECB"); - ctx->cipherType = AES_192_ECB_TYPE; + ctx->cipherType = WC_AES_192_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7224,14 +7230,14 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_ECB_TYPE || + if (ctx->cipherType == WC_AES_256_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) { WOLFSSL_MSG("EVP_AES_256_ECB"); - ctx->cipherType = AES_256_ECB_TYPE; + ctx->cipherType = WC_AES_256_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7249,11 +7255,12 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_ECB */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB1_TYPE || + if (ctx->cipherType == WC_AES_128_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) { WOLFSSL_MSG("EVP_AES_128_CFB1"); - ctx->cipherType = AES_128_CFB1_TYPE; + ctx->cipherType = WC_AES_128_CFB1_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 16; @@ -7279,10 +7286,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB1_TYPE || + if (ctx->cipherType == WC_AES_192_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) { WOLFSSL_MSG("EVP_AES_192_CFB1"); - ctx->cipherType = AES_192_CFB1_TYPE; + ctx->cipherType = WC_AES_192_CFB1_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 24; @@ -7308,10 +7315,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB1_TYPE || + if (ctx->cipherType == WC_AES_256_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) { WOLFSSL_MSG("EVP_AES_256_CFB1"); - ctx->cipherType = AES_256_CFB1_TYPE; + ctx->cipherType = WC_AES_256_CFB1_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 32; @@ -7341,10 +7348,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_256 */ #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB8_TYPE || + if (ctx->cipherType == WC_AES_128_CFB8_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) { WOLFSSL_MSG("EVP_AES_128_CFB8"); - ctx->cipherType = AES_128_CFB8_TYPE; + ctx->cipherType = WC_AES_128_CFB8_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 16; @@ -7370,10 +7377,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB8_TYPE || + if (ctx->cipherType == WC_AES_192_CFB8_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) { WOLFSSL_MSG("EVP_AES_192_CFB8"); - ctx->cipherType = AES_192_CFB8_TYPE; + ctx->cipherType = WC_AES_192_CFB8_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 24; @@ -7399,10 +7406,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB8_TYPE || + if (ctx->cipherType == WC_AES_256_CFB8_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) { WOLFSSL_MSG("EVP_AES_256_CFB8"); - ctx->cipherType = AES_256_CFB8_TYPE; + ctx->cipherType = WC_AES_256_CFB8_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 32; @@ -7431,11 +7438,12 @@ void wolfSSL_EVP_init(void) } } #endif /* WOLFSSL_AES_256 */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB128_TYPE || + if (ctx->cipherType == WC_AES_128_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) { WOLFSSL_MSG("EVP_AES_128_CFB128"); - ctx->cipherType = AES_128_CFB128_TYPE; + ctx->cipherType = WC_AES_128_CFB128_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 16; @@ -7461,10 +7469,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB128_TYPE || + if (ctx->cipherType == WC_AES_192_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) { WOLFSSL_MSG("EVP_AES_192_CFB128"); - ctx->cipherType = AES_192_CFB128_TYPE; + ctx->cipherType = WC_AES_192_CFB128_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 24; @@ -7490,10 +7498,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB128_TYPE || + if (ctx->cipherType == WC_AES_256_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) { WOLFSSL_MSG("EVP_AES_256_CFB128"); - ctx->cipherType = AES_256_CFB128_TYPE; + ctx->cipherType = WC_AES_256_CFB128_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 32; @@ -7525,10 +7533,10 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_OFB_TYPE || + if (ctx->cipherType == WC_AES_128_OFB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) { WOLFSSL_MSG("EVP_AES_128_OFB"); - ctx->cipherType = AES_128_OFB_TYPE; + ctx->cipherType = WC_AES_128_OFB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; ctx->keyLen = 16; @@ -7554,10 +7562,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_OFB_TYPE || + if (ctx->cipherType == WC_AES_192_OFB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) { WOLFSSL_MSG("EVP_AES_192_OFB"); - ctx->cipherType = AES_192_OFB_TYPE; + ctx->cipherType = WC_AES_192_OFB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; ctx->keyLen = 24; @@ -7583,10 +7591,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_OFB_TYPE || + if (ctx->cipherType == WC_AES_256_OFB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) { WOLFSSL_MSG("EVP_AES_256_OFB"); - ctx->cipherType = AES_256_OFB_TYPE; + ctx->cipherType = WC_AES_256_OFB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; ctx->keyLen = 32; @@ -7619,22 +7627,22 @@ void wolfSSL_EVP_init(void) #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_XTS_TYPE || + if (ctx->cipherType == WC_AES_128_XTS_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) { WOLFSSL_MSG("EVP_AES_128_XTS"); - ctx->cipherType = AES_128_XTS_TYPE; + ctx->cipherType = WC_AES_128_XTS_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; ctx->keyLen = 32; ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (iv != NULL) { if (iv != ctx->iv) /* Valgrind error when src == dst */ XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz); } else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7660,22 +7668,22 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_XTS_TYPE || + if (ctx->cipherType == WC_AES_256_XTS_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) { WOLFSSL_MSG("EVP_AES_256_XTS"); - ctx->cipherType = AES_256_XTS_TYPE; + ctx->cipherType = WC_AES_256_XTS_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; ctx->keyLen = 64; ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (iv != NULL) { if (iv != ctx->iv) /* Valgrind error when src == dst */ XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz); } else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7704,11 +7712,11 @@ void wolfSSL_EVP_init(void) (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #endif /* NO_AES */ #if defined(HAVE_ARIA) - if (ctx->cipherType == ARIA_128_GCM_TYPE || + if (ctx->cipherType == WC_ARIA_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM)) - || ctx->cipherType == ARIA_192_GCM_TYPE || + || ctx->cipherType == WC_ARIA_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM)) - || ctx->cipherType == ARIA_256_GCM_TYPE || + || ctx->cipherType == WC_ARIA_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM)) ) { if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc) @@ -7721,10 +7729,10 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE || + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) { WOLFSSL_MSG("EVP_CHACHA20_POLY1305"); - ctx->cipherType = CHACHA20_POLY1305_TYPE; + ctx->cipherType = WC_CHACHA20_POLY1305_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; ctx->keyLen = CHACHA20_POLY1305_AEAD_KEYSIZE; @@ -7758,10 +7766,10 @@ void wolfSSL_EVP_init(void) } #endif #ifdef HAVE_CHACHA - if (ctx->cipherType == CHACHA20_TYPE || + if (ctx->cipherType == WC_CHACHA20_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20))) { WOLFSSL_MSG("EVP_CHACHA20"); - ctx->cipherType = CHACHA20_TYPE; + ctx->cipherType = WC_CHACHA20_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->keyLen = CHACHA_MAX_KEY_SZ; ctx->block_size = 1; @@ -7791,10 +7799,10 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_ECB - if (ctx->cipherType == SM4_ECB_TYPE || + if (ctx->cipherType == WC_SM4_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_ECB))) { WOLFSSL_MSG("EVP_SM4_ECB"); - ctx->cipherType = SM4_ECB_TYPE; + ctx->cipherType = WC_SM4_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = SM4_KEY_SIZE; @@ -7810,10 +7818,10 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_CBC - if (ctx->cipherType == SM4_CBC_TYPE || + if (ctx->cipherType == WC_SM4_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CBC))) { WOLFSSL_MSG("EVP_SM4_CBC"); - ctx->cipherType = SM4_CBC_TYPE; + ctx->cipherType = WC_SM4_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = SM4_KEY_SIZE; @@ -7836,14 +7844,14 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_CTR - if (ctx->cipherType == SM4_CTR_TYPE || + if (ctx->cipherType == WC_SM4_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CTR))) { WOLFSSL_MSG("EVP_SM4_CTR"); - ctx->cipherType = SM4_CTR_TYPE; + ctx->cipherType = WC_SM4_CTR_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = SM4_KEY_SIZE; - ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; ctx->ivSz = SM4_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7862,14 +7870,14 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_GCM - if (ctx->cipherType == SM4_GCM_TYPE || + if (ctx->cipherType == WC_SM4_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_GCM))) { WOLFSSL_MSG("EVP_SM4_GCM"); - ctx->cipherType = SM4_GCM_TYPE; + ctx->cipherType = WC_SM4_GCM_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; - ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; ctx->keyLen = SM4_KEY_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; @@ -7892,14 +7900,14 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_CCM - if (ctx->cipherType == SM4_CCM_TYPE || + if (ctx->cipherType == WC_SM4_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CCM))) { WOLFSSL_MSG("EVP_SM4_CCM"); - ctx->cipherType = SM4_CCM_TYPE; + ctx->cipherType = WC_SM4_CCM_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; - ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; ctx->keyLen = SM4_KEY_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; @@ -7922,10 +7930,10 @@ void wolfSSL_EVP_init(void) } #endif #ifndef NO_DES3 - if (ctx->cipherType == DES_CBC_TYPE || + if (ctx->cipherType == WC_DES_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) { WOLFSSL_MSG("EVP_DES_CBC"); - ctx->cipherType = DES_CBC_TYPE; + ctx->cipherType = WC_DES_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 8; @@ -7944,10 +7952,10 @@ void wolfSSL_EVP_init(void) wc_Des_SetIV(&ctx->cipher.des, iv); } #ifdef WOLFSSL_DES_ECB - else if (ctx->cipherType == DES_ECB_TYPE || + else if (ctx->cipherType == WC_DES_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) { WOLFSSL_MSG("EVP_DES_ECB"); - ctx->cipherType = DES_ECB_TYPE; + ctx->cipherType = WC_DES_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 8; @@ -7963,11 +7971,11 @@ void wolfSSL_EVP_init(void) } } #endif - else if (ctx->cipherType == DES_EDE3_CBC_TYPE || + else if (ctx->cipherType == WC_DES_EDE3_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) { WOLFSSL_MSG("EVP_DES_EDE3_CBC"); - ctx->cipherType = DES_EDE3_CBC_TYPE; + ctx->cipherType = WC_DES_EDE3_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; @@ -7988,11 +7996,11 @@ void wolfSSL_EVP_init(void) return WOLFSSL_FAILURE; } } - else if (ctx->cipherType == DES_EDE3_ECB_TYPE || + else if (ctx->cipherType == WC_DES_EDE3_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) { WOLFSSL_MSG("EVP_DES_EDE3_ECB"); - ctx->cipherType = DES_EDE3_ECB_TYPE; + ctx->cipherType = WC_DES_EDE3_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 24; @@ -8008,10 +8016,10 @@ void wolfSSL_EVP_init(void) } #endif /* NO_DES3 */ #ifndef NO_RC4 - if (ctx->cipherType == ARC4_TYPE || + if (ctx->cipherType == WC_ARC4_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) { WOLFSSL_MSG("ARC4"); - ctx->cipherType = ARC4_TYPE; + ctx->cipherType = WC_ARC4_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; ctx->block_size = 1; @@ -8021,10 +8029,10 @@ void wolfSSL_EVP_init(void) wc_Arc4SetKey(&ctx->cipher.arc4, key, (word32)ctx->keyLen); } #endif /* NO_RC4 */ - if (ctx->cipherType == NULL_CIPHER_TYPE || + if (ctx->cipherType == WC_NULL_CIPHER_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) { WOLFSSL_MSG("NULL cipher"); - ctx->cipherType = NULL_CIPHER_TYPE; + ctx->cipherType = WC_NULL_CIPHER_TYPE; ctx->keyLen = 0; ctx->block_size = 16; } @@ -8045,120 +8053,120 @@ void wolfSSL_EVP_init(void) WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_nid"); if (ctx == NULL) { WOLFSSL_ERROR_MSG("Bad parameters"); - return NID_undef; + return WC_NID_undef; } switch (ctx->cipherType) { #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - return NID_aes_128_cbc; - case AES_192_CBC_TYPE : - return NID_aes_192_cbc; - case AES_256_CBC_TYPE : - return NID_aes_256_cbc; + case WC_AES_128_CBC_TYPE : + return WC_NID_aes_128_cbc; + case WC_AES_192_CBC_TYPE : + return WC_NID_aes_192_cbc; + case WC_AES_256_CBC_TYPE : + return WC_NID_aes_256_cbc; #endif #ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - return NID_aes_128_gcm; - case AES_192_GCM_TYPE : - return NID_aes_192_gcm; - case AES_256_GCM_TYPE : - return NID_aes_256_gcm; + case WC_AES_128_GCM_TYPE : + return WC_NID_aes_128_gcm; + case WC_AES_192_GCM_TYPE : + return WC_NID_aes_192_gcm; + case WC_AES_256_GCM_TYPE : + return WC_NID_aes_256_gcm; #endif #ifdef HAVE_AESCCM - case AES_128_CCM_TYPE : - return NID_aes_128_ccm; - case AES_192_CCM_TYPE : - return NID_aes_192_ccm; - case AES_256_CCM_TYPE : - return NID_aes_256_ccm; + case WC_AES_128_CCM_TYPE : + return WC_NID_aes_128_ccm; + case WC_AES_192_CCM_TYPE : + return WC_NID_aes_192_ccm; + case WC_AES_256_CCM_TYPE : + return WC_NID_aes_256_ccm; #endif #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - return NID_aes_128_ecb; - case AES_192_ECB_TYPE : - return NID_aes_192_ecb; - case AES_256_ECB_TYPE : - return NID_aes_256_ecb; + case WC_AES_128_ECB_TYPE : + return WC_NID_aes_128_ecb; + case WC_AES_192_ECB_TYPE : + return WC_NID_aes_192_ecb; + case WC_AES_256_ECB_TYPE : + return WC_NID_aes_256_ecb; #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - return NID_aes_128_ctr; - case AES_192_CTR_TYPE : - return NID_aes_192_ctr; - case AES_256_CTR_TYPE : - return NID_aes_256_ctr; + case WC_AES_128_CTR_TYPE : + return WC_NID_aes_128_ctr; + case WC_AES_192_CTR_TYPE : + return WC_NID_aes_192_ctr; + case WC_AES_256_CTR_TYPE : + return WC_NID_aes_256_ctr; #endif #endif /* NO_AES */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - return NID_aria_128_gcm; - case ARIA_192_GCM_TYPE : - return NID_aria_192_gcm; - case ARIA_256_GCM_TYPE : - return NID_aria_256_gcm; + case WC_ARIA_128_GCM_TYPE : + return WC_NID_aria_128_gcm; + case WC_ARIA_192_GCM_TYPE : + return WC_NID_aria_192_gcm; + case WC_ARIA_256_GCM_TYPE : + return WC_NID_aria_256_gcm; #endif #ifndef NO_DES3 - case DES_CBC_TYPE : - return NID_des_cbc; + case WC_DES_CBC_TYPE : + return WC_NID_des_cbc; - case DES_EDE3_CBC_TYPE : - return NID_des_ede3_cbc; + case WC_DES_EDE3_CBC_TYPE : + return WC_NID_des_ede3_cbc; #endif #ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - return NID_des_ecb; - case DES_EDE3_ECB_TYPE : - return NID_des_ede3_ecb; + case WC_DES_ECB_TYPE : + return WC_NID_des_ecb; + case WC_DES_EDE3_ECB_TYPE : + return WC_NID_des_ede3_ecb; #endif - case ARC4_TYPE : - return NID_rc4; + case WC_ARC4_TYPE : + return WC_NID_rc4; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: - return NID_chacha20_poly1305; + case WC_CHACHA20_POLY1305_TYPE: + return WC_NID_chacha20_poly1305; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: - return NID_chacha20; + case WC_CHACHA20_TYPE: + return WC_NID_chacha20; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: - return NID_sm4_ecb; + case WC_SM4_ECB_TYPE: + return WC_NID_sm4_ecb; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: - return NID_sm4_cbc; + case WC_SM4_CBC_TYPE: + return WC_NID_sm4_cbc; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: - return NID_sm4_ctr; + case WC_SM4_CTR_TYPE: + return WC_NID_sm4_ctr; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: - return NID_sm4_gcm; + case WC_SM4_GCM_TYPE: + return WC_NID_sm4_gcm; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: - return NID_sm4_ccm; + case WC_SM4_CCM_TYPE: + return WC_NID_sm4_ccm; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_ERROR_MSG("Null cipher has no NID"); FALL_THROUGH; default: - return NID_undef; + return WC_NID_undef; } } @@ -8253,17 +8261,17 @@ void wolfSSL_EVP_init(void) static int IsCipherTypeAEAD(unsigned char cipherType) { switch (cipherType) { - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: - case SM4_GCM_TYPE: - case SM4_CCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: + case WC_SM4_GCM_TYPE: + case WC_SM4_CCM_TYPE: return 1; default: return 0; @@ -8303,24 +8311,24 @@ void wolfSSL_EVP_init(void) #ifndef NO_AES #ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : + case WC_AES_128_CBC_TYPE : + case WC_AES_192_CBC_TYPE : + case WC_AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); if (ctx->enc) ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); else ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); if (ret == 0) - ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE); + ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE); break; #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: +#if !defined(WOLFSSL_NO_AES_CFB_1_8) + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: WOLFSSL_MSG("AES CFB1"); if (ctx->enc) ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len); @@ -8329,9 +8337,9 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)len; break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: WOLFSSL_MSG("AES CFB8"); if (ctx->enc) ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len); @@ -8340,10 +8348,10 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)len; break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: WOLFSSL_MSG("AES CFB128"); if (ctx->enc) ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len); @@ -8354,9 +8362,9 @@ void wolfSSL_EVP_init(void) break; #endif /* WOLFSSL_AES_CFB */ #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: WOLFSSL_MSG("AES OFB"); if (ctx->enc) ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len); @@ -8367,8 +8375,8 @@ void wolfSSL_EVP_init(void) break; #endif /* WOLFSSL_AES_OFB */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: WOLFSSL_MSG("AES XTS"); if (ctx->enc) ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len, @@ -8383,9 +8391,9 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : + case WC_AES_128_GCM_TYPE : + case WC_AES_192_GCM_TYPE : + case WC_AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); ret = EvpCipherAesGCM(ctx, dst, src, len); break; @@ -8393,31 +8401,31 @@ void wolfSSL_EVP_init(void) * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_CCM_TYPE : - case AES_192_CCM_TYPE : - case AES_256_CCM_TYPE : + case WC_AES_128_CCM_TYPE : + case WC_AES_192_CCM_TYPE : + case WC_AES_256_CCM_TYPE : WOLFSSL_MSG("AES CCM"); ret = EvpCipherAesCCM(ctx, dst, src, len); break; #endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) || * HAVE_FIPS_VERSION >= 2 */ #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : + case WC_AES_128_ECB_TYPE : + case WC_AES_192_ECB_TYPE : + case WC_AES_256_ECB_TYPE : WOLFSSL_MSG("AES ECB"); if (ctx->enc) ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); else ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); if (ret == 0) - ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE); + ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : + case WC_AES_128_CTR_TYPE : + case WC_AES_192_CTR_TYPE : + case WC_AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); if (ret == 0) @@ -8428,9 +8436,9 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : + case WC_ARIA_128_GCM_TYPE : + case WC_ARIA_192_GCM_TYPE : + case WC_ARIA_256_GCM_TYPE : WOLFSSL_MSG("ARIA GCM"); if (ctx->enc) { ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len, @@ -8447,7 +8455,7 @@ void wolfSSL_EVP_init(void) * HAVE_FIPS_VERSION >= 2 */ #ifndef NO_DES3 - case DES_CBC_TYPE : + case WC_DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); if (ctx->enc) wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); @@ -8456,7 +8464,7 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; - case DES_EDE3_CBC_TYPE : + case WC_DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES3 CBC"); if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); @@ -8466,13 +8474,13 @@ void wolfSSL_EVP_init(void) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; #ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : + case WC_DES_ECB_TYPE : WOLFSSL_MSG("DES ECB"); ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; - case DES_EDE3_ECB_TYPE : + case WC_DES_EDE3_ECB_TYPE : WOLFSSL_MSG("DES3 ECB"); ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); if (ret == 0) @@ -8482,7 +8490,7 @@ void wolfSSL_EVP_init(void) #endif /* !NO_DES3 */ #ifndef NO_RC4 - case ARC4_TYPE : + case WC_ARC4_TYPE : WOLFSSL_MSG("ARC4"); wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); if (ret == 0) @@ -8493,7 +8501,7 @@ void wolfSSL_EVP_init(void) /* TODO: Chacha??? */ #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE : + case WC_SM4_ECB_TYPE : WOLFSSL_MSG("Sm4 ECB"); if (ctx->enc) ret = wc_Sm4EcbEncrypt(&ctx->cipher.sm4, dst, src, len); @@ -8504,7 +8512,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE : + case WC_SM4_CBC_TYPE : WOLFSSL_MSG("Sm4 CBC"); if (ctx->enc) ret = wc_Sm4CbcEncrypt(&ctx->cipher.sm4, dst, src, len); @@ -8515,7 +8523,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE : + case WC_SM4_CTR_TYPE : WOLFSSL_MSG("AES CTR"); ret = wc_Sm4CtrEncrypt(&ctx->cipher.sm4, dst, src, len); if (ret == 0) @@ -8523,7 +8531,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE : + case WC_SM4_GCM_TYPE : WOLFSSL_MSG("SM4 GCM"); /* No destination means only AAD. */ if (src != NULL && dst == NULL) { @@ -8551,7 +8559,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE : + case WC_SM4_CCM_TYPE : WOLFSSL_MSG("SM4 CCM"); /* No destination means only AAD. */ if (src != NULL && dst == NULL) { @@ -8592,7 +8600,7 @@ void wolfSSL_EVP_init(void) break; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL CIPHER"); XMEMCPY(dst, src, (size_t)len); ret = (int)len; @@ -8805,7 +8813,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) clearEVPPkeyKeys(pkey); pkey->rsa = key; pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */ - pkey->type = EVP_PKEY_RSA; + pkey->type = WC_EVP_PKEY_RSA; pkey->pkcs8HeaderSz = key->pkcs8HeaderSz; if (key->inSet == 0) { if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { @@ -8851,7 +8859,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) clearEVPPkeyKeys(pkey); pkey->dsa = key; pkey->ownDsa = 0; /* pkey does not own DSA */ - pkey->type = EVP_PKEY_DSA; + pkey->type = WC_EVP_PKEY_DSA; if (key->inSet == 0) { if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetDsaInternal failed"); @@ -8861,7 +8869,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) dsa = (DsaKey*)key->internal; /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; + derMax = 4 * wolfSSL_BN_num_bytes(key->g) + WC_AES_BLOCK_SIZE; derBuf = (byte*)XMALLOC((size_t)derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8929,13 +8937,13 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) return NULL; } - if (key->type == EVP_PKEY_DSA) { + if (key->type == WC_EVP_PKEY_DSA) { if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { + key->pkey_sz) != WOLFSSL_SUCCESS) { /* now try public key */ if (wolfSSL_DSA_LoadDer_ex(local, (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_DSA_free(local); local = NULL; } @@ -8954,7 +8962,7 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) { WOLFSSL_EC_KEY *eckey = NULL; - if (pkey && pkey->type == EVP_PKEY_EC) { + if (pkey && pkey->type == WC_EVP_PKEY_EC) { #ifdef HAVE_ECC eckey = pkey->ecc; #endif @@ -8967,10 +8975,10 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) WOLFSSL_EC_KEY* local = NULL; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); - if (key == NULL || key->type != EVP_PKEY_EC) { + if (key == NULL || key->type != WC_EVP_PKEY_EC) { return NULL; } - if (key->type == EVP_PKEY_EC) { + if (key->type == WC_EVP_PKEY_EC) { if (key->ecc != NULL) { if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) { return NULL; @@ -9035,7 +9043,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) pkey->dh = key; pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */ - pkey->type = EVP_PKEY_DH; + pkey->type = WC_EVP_PKEY_DH; if (key->inSet == 0) { if (SetDhInternal(key) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetDhInternal failed"); @@ -9109,7 +9117,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) return NULL; } - if (key->type == EVP_PKEY_DH) { + if (key->type == WC_EVP_PKEY_DH) { /* if key->dh already exists copy instead of re-importing from DER */ if (key->dh != NULL) { if (wolfSSL_DH_up_ref(key->dh) != WOLFSSL_SUCCESS) { @@ -9126,7 +9134,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) return NULL; } if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { + key->pkey_sz) != WOLFSSL_SUCCESS) { wolfSSL_DH_free(local); WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); local = NULL; @@ -9156,22 +9164,22 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) /* pkey and key checked if NULL in subsequent assign functions */ switch(type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key); break; #endif #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key); break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key); break; #endif #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); break; #endif @@ -9186,7 +9194,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) #if defined(HAVE_ECC) /* try and populate public pkey_sz and pkey.ptr */ -static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) +static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) { int derSz = 0; byte* derBuf = NULL; @@ -9295,7 +9303,7 @@ int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) } pkey->ecc = key; pkey->ownEcc = 1; /* pkey needs to call free on key */ - pkey->type = EVP_PKEY_EC; + pkey->type = WC_EVP_PKEY_EC; return ECC_populate_EVP_PKEY(pkey, key); #else (void)pkey; @@ -9310,7 +9318,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) if (ctx) { switch (ctx->cipherType) { - case ARC4_TYPE: + case WC_ARC4_TYPE: WOLFSSL_MSG("returning arc4 state"); return (void*)&ctx->cipher.arc4.x; @@ -9322,7 +9330,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) return NULL; } -int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) +int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) { int ret; @@ -9334,7 +9342,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */ clearEVPPkeyKeys(pkey); /* clear out any previous keys */ - pkey->type = EVP_PKEY_EC; + pkey->type = WC_EVP_PKEY_EC; pkey->ecc = key; pkey->ownEcc = 1; } @@ -9360,22 +9368,22 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) if (type != NULL) { if (XSTRCMP(type, "MD5") == 0) { - ret = NID_md5WithRSAEncryption; + ret = WC_NID_md5WithRSAEncryption; } else if (XSTRCMP(type, "SHA1") == 0) { - ret = NID_sha1WithRSAEncryption; + ret = WC_NID_sha1WithRSAEncryption; } else if (XSTRCMP(type, "SHA224") == 0) { - ret = NID_sha224WithRSAEncryption; + ret = WC_NID_sha224WithRSAEncryption; } else if (XSTRCMP(type, "SHA256") == 0) { - ret = NID_sha256WithRSAEncryption; + ret = WC_NID_sha256WithRSAEncryption; } else if (XSTRCMP(type, "SHA384") == 0) { - ret = NID_sha384WithRSAEncryption; + ret = WC_NID_sha384WithRSAEncryption; } else if (XSTRCMP(type, "SHA512") == 0) { - ret = NID_sha512WithRSAEncryption; + ret = WC_NID_sha512WithRSAEncryption; } } else { @@ -9401,18 +9409,18 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) switch (ctx->cipherType) { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : + case WC_AES_128_CBC_TYPE : + case WC_AES_192_CBC_TYPE : + case WC_AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : + case WC_AES_128_GCM_TYPE : + case WC_AES_192_GCM_TYPE : + case WC_AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9420,9 +9428,9 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return GCM_NONCE_MID_SZ; #endif #ifdef HAVE_AESCCM - case AES_128_CCM_TYPE : - case AES_192_CCM_TYPE : - case AES_256_CCM_TYPE : + case WC_AES_128_CCM_TYPE : + case WC_AES_192_CCM_TYPE : + case WC_AES_256_CCM_TYPE : WOLFSSL_MSG("AES CCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9431,62 +9439,62 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : + case WC_AES_128_CTR_TYPE : + case WC_AES_192_CTR_TYPE : + case WC_AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifndef NO_DES3 - case DES_CBC_TYPE : + case WC_DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); return DES_BLOCK_SIZE; - case DES_EDE3_CBC_TYPE : + case WC_DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); return DES_BLOCK_SIZE; #endif #ifndef NO_RC4 - case ARC4_TYPE : + case WC_ARC4_TYPE : WOLFSSL_MSG("ARC4"); return 0; #endif #ifdef WOLFSSL_AES_CFB #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: WOLFSSL_MSG("AES CFB1"); - return AES_BLOCK_SIZE; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + return WC_AES_BLOCK_SIZE; + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: WOLFSSL_MSG("AES CFB8"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: WOLFSSL_MSG("AES CFB128"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_CFB */ #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: WOLFSSL_MSG("AES OFB"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_OFB */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: WOLFSSL_MSG("AES XTS"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : + case WC_ARIA_128_GCM_TYPE : + case WC_ARIA_192_GCM_TYPE : + case WC_ARIA_256_GCM_TYPE : WOLFSSL_MSG("ARIA GCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9494,27 +9502,27 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return GCM_NONCE_MID_SZ; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: WOLFSSL_MSG("CHACHA20 POLY1305"); return CHACHA20_POLY1305_AEAD_IV_SIZE; #endif /* HAVE_CHACHA HAVE_POLY1305 */ #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: WOLFSSL_MSG("CHACHA20"); return WOLFSSL_EVP_CHACHA_IV_BYTES; #endif /* HAVE_CHACHA */ #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE : + case WC_SM4_CBC_TYPE : WOLFSSL_MSG("SM4 CBC"); return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE : + case WC_SM4_CTR_TYPE : WOLFSSL_MSG("SM4 CTR"); return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE : + case WC_SM4_GCM_TYPE : WOLFSSL_MSG("SM4 GCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9522,7 +9530,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return GCM_NONCE_MID_SZ; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE : + case WC_SM4_CCM_TYPE : WOLFSSL_MSG("SM4 CCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9530,7 +9538,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return CCM_NONCE_MIN_SZ; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL"); return 0; @@ -9550,15 +9558,15 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_CBC) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_192 if (XSTRCMP(name, EVP_AES_192_CBC) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_CBC) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ @@ -9595,26 +9603,26 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_CTR) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_192 if (XSTRCMP(name, EVP_AES_192_CTR) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_CTR) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_XTS) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_XTS) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ @@ -9674,7 +9682,7 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) if (ctx) { switch (ctx->cipherType) { - case ARC4_TYPE: + case WC_ARC4_TYPE: WOLFSSL_MSG("returning arc4 state size"); return sizeof(Arc4); @@ -9688,27 +9696,27 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) } -/* return of pkey->type which will be EVP_PKEY_RSA for example. +/* return of pkey->type which will be WC_EVP_PKEY_RSA for example. * * type type of EVP_PKEY * - * returns type or if type is not found then NID_undef + * returns type or if type is not found then WC_NID_undef */ int wolfSSL_EVP_PKEY_type(int type) { WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); switch (type) { - case EVP_PKEY_RSA: - return EVP_PKEY_RSA; - case EVP_PKEY_DSA: - return EVP_PKEY_DSA; - case EVP_PKEY_EC: - return EVP_PKEY_EC; - case EVP_PKEY_DH: - return EVP_PKEY_DH; + case WC_EVP_PKEY_RSA: + return WC_EVP_PKEY_RSA; + case WC_EVP_PKEY_DSA: + return WC_EVP_PKEY_DSA; + case WC_EVP_PKEY_EC: + return WC_EVP_PKEY_EC; + case WC_EVP_PKEY_DH: + return WC_EVP_PKEY_DH; default: - return NID_undef; + return WC_NID_undef; } } @@ -9724,7 +9732,7 @@ int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey) int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey) { if (pkey == NULL) - return NID_undef; + return WC_NID_undef; return wolfSSL_EVP_PKEY_type(pkey->type); } @@ -9738,17 +9746,17 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid) } switch (pkey->type) { - case EVP_PKEY_HMAC: + case WC_EVP_PKEY_HMAC: #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: #endif #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: #endif - *pnid = NID_sha256; + *pnid = WC_NID_sha256; return WOLFSSL_SUCCESS; default: return WOLFSSL_FAILURE; @@ -9800,13 +9808,13 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) } #ifndef NO_RSA -int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) +int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key) { if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; clearEVPPkeyKeys(pkey); - pkey->type = EVP_PKEY_RSA; + pkey->type = WC_EVP_PKEY_RSA; pkey->rsa = key; pkey->ownRsa = 1; @@ -9837,13 +9845,13 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) #endif /* !NO_RSA */ #ifndef NO_DSA -int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) +int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key) { if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; clearEVPPkeyKeys(pkey); - pkey->type = EVP_PKEY_DSA; + pkey->type = WC_EVP_PKEY_DSA; pkey->dsa = key; pkey->ownDsa = 1; @@ -9852,13 +9860,13 @@ int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) #endif /* !NO_DSA */ #ifndef NO_DH -int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) +int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key) { if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; clearEVPPkeyKeys(pkey); - pkey->type = EVP_PKEY_DH; + pkey->type = WC_EVP_PKEY_DH; pkey->dh = key; pkey->ownDh = 1; @@ -9974,7 +9982,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) for (ent = md_tbl; ent->name != NULL; ent++) if(XSTRCMP(name, ent->name) == 0) { - return (EVP_MD *)ent->name; + return (WOLFSSL_EVP_MD *)ent->name; } return NULL; } @@ -9983,7 +9991,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) * * type - pointer to WOLFSSL_EVP_MD for which to return NID value * - * Returns NID on success, or NID_undef if none exists. + * Returns NID on success, or WC_NID_undef if none exists. */ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) { @@ -9992,7 +10000,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("MD type arg is NULL"); - return NID_undef; + return WC_NID_undef; } for( ent = md_tbl; ent->name != NULL; ent++){ @@ -10000,7 +10008,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return ent->nid; } } - return NID_undef; + return WC_NID_undef; } #ifndef NO_MD4 @@ -10009,7 +10017,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) { WOLFSSL_ENTER("EVP_md4"); - return EVP_get_digestbyname("MD4"); + return wolfSSL_EVP_get_digestbyname("MD4"); } #endif /* !NO_MD4 */ @@ -10020,7 +10028,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { WOLFSSL_ENTER("EVP_md5"); - return EVP_get_digestbyname("MD5"); + return wolfSSL_EVP_get_digestbyname("MD5"); } #endif /* !NO_MD5 */ @@ -10033,7 +10041,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void) { WOLFSSL_ENTER("EVP_blake2b512"); - return EVP_get_digestbyname("BLAKE2b512"); + return wolfSSL_EVP_get_digestbyname("BLAKE2b512"); } #endif @@ -10046,7 +10054,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void) { WOLFSSL_ENTER("EVP_blake2s256"); - return EVP_get_digestbyname("BLAKE2s256"); + return wolfSSL_EVP_get_digestbyname("BLAKE2s256"); } #endif @@ -10072,7 +10080,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { WOLFSSL_ENTER("EVP_sha1"); - return EVP_get_digestbyname("SHA1"); + return wolfSSL_EVP_get_digestbyname("SHA1"); } #endif /* NO_SHA */ @@ -10081,7 +10089,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { WOLFSSL_ENTER("EVP_sha224"); - return EVP_get_digestbyname("SHA224"); + return wolfSSL_EVP_get_digestbyname("SHA224"); } #endif /* WOLFSSL_SHA224 */ @@ -10090,7 +10098,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) { WOLFSSL_ENTER("EVP_sha256"); - return EVP_get_digestbyname("SHA256"); + return wolfSSL_EVP_get_digestbyname("SHA256"); } #ifdef WOLFSSL_SHA384 @@ -10098,7 +10106,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { WOLFSSL_ENTER("EVP_sha384"); - return EVP_get_digestbyname("SHA384"); + return wolfSSL_EVP_get_digestbyname("SHA384"); } #endif /* WOLFSSL_SHA384 */ @@ -10108,7 +10116,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { WOLFSSL_ENTER("EVP_sha512"); - return EVP_get_digestbyname("SHA512"); + return wolfSSL_EVP_get_digestbyname("SHA512"); } #ifndef WOLFSSL_NOSHA512_224 @@ -10116,7 +10124,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void) { WOLFSSL_ENTER("EVP_sha512_224"); - return EVP_get_digestbyname("SHA512_224"); + return wolfSSL_EVP_get_digestbyname("SHA512_224"); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10125,7 +10133,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void) { WOLFSSL_ENTER("EVP_sha512_256"); - return EVP_get_digestbyname("SHA512_256"); + return wolfSSL_EVP_get_digestbyname("SHA512_256"); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10137,7 +10145,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) { WOLFSSL_ENTER("EVP_sha3_224"); - return EVP_get_digestbyname("SHA3_224"); + return wolfSSL_EVP_get_digestbyname("SHA3_224"); } #endif /* WOLFSSL_NOSHA3_224 */ @@ -10146,7 +10154,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) { WOLFSSL_ENTER("EVP_sha3_256"); - return EVP_get_digestbyname("SHA3_256"); + return wolfSSL_EVP_get_digestbyname("SHA3_256"); } #endif /* WOLFSSL_NOSHA3_256 */ @@ -10154,7 +10162,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) { WOLFSSL_ENTER("EVP_sha3_384"); - return EVP_get_digestbyname("SHA3_384"); + return wolfSSL_EVP_get_digestbyname("SHA3_384"); } #endif /* WOLFSSL_NOSHA3_384 */ @@ -10162,7 +10170,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) { WOLFSSL_ENTER("EVP_sha3_512"); - return EVP_get_digestbyname("SHA3_512"); + return wolfSSL_EVP_get_digestbyname("SHA3_512"); } #endif /* WOLFSSL_NOSHA3_512 */ @@ -10170,7 +10178,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void) { WOLFSSL_ENTER("EVP_shake128"); - return EVP_get_digestbyname("SHAKE128"); + return wolfSSL_EVP_get_digestbyname("SHAKE128"); } #endif /* WOLFSSL_SHAKE128 */ @@ -10178,7 +10186,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void) { WOLFSSL_ENTER("EVP_shake256"); - return EVP_get_digestbyname("SHAKE256"); + return wolfSSL_EVP_get_digestbyname("SHAKE256"); } #endif /* WOLFSSL_SHAKE256 */ @@ -10188,7 +10196,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void) { WOLFSSL_ENTER("EVP_sm3"); - return EVP_get_digestbyname("SM3"); + return wolfSSL_EVP_get_digestbyname("SM3"); } #endif /* WOLFSSL_SM3 */ @@ -10223,7 +10231,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const struct s_ent *ent; if (ctx->isHMAC) { - return NID_hmac; + return WC_NID_hmac; } for(ent = md_tbl; ent->name != NULL; ent++) { @@ -10313,7 +10321,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (nm->alias) md->fn(NULL, nm->name, nm->data, md->arg); else - md->fn((const EVP_MD *)nm->data, nm->name, NULL, md->arg); + md->fn((const WOLFSSL_EVP_MD *)nm->data, nm->name, NULL, md->arg); } /* call md_do_all function to do all md algorithm via a callback function @@ -10614,48 +10622,48 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("EVP_DigestUpdate"); - macType = EvpMd2MacType(EVP_MD_CTX_md(ctx)); + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); switch (macType) { case WC_HASH_TYPE_MD4: #ifndef NO_MD4 - wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, + wolfSSL_MD4_Update((WOLFSSL_MD4_CTX*)&ctx->hash, data, (unsigned long)sz); ret = WOLFSSL_SUCCESS; #endif break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, + ret = wolfSSL_MD5_Update((WOLFSSL_MD5_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA_Update((WOLFSSL_SHA_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA224_Update((WOLFSSL_SHA224_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA256_Update((WOLFSSL_SHA256_CTX*)&ctx->hash, data, (unsigned long)sz); #endif /* !NO_SHA256 */ break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA384_Update((WOLFSSL_SHA384_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA512_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif /* WOLFSSL_SHA512 */ break; @@ -10664,7 +10672,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; @@ -10674,7 +10682,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif /* WOLFSSL_SHA512 */ break; @@ -10682,25 +10690,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_224_Update((WOLFSSL_SHA3_224_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_256_Update((WOLFSSL_SHA3_256_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_384_Update((WOLFSSL_SHA3_384_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_512_Update((WOLFSSL_SHA3_512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; @@ -10741,48 +10749,48 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) enum wc_HashType macType; WOLFSSL_ENTER("EVP_DigestFinal"); - macType = EvpMd2MacType(EVP_MD_CTX_md(ctx)); + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); switch (macType) { case WC_HASH_TYPE_MD4: #ifndef NO_MD4 - wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); - if (s) *s = MD4_DIGEST_SIZE; + wolfSSL_MD4_Final(md, (WOLFSSL_MD4_CTX*)&ctx->hash); + if (s) *s = WC_MD4_DIGEST_SIZE; ret = WOLFSSL_SUCCESS; #endif break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); + ret = wolfSSL_MD5_Final(md, (WOLFSSL_MD5_CTX*)&ctx->hash); if (s) *s = WC_MD5_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); + ret = wolfSSL_SHA_Final(md, (WOLFSSL_SHA_CTX*)&ctx->hash); if (s) *s = WC_SHA_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); + ret = wolfSSL_SHA224_Final(md, (WOLFSSL_SHA224_CTX*)&ctx->hash); if (s) *s = WC_SHA224_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); + ret = wolfSSL_SHA256_Final(md, (WOLFSSL_SHA256_CTX*)&ctx->hash); if (s) *s = WC_SHA256_DIGEST_SIZE; #endif /* !NO_SHA256 */ break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); + ret = wolfSSL_SHA384_Final(md, (WOLFSSL_SHA384_CTX*)&ctx->hash); if (s) *s = WC_SHA384_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); + ret = wolfSSL_SHA512_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_DIGEST_SIZE; #endif /* WOLFSSL_SHA512 */ break; @@ -10790,7 +10798,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash); + ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_224_DIGEST_SIZE; #endif break; @@ -10799,32 +10807,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash); + ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_256_DIGEST_SIZE; #endif break; #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash); if (s) *s = WC_SHA3_224_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_256_Final(md, (WOLFSSL_SHA3_256_CTX*)&ctx->hash); if (s) *s = WC_SHA3_256_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_384_Final(md, (WOLFSSL_SHA3_384_CTX*)&ctx->hash); if (s) *s = WC_SHA3_384_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_512_Final(md, (WOLFSSL_SHA3_512_CTX*)&ctx->hash); if (s) *s = WC_SHA3_512_DIGEST_SIZE; #endif break; @@ -10863,7 +10871,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) unsigned int* s) { WOLFSSL_ENTER("EVP_DigestFinal_ex"); - return EVP_DigestFinal(ctx, md, s); + return wolfSSL_EVP_DigestFinal(ctx, md, s); } void wolfSSL_EVP_cleanup(void) @@ -10877,31 +10885,31 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) switch(id) { #ifndef NO_MD5 - case NID_md5: + case WC_NID_md5: return wolfSSL_EVP_md5(); #endif #ifndef NO_SHA - case NID_sha1: + case WC_NID_sha1: return wolfSSL_EVP_sha1(); #endif #ifdef WOLFSSL_SHA224 - case NID_sha224: + case WC_NID_sha224: return wolfSSL_EVP_sha224(); #endif #ifndef NO_SHA256 - case NID_sha256: + case WC_NID_sha256: return wolfSSL_EVP_sha256(); #endif #ifdef WOLFSSL_SHA384 - case NID_sha384: + case WC_NID_sha384: return wolfSSL_EVP_sha384(); #endif #ifdef WOLFSSL_SHA512 - case NID_sha512: + case WC_NID_sha512: return wolfSSL_EVP_sha512(); #endif #ifdef WOLFSSL_SM3 - case NID_sm3: + case WC_NID_sm3: return wolfSSL_EVP_sm3(); #endif default: @@ -10931,7 +10939,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) #endif #ifndef NO_MD4 if (XSTRCMP(type, "MD4") == 0) { - return MD4_BLOCK_SIZE; + return WC_MD4_BLOCK_SIZE; } else #endif #ifndef NO_MD5 @@ -11006,7 +11014,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) #endif #ifndef NO_MD4 if (XSTRCMP(type, "MD4") == 0) { - return MD4_DIGEST_SIZE; + return WC_MD4_DIGEST_SIZE; } else #endif #ifndef NO_MD5 @@ -11147,7 +11155,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) switch(key->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: if (key->rsa != NULL && key->ownRsa == 1) { wolfSSL_RSA_free(key->rsa); key->rsa = NULL; @@ -11156,7 +11164,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #endif /* NO_RSA */ #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (key->ecc != NULL && key->ownEcc == 1) { wolfSSL_EC_KEY_free(key->ecc); key->ecc = NULL; @@ -11165,7 +11173,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #endif /* HAVE_ECC && OPENSSL_EXTRA */ #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (key->dsa != NULL && key->ownDsa == 1) { wolfSSL_DSA_free(key->dsa); key->dsa = NULL; @@ -11175,7 +11183,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #if !defined(NO_DH) && (defined(WOLFSSL_QT) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: if (key->dh != NULL && key->ownDh == 1) { wolfSSL_DH_free(key->dh); key->dh = NULL; @@ -11184,7 +11192,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #endif /* ! NO_DH ... */ #ifdef HAVE_HKDF - case EVP_PKEY_HKDF: + case WC_EVP_PKEY_HKDF: XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); key->hkdfSalt = NULL; XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); @@ -11199,7 +11207,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_AES_DIRECT) - case EVP_PKEY_CMAC: + case WC_EVP_PKEY_CMAC: if (key->cmacCtx != NULL) { wolfSSL_CMAC_CTX_free(key->cmacCtx); key->cmacCtx = NULL; @@ -11230,8 +11238,8 @@ static int Indent(WOLFSSL_BIO* out, int indents) if (out == NULL) { return 0; } - if (indents > EVP_PKEY_PRINT_INDENT_MAX) { - indents = EVP_PKEY_PRINT_INDENT_MAX; + if (indents > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indents = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } for (i = 0; i < indents; i++) { if (wolfSSL_BIO_write(out, &space, 1) < 0) { @@ -11259,7 +11267,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, #ifdef WOLFSSL_SMALL_STACK byte* buff = NULL; #else - byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; + byte buff[WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; #endif /* WOLFSSL_SMALL_STACK */ int ret = WOLFSSL_SUCCESS; word32 in = 0; @@ -11276,14 +11284,14 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } data = input; #ifdef WOLFSSL_SMALL_STACK - buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + buff = (byte*)XMALLOC(WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (!buff) { return WOLFSSL_FAILURE; @@ -11294,9 +11302,9 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, idx = 0; for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in += - EVP_PKEY_PRINT_DIGITS_PER_LINE ) { + WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) { Indent(out, indent); - for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) && + for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) && (in + i < (word32)inlen); i++) { if (ret == WOLFSSL_SUCCESS) { @@ -11325,7 +11333,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, ret = wolfSSL_BIO_write(out, "\n", 1) > 0; } if (ret == WOLFSSL_SUCCESS) { - XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX); + XMEMSET(buff, 0, WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX); idx = 0; } } @@ -11347,7 +11355,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte buff[8] = { 0 }; int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -11383,8 +11391,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } do { @@ -11501,7 +11509,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte* pub = NULL; word32 pubSz = 0; @@ -11563,8 +11571,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - else if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + else if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } if (res == WOLFSSL_SUCCESS) { @@ -11697,7 +11705,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte buff[8] = { 0 }; @@ -11733,8 +11741,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } do { @@ -11916,7 +11924,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte buff[8] = { 0 }; @@ -11957,8 +11965,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } do { @@ -12147,7 +12155,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Can handle RSA, ECC, DSA and DH public keys. */ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, - const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx) + const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx) { int res; #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \ @@ -12165,13 +12173,13 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } #endif switch (pkey->type) { - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: #if !defined(NO_RSA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; @@ -12187,7 +12195,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, #endif break; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: #if defined(HAVE_ECC) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; @@ -12203,7 +12211,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, #endif break; - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: #if !defined(NO_DSA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; @@ -12219,7 +12227,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, #endif break; - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: #if defined(WOLFSSL_DH_EXTRA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; diff --git a/src/wolfcrypt/src/ext_kyber.c b/src/wolfcrypt/src/ext_kyber.c index 0c2cb2b..44ec893 100644 --- a/src/wolfcrypt/src/ext_kyber.c +++ b/src/wolfcrypt/src/ext_kyber.c @@ -43,9 +43,16 @@ static const char* OQS_ID2name(int id) { switch (id) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: return OQS_KEM_alg_ml_kem_512; + case WC_ML_KEM_768: return OQS_KEM_alg_ml_kem_768; + case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024; + #endif + #ifdef WOLFSSL_KYBER_ORIGINAL case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512; case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768; case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024; + #endif default: break; } return NULL; @@ -83,11 +90,20 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) if (ret == 0) { /* Validate type. */ switch (type) { +#ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + #ifdef HAVE_LIBOQS + case WC_ML_KEM_768: + case WC_ML_KEM_1024: + #endif /* HAVE_LIBOQS */ +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL case KYBER_LEVEL1: -#ifdef HAVE_LIBOQS + #ifdef HAVE_LIBOQS case KYBER_LEVEL3: case KYBER_LEVEL5: -#endif /* HAVE_LIBOQS */ + #endif /* HAVE_LIBOQS */ +#endif break; default: /* No other values supported. */ @@ -152,6 +168,18 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) /* NOTE: SHAKE and AES variants have the same length private key. */ if (ret == 0) { switch (key->type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + *len = OQS_KEM_ml_kem_512_length_secret_key; + break; + case WC_ML_KEM_768: + *len = OQS_KEM_ml_kem_768_length_secret_key; + break; + case WC_ML_KEM_1024: + *len = OQS_KEM_ml_kem_1024_length_secret_key; + break; + #endif + #ifdef WOLFSSL_KYBER_ORIGINAL case KYBER_LEVEL1: *len = OQS_KEM_kyber_512_length_secret_key; break; @@ -161,6 +189,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) case KYBER_LEVEL5: *len = OQS_KEM_kyber_1024_length_secret_key; break; + #endif default: /* No other values supported. */ ret = BAD_FUNC_ARG; @@ -194,6 +223,18 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) /* NOTE: SHAKE and AES variants have the same length public key. */ if (ret == 0) { switch (key->type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + *len = OQS_KEM_ml_kem_512_length_public_key; + break; + case WC_ML_KEM_768: + *len = OQS_KEM_ml_kem_768_length_public_key; + break; + case WC_ML_KEM_1024: + *len = OQS_KEM_ml_kem_1024_length_public_key; + break; + #endif + #ifdef WOLFSSL_KYBER_ORIGINAL case KYBER_LEVEL1: *len = OQS_KEM_kyber_512_length_public_key; break; @@ -203,6 +244,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) case KYBER_LEVEL5: *len = OQS_KEM_kyber_1024_length_public_key; break; + #endif default: /* No other values supported. */ ret = BAD_FUNC_ARG; @@ -236,6 +278,18 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) /* NOTE: SHAKE and AES variants have the same length ciphertext. */ if (ret == 0) { switch (key->type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + *len = OQS_KEM_ml_kem_512_length_ciphertext; + break; + case WC_ML_KEM_768: + *len = OQS_KEM_ml_kem_768_length_ciphertext; + break; + case WC_ML_KEM_1024: + *len = OQS_KEM_ml_kem_1024_length_ciphertext; + break; + #endif + #ifdef WOLFSSL_KYBER_ORIGINAL case KYBER_LEVEL1: *len = OQS_KEM_kyber_512_length_ciphertext; break; @@ -245,6 +299,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) case KYBER_LEVEL5: *len = OQS_KEM_kyber_1024_length_ciphertext; break; + #endif default: /* No other values supported. */ ret = BAD_FUNC_ARG; diff --git a/src/wolfcrypt/src/fe_448.c b/src/wolfcrypt/src/fe_448.c index ede162a..bbf31f6 100644 --- a/src/wolfcrypt/src/fe_448.c +++ b/src/wolfcrypt/src/fe_448.c @@ -1437,56 +1437,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a) b[ 0] = (byte)(in0 >> 0); b[ 1] = (byte)(in0 >> 8); b[ 2] = (byte)(in0 >> 16); - b[ 3] = (byte)((in0 >> 24) + ((in1 >> 0) << 4)); + b[ 3] = (byte)(in0 >> 24) + (byte)((in1 >> 0) << 4); b[ 4] = (byte)(in1 >> 4); b[ 5] = (byte)(in1 >> 12); b[ 6] = (byte)(in1 >> 20); b[ 7] = (byte)(in2 >> 0); b[ 8] = (byte)(in2 >> 8); b[ 9] = (byte)(in2 >> 16); - b[10] = (byte)((in2 >> 24) + ((in3 >> 0) << 4)); + b[10] = (byte)(in2 >> 24) + (byte)((in3 >> 0) << 4); b[11] = (byte)(in3 >> 4); b[12] = (byte)(in3 >> 12); b[13] = (byte)(in3 >> 20); b[14] = (byte)(in4 >> 0); b[15] = (byte)(in4 >> 8); b[16] = (byte)(in4 >> 16); - b[17] = (byte)((in4 >> 24) + ((in5 >> 0) << 4)); + b[17] = (byte)(in4 >> 24) + (byte)((in5 >> 0) << 4); b[18] = (byte)(in5 >> 4); b[19] = (byte)(in5 >> 12); b[20] = (byte)(in5 >> 20); b[21] = (byte)(in6 >> 0); b[22] = (byte)(in6 >> 8); b[23] = (byte)(in6 >> 16); - b[24] = (byte)((in6 >> 24) + ((in7 >> 0) << 4)); + b[24] = (byte)(in6 >> 24) + (byte)((in7 >> 0) << 4); b[25] = (byte)(in7 >> 4); b[26] = (byte)(in7 >> 12); b[27] = (byte)(in7 >> 20); b[28] = (byte)(in8 >> 0); b[29] = (byte)(in8 >> 8); b[30] = (byte)(in8 >> 16); - b[31] = (byte)((in8 >> 24) + ((in9 >> 0) << 4)); + b[31] = (byte)(in8 >> 24) + (byte)((in9 >> 0) << 4); b[32] = (byte)(in9 >> 4); b[33] = (byte)(in9 >> 12); b[34] = (byte)(in9 >> 20); b[35] = (byte)(in10 >> 0); b[36] = (byte)(in10 >> 8); b[37] = (byte)(in10 >> 16); - b[38] = (byte)((in10 >> 24) + ((in11 >> 0) << 4)); + b[38] = (byte)(in10 >> 24) + (byte)((in11 >> 0) << 4); b[39] = (byte)(in11 >> 4); b[40] = (byte)(in11 >> 12); b[41] = (byte)(in11 >> 20); b[42] = (byte)(in12 >> 0); b[43] = (byte)(in12 >> 8); b[44] = (byte)(in12 >> 16); - b[45] = (byte)((in12 >> 24) + ((in13 >> 0) << 4)); + b[45] = (byte)(in12 >> 24) + (byte)((in13 >> 0) << 4); b[46] = (byte)(in13 >> 4); b[47] = (byte)(in13 >> 12); b[48] = (byte)(in13 >> 20); b[49] = (byte)(in14 >> 0); b[50] = (byte)(in14 >> 8); b[51] = (byte)(in14 >> 16); - b[52] = (byte)((in14 >> 24) + ((in15 >> 0) << 4)); + b[52] = (byte)(in14 >> 24) + (byte)((in15 >> 0) << 4); b[53] = (byte)(in15 >> 4); b[54] = (byte)(in15 >> 12); b[55] = (byte)(in15 >> 20); @@ -1770,6 +1770,8 @@ void fe448_mul39081(sword32* r, const sword32* a) static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b) { sword64 t; + sword64 o; + sword64 t15; sword64 t0 = (sword64)a[ 0] * b[ 0]; sword64 t1 = (sword64)a[ 0] * b[ 1]; sword64 t101 = (sword64)a[ 1] * b[ 0]; @@ -1834,7 +1836,6 @@ static WC_INLINE void fe448_mul_8(sword32* r, const sword32* a, const sword32* b sword64 t13 = (sword64)a[ 6] * b[ 7]; sword64 t113 = (sword64)a[ 7] * b[ 6]; sword64 t14 = (sword64)a[ 7] * b[ 7]; - sword64 o, t15; t1 += t101; t2 += t102; t2 += t202; t3 += t103; t3 += t203; t3 += t303; diff --git a/src/wolfcrypt/src/ge_448.c b/src/wolfcrypt/src/ge_448.c index 415928f..81f9c57 100644 --- a/src/wolfcrypt/src/ge_448.c +++ b/src/wolfcrypt/src/ge_448.c @@ -77,6 +77,14 @@ static const ge448_p2 ed448_base = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }; +static const word8 ed448_order[56] = { + 0xf3, 0x44, 0x58, 0xab, 0x92, 0xc2, 0x78, 0x23, 0x55, 0x8f, 0xc5, 0x8d, + 0x72, 0xc2, 0x6c, 0x21, 0x90, 0x36, 0xd6, 0xae, 0x49, 0xdb, 0x4e, 0xc4, + 0xe9, 0x23, 0xca, 0x7c, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, +}; + /* Part of order of ed448 that needs tp be multiplied when reducing */ static const word8 ed448_order_mul[56] = { 0x0d, 0xbb, 0xa7, 0x54, 0x6d, 0x3d, 0x87, 0xdc, 0xaa, 0x70, 0x3a, 0x72, @@ -87,6 +95,8 @@ static const word8 ed448_order_mul[56] = { /* Reduce scalar mod the order of the curve. * Scalar Will be 114 bytes. * + * Only performs a weak reduce. + * * b [in] Scalar to reduce. */ void sc448_reduce(byte* b) @@ -149,6 +159,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) int i, j; word32 t[112]; word8 o; + sword16 u; /* a * b + d */ for (i = 0; i < 56; i++) @@ -200,6 +211,16 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) } r[i] = t[i] & 0xff; r[i+1] = 0; + /* Reduce to mod order. */ + u = 0; + for (i = 0; i < 56; i++) { + u += r[i] - ed448_order[i]; u >>= 8; + } + o = 0 - (u >= 0); + u = 0; + for (i = 0; i < 56; i++) { + u += r[i] - (ed448_order[i] & o); r[i] = u & 0xff; u >>= 8; + } } /* Double the point on the Twisted Edwards curve. r = 2.p @@ -431,6 +452,8 @@ int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b) /* Reduce scalar mod the order of the curve. * Scalar Will be 114 bytes. * + * Only performs a weak reduce. + * * b [in] Scalar to reduce. */ void sc448_reduce(byte* b) @@ -441,120 +464,120 @@ void sc448_reduce(byte* b) word64 o; /* Load from bytes */ - t[ 0] = ((sword64) (b[ 0]) << 0) - | ((sword64) (b[ 1]) << 8) - | ((sword64) (b[ 2]) << 16) - | ((sword64) (b[ 3]) << 24) - | ((sword64) (b[ 4]) << 32) - | ((sword64) (b[ 5]) << 40) - | ((sword64) (b[ 6]) << 48); - t[ 1] = ((sword64) (b[ 7]) << 0) - | ((sword64) (b[ 8]) << 8) - | ((sword64) (b[ 9]) << 16) - | ((sword64) (b[10]) << 24) - | ((sword64) (b[11]) << 32) - | ((sword64) (b[12]) << 40) - | ((sword64) (b[13]) << 48); - t[ 2] = ((sword64) (b[14]) << 0) - | ((sword64) (b[15]) << 8) - | ((sword64) (b[16]) << 16) - | ((sword64) (b[17]) << 24) - | ((sword64) (b[18]) << 32) - | ((sword64) (b[19]) << 40) - | ((sword64) (b[20]) << 48); - t[ 3] = ((sword64) (b[21]) << 0) - | ((sword64) (b[22]) << 8) - | ((sword64) (b[23]) << 16) - | ((sword64) (b[24]) << 24) - | ((sword64) (b[25]) << 32) - | ((sword64) (b[26]) << 40) - | ((sword64) (b[27]) << 48); - t[ 4] = ((sword64) (b[28]) << 0) - | ((sword64) (b[29]) << 8) - | ((sword64) (b[30]) << 16) - | ((sword64) (b[31]) << 24) - | ((sword64) (b[32]) << 32) - | ((sword64) (b[33]) << 40) - | ((sword64) (b[34]) << 48); - t[ 5] = ((sword64) (b[35]) << 0) - | ((sword64) (b[36]) << 8) - | ((sword64) (b[37]) << 16) - | ((sword64) (b[38]) << 24) - | ((sword64) (b[39]) << 32) - | ((sword64) (b[40]) << 40) - | ((sword64) (b[41]) << 48); - t[ 6] = ((sword64) (b[42]) << 0) - | ((sword64) (b[43]) << 8) - | ((sword64) (b[44]) << 16) - | ((sword64) (b[45]) << 24) - | ((sword64) (b[46]) << 32) - | ((sword64) (b[47]) << 40) - | ((sword64) (b[48]) << 48); - t[ 7] = ((sword64) (b[49]) << 0) - | ((sword64) (b[50]) << 8) - | ((sword64) (b[51]) << 16) - | ((sword64) (b[52]) << 24) - | ((sword64) (b[53]) << 32) - | ((sword64) (b[54]) << 40) - | ((sword64) (b[55]) << 48); - t[ 8] = ((sword64) (b[56]) << 0) - | ((sword64) (b[57]) << 8) - | ((sword64) (b[58]) << 16) - | ((sword64) (b[59]) << 24) - | ((sword64) (b[60]) << 32) - | ((sword64) (b[61]) << 40) - | ((sword64) (b[62]) << 48); - t[ 9] = ((sword64) (b[63]) << 0) - | ((sword64) (b[64]) << 8) - | ((sword64) (b[65]) << 16) - | ((sword64) (b[66]) << 24) - | ((sword64) (b[67]) << 32) - | ((sword64) (b[68]) << 40) - | ((sword64) (b[69]) << 48); - t[10] = ((sword64) (b[70]) << 0) - | ((sword64) (b[71]) << 8) - | ((sword64) (b[72]) << 16) - | ((sword64) (b[73]) << 24) - | ((sword64) (b[74]) << 32) - | ((sword64) (b[75]) << 40) - | ((sword64) (b[76]) << 48); - t[11] = ((sword64) (b[77]) << 0) - | ((sword64) (b[78]) << 8) - | ((sword64) (b[79]) << 16) - | ((sword64) (b[80]) << 24) - | ((sword64) (b[81]) << 32) - | ((sword64) (b[82]) << 40) - | ((sword64) (b[83]) << 48); - t[12] = ((sword64) (b[84]) << 0) - | ((sword64) (b[85]) << 8) - | ((sword64) (b[86]) << 16) - | ((sword64) (b[87]) << 24) - | ((sword64) (b[88]) << 32) - | ((sword64) (b[89]) << 40) - | ((sword64) (b[90]) << 48); - t[13] = ((sword64) (b[91]) << 0) - | ((sword64) (b[92]) << 8) - | ((sword64) (b[93]) << 16) - | ((sword64) (b[94]) << 24) - | ((sword64) (b[95]) << 32) - | ((sword64) (b[96]) << 40) - | ((sword64) (b[97]) << 48); - t[14] = ((sword64) (b[98]) << 0) - | ((sword64) (b[99]) << 8) - | ((sword64) (b[100]) << 16) - | ((sword64) (b[101]) << 24) - | ((sword64) (b[102]) << 32) - | ((sword64) (b[103]) << 40) - | ((sword64) (b[104]) << 48); - t[15] = ((sword64) (b[105]) << 0) - | ((sword64) (b[106]) << 8) - | ((sword64) (b[107]) << 16) - | ((sword64) (b[108]) << 24) - | ((sword64) (b[109]) << 32) - | ((sword64) (b[110]) << 40) - | ((sword64) (b[111]) << 48); - t[16] = ((sword64) (b[112]) << 0) - | ((sword64) (b[113]) << 8); + t[ 0] = (word64)((sword64) (b[ 0]) << 0) + | (word64)((sword64) (b[ 1]) << 8) + | (word64)((sword64) (b[ 2]) << 16) + | (word64)((sword64) (b[ 3]) << 24) + | (word64)((sword64) (b[ 4]) << 32) + | (word64)((sword64) (b[ 5]) << 40) + | (word64)((sword64) (b[ 6]) << 48); + t[ 1] = (word64)((sword64) (b[ 7]) << 0) + | (word64)((sword64) (b[ 8]) << 8) + | (word64)((sword64) (b[ 9]) << 16) + | (word64)((sword64) (b[10]) << 24) + | (word64)((sword64) (b[11]) << 32) + | (word64)((sword64) (b[12]) << 40) + | (word64)((sword64) (b[13]) << 48); + t[ 2] = (word64)((sword64) (b[14]) << 0) + | (word64)((sword64) (b[15]) << 8) + | (word64)((sword64) (b[16]) << 16) + | (word64)((sword64) (b[17]) << 24) + | (word64)((sword64) (b[18]) << 32) + | (word64)((sword64) (b[19]) << 40) + | (word64)((sword64) (b[20]) << 48); + t[ 3] = (word64)((sword64) (b[21]) << 0) + | (word64)((sword64) (b[22]) << 8) + | (word64)((sword64) (b[23]) << 16) + | (word64)((sword64) (b[24]) << 24) + | (word64)((sword64) (b[25]) << 32) + | (word64)((sword64) (b[26]) << 40) + | (word64)((sword64) (b[27]) << 48); + t[ 4] = (word64)((sword64) (b[28]) << 0) + | (word64)((sword64) (b[29]) << 8) + | (word64)((sword64) (b[30]) << 16) + | (word64)((sword64) (b[31]) << 24) + | (word64)((sword64) (b[32]) << 32) + | (word64)((sword64) (b[33]) << 40) + | (word64)((sword64) (b[34]) << 48); + t[ 5] = (word64)((sword64) (b[35]) << 0) + | (word64)((sword64) (b[36]) << 8) + | (word64)((sword64) (b[37]) << 16) + | (word64)((sword64) (b[38]) << 24) + | (word64)((sword64) (b[39]) << 32) + | (word64)((sword64) (b[40]) << 40) + | (word64)((sword64) (b[41]) << 48); + t[ 6] = (word64)((sword64) (b[42]) << 0) + | (word64)((sword64) (b[43]) << 8) + | (word64)((sword64) (b[44]) << 16) + | (word64)((sword64) (b[45]) << 24) + | (word64)((sword64) (b[46]) << 32) + | (word64)((sword64) (b[47]) << 40) + | (word64)((sword64) (b[48]) << 48); + t[ 7] = (word64)((sword64) (b[49]) << 0) + | (word64)((sword64) (b[50]) << 8) + | (word64)((sword64) (b[51]) << 16) + | (word64)((sword64) (b[52]) << 24) + | (word64)((sword64) (b[53]) << 32) + | (word64)((sword64) (b[54]) << 40) + | (word64)((sword64) (b[55]) << 48); + t[ 8] = (word64)((sword64) (b[56]) << 0) + | (word64)((sword64) (b[57]) << 8) + | (word64)((sword64) (b[58]) << 16) + | (word64)((sword64) (b[59]) << 24) + | (word64)((sword64) (b[60]) << 32) + | (word64)((sword64) (b[61]) << 40) + | (word64)((sword64) (b[62]) << 48); + t[ 9] = (word64)((sword64) (b[63]) << 0) + | (word64)((sword64) (b[64]) << 8) + | (word64)((sword64) (b[65]) << 16) + | (word64)((sword64) (b[66]) << 24) + | (word64)((sword64) (b[67]) << 32) + | (word64)((sword64) (b[68]) << 40) + | (word64)((sword64) (b[69]) << 48); + t[10] = (word64)((sword64) (b[70]) << 0) + | (word64)((sword64) (b[71]) << 8) + | (word64)((sword64) (b[72]) << 16) + | (word64)((sword64) (b[73]) << 24) + | (word64)((sword64) (b[74]) << 32) + | (word64)((sword64) (b[75]) << 40) + | (word64)((sword64) (b[76]) << 48); + t[11] = (word64)((sword64) (b[77]) << 0) + | (word64)((sword64) (b[78]) << 8) + | (word64)((sword64) (b[79]) << 16) + | (word64)((sword64) (b[80]) << 24) + | (word64)((sword64) (b[81]) << 32) + | (word64)((sword64) (b[82]) << 40) + | (word64)((sword64) (b[83]) << 48); + t[12] = (word64)((sword64) (b[84]) << 0) + | (word64)((sword64) (b[85]) << 8) + | (word64)((sword64) (b[86]) << 16) + | (word64)((sword64) (b[87]) << 24) + | (word64)((sword64) (b[88]) << 32) + | (word64)((sword64) (b[89]) << 40) + | (word64)((sword64) (b[90]) << 48); + t[13] = (word64)((sword64) (b[91]) << 0) + | (word64)((sword64) (b[92]) << 8) + | (word64)((sword64) (b[93]) << 16) + | (word64)((sword64) (b[94]) << 24) + | (word64)((sword64) (b[95]) << 32) + | (word64)((sword64) (b[96]) << 40) + | (word64)((sword64) (b[97]) << 48); + t[14] = (word64)((sword64) (b[98]) << 0) + | (word64)((sword64) (b[99]) << 8) + | (word64)((sword64) (b[100]) << 16) + | (word64)((sword64) (b[101]) << 24) + | (word64)((sword64) (b[102]) << 32) + | (word64)((sword64) (b[103]) << 40) + | (word64)((sword64) (b[104]) << 48); + t[15] = (word64)((sword64) (b[105]) << 0) + | (word64)((sword64) (b[106]) << 8) + | (word64)((sword64) (b[107]) << 16) + | (word64)((sword64) (b[108]) << 24) + | (word64)((sword64) (b[109]) << 32) + | (word64)((sword64) (b[110]) << 40) + | (word64)((sword64) (b[111]) << 48); + t[16] = (word64)((sword64) (b[112]) << 0) + | (word64)((sword64) (b[113]) << 8); /* Mod curve order */ /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */ @@ -721,243 +744,244 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) word128 t[16]; word128 c; word64 o; + sword64 u; /* Load from bytes */ - ad[ 0] = ((sword64) (a[ 0]) << 0) - | ((sword64) (a[ 1]) << 8) - | ((sword64) (a[ 2]) << 16) - | ((sword64) (a[ 3]) << 24) - | ((sword64) (a[ 4]) << 32) - | ((sword64) (a[ 5]) << 40) - | ((sword64) (a[ 6]) << 48); - ad[ 1] = ((sword64) (a[ 7]) << 0) - | ((sword64) (a[ 8]) << 8) - | ((sword64) (a[ 9]) << 16) - | ((sword64) (a[10]) << 24) - | ((sword64) (a[11]) << 32) - | ((sword64) (a[12]) << 40) - | ((sword64) (a[13]) << 48); - ad[ 2] = ((sword64) (a[14]) << 0) - | ((sword64) (a[15]) << 8) - | ((sword64) (a[16]) << 16) - | ((sword64) (a[17]) << 24) - | ((sword64) (a[18]) << 32) - | ((sword64) (a[19]) << 40) - | ((sword64) (a[20]) << 48); - ad[ 3] = ((sword64) (a[21]) << 0) - | ((sword64) (a[22]) << 8) - | ((sword64) (a[23]) << 16) - | ((sword64) (a[24]) << 24) - | ((sword64) (a[25]) << 32) - | ((sword64) (a[26]) << 40) - | ((sword64) (a[27]) << 48); - ad[ 4] = ((sword64) (a[28]) << 0) - | ((sword64) (a[29]) << 8) - | ((sword64) (a[30]) << 16) - | ((sword64) (a[31]) << 24) - | ((sword64) (a[32]) << 32) - | ((sword64) (a[33]) << 40) - | ((sword64) (a[34]) << 48); - ad[ 5] = ((sword64) (a[35]) << 0) - | ((sword64) (a[36]) << 8) - | ((sword64) (a[37]) << 16) - | ((sword64) (a[38]) << 24) - | ((sword64) (a[39]) << 32) - | ((sword64) (a[40]) << 40) - | ((sword64) (a[41]) << 48); - ad[ 6] = ((sword64) (a[42]) << 0) - | ((sword64) (a[43]) << 8) - | ((sword64) (a[44]) << 16) - | ((sword64) (a[45]) << 24) - | ((sword64) (a[46]) << 32) - | ((sword64) (a[47]) << 40) - | ((sword64) (a[48]) << 48); - ad[ 7] = ((sword64) (a[49]) << 0) - | ((sword64) (a[50]) << 8) - | ((sword64) (a[51]) << 16) - | ((sword64) (a[52]) << 24) - | ((sword64) (a[53]) << 32) - | ((sword64) (a[54]) << 40) - | ((sword64) (a[55]) << 48); + ad[ 0] = (word64)((sword64) (a[ 0]) << 0) + | (word64)((sword64) (a[ 1]) << 8) + | (word64)((sword64) (a[ 2]) << 16) + | (word64)((sword64) (a[ 3]) << 24) + | (word64)((sword64) (a[ 4]) << 32) + | (word64)((sword64) (a[ 5]) << 40) + | (word64)((sword64) (a[ 6]) << 48); + ad[ 1] = (word64)((sword64) (a[ 7]) << 0) + | (word64)((sword64) (a[ 8]) << 8) + | (word64)((sword64) (a[ 9]) << 16) + | (word64)((sword64) (a[10]) << 24) + | (word64)((sword64) (a[11]) << 32) + | (word64)((sword64) (a[12]) << 40) + | (word64)((sword64) (a[13]) << 48); + ad[ 2] = (word64)((sword64) (a[14]) << 0) + | (word64)((sword64) (a[15]) << 8) + | (word64)((sword64) (a[16]) << 16) + | (word64)((sword64) (a[17]) << 24) + | (word64)((sword64) (a[18]) << 32) + | (word64)((sword64) (a[19]) << 40) + | (word64)((sword64) (a[20]) << 48); + ad[ 3] = (word64)((sword64) (a[21]) << 0) + | (word64)((sword64) (a[22]) << 8) + | (word64)((sword64) (a[23]) << 16) + | (word64)((sword64) (a[24]) << 24) + | (word64)((sword64) (a[25]) << 32) + | (word64)((sword64) (a[26]) << 40) + | (word64)((sword64) (a[27]) << 48); + ad[ 4] = (word64)((sword64) (a[28]) << 0) + | (word64)((sword64) (a[29]) << 8) + | (word64)((sword64) (a[30]) << 16) + | (word64)((sword64) (a[31]) << 24) + | (word64)((sword64) (a[32]) << 32) + | (word64)((sword64) (a[33]) << 40) + | (word64)((sword64) (a[34]) << 48); + ad[ 5] = (word64)((sword64) (a[35]) << 0) + | (word64)((sword64) (a[36]) << 8) + | (word64)((sword64) (a[37]) << 16) + | (word64)((sword64) (a[38]) << 24) + | (word64)((sword64) (a[39]) << 32) + | (word64)((sword64) (a[40]) << 40) + | (word64)((sword64) (a[41]) << 48); + ad[ 6] = (word64)((sword64) (a[42]) << 0) + | (word64)((sword64) (a[43]) << 8) + | (word64)((sword64) (a[44]) << 16) + | (word64)((sword64) (a[45]) << 24) + | (word64)((sword64) (a[46]) << 32) + | (word64)((sword64) (a[47]) << 40) + | (word64)((sword64) (a[48]) << 48); + ad[ 7] = (word64)((sword64) (a[49]) << 0) + | (word64)((sword64) (a[50]) << 8) + | (word64)((sword64) (a[51]) << 16) + | (word64)((sword64) (a[52]) << 24) + | (word64)((sword64) (a[53]) << 32) + | (word64)((sword64) (a[54]) << 40) + | (word64)((sword64) (a[55]) << 48); /* Load from bytes */ - bd[ 0] = ((sword64) (b[ 0]) << 0) - | ((sword64) (b[ 1]) << 8) - | ((sword64) (b[ 2]) << 16) - | ((sword64) (b[ 3]) << 24) - | ((sword64) (b[ 4]) << 32) - | ((sword64) (b[ 5]) << 40) - | ((sword64) (b[ 6]) << 48); - bd[ 1] = ((sword64) (b[ 7]) << 0) - | ((sword64) (b[ 8]) << 8) - | ((sword64) (b[ 9]) << 16) - | ((sword64) (b[10]) << 24) - | ((sword64) (b[11]) << 32) - | ((sword64) (b[12]) << 40) - | ((sword64) (b[13]) << 48); - bd[ 2] = ((sword64) (b[14]) << 0) - | ((sword64) (b[15]) << 8) - | ((sword64) (b[16]) << 16) - | ((sword64) (b[17]) << 24) - | ((sword64) (b[18]) << 32) - | ((sword64) (b[19]) << 40) - | ((sword64) (b[20]) << 48); - bd[ 3] = ((sword64) (b[21]) << 0) - | ((sword64) (b[22]) << 8) - | ((sword64) (b[23]) << 16) - | ((sword64) (b[24]) << 24) - | ((sword64) (b[25]) << 32) - | ((sword64) (b[26]) << 40) - | ((sword64) (b[27]) << 48); - bd[ 4] = ((sword64) (b[28]) << 0) - | ((sword64) (b[29]) << 8) - | ((sword64) (b[30]) << 16) - | ((sword64) (b[31]) << 24) - | ((sword64) (b[32]) << 32) - | ((sword64) (b[33]) << 40) - | ((sword64) (b[34]) << 48); - bd[ 5] = ((sword64) (b[35]) << 0) - | ((sword64) (b[36]) << 8) - | ((sword64) (b[37]) << 16) - | ((sword64) (b[38]) << 24) - | ((sword64) (b[39]) << 32) - | ((sword64) (b[40]) << 40) - | ((sword64) (b[41]) << 48); - bd[ 6] = ((sword64) (b[42]) << 0) - | ((sword64) (b[43]) << 8) - | ((sword64) (b[44]) << 16) - | ((sword64) (b[45]) << 24) - | ((sword64) (b[46]) << 32) - | ((sword64) (b[47]) << 40) - | ((sword64) (b[48]) << 48); - bd[ 7] = ((sword64) (b[49]) << 0) - | ((sword64) (b[50]) << 8) - | ((sword64) (b[51]) << 16) - | ((sword64) (b[52]) << 24) - | ((sword64) (b[53]) << 32) - | ((sword64) (b[54]) << 40) - | ((sword64) (b[55]) << 48); + bd[ 0] = (word64)((sword64) (b[ 0]) << 0) + | (word64)((sword64) (b[ 1]) << 8) + | (word64)((sword64) (b[ 2]) << 16) + | (word64)((sword64) (b[ 3]) << 24) + | (word64)((sword64) (b[ 4]) << 32) + | (word64)((sword64) (b[ 5]) << 40) + | (word64)((sword64) (b[ 6]) << 48); + bd[ 1] = (word64)((sword64) (b[ 7]) << 0) + | (word64)((sword64) (b[ 8]) << 8) + | (word64)((sword64) (b[ 9]) << 16) + | (word64)((sword64) (b[10]) << 24) + | (word64)((sword64) (b[11]) << 32) + | (word64)((sword64) (b[12]) << 40) + | (word64)((sword64) (b[13]) << 48); + bd[ 2] = (word64)((sword64) (b[14]) << 0) + | (word64)((sword64) (b[15]) << 8) + | (word64)((sword64) (b[16]) << 16) + | (word64)((sword64) (b[17]) << 24) + | (word64)((sword64) (b[18]) << 32) + | (word64)((sword64) (b[19]) << 40) + | (word64)((sword64) (b[20]) << 48); + bd[ 3] = (word64)((sword64) (b[21]) << 0) + | (word64)((sword64) (b[22]) << 8) + | (word64)((sword64) (b[23]) << 16) + | (word64)((sword64) (b[24]) << 24) + | (word64)((sword64) (b[25]) << 32) + | (word64)((sword64) (b[26]) << 40) + | (word64)((sword64) (b[27]) << 48); + bd[ 4] = (word64)((sword64) (b[28]) << 0) + | (word64)((sword64) (b[29]) << 8) + | (word64)((sword64) (b[30]) << 16) + | (word64)((sword64) (b[31]) << 24) + | (word64)((sword64) (b[32]) << 32) + | (word64)((sword64) (b[33]) << 40) + | (word64)((sword64) (b[34]) << 48); + bd[ 5] = (word64)((sword64) (b[35]) << 0) + | (word64)((sword64) (b[36]) << 8) + | (word64)((sword64) (b[37]) << 16) + | (word64)((sword64) (b[38]) << 24) + | (word64)((sword64) (b[39]) << 32) + | (word64)((sword64) (b[40]) << 40) + | (word64)((sword64) (b[41]) << 48); + bd[ 6] = (word64)((sword64) (b[42]) << 0) + | (word64)((sword64) (b[43]) << 8) + | (word64)((sword64) (b[44]) << 16) + | (word64)((sword64) (b[45]) << 24) + | (word64)((sword64) (b[46]) << 32) + | (word64)((sword64) (b[47]) << 40) + | (word64)((sword64) (b[48]) << 48); + bd[ 7] = (word64)((sword64) (b[49]) << 0) + | (word64)((sword64) (b[50]) << 8) + | (word64)((sword64) (b[51]) << 16) + | (word64)((sword64) (b[52]) << 24) + | (word64)((sword64) (b[53]) << 32) + | (word64)((sword64) (b[54]) << 40) + | (word64)((sword64) (b[55]) << 48); /* Load from bytes */ - dd[ 0] = ((sword64) (d[ 0]) << 0) - | ((sword64) (d[ 1]) << 8) - | ((sword64) (d[ 2]) << 16) - | ((sword64) (d[ 3]) << 24) - | ((sword64) (d[ 4]) << 32) - | ((sword64) (d[ 5]) << 40) - | ((sword64) (d[ 6]) << 48); - dd[ 1] = ((sword64) (d[ 7]) << 0) - | ((sword64) (d[ 8]) << 8) - | ((sword64) (d[ 9]) << 16) - | ((sword64) (d[10]) << 24) - | ((sword64) (d[11]) << 32) - | ((sword64) (d[12]) << 40) - | ((sword64) (d[13]) << 48); - dd[ 2] = ((sword64) (d[14]) << 0) - | ((sword64) (d[15]) << 8) - | ((sword64) (d[16]) << 16) - | ((sword64) (d[17]) << 24) - | ((sword64) (d[18]) << 32) - | ((sword64) (d[19]) << 40) - | ((sword64) (d[20]) << 48); - dd[ 3] = ((sword64) (d[21]) << 0) - | ((sword64) (d[22]) << 8) - | ((sword64) (d[23]) << 16) - | ((sword64) (d[24]) << 24) - | ((sword64) (d[25]) << 32) - | ((sword64) (d[26]) << 40) - | ((sword64) (d[27]) << 48); - dd[ 4] = ((sword64) (d[28]) << 0) - | ((sword64) (d[29]) << 8) - | ((sword64) (d[30]) << 16) - | ((sword64) (d[31]) << 24) - | ((sword64) (d[32]) << 32) - | ((sword64) (d[33]) << 40) - | ((sword64) (d[34]) << 48); - dd[ 5] = ((sword64) (d[35]) << 0) - | ((sword64) (d[36]) << 8) - | ((sword64) (d[37]) << 16) - | ((sword64) (d[38]) << 24) - | ((sword64) (d[39]) << 32) - | ((sword64) (d[40]) << 40) - | ((sword64) (d[41]) << 48); - dd[ 6] = ((sword64) (d[42]) << 0) - | ((sword64) (d[43]) << 8) - | ((sword64) (d[44]) << 16) - | ((sword64) (d[45]) << 24) - | ((sword64) (d[46]) << 32) - | ((sword64) (d[47]) << 40) - | ((sword64) (d[48]) << 48); - dd[ 7] = ((sword64) (d[49]) << 0) - | ((sword64) (d[50]) << 8) - | ((sword64) (d[51]) << 16) - | ((sword64) (d[52]) << 24) - | ((sword64) (d[53]) << 32) - | ((sword64) (d[54]) << 40) - | ((sword64) (d[55]) << 48); + dd[ 0] = (word64)((sword64) (d[ 0]) << 0) + | (word64)((sword64) (d[ 1]) << 8) + | (word64)((sword64) (d[ 2]) << 16) + | (word64)((sword64) (d[ 3]) << 24) + | (word64)((sword64) (d[ 4]) << 32) + | (word64)((sword64) (d[ 5]) << 40) + | (word64)((sword64) (d[ 6]) << 48); + dd[ 1] = (word64)((sword64) (d[ 7]) << 0) + | (word64)((sword64) (d[ 8]) << 8) + | (word64)((sword64) (d[ 9]) << 16) + | (word64)((sword64) (d[10]) << 24) + | (word64)((sword64) (d[11]) << 32) + | (word64)((sword64) (d[12]) << 40) + | (word64)((sword64) (d[13]) << 48); + dd[ 2] = (word64)((sword64) (d[14]) << 0) + | (word64)((sword64) (d[15]) << 8) + | (word64)((sword64) (d[16]) << 16) + | (word64)((sword64) (d[17]) << 24) + | (word64)((sword64) (d[18]) << 32) + | (word64)((sword64) (d[19]) << 40) + | (word64)((sword64) (d[20]) << 48); + dd[ 3] = (word64)((sword64) (d[21]) << 0) + | (word64)((sword64) (d[22]) << 8) + | (word64)((sword64) (d[23]) << 16) + | (word64)((sword64) (d[24]) << 24) + | (word64)((sword64) (d[25]) << 32) + | (word64)((sword64) (d[26]) << 40) + | (word64)((sword64) (d[27]) << 48); + dd[ 4] = (word64)((sword64) (d[28]) << 0) + | (word64)((sword64) (d[29]) << 8) + | (word64)((sword64) (d[30]) << 16) + | (word64)((sword64) (d[31]) << 24) + | (word64)((sword64) (d[32]) << 32) + | (word64)((sword64) (d[33]) << 40) + | (word64)((sword64) (d[34]) << 48); + dd[ 5] = (word64)((sword64) (d[35]) << 0) + | (word64)((sword64) (d[36]) << 8) + | (word64)((sword64) (d[37]) << 16) + | (word64)((sword64) (d[38]) << 24) + | (word64)((sword64) (d[39]) << 32) + | (word64)((sword64) (d[40]) << 40) + | (word64)((sword64) (d[41]) << 48); + dd[ 6] = (word64)((sword64) (d[42]) << 0) + | (word64)((sword64) (d[43]) << 8) + | (word64)((sword64) (d[44]) << 16) + | (word64)((sword64) (d[45]) << 24) + | (word64)((sword64) (d[46]) << 32) + | (word64)((sword64) (d[47]) << 40) + | (word64)((sword64) (d[48]) << 48); + dd[ 7] = (word64)((sword64) (d[49]) << 0) + | (word64)((sword64) (d[50]) << 8) + | (word64)((sword64) (d[51]) << 16) + | (word64)((sword64) (d[52]) << 24) + | (word64)((sword64) (d[53]) << 32) + | (word64)((sword64) (d[54]) << 40) + | (word64)((sword64) (d[55]) << 48); /* a * b + d */ - t[ 0] = (word128)dd[ 0] + (sword128)ad[ 0] * bd[ 0]; - t[ 1] = (word128)dd[ 1] + (sword128)ad[ 0] * bd[ 1] - + (sword128)ad[ 1] * bd[ 0]; - t[ 2] = (word128)dd[ 2] + (sword128)ad[ 0] * bd[ 2] - + (sword128)ad[ 1] * bd[ 1] - + (sword128)ad[ 2] * bd[ 0]; - t[ 3] = (word128)dd[ 3] + (sword128)ad[ 0] * bd[ 3] - + (sword128)ad[ 1] * bd[ 2] - + (sword128)ad[ 2] * bd[ 1] - + (sword128)ad[ 3] * bd[ 0]; - t[ 4] = (word128)dd[ 4] + (sword128)ad[ 0] * bd[ 4] + t[ 0] = (word128)dd[ 0] + (word128)((sword128)ad[ 0] * bd[ 0]); + t[ 1] = (word128)dd[ 1] + (word128)((sword128)ad[ 0] * bd[ 1] + + (sword128)ad[ 1] * bd[ 0]); + t[ 2] = (word128)dd[ 2] + (word128)((sword128)ad[ 0] * bd[ 2] + + (sword128)ad[ 1] * bd[ 1] + + (sword128)ad[ 2] * bd[ 0]); + t[ 3] = (word128)dd[ 3] + (word128)((sword128)ad[ 0] * bd[ 3] + + (sword128)ad[ 1] * bd[ 2] + + (sword128)ad[ 2] * bd[ 1] + + (sword128)ad[ 3] * bd[ 0]); + t[ 4] = (word128)dd[ 4] + (word128)((sword128)ad[ 0] * bd[ 4] + (sword128)ad[ 1] * bd[ 3] + (sword128)ad[ 2] * bd[ 2] + (sword128)ad[ 3] * bd[ 1] - + (sword128)ad[ 4] * bd[ 0]; - t[ 5] = (word128)dd[ 5] + (sword128)ad[ 0] * bd[ 5] + + (sword128)ad[ 4] * bd[ 0]); + t[ 5] = (word128)dd[ 5] + (word128)((sword128)ad[ 0] * bd[ 5] + (sword128)ad[ 1] * bd[ 4] + (sword128)ad[ 2] * bd[ 3] + (sword128)ad[ 3] * bd[ 2] + (sword128)ad[ 4] * bd[ 1] - + (sword128)ad[ 5] * bd[ 0]; - t[ 6] = (word128)dd[ 6] + (sword128)ad[ 0] * bd[ 6] + + (sword128)ad[ 5] * bd[ 0]); + t[ 6] = (word128)dd[ 6] + (word128)((sword128)ad[ 0] * bd[ 6] + (sword128)ad[ 1] * bd[ 5] + (sword128)ad[ 2] * bd[ 4] + (sword128)ad[ 3] * bd[ 3] + (sword128)ad[ 4] * bd[ 2] + (sword128)ad[ 5] * bd[ 1] - + (sword128)ad[ 6] * bd[ 0]; - t[ 7] = (word128)dd[ 7] + (sword128)ad[ 0] * bd[ 7] + + (sword128)ad[ 6] * bd[ 0]); + t[ 7] = (word128)dd[ 7] + (word128)((sword128)ad[ 0] * bd[ 7] + (sword128)ad[ 1] * bd[ 6] + (sword128)ad[ 2] * bd[ 5] + (sword128)ad[ 3] * bd[ 4] + (sword128)ad[ 4] * bd[ 3] + (sword128)ad[ 5] * bd[ 2] + (sword128)ad[ 6] * bd[ 1] - + (sword128)ad[ 7] * bd[ 0]; - t[ 8] = (word128) (sword128)ad[ 1] * bd[ 7] + + (sword128)ad[ 7] * bd[ 0]); + t[ 8] = (word128) ((sword128)ad[ 1] * bd[ 7] + (sword128)ad[ 2] * bd[ 6] + (sword128)ad[ 3] * bd[ 5] + (sword128)ad[ 4] * bd[ 4] + (sword128)ad[ 5] * bd[ 3] + (sword128)ad[ 6] * bd[ 2] - + (sword128)ad[ 7] * bd[ 1]; - t[ 9] = (word128) (sword128)ad[ 2] * bd[ 7] + + (sword128)ad[ 7] * bd[ 1]); + t[ 9] = (word128) ((sword128)ad[ 2] * bd[ 7] + (sword128)ad[ 3] * bd[ 6] + (sword128)ad[ 4] * bd[ 5] + (sword128)ad[ 5] * bd[ 4] + (sword128)ad[ 6] * bd[ 3] - + (sword128)ad[ 7] * bd[ 2]; - t[10] = (word128) (sword128)ad[ 3] * bd[ 7] + + (sword128)ad[ 7] * bd[ 2]); + t[10] = (word128) ((sword128)ad[ 3] * bd[ 7] + (sword128)ad[ 4] * bd[ 6] + (sword128)ad[ 5] * bd[ 5] + (sword128)ad[ 6] * bd[ 4] - + (sword128)ad[ 7] * bd[ 3]; - t[11] = (word128) (sword128)ad[ 4] * bd[ 7] + + (sword128)ad[ 7] * bd[ 3]); + t[11] = (word128) ((sword128)ad[ 4] * bd[ 7] + (sword128)ad[ 5] * bd[ 6] + (sword128)ad[ 6] * bd[ 5] - + (sword128)ad[ 7] * bd[ 4]; - t[12] = (word128) (sword128)ad[ 5] * bd[ 7] + + (sword128)ad[ 7] * bd[ 4]); + t[12] = (word128) ((sword128)ad[ 5] * bd[ 7] + (sword128)ad[ 6] * bd[ 6] - + (sword128)ad[ 7] * bd[ 5]; - t[13] = (word128) (sword128)ad[ 6] * bd[ 7] - + (sword128)ad[ 7] * bd[ 6]; + + (sword128)ad[ 7] * bd[ 5]); + t[13] = (word128) ((sword128)ad[ 6] * bd[ 7] + + (sword128)ad[ 7] * bd[ 6]); t[14] = (word128) (sword128)ad[ 7] * bd[ 7]; t[15] = 0; @@ -1044,6 +1068,41 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) o = rd[ 4] >> 56; rd[ 5] += o; rd[ 4] = rd[ 4] & 0xffffffffffffff; o = rd[ 5] >> 56; rd[ 6] += o; rd[ 5] = rd[ 5] & 0xffffffffffffff; o = rd[ 6] >> 56; rd[ 7] += o; rd[ 6] = rd[ 6] & 0xffffffffffffff; + /* Reduce to mod order. */ + u = 0; + u += (sword64)rd[0] - (sword64)0x078c292ab5844f3L; u >>= 56; + u += (sword64)rd[1] - (sword64)0x0c2728dc58f5523L; u >>= 56; + u += (sword64)rd[2] - (sword64)0x049aed63690216cL; u >>= 56; + u += (sword64)rd[3] - (sword64)0x07cca23e9c44edbL; u >>= 56; + u += (sword64)rd[4] - (sword64)0x0ffffffffffffffL; u >>= 56; + u += (sword64)rd[5] - (sword64)0x0ffffffffffffffL; u >>= 56; + u += (sword64)rd[6] - (sword64)0x0ffffffffffffffL; u >>= 56; + u += (sword64)rd[7] - (sword64)0x03fffffffffffffL; u >>= 56; + o = (word64)0 - (u >= 0); + u = 0; + u += (sword64)rd[0] - (sword64)((word64)0x078c292ab5844f3L & o); + rd[0] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[1] - (sword64)((word64)0x0c2728dc58f5523L & o); + rd[1] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[2] - (sword64)((word64)0x049aed63690216cL & o); + rd[2] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[3] - (sword64)((word64)0x07cca23e9c44edbL & o); + rd[3] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[4] - (sword64)((word64)0x0ffffffffffffffL & o); + rd[4] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[5] - (sword64)((word64)0x0ffffffffffffffL & o); + rd[5] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[6] - (sword64)((word64)0x0ffffffffffffffL & o); + rd[6] = u & 0xffffffffffffff; + u >>= 56; + u += (sword64)rd[7] - (sword64)((word64)0x03fffffffffffffL & o); + rd[7] = u & 0xffffffffffffff; /* Convert to bytes */ r[ 0] = (byte)(rd[0 ] >> 0); @@ -5072,6 +5131,8 @@ static const ge448_precomp base_i[16] = { /* Reduce scalar mod the order of the curve. * Scalar Will be 114 bytes. * + * Only performs a weak reduce. + * * b [in] Scalar to reduce. */ void sc448_reduce(byte* b) @@ -5453,56 +5514,56 @@ void sc448_reduce(byte* b) b[ 0] = (byte)(d[0 ] >> 0); b[ 1] = (byte)(d[0 ] >> 8); b[ 2] = (byte)(d[0 ] >> 16); - b[ 3] = (byte)((d[0 ] >> 24) + ((d[1 ] >> 0) << 4)); + b[ 3] = (byte)(d[0 ] >> 24) + (byte)((d[1 ] >> 0) << 4); b[ 4] = (byte)(d[1 ] >> 4); b[ 5] = (byte)(d[1 ] >> 12); b[ 6] = (byte)(d[1 ] >> 20); b[ 7] = (byte)(d[2 ] >> 0); b[ 8] = (byte)(d[2 ] >> 8); b[ 9] = (byte)(d[2 ] >> 16); - b[10] = (byte)((d[2 ] >> 24) + ((d[3 ] >> 0) << 4)); + b[10] = (byte)(d[2 ] >> 24) + (byte)((d[3 ] >> 0) << 4); b[11] = (byte)(d[3 ] >> 4); b[12] = (byte)(d[3 ] >> 12); b[13] = (byte)(d[3 ] >> 20); b[14] = (byte)(d[4 ] >> 0); b[15] = (byte)(d[4 ] >> 8); b[16] = (byte)(d[4 ] >> 16); - b[17] = (byte)((d[4 ] >> 24) + ((d[5 ] >> 0) << 4)); + b[17] = (byte)(d[4 ] >> 24) + (byte)((d[5 ] >> 0) << 4); b[18] = (byte)(d[5 ] >> 4); b[19] = (byte)(d[5 ] >> 12); b[20] = (byte)(d[5 ] >> 20); b[21] = (byte)(d[6 ] >> 0); b[22] = (byte)(d[6 ] >> 8); b[23] = (byte)(d[6 ] >> 16); - b[24] = (byte)((d[6 ] >> 24) + ((d[7 ] >> 0) << 4)); + b[24] = (byte)(d[6 ] >> 24) + (byte)((d[7 ] >> 0) << 4); b[25] = (byte)(d[7 ] >> 4); b[26] = (byte)(d[7 ] >> 12); b[27] = (byte)(d[7 ] >> 20); b[28] = (byte)(d[8 ] >> 0); b[29] = (byte)(d[8 ] >> 8); b[30] = (byte)(d[8 ] >> 16); - b[31] = (byte)((d[8 ] >> 24) + ((d[9 ] >> 0) << 4)); + b[31] = (byte)(d[8 ] >> 24) + (byte)((d[9 ] >> 0) << 4); b[32] = (byte)(d[9 ] >> 4); b[33] = (byte)(d[9 ] >> 12); b[34] = (byte)(d[9 ] >> 20); b[35] = (byte)(d[10] >> 0); b[36] = (byte)(d[10] >> 8); b[37] = (byte)(d[10] >> 16); - b[38] = (byte)((d[10] >> 24) + ((d[11] >> 0) << 4)); + b[38] = (byte)(d[10] >> 24) + (byte)((d[11] >> 0) << 4); b[39] = (byte)(d[11] >> 4); b[40] = (byte)(d[11] >> 12); b[41] = (byte)(d[11] >> 20); b[42] = (byte)(d[12] >> 0); b[43] = (byte)(d[12] >> 8); b[44] = (byte)(d[12] >> 16); - b[45] = (byte)((d[12] >> 24) + ((d[13] >> 0) << 4)); + b[45] = (byte)(d[12] >> 24) + (byte)((d[13] >> 0) << 4); b[46] = (byte)(d[13] >> 4); b[47] = (byte)(d[13] >> 12); b[48] = (byte)(d[13] >> 20); b[49] = (byte)(d[14] >> 0); b[50] = (byte)(d[14] >> 8); b[51] = (byte)(d[14] >> 16); - b[52] = (byte)((d[14] >> 24) + ((d[15] >> 0) << 4)); + b[52] = (byte)(d[14] >> 24) + (byte)((d[15] >> 0) << 4); b[53] = (byte)(d[15] >> 4); b[54] = (byte)(d[15] >> 12); b[55] = (byte)(d[15] >> 20); @@ -5522,6 +5583,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) word64 t[32]; word64 c; word32 o; + sword32 u; /* Load from bytes */ ad[ 0] = (((sword32)((a[ 0] ) >> 0)) << 0) @@ -6201,61 +6263,112 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) o = rd[12] >> 28; rd[13] += o; rd[12] = rd[12] & 0xfffffff; o = rd[13] >> 28; rd[14] += o; rd[13] = rd[13] & 0xfffffff; o = rd[14] >> 28; rd[15] += o; rd[14] = rd[14] & 0xfffffff; + /* Reduce to mod order. */ + u = 0; + u += (sword32)(rd[0] - (sword32)0x0b5844f3L); u >>= 28; + u += (sword32)(rd[1] - (sword32)0x078c292aL); u >>= 28; + u += (sword32)(rd[2] - (sword32)0x058f5523L); u >>= 28; + u += (sword32)(rd[3] - (sword32)0x0c2728dcL); u >>= 28; + u += (sword32)(rd[4] - (sword32)0x0690216cL); u >>= 28; + u += (sword32)(rd[5] - (sword32)0x049aed63L); u >>= 28; + u += (sword32)(rd[6] - (sword32)0x09c44edbL); u >>= 28; + u += (sword32)(rd[7] - (sword32)0x07cca23eL); u >>= 28; + u += (sword32)(rd[8] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[9] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[10] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[11] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[12] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[13] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[14] - (sword32)0x0fffffffL); u >>= 28; + u += (sword32)(rd[15] - (sword32)0x03ffffffL); u >>= 28; + o = (word32)0 - (u >= 0); + u = 0; + u += (sword32)(rd[0] - ((word32)0x0b5844f3L & o)); rd[0] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[1] - ((word32)0x078c292aL & o)); rd[1] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[2] - ((word32)0x058f5523L & o)); rd[2] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[3] - ((word32)0x0c2728dcL & o)); rd[3] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[4] - ((word32)0x0690216cL & o)); rd[4] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[5] - ((word32)0x049aed63L & o)); rd[5] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[6] - ((word32)0x09c44edbL & o)); rd[6] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[7] - ((word32)0x07cca23eL & o)); rd[7] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[8] - ((word32)0x0fffffffL & o)); rd[8] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[9] - ((word32)0x0fffffffL & o)); rd[9] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[10] - ((word32)0x0fffffffL & o)); rd[10] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[11] - ((word32)0x0fffffffL & o)); rd[11] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[12] - ((word32)0x0fffffffL & o)); rd[12] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[13] - ((word32)0x0fffffffL & o)); rd[13] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[14] - ((word32)0x0fffffffL & o)); rd[14] = u & 0xfffffff; + u >>= 28; + u += (sword32)(rd[15] - ((word32)0x03ffffffL & o)); rd[15] = u & 0xfffffff; /* Convert to bytes */ r[ 0] = (byte)(rd[0 ] >> 0); r[ 1] = (byte)(rd[0 ] >> 8); r[ 2] = (byte)(rd[0 ] >> 16); - r[ 3] = (byte)((rd[0 ] >> 24) + ((rd[1 ] >> 0) << 4)); + r[ 3] = (byte)(rd[0 ] >> 24) + (byte)((rd[1 ] >> 0) << 4); r[ 4] = (byte)(rd[1 ] >> 4); r[ 5] = (byte)(rd[1 ] >> 12); r[ 6] = (byte)(rd[1 ] >> 20); r[ 7] = (byte)(rd[2 ] >> 0); r[ 8] = (byte)(rd[2 ] >> 8); r[ 9] = (byte)(rd[2 ] >> 16); - r[10] = (byte)((rd[2 ] >> 24) + ((rd[3 ] >> 0) << 4)); + r[10] = (byte)(rd[2 ] >> 24) + (byte)((rd[3 ] >> 0) << 4); r[11] = (byte)(rd[3 ] >> 4); r[12] = (byte)(rd[3 ] >> 12); r[13] = (byte)(rd[3 ] >> 20); r[14] = (byte)(rd[4 ] >> 0); r[15] = (byte)(rd[4 ] >> 8); r[16] = (byte)(rd[4 ] >> 16); - r[17] = (byte)((rd[4 ] >> 24) + ((rd[5 ] >> 0) << 4)); + r[17] = (byte)(rd[4 ] >> 24) + (byte)((rd[5 ] >> 0) << 4); r[18] = (byte)(rd[5 ] >> 4); r[19] = (byte)(rd[5 ] >> 12); r[20] = (byte)(rd[5 ] >> 20); r[21] = (byte)(rd[6 ] >> 0); r[22] = (byte)(rd[6 ] >> 8); r[23] = (byte)(rd[6 ] >> 16); - r[24] = (byte)((rd[6 ] >> 24) + ((rd[7 ] >> 0) << 4)); + r[24] = (byte)(rd[6 ] >> 24) + (byte)((rd[7 ] >> 0) << 4); r[25] = (byte)(rd[7 ] >> 4); r[26] = (byte)(rd[7 ] >> 12); r[27] = (byte)(rd[7 ] >> 20); r[28] = (byte)(rd[8 ] >> 0); r[29] = (byte)(rd[8 ] >> 8); r[30] = (byte)(rd[8 ] >> 16); - r[31] = (byte)((rd[8 ] >> 24) + ((rd[9 ] >> 0) << 4)); + r[31] = (byte)(rd[8 ] >> 24) + (byte)((rd[9 ] >> 0) << 4); r[32] = (byte)(rd[9 ] >> 4); r[33] = (byte)(rd[9 ] >> 12); r[34] = (byte)(rd[9 ] >> 20); r[35] = (byte)(rd[10] >> 0); r[36] = (byte)(rd[10] >> 8); r[37] = (byte)(rd[10] >> 16); - r[38] = (byte)((rd[10] >> 24) + ((rd[11] >> 0) << 4)); + r[38] = (byte)(rd[10] >> 24) + (byte)((rd[11] >> 0) << 4); r[39] = (byte)(rd[11] >> 4); r[40] = (byte)(rd[11] >> 12); r[41] = (byte)(rd[11] >> 20); r[42] = (byte)(rd[12] >> 0); r[43] = (byte)(rd[12] >> 8); r[44] = (byte)(rd[12] >> 16); - r[45] = (byte)((rd[12] >> 24) + ((rd[13] >> 0) << 4)); + r[45] = (byte)(rd[12] >> 24) + (byte)((rd[13] >> 0) << 4); r[46] = (byte)(rd[13] >> 4); r[47] = (byte)(rd[13] >> 12); r[48] = (byte)(rd[13] >> 20); r[49] = (byte)(rd[14] >> 0); r[50] = (byte)(rd[14] >> 8); r[51] = (byte)(rd[14] >> 16); - r[52] = (byte)((rd[14] >> 24) + ((rd[15] >> 0) << 4)); + r[52] = (byte)(rd[14] >> 24) + (byte)((rd[15] >> 0) << 4); r[53] = (byte)(rd[15] >> 4); r[54] = (byte)(rd[15] >> 12); r[55] = (byte)(rd[15] >> 20); @@ -10456,7 +10569,7 @@ void ge448_to_bytes(byte *b, const ge448_p2 *p) fe448_mul(x, p->X, recip); fe448_mul(y, p->Y, recip); fe448_to_bytes(b, y); - b[56] = (byte)fe448_isnegative(x) << 7; + b[56] = (byte)((byte)fe448_isnegative(x) << 7); } /* Convert point to byte array assuming z is 1. @@ -10467,7 +10580,7 @@ void ge448_to_bytes(byte *b, const ge448_p2 *p) static void ge448_p2z1_to_bytes(byte *b, const ge448_p2 *p) { fe448_to_bytes(b, p->Y); - b[56] = (byte)fe448_isnegative(p->X) << 7; + b[56] = (byte)((byte)fe448_isnegative(p->X) << 7); } /* Compress the point to y-ordinate and negative bit. @@ -10589,20 +10702,20 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a) carry = 0; for (i = 0; i < 56; ++i) { - e[2 * i + 0] = ((a[i] >> 0) & 0xf) + carry; - carry = e[2 * i + 0] + 8; + e[2 * i + 0] = (byte)(((a[i] >> 0) & 0xf) + carry); + carry = (byte)(e[2 * i + 0] + 8); carry >>= 4; - e[2 * i + 0] -= (byte)(carry << 4); + e[2 * i + 0] = (byte)(e[2 * i + 0] - (byte)(carry << 4)); - e[2 * i + 1] = ((a[i] >> 4) & 0xf) + carry; - carry = e[2 * i + 1] + 8; - carry >>= 4; - e[2 * i + 1] -= (byte)(carry << 4); + e[2 * i + 1] = (byte)(((a[i] >> 4) & 0xf) + carry); + carry = (byte)(e[2 * i + 1] + 8); + carry = (byte)(carry >> 4); + e[2 * i + 1] = (byte)(e[2 * i + 1] - (carry << 4)); } e[112] = carry; /* each e[i] is between -8 and 8 */ - /* Odd indeces first - sum based on even index so multiply by 16 */ + /* Odd indices first - sum based on even index so multiply by 16 */ ge448_select(t, 0, e[1]); fe448_copy(r->X, t->x); fe448_copy(r->Y, t->y); @@ -10617,7 +10730,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a) ge448_dbl(r, r); ge448_dbl(r, r); - /* Add even indeces */ + /* Add even indices */ for (i = 0; i <= 112; i += 2) { ge448_select(t, i / 2, e[i]); ge448_madd(r, r, t); @@ -10633,7 +10746,7 @@ int ge448_scalarmult_base(ge448_p2* r, const byte* a) /* Create to a sliding window for the scalar multiplicaton. * - * r [in] Array of indeces. + * r [in] Array of indices. * a [in] Scalar to break up. */ static void slide(sword8 *r, const byte *a) @@ -10657,11 +10770,11 @@ static void slide(sword8 *r, const byte *a) } if (r[i] + (r[i + b] << b) <= 31) { - r[i] += (sword8)(r[i + b] << b); + r[i] = (sword8)(r[i] + (r[i + b] << b)); r[i + b] = 0; } else if (r[i] - (r[i + b] << b) >= -31) { - r[i] -= (sword8)(r[i + b] << b); + r[i] = (sword8)(r[i] - (r[i + b] << b)); for (k = i + b; k < 448; ++k) { if (!r[k]) { r[k] = 1; diff --git a/src/wolfcrypt/src/ge_low_mem.c b/src/wolfcrypt/src/ge_low_mem.c index df747a1..cb505af 100644 --- a/src/wolfcrypt/src/ge_low_mem.c +++ b/src/wolfcrypt/src/ge_low_mem.c @@ -512,6 +512,33 @@ int ge_frombytes_negate_vartime(ge_p3 *p,const unsigned char *s) return ret; } +#ifdef WOLFSSL_CHECK_VER_FAULTS +/* return 0 if equal and -1 if not equal */ +static int ge_equal(ge a, ge b) +{ + if (XMEMCMP(a, b, sizeof(ge)) == 0) { + return 0; + } + else { + return -1; + } +} + +/* returns 0 if a == b */ +static int ge_p3_equal(ge_p3* a, ge_p3* b) +{ + int ret = 0; + + ret |= ge_equal(a->X, b->X); + ret |= ge_equal(a->Y, b->Y); + ret |= ge_equal(a->Z, b->Z); + ret |= ge_equal(a->T, b->T); + + return ret; +} +#endif + + int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h, const ge_p3 *inA,const unsigned char *sig) @@ -526,9 +553,19 @@ int ge_double_scalarmult_vartime(ge_p2* R, const unsigned char *h, /* find H(R,A,M) * -A */ ed25519_smult(&A, &A, h); +#ifdef WOLFSSL_CHECK_VER_FAULTS + if (ge_p3_equal(&A, (ge_p3*)inA) == 0) { + ret = BAD_STATE_E; + } +#endif /* SB + -H(R,A,M)A */ ed25519_add(&A, &p, &A); +#ifdef WOLFSSL_CHECK_VER_FAULTS + if (ge_p3_equal(&A, &p) == 0) { + ret = BAD_STATE_E; + } +#endif lm_copy(R->X, A.X); lm_copy(R->Y, A.Y); diff --git a/src/wolfcrypt/src/ge_operations.c b/src/wolfcrypt/src/ge_operations.c index bcf9d35..4a50d46 100644 --- a/src/wolfcrypt/src/ge_operations.c +++ b/src/wolfcrypt/src/ge_operations.c @@ -9125,12 +9125,12 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a) carry = 0; for (i = 0;i < 63;++i) { - e[i] += carry; - carry = e[i] + 8; - carry >>= 4; - e[i] -= (signed char)(carry << 4); + e[i] = (signed char)(e[i] + carry); + carry = (signed char)(e[i] + 8); + carry = (signed char)(carry >> 4); + e[i] = (signed char)(e[i] - (carry << 4)); } - e[63] += carry; + e[63] = (signed char)(e[63] + carry); /* each e[i] is between -8 and 8 */ #ifndef CURVED25519_ASM @@ -9190,9 +9190,10 @@ static void slide(signed char *r,const unsigned char *a) for (b = 1;b <= 6 && i + b < SLIDE_SIZE;++b) { if (r[i + b]) { if (r[i] + (r[i + b] << b) <= 15) { - r[i] += (signed char)(r[i + b] << b); r[i + b] = 0; + r[i] = (signed char)(r[i] + (r[i + b] << b)); + r[i + b] = 0; } else if (r[i] - (r[i + b] << b) >= -15) { - r[i] -= (signed char)(r[i + b] << b); + r[i] = (signed char)(r[i] - (r[i + b] << b)); for (k = i + b;k < SLIDE_SIZE;++k) { if (!r[k]) { r[k] = 1; @@ -9467,6 +9468,13 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, ge_p1p1_to_p2(r,t); } +#ifdef WOLFSSL_CHECK_VER_FAULTS + if (i != -1) { + /* did not go through whole loop */ + return BAD_STATE_E; + } +#endif + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) out: diff --git a/src/wolfcrypt/src/hash.c b/src/wolfcrypt/src/hash.c index b16c47d..4850a84 100644 --- a/src/wolfcrypt/src/hash.c +++ b/src/wolfcrypt/src/hash.c @@ -322,12 +322,12 @@ int wc_HashGetDigestSize(enum wc_HashType hash_type) { case WC_HASH_TYPE_MD2: #ifdef WOLFSSL_MD2 - dig_size = MD2_DIGEST_SIZE; + dig_size = WC_MD2_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_MD4: #ifndef NO_MD4 - dig_size = MD4_DIGEST_SIZE; + dig_size = WC_MD4_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_MD5: @@ -441,12 +441,12 @@ int wc_HashGetBlockSize(enum wc_HashType hash_type) { case WC_HASH_TYPE_MD2: #ifdef WOLFSSL_MD2 - block_size = MD2_BLOCK_SIZE; + block_size = WC_MD2_BLOCK_SIZE; #endif break; case WC_HASH_TYPE_MD4: #ifndef NO_MD4 - block_size = MD4_BLOCK_SIZE; + block_size = WC_MD4_BLOCK_SIZE; #endif break; case WC_HASH_TYPE_MD5: diff --git a/src/wolfcrypt/src/hmac.c b/src/wolfcrypt/src/hmac.c index 47f8f13..65dbf66 100644 --- a/src/wolfcrypt/src/hmac.c +++ b/src/wolfcrypt/src/hmac.c @@ -24,6 +24,7 @@ #include #endif +#include #include #include #include @@ -266,6 +267,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, return BAD_FUNC_ARG; } + heap = hmac->heap; #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) /* if set key has already been run then make sure and free existing */ /* This is for async and PIC32MZ situations, and just normally OK, @@ -273,7 +275,13 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, available in FIPS builds. In current FIPS builds, the hashes are not allocating resources. */ if (hmac->macType != WC_HASH_TYPE_NONE) { + #ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; + #endif wc_HmacFree(hmac); + #ifdef WOLF_CRYPTO_CB + hmac->devId = devId; + #endif } #endif diff --git a/src/wolfcrypt/src/hpke.c b/src/wolfcrypt/src/hpke.c index 450ee73..02e189b 100644 --- a/src/wolfcrypt/src/hpke.c +++ b/src/wolfcrypt/src/hpke.c @@ -256,13 +256,13 @@ int wc_HpkeInit(Hpke* hpke, int kem, int kdf, int aead, void* heap) case HPKE_AES_128_GCM: hpke->Nk = AES_128_KEY_SIZE; hpke->Nn = GCM_NONCE_MID_SZ; - hpke->Nt = AES_BLOCK_SIZE; + hpke->Nt = WC_AES_BLOCK_SIZE; break; case HPKE_AES_256_GCM: hpke->Nk = AES_256_KEY_SIZE; hpke->Nn = GCM_NONCE_MID_SZ; - hpke->Nt = AES_BLOCK_SIZE; + hpke->Nt = WC_AES_BLOCK_SIZE; break; default: diff --git a/src/wolfcrypt/src/kdf.c b/src/wolfcrypt/src/kdf.c index 1bb338e..c45c635 100644 --- a/src/wolfcrypt/src/kdf.c +++ b/src/wolfcrypt/src/kdf.c @@ -24,6 +24,7 @@ #include #endif +#include #include #include #include @@ -941,11 +942,11 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx, } else { /* XOR in as bit shifted index. */ - block[WC_SRTP_MAX_SALT - indexSz] ^= index[0] >> bits; + block[WC_SRTP_MAX_SALT - indexSz] ^= (byte)(index[0] >> bits); for (i = 1; i < indexSz; i++) { block[i + WC_SRTP_MAX_SALT - indexSz] ^= - (index[i-1] << (8 - bits)) | - (index[i+0] >> bits ); + (byte)((index[i-1] << (8 - bits)) | + (index[i+0] >> bits )); } } } @@ -968,7 +969,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, int i; int ret = 0; /* Calculate the number of full blocks needed for derived key. */ - int blocks = (int)(keySz / AES_BLOCK_SIZE); + int blocks = (int)(keySz / WC_AES_BLOCK_SIZE); /* XOR in label. */ block[WC_SRTP_MAX_SALT - indexSz - 1] ^= label; @@ -976,19 +977,19 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, /* Set counter. */ block[15] = (byte)i; /* Encrypt block into key buffer. */ - ret = wc_AesEcbEncrypt(aes, key, block, AES_BLOCK_SIZE); + ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE); /* Reposition for more derived key. */ - key += AES_BLOCK_SIZE; + key += WC_AES_BLOCK_SIZE; /* Reduce the count of key bytes required. */ - keySz -= AES_BLOCK_SIZE; + keySz -= WC_AES_BLOCK_SIZE; } /* Do any partial blocks. */ if ((ret == 0) && (keySz > 0)) { - byte enc[AES_BLOCK_SIZE]; + byte enc[WC_AES_BLOCK_SIZE]; /* Set counter. */ block[15] = (byte)i; /* Encrypt block into temporary. */ - ret = wc_AesEcbEncrypt(aes, enc, block, AES_BLOCK_SIZE); + ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE); if (ret == 0) { /* Copy into key required amount. */ XMEMCPY(key, enc, keySz); @@ -1029,7 +1030,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, word32 key2Sz, byte* key3, word32 key3Sz) { int ret = 0; - byte block[AES_BLOCK_SIZE]; + byte block[WC_AES_BLOCK_SIZE]; #ifdef WOLFSSL_SMALL_STACK Aes* aes = NULL; #else @@ -1124,7 +1125,7 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator) { int ret = 0; - byte block[AES_BLOCK_SIZE]; + byte block[WC_AES_BLOCK_SIZE]; #ifdef WOLFSSL_SMALL_STACK Aes* aes = NULL; #else @@ -1233,7 +1234,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, word32 outKeySz) { int ret = 0; - byte block[AES_BLOCK_SIZE]; + byte block[WC_AES_BLOCK_SIZE]; #ifdef WOLFSSL_SMALL_STACK Aes* aes = NULL; #else @@ -1316,7 +1317,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt, word32 outKeySz) { int ret = 0; - byte block[AES_BLOCK_SIZE]; + byte block[WC_AES_BLOCK_SIZE]; #ifdef WOLFSSL_SMALL_STACK Aes* aes = NULL; #else diff --git a/src/wolfcrypt/src/md2.c b/src/wolfcrypt/src/md2.c index c28a049..07ad963 100644 --- a/src/wolfcrypt/src/md2.c +++ b/src/wolfcrypt/src/md2.c @@ -40,16 +40,16 @@ #endif -void wc_InitMd2(Md2* md2) +void wc_InitMd2(wc_Md2* md2) { - XMEMSET(md2->X, 0, MD2_X_SIZE); - XMEMSET(md2->C, 0, MD2_BLOCK_SIZE); - XMEMSET(md2->buffer, 0, MD2_BLOCK_SIZE); + XMEMSET(md2->X, 0, WC_MD2_X_SIZE); + XMEMSET(md2->C, 0, WC_MD2_BLOCK_SIZE); + XMEMSET(md2->buffer, 0, WC_MD2_BLOCK_SIZE); md2->count = 0; } -void wc_Md2Update(Md2* md2, const byte* data, word32 len) +void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len) { static const byte S[256] = { @@ -74,30 +74,30 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len) }; while (len) { - word32 L = (MD2_PAD_SIZE - md2->count) < len ? - (MD2_PAD_SIZE - md2->count) : len; + word32 L = (WC_MD2_PAD_SIZE - md2->count) < len ? + (WC_MD2_PAD_SIZE - md2->count) : len; XMEMCPY(md2->buffer + md2->count, data, L); md2->count += L; data += L; len -= L; - if (md2->count == MD2_PAD_SIZE) { + if (md2->count == WC_MD2_PAD_SIZE) { int i; byte t; md2->count = 0; - XMEMCPY(md2->X + MD2_PAD_SIZE, md2->buffer, MD2_PAD_SIZE); + XMEMCPY(md2->X + WC_MD2_PAD_SIZE, md2->buffer, WC_MD2_PAD_SIZE); t = md2->C[15]; - for(i = 0; i < MD2_PAD_SIZE; i++) { - md2->X[32 + i] = md2->X[MD2_PAD_SIZE + i] ^ md2->X[i]; + for(i = 0; i < WC_MD2_PAD_SIZE; i++) { + md2->X[32 + i] = md2->X[WC_MD2_PAD_SIZE + i] ^ md2->X[i]; t = md2->C[i] ^= S[md2->buffer[i] ^ t]; } t=0; for(i = 0; i < 18; i++) { int j; - for(j = 0; j < MD2_X_SIZE; j += 8) { + for(j = 0; j < WC_MD2_X_SIZE; j += 8) { t = md2->X[j+0] ^= S[t]; t = md2->X[j+1] ^= S[t]; t = md2->X[j+2] ^= S[t]; @@ -114,19 +114,19 @@ void wc_Md2Update(Md2* md2, const byte* data, word32 len) } -void wc_Md2Final(Md2* md2, byte* hash) +void wc_Md2Final(wc_Md2* md2, byte* hash) { - byte padding[MD2_BLOCK_SIZE]; - word32 padLen = MD2_PAD_SIZE - md2->count; + byte padding[WC_MD2_BLOCK_SIZE]; + word32 padLen = WC_MD2_PAD_SIZE - md2->count; word32 i; for (i = 0; i < padLen; i++) padding[i] = (byte)padLen; wc_Md2Update(md2, padding, padLen); /* cppcheck-suppress uninitvar */ - wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE); + wc_Md2Update(md2, md2->C, WC_MD2_BLOCK_SIZE); - XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE); + XMEMCPY(hash, md2->X, WC_MD2_DIGEST_SIZE); wc_InitMd2(md2); } @@ -135,13 +135,13 @@ void wc_Md2Final(Md2* md2, byte* hash) int wc_Md2Hash(const byte* data, word32 len, byte* hash) { #ifdef WOLFSSL_SMALL_STACK - Md2* md2; + wc_Md2* md2; #else - Md2 md2[1]; + wc_Md2 md2[1]; #endif #ifdef WOLFSSL_SMALL_STACK - md2 = (Md2*)XMALLOC(sizeof(Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER); + md2 = (wc_Md2*)XMALLOC(sizeof(wc_Md2), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (md2 == NULL) return MEMORY_E; #endif diff --git a/src/wolfcrypt/src/md4.c b/src/wolfcrypt/src/md4.c index 65b4dc2..592a0a3 100644 --- a/src/wolfcrypt/src/md4.c +++ b/src/wolfcrypt/src/md4.c @@ -37,7 +37,7 @@ #endif -void wc_InitMd4(Md4* md4) +void wc_InitMd4(wc_Md4* md4) { md4->digest[0] = 0x67452301L; md4->digest[1] = 0xefcdab89L; @@ -50,7 +50,7 @@ void wc_InitMd4(Md4* md4) } -static void Transform(Md4* md4) +static void Transform(wc_Md4* md4) { #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) #define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) @@ -130,7 +130,7 @@ static void Transform(Md4* md4) } -static WC_INLINE void AddLength(Md4* md4, word32 len) +static WC_INLINE void AddLength(wc_Md4* md4, word32 len) { word32 tmp = md4->loLen; if ( (md4->loLen += len) < tmp) @@ -138,32 +138,32 @@ static WC_INLINE void AddLength(Md4* md4, word32 len) } -void wc_Md4Update(Md4* md4, const byte* data, word32 len) +void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len) { /* do block size increments */ byte* local = (byte*)md4->buffer; while (len) { - word32 add = min(len, MD4_BLOCK_SIZE - md4->buffLen); + word32 add = min(len, WC_MD4_BLOCK_SIZE - md4->buffLen); XMEMCPY(&local[md4->buffLen], data, add); md4->buffLen += add; data += add; len -= add; - if (md4->buffLen == MD4_BLOCK_SIZE) { + if (md4->buffLen == WC_MD4_BLOCK_SIZE) { #ifdef BIG_ENDIAN_ORDER - ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE); + ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE); #endif Transform(md4); - AddLength(md4, MD4_BLOCK_SIZE); + AddLength(md4, WC_MD4_BLOCK_SIZE); md4->buffLen = 0; } } } -void wc_Md4Final(Md4* md4, byte* hash) +void wc_Md4Final(wc_Md4* md4, byte* hash) { byte* local = (byte*)md4->buffer; @@ -172,17 +172,17 @@ void wc_Md4Final(Md4* md4, byte* hash) local[md4->buffLen++] = 0x80; /* add 1 */ /* pad with zeros */ - if (md4->buffLen > MD4_PAD_SIZE) { - XMEMSET(&local[md4->buffLen], 0, MD4_BLOCK_SIZE - md4->buffLen); - md4->buffLen += MD4_BLOCK_SIZE - md4->buffLen; + if (md4->buffLen > WC_MD4_PAD_SIZE) { + XMEMSET(&local[md4->buffLen], 0, WC_MD4_BLOCK_SIZE - md4->buffLen); + md4->buffLen += WC_MD4_BLOCK_SIZE - md4->buffLen; #ifdef BIG_ENDIAN_ORDER - ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE); + ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE); #endif Transform(md4); md4->buffLen = 0; } - XMEMSET(&local[md4->buffLen], 0, MD4_PAD_SIZE - md4->buffLen); + XMEMSET(&local[md4->buffLen], 0, WC_MD4_PAD_SIZE - md4->buffLen); /* put lengths in bits */ md4->hiLen = (md4->loLen >> (8*sizeof(md4->loLen) - 3)) + @@ -191,17 +191,17 @@ void wc_Md4Final(Md4* md4, byte* hash) /* store lengths */ #ifdef BIG_ENDIAN_ORDER - ByteReverseWords(md4->buffer, md4->buffer, MD4_BLOCK_SIZE); + ByteReverseWords(md4->buffer, md4->buffer, WC_MD4_BLOCK_SIZE); #endif /* ! length ordering dependent on digest endian type ! */ - XMEMCPY(&local[MD4_PAD_SIZE], &md4->loLen, sizeof(word32)); - XMEMCPY(&local[MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32)); + XMEMCPY(&local[WC_MD4_PAD_SIZE], &md4->loLen, sizeof(word32)); + XMEMCPY(&local[WC_MD4_PAD_SIZE + sizeof(word32)], &md4->hiLen, sizeof(word32)); Transform(md4); #ifdef BIG_ENDIAN_ORDER - ByteReverseWords(md4->digest, md4->digest, MD4_DIGEST_SIZE); + ByteReverseWords(md4->digest, md4->digest, WC_MD4_DIGEST_SIZE); #endif - XMEMCPY(hash, md4->digest, MD4_DIGEST_SIZE); + XMEMCPY(hash, md4->digest, WC_MD4_DIGEST_SIZE); wc_InitMd4(md4); /* reset state */ } diff --git a/src/wolfcrypt/src/md5.c b/src/wolfcrypt/src/md5.c index f6ca240..557de7c 100644 --- a/src/wolfcrypt/src/md5.c +++ b/src/wolfcrypt/src/md5.c @@ -48,7 +48,7 @@ /* Hardware Acceleration */ -#if defined(STM32_HASH) +#if defined(STM32_HASH) && !defined(STM32_NOMD5) /* Supports CubeMX HAL or Standard Peripheral Library */ #define HAVE_MD5_CUST_API diff --git a/src/wolfcrypt/src/memory.c b/src/wolfcrypt/src/memory.c index 75d0389..4fd648a 100644 --- a/src/wolfcrypt/src/memory.c +++ b/src/wolfcrypt/src/memory.c @@ -69,9 +69,9 @@ Possible memory options: void *z_realloc(void *ptr, size_t size) { if (ptr == NULL) - ptr = malloc(size); + ptr = malloc(size); /* native heap */ else - ptr = realloc(ptr, size); + ptr = realloc(ptr, size); /* native heap */ return ptr; } @@ -360,7 +360,7 @@ void* wolfSSL_Malloc(size_t size) } #endif - res = malloc(size); + res = malloc(size); /* native heap */ #else WOLFSSL_MSG("No malloc available"); #endif @@ -401,7 +401,7 @@ void* wolfSSL_Malloc(size_t size) #endif } else { - free(res); /* clear */ + free(res); /* native heap */ } gMemFailCount = gMemFailCountSeed; /* reset */ return NULL; @@ -445,7 +445,7 @@ void wolfSSL_Free(void *ptr) } else { #ifndef WOLFSSL_NO_MALLOC - free(ptr); + free(ptr); /* native heap */ #else WOLFSSL_MSG("No free available"); #endif @@ -503,7 +503,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size) } else { #ifndef WOLFSSL_NO_MALLOC - res = realloc(ptr, size); + res = realloc(ptr, size); /* native heap */ #else WOLFSSL_MSG("No realloc available"); #endif @@ -669,7 +669,7 @@ static int wc_partition_static_memory(byte* buffer, word32 sz, int flag, } static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz, - const unsigned int* sizeList, const unsigned int* distList) + const word32 *sizeList, const word32 *distList) { unsigned int i; @@ -695,8 +695,8 @@ static int wc_init_memory_heap(WOLFSSL_HEAP* heap, unsigned int listSz, } int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, - unsigned int listSz, const unsigned int* sizeList, - const unsigned int* distList, unsigned char* buf, + unsigned int listSz, const word32 *sizeList, + const word32 *distList, unsigned char *buf, unsigned int sz, int flag, int maxSz) { WOLFSSL_HEAP* heap = NULL; @@ -773,13 +773,8 @@ int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf, unsigned int sz, int flag, int maxSz) { -#ifdef WOLFSSL_LEAN_STATIC_PSK - word16 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; - byte distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; -#else word32 sizeList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_BUCKETS }; word32 distList[WOLFMEM_DEF_BUCKETS] = { WOLFMEM_DIST }; -#endif int ret = 0; WOLFSSL_ENTER("wc_LoadStaticMemory"); @@ -817,7 +812,7 @@ int wolfSSL_MemoryPaddingSz(void) /* Used to calculate memory size for optimum use with buckets. returns the suggested size rounded down to the nearest bucket. */ int wolfSSL_StaticBufferSz_ex(unsigned int listSz, - const unsigned int *sizeList, const unsigned int *distList, + const word32 *sizeList, const word32 *distList, byte* buffer, word32 sz, int flag) { word32 ava = sz; @@ -1002,7 +997,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) /* check for testing heap hint was set */ #ifdef WOLFSSL_HEAP_TEST if (heap == (void*)WOLFSSL_HEAP_TEST) { - return malloc(size); + return malloc(size); /* native heap */ } #endif @@ -1013,7 +1008,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) if (type == DYNAMIC_TYPE_CTX || type == DYNAMIC_TYPE_METHOD || type == DYNAMIC_TYPE_CERT_MANAGER) { WOLFSSL_MSG("ERROR allowing null heap hint for ctx/method"); - res = malloc(size); + res = malloc(size); /* native heap */ } else { WOLFSSL_MSG("ERROR null heap hint passed into XMALLOC"); @@ -1022,15 +1017,16 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) #else #ifndef WOLFSSL_NO_MALLOC #ifdef FREERTOS - res = pvPortMalloc(size); + res = pvPortMalloc(size); /* native heap */ #elif defined(WOLFSSL_EMBOS) res = OS_HEAP_malloc(size); #else - res = malloc(size); + res = malloc(size); /* native heap */ #endif #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Alloc: %p -> %u at %s:%d\n", res, (word32)size, func, line); + fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%d\n", heap, + res, (word32)size, func, line); #endif #else WOLFSSL_MSG("No heap hint found to use and no malloc"); @@ -1097,8 +1093,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) } #ifdef WOLFSSL_DEBUG_STATIC_MEMORY else { - fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size, - mem->sizeList[i]); + fprintf(stderr, "Size: %lu, Empty: %d\n", + (unsigned long) size, mem->sizeList[i]); } #endif } @@ -1114,7 +1110,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) #ifdef WOLFSSL_DEBUG_MEMORY pt->szUsed = size; - fprintf(stderr, "Alloc: %p -> %lu at %s:%d\n", pt->buffer, size, func, line); + fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%d\n", heap, + pt->buffer, size, func, line); #endif #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK if (DebugCb) { @@ -1143,8 +1140,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) WOLFSSL_MSG("ERROR ran out of static memory"); res = NULL; #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func, - line); + fprintf(stderr, "Looking for %lu bytes at %s:%d\n", + (unsigned long) size, func, line); #endif #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK if (DebugCb) { @@ -1187,9 +1184,10 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #ifdef WOLFSSL_HEAP_TEST if (heap == (void*)WOLFSSL_HEAP_TEST) { #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Free: %p at %s:%d\n", pt, func, line); + fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func, + line); #endif - return free(ptr); + return free(ptr); /* native heap */ } #endif @@ -1205,15 +1203,16 @@ void wolfSSL_Free(void *ptr, void* heap, int type) } #endif #ifndef WOLFSSL_NO_MALLOC + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func, + line); + #endif #ifdef FREERTOS - vPortFree(ptr); + vPortFree(ptr); /* native heap */ #elif defined(WOLFSSL_EMBOS) - OS_HEAP_free(ptr); + OS_HEAP_free(ptr); /* native heap */ #else - free(ptr); - #endif - #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line); + free(ptr); /* native heap */ #endif #else WOLFSSL_MSG("Error trying to call free when turned off"); @@ -1286,8 +1285,8 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #endif #ifdef WOLFSSL_DEBUG_MEMORY - fprintf (stderr, "Free: %p -> %u at %s:%d\n", pt->buffer, - pt->szUsed, func, line); + fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%d\n", heap, + pt->buffer, pt->szUsed, func, line); #endif #ifndef WOLFSSL_STATIC_MEMORY_LEAN @@ -1335,7 +1334,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) /* check for testing heap hint was set */ #ifdef WOLFSSL_HEAP_TEST if (heap == (void*)WOLFSSL_HEAP_TEST) { - return realloc(ptr, size); + return realloc(ptr, size); /* native heap */ } #endif @@ -1344,7 +1343,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) WOLFSSL_MSG("ERROR null heap hint passed in to XREALLOC"); #endif #ifndef WOLFSSL_NO_MALLOC - res = realloc(ptr, size); + res = realloc(ptr, size); /* native heap */ #else WOLFSSL_MSG("NO heap found to use for realloc"); #endif /* WOLFSSL_NO_MALLOC */ @@ -1493,7 +1492,7 @@ void* XMALLOC(size_t n, void* heap, int type) return NULL; } - return malloc(n); + return malloc(n); /* native heap */ } void* XREALLOC(void *p, size_t n, void* heap, int type) @@ -1514,7 +1513,7 @@ void* XREALLOC(void *p, size_t n, void* heap, int type) return NULL; } - return realloc(p, n); + return realloc(p, n); /* native heap */ } void XFREE(void *p, void* heap, int type) @@ -1527,7 +1526,7 @@ void XFREE(void *p, void* heap, int type) if (type == DYNAMIC_TYPE_OUT_BUFFER) return; /* do nothing, static pool */ - free(p); + free(p); /* native heap */ } #endif /* HAVE_IO_POOL */ @@ -1554,7 +1553,7 @@ void *xmalloc(size_t n, void* heap, int type, const char* func, #endif } else - p32 = malloc(n + sizeof(word32) * 4); + p32 = malloc(n + sizeof(word32) * 4); /* native heap */ if (p32 != NULL) { p32[0] = (word32)n; @@ -1597,7 +1596,7 @@ void *xrealloc(void *p, size_t n, void* heap, int type, const char* func, #endif } else - p32 = realloc(oldp32, n + sizeof(word32) * 4); + p32 = realloc(oldp32, n + sizeof(word32) * 4); /* native heap */ if (p32 != NULL) { p32[0] = (word32)n; @@ -1643,7 +1642,7 @@ void xfree(void *p, void* heap, int type, const char* func, const char* file, #endif } else - free(p32); + free(p32); /* native heap */ } (void)heap; diff --git a/src/wolfcrypt/src/misc.c b/src/wolfcrypt/src/misc.c index e4b53d9..c37e2dc 100644 --- a/src/wolfcrypt/src/misc.c +++ b/src/wolfcrypt/src/misc.c @@ -115,23 +115,19 @@ masking and clearing memory logic. #endif -#ifdef WC_RC2 - /* This routine performs a left circular arithmetic shift of by value */ WC_MISC_STATIC WC_INLINE word16 rotlFixed16(word16 x, word16 y) { - return (x << y) | (x >> (sizeof(x) * 8 - y)); + return (word16)((x << y) | (x >> (sizeof(x) * 8U - y))); } /* This routine performs a right circular arithmetic shift of by value */ WC_MISC_STATIC WC_INLINE word16 rotrFixed16(word16 x, word16 y) { - return (x >> y) | (x << (sizeof(x) * 8 - y)); + return (word16)((x >> y) | (x << (sizeof(x) * 8U - y))); } -#endif /* WC_RC2 */ - /* This routine performs a byte swap of 32-bit word value. */ #if defined(__CCRX__) && !defined(NO_INLINE) /* shortest version for CC-RX */ #define ByteReverseWord32(value) _builtin_revl(value) @@ -200,7 +196,7 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, byteCount &= ~0x3U; - for (i = 0; i < byteCount; i += sizeof(word32)) { + for (i = 0; i < byteCount; i += (word32)sizeof(word32)) { XMEMCPY(&scratch, in_bytes + i, sizeof(scratch)); scratch = ByteReverseWord32(scratch); XMEMCPY(out_bytes + i, &scratch, sizeof(scratch)); @@ -209,6 +205,53 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, #endif } +WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) + return *(word32 *)in; + else { + word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ + XMEMCPY(&out, in, sizeof(out)); + return out; + } +} + +WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) + *(word32 *)out = in; + else { + XMEMCPY(out, &in, sizeof(in)); + } + return in; +} + +WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in, + size_t count) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) { + const word32 *in_word32 = (const word32 *)in; + while (count-- > 0) + *out++ = *in_word32++; + } + else { + XMEMCPY(out, in, count * sizeof(*out)); + } +} + +WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in, + size_t count) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) { + word32 *out_word32 = (word32 *)out; + while (count-- > 0) + *out_word32++ = *in++; + } + else { + XMEMCPY(out, in, count * sizeof(*in)); + } +} + #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) @@ -216,8 +259,8 @@ WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) return *(word64 *)in; else { - word64 out; - XMEMCPY(&out, in, sizeof(word64)); + word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ + XMEMCPY(&out, in, sizeof(out)); return out; } } @@ -227,7 +270,7 @@ WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in) if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) *(word64 *)out = in; else { - XMEMCPY(out, &in, sizeof(word64)); + XMEMCPY(out, &in, sizeof(in)); } return in; } @@ -241,7 +284,7 @@ WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in, *out++ = *in_word64++; } else { - XMEMCPY(out, in, count * sizeof(word64)); + XMEMCPY(out, in, count * sizeof(*out)); } } @@ -254,7 +297,7 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in, *out_word64++ = *in++; } else { - XMEMCPY(out, in, count * sizeof(word64)); + XMEMCPY(out, in, count * sizeof(*in)); } } @@ -576,11 +619,11 @@ WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch) { signed char ret = (signed char)ch; if (ret >= '0' && ret <= '9') - ret -= '0'; + ret = (signed char)(ret - '0'); else if (ret >= 'A' && ret <= 'F') - ret -= 'A' - 10; + ret = (signed char)(ret - ('A' - 10)); else if (ret >= 'a' && ret <= 'f') - ret -= 'a' - 10; + ret = (signed char)(ret - ('a' - 10)); else ret = -1; /* error case - return code must be signed */ return ret; diff --git a/src/wolfcrypt/src/pkcs12.c b/src/wolfcrypt/src/pkcs12.c index e8cc11e..07ff1ad 100644 --- a/src/wolfcrypt/src/pkcs12.c +++ b/src/wolfcrypt/src/pkcs12.c @@ -978,7 +978,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) totalSz += 4; /* Element */ - totalSz += 2 + sizeof(WC_PKCS12_DATA_OID); + totalSz += 2U + (word32)sizeof(WC_PKCS12_DATA_OID); totalSz += 4; /* Seq */ @@ -1037,7 +1037,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) /* OID */ idx += (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), &buf[idx]); XMEMCPY(&buf[idx], WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID)); - idx += sizeof(WC_PKCS12_DATA_OID); + idx += (word32)sizeof(WC_PKCS12_DATA_OID); /* Element */ buf[idx++] = ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC; @@ -2080,12 +2080,12 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, /* calculate size */ totalSz = (word32)SetObjectId(sizeof(WC_PKCS12_ENCRYPTED_OID), seq); - totalSz += sizeof(WC_PKCS12_ENCRYPTED_OID); + totalSz += (word32)sizeof(WC_PKCS12_ENCRYPTED_OID); totalSz += ASN_TAG_SZ; length = (word32)SetMyVersion(0, seq, 0); tmpSz = (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), seq); - tmpSz += sizeof(WC_PKCS12_DATA_OID); + tmpSz += (word32)sizeof(WC_PKCS12_DATA_OID); tmpSz += encSz; length += SetSequence(tmpSz, seq) + tmpSz; outerSz = SetSequence(length, seq) + length; @@ -2108,7 +2108,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, } XMEMCPY(out + idx, WC_PKCS12_ENCRYPTED_OID, sizeof(WC_PKCS12_ENCRYPTED_OID)); - idx += sizeof(WC_PKCS12_ENCRYPTED_OID); + idx += (word32)sizeof(WC_PKCS12_ENCRYPTED_OID); if (idx + 1 > *outSz){ return BUFFER_E; @@ -2149,7 +2149,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, return BUFFER_E; } XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID)); - idx += sizeof(WC_PKCS12_DATA_OID); + idx += (word32)sizeof(WC_PKCS12_DATA_OID); /* copy over encrypted data */ if (idx + encSz > *outSz){ @@ -2171,7 +2171,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, if (type == WC_PKCS12_DATA) { /* calculate size */ totalSz = (word32)SetObjectId(sizeof(WC_PKCS12_DATA_OID), seq); - totalSz += sizeof(WC_PKCS12_DATA_OID); + totalSz += (word32)sizeof(WC_PKCS12_DATA_OID); totalSz += ASN_TAG_SZ; length = SetOctetString(contentSz, seq); @@ -2197,7 +2197,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, return BUFFER_E; } XMEMCPY(out + idx, WC_PKCS12_DATA_OID, sizeof(WC_PKCS12_DATA_OID)); - idx += sizeof(WC_PKCS12_DATA_OID); + idx += (word32)sizeof(WC_PKCS12_DATA_OID); if (idx + 1 > *outSz){ return BUFFER_E; diff --git a/src/wolfcrypt/src/pkcs7.c b/src/wolfcrypt/src/pkcs7.c index bb37054..a96f537 100644 --- a/src/wolfcrypt/src/pkcs7.c +++ b/src/wolfcrypt/src/pkcs7.c @@ -128,7 +128,7 @@ struct PKCS7State { /* creates a PKCS7State structure and returns 0 on success */ -static int wc_PKCS7_CreateStream(PKCS7* pkcs7) +static int wc_PKCS7_CreateStream(wc_PKCS7* pkcs7) { WOLFSSL_MSG("creating PKCS7 stream structure"); pkcs7->stream = (PKCS7State*)XMALLOC(sizeof(PKCS7State), pkcs7->heap, @@ -144,7 +144,7 @@ static int wc_PKCS7_CreateStream(PKCS7* pkcs7) } -static void wc_PKCS7_ResetStream(PKCS7* pkcs7) +static void wc_PKCS7_ResetStream(wc_PKCS7* pkcs7) { if (pkcs7 != NULL && pkcs7->stream != NULL) { #ifdef WC_PKCS7_STREAM_DEBUG @@ -211,7 +211,7 @@ static void wc_PKCS7_ResetStream(PKCS7* pkcs7) } -static void wc_PKCS7_FreeStream(PKCS7* pkcs7) +static void wc_PKCS7_FreeStream(wc_PKCS7* pkcs7) { if (pkcs7 != NULL && pkcs7->stream != NULL) { wc_PKCS7_ResetStream(pkcs7); @@ -228,7 +228,7 @@ static void wc_PKCS7_FreeStream(PKCS7* pkcs7) /* used to increase the max size for internal buffer * returns 0 on success */ -static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz) +static int wc_PKCS7_GrowStream(wc_PKCS7* pkcs7, word32 newSz) { byte* pt; pt = (byte*)XMALLOC(newSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -257,7 +257,7 @@ static int wc_PKCS7_GrowStream(PKCS7* pkcs7, word32 newSz) * Sets idx to be the current offset into "pt" buffer * returns 0 on success */ -static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_AddDataToStream(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32 expected, byte** pt, word32* idx) { word32 rdSz = pkcs7->stream->idx; @@ -335,7 +335,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz, /* setter function for stored variables */ -static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2, +static void wc_PKCS7_StreamStoreVar(wc_PKCS7* pkcs7, word32 var1, int var2, int var3) { if (pkcs7 != NULL && pkcs7->stream != NULL) { @@ -348,7 +348,7 @@ static void wc_PKCS7_StreamStoreVar(PKCS7* pkcs7, word32 var1, int var2, /* Tries to peek at the SEQ and get the length * returns 0 on success */ -static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz) +static int wc_PKCS7_SetMaxStream(wc_PKCS7* pkcs7, byte* in, word32 defSz) { /* check there is a buffer to read from */ if (pkcs7) { @@ -397,7 +397,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz) /* getter function for stored variables */ -static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2, +static void wc_PKCS7_StreamGetVar(wc_PKCS7* pkcs7, word32* var1, int* var2, int* var3) { if (pkcs7 != NULL && pkcs7->stream != NULL) { @@ -410,7 +410,7 @@ static void wc_PKCS7_StreamGetVar(PKCS7* pkcs7, word32* var1, int* var2, /* common update of index and total read after section complete * returns 0 on success */ -static int wc_PKCS7_StreamEndCase(PKCS7* pkcs7, word32* tmpIdx, word32* idx) +static int wc_PKCS7_StreamEndCase(wc_PKCS7* pkcs7, word32* tmpIdx, word32* idx) { int ret = 0; @@ -497,7 +497,7 @@ static const char* wc_PKCS7_GetStateName(int in) /* Used to change the PKCS7 state. Having state change as a function allows * for easier debugging */ -static void wc_PKCS7_ChangeState(PKCS7* pkcs7, int newState) +static void wc_PKCS7_ChangeState(wc_PKCS7* pkcs7, int newState) { #ifdef WC_PKCS7_STREAM_DEBUG printf("\tChanging from state [%02d] %s to [%02d] %s\n", @@ -695,7 +695,7 @@ static int wc_PKCS7_GetOIDBlockSize(int oid) case AES256CCMb: #endif #endif - blockSz = AES_BLOCK_SIZE; + blockSz = WC_AES_BLOCK_SIZE; break; #endif /* !NO_AES */ @@ -782,11 +782,11 @@ static int wc_PKCS7_GetOIDKeySize(int oid) } -PKCS7* wc_PKCS7_New(void* heap, int devId) +wc_PKCS7* wc_PKCS7_New(void* heap, int devId) { - PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7); + wc_PKCS7* pkcs7 = (wc_PKCS7*)XMALLOC(sizeof(wc_PKCS7), heap, DYNAMIC_TYPE_PKCS7); if (pkcs7) { - XMEMSET(pkcs7, 0, sizeof(PKCS7)); + XMEMSET(pkcs7, 0, sizeof(wc_PKCS7)); if (wc_PKCS7_Init(pkcs7, heap, devId) == 0) { pkcs7->isDynamic = 1; } @@ -807,7 +807,7 @@ PKCS7* wc_PKCS7_New(void* heap, int devId) * * returns 0 on success or a negative value for failure */ -int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) +int wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId) { word16 isDynamic; @@ -818,7 +818,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) } isDynamic = pkcs7->isDynamic; - XMEMSET(pkcs7, 0, sizeof(PKCS7)); + XMEMSET(pkcs7, 0, sizeof(wc_PKCS7)); pkcs7->isDynamic = (isDynamic != 0); #ifdef WOLFSSL_HEAP_TEST pkcs7->heap = (void*)WOLFSSL_HEAP_TEST; @@ -831,7 +831,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) } #ifdef WC_ASN_UNKNOWN_EXT_CB -void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb) +void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7, wc_UnknownExtCallback cb) { if (pkcs7 != NULL) { pkcs7->unknownExtCallback = cb; @@ -860,7 +860,7 @@ struct Pkcs7EncodedRecip { /* free all members of Pkcs7Cert linked list */ -static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7) +static void wc_PKCS7_FreeCertSet(wc_PKCS7* pkcs7) { Pkcs7Cert* curr = NULL; Pkcs7Cert* next = NULL; @@ -885,7 +885,7 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7) /* Get total size of all recipients in recipient list. * * Returns total size of recipients, or negative upon error */ -static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7) +static int wc_PKCS7_GetRecipientListSize(wc_PKCS7* pkcs7) { word32 totalSz = 0; Pkcs7EncodedRecip* tmp = NULL; @@ -905,7 +905,7 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7) /* free all members of Pkcs7EncodedRecip linked list */ -static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7) +static void wc_PKCS7_FreeEncodedRecipientSet(wc_PKCS7* pkcs7) { Pkcs7EncodedRecip* curr = NULL; Pkcs7EncodedRecip* next = NULL; @@ -930,7 +930,7 @@ static void wc_PKCS7_FreeEncodedRecipientSet(PKCS7* pkcs7) /* search through RecipientInfo list for specific type. * return 1 if ANY recipient of type specified is present, otherwise * return 0 */ -static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type) +static int wc_PKCS7_RecipientListIncludesType(wc_PKCS7* pkcs7, int type) { Pkcs7EncodedRecip* tmp = NULL; @@ -952,7 +952,7 @@ static int wc_PKCS7_RecipientListIncludesType(PKCS7* pkcs7, int type) /* searches through RecipientInfo list, returns 1 if all structure * versions are set to 0, otherwise returns 0 */ -static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7) +static int wc_PKCS7_RecipientListVersionsAllZero(wc_PKCS7* pkcs7) { Pkcs7EncodedRecip* tmp = NULL; @@ -979,7 +979,7 @@ static int wc_PKCS7_RecipientListVersionsAllZero(PKCS7* pkcs7) * keySz - size of key, octets * * Returns 0 on success, negative on error */ -static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID, +static int wc_PKCS7_CheckPublicKeyDer(wc_PKCS7* pkcs7, int keyOID, const byte* key, word32 keySz) { int ret = 0; @@ -1075,7 +1075,7 @@ static int wc_PKCS7_CheckPublicKeyDer(PKCS7* pkcs7, int keyOID, /* Init PKCS7 struct with recipient cert, decode into DecodedCert * NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */ -int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) +int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz) { int ret = 0; void* heap; @@ -1226,7 +1226,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) * This API does not currently validate certificates. * * Returns 0 on success, negative upon error */ -int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* derCert, word32 derCertSz) +int wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* derCert, word32 derCertSz) { Pkcs7Cert* cert; @@ -1276,7 +1276,7 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap) /* return 0 on success */ -static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7) +static int wc_PKCS7_SignerInfoNew(wc_PKCS7* pkcs7) { XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->signerInfo = NULL; @@ -1292,7 +1292,7 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7) } -static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7) +static void wc_PKCS7_SignerInfoFree(wc_PKCS7* pkcs7) { if (pkcs7->signerInfo != NULL) { XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -1306,7 +1306,7 @@ static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7) /* free's any current SID and sets it to "in" * returns 0 on success */ -static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz) +static int wc_PKCS7_SignerInfoSetSID(wc_PKCS7* pkcs7, byte* in, int inSz) { if (pkcs7 == NULL || in == NULL || inSz < 0) { return BAD_FUNC_ARG; @@ -1326,7 +1326,7 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz) /* releases any memory allocated by a PKCS7 initializer */ -void wc_PKCS7_Free(PKCS7* pkcs7) +void wc_PKCS7_Free(wc_PKCS7* pkcs7) { if (pkcs7 == NULL) return; @@ -1391,7 +1391,7 @@ void wc_PKCS7_Free(PKCS7* pkcs7) /* helper function for parsing through attributes and finding a specific one. * returns PKCS7DecodedAttrib pointer on success */ -static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidSz) +static PKCS7DecodedAttrib* findAttrib(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz) { PKCS7DecodedAttrib* list; @@ -1446,7 +1446,7 @@ static PKCS7DecodedAttrib* findAttrib(PKCS7* pkcs7, const byte* oid, word32 oidS * * returns size of value on success */ -int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz, +int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz, byte* out, word32* outSz) { PKCS7DecodedAttrib* attrib; @@ -1475,7 +1475,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz, /* build PKCS#7 data content type */ -int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz) +int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) { static const byte oid[] = { ASN_OBJECT_ID, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, @@ -1615,7 +1615,7 @@ static FlatAttrib* NewAttrib(void* heap) } /* Free FlatAttrib array and memory allocated to internal struct members */ -static void FreeAttribArray(PKCS7* pkcs7, FlatAttrib** arr, int rows) +static void FreeAttribArray(wc_PKCS7* pkcs7, FlatAttrib** arr, int rows) { int i; @@ -1675,7 +1675,7 @@ static int SortAttribArray(FlatAttrib** arr, int rows) /* Build up array of FlatAttrib structs from EncodedAttrib ones. FlatAttrib * holds flattened DER encoding of each attribute */ -static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, +static int FlattenEncodedAttribs(wc_PKCS7* pkcs7, FlatAttrib** derArr, int rows, EncodedAttrib* ea, int eaSz) { int i; @@ -1720,7 +1720,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, /* Sort and Flatten EncodedAttrib attributes into output buffer */ -static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea, +static int FlattenAttributes(wc_PKCS7* pkcs7, byte* output, EncodedAttrib* ea, int eaSz) { int i, ret; @@ -1779,7 +1779,7 @@ static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea, #ifndef NO_RSA -static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey) +static int wc_PKCS7_ImportRSA(wc_PKCS7* pkcs7, RsaKey* privKey) { int ret; word32 idx; @@ -1822,7 +1822,7 @@ static int wc_PKCS7_ImportRSA(PKCS7* pkcs7, RsaKey* privKey) /* returns size of signature put into out, negative on error */ -static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) +static int wc_PKCS7_RsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) { int ret; #ifdef WOLFSSL_SMALL_STACK @@ -1873,7 +1873,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) #ifdef HAVE_ECC -static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey) +static int wc_PKCS7_ImportECC(wc_PKCS7* pkcs7, ecc_key* privKey) { int ret; word32 idx; @@ -1912,7 +1912,7 @@ static int wc_PKCS7_ImportECC(PKCS7* pkcs7, ecc_key* privKey) /* returns size of signature put into out, negative on error */ -static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) +static int wc_PKCS7_EcdsaSign(wc_PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) { int ret; word32 outSz; @@ -1964,7 +1964,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) #endif /* HAVE_ECC */ /* returns encContentDigestSz based on the signature set to be used */ -static int wc_PKCS7_GetSignSize(PKCS7* pkcs7) +static int wc_PKCS7_GetSignSize(wc_PKCS7* pkcs7) { int ret = 0; @@ -2031,7 +2031,7 @@ static int wc_PKCS7_GetSignSize(PKCS7* pkcs7) * esd - pointer to initialized ESD structure, used for output * * return 0 on success, negative on error */ -static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, +static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd, const byte* contentType, word32 contentTypeSz, const byte* contentTypeOid, word32 contentTypeOidSz, const byte* messageDigestOid, word32 messageDigestOidSz, @@ -2138,7 +2138,7 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, * digEncAlgoType - [OUT] output for algo ID type * * return 0 on success, negative on error */ -static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId, +static int wc_PKCS7_SignedDataGetEncAlgoId(wc_PKCS7* pkcs7, int* digEncAlgoId, int* digEncAlgoType) { int algoId = 0; @@ -2281,7 +2281,7 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId, * digestInfoSz - [IN/OUT] - input size of array, size of digestInfo * * return 0 on success, negative on error */ -static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, +static int wc_PKCS7_BuildDigestInfo(wc_PKCS7* pkcs7, byte* flatSignedAttribs, word32 flatSignedAttribsSz, ESD* esd, byte* digestInfo, word32* digestInfoSz) { @@ -2367,7 +2367,7 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, * esd - pointer to initialized ESD struct * * returns length of signature on success, negative on error */ -static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, +static int wc_PKCS7_SignedDataBuildSignature(wc_PKCS7* pkcs7, byte* flatSignedAttribs, word32 flatSignedAttribsSz, ESD* esd) @@ -2487,7 +2487,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, * @param esd Pointer to an ESD structure for digest calculation. * @return Returns 0 on success, and a negative value on failure. */ -static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, +static int wc_PKCS7_EncodeContentStreamHelper(wc_PKCS7* pkcs7, int cipherType, Aes* aes, byte* encContentOut, byte* contentData, int contentDataSz, byte* out, word32* outIdx, ESD* esd) { @@ -2553,10 +2553,10 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, * * Returns 0 on success */ #ifndef NO_AES -static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, Aes* aes, +static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, Aes* aes, byte* in, int inSz, byte* out, int cipherType) #else -static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, +static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes, byte* in, int inSz, byte* out, int cipherType) #endif { @@ -2749,7 +2749,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, /* build PKCS#7 signedData content type */ /* To get the output size then set output = 0 and *outputSz = 0 */ -static int PKCS7_EncodeSigned(PKCS7* pkcs7, +static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* output, word32* outputSz, byte* output2, word32* output2Sz) { @@ -3413,7 +3413,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, * pkcs7->contentSz: Must be provided as actual sign of raw data * return codes: 0=success, negative=error */ -int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, word32* outputFootSz) { @@ -3443,7 +3443,7 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, /* Sets a custom SKID in PKCS7 struct, used before calling an encode operation * Returns 0 on success, negative upon error. */ -int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, word16 inSz) +int wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in, word16 inSz) { int ret = 0; @@ -3487,7 +3487,7 @@ int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, word16 inSz) * flag - turn on/off detached signature generation (1 or 0) * * Returns 0 on success, negative upon error. */ -int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag) +int wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag) { if (pkcs7 == NULL || (flag != 0 && flag != 1)) return BAD_FUNC_ARG; @@ -3508,7 +3508,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag) * pkcs7 - pointer to initialized PKCS7 structure * * Returns 0 on success, negative upon error. */ -int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7) +int wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7) { return wc_PKCS7_SetDefaultSignedAttribs(pkcs7, WOLFSSL_NO_ATTRIBUTES); } @@ -3525,7 +3525,7 @@ int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7) * pkcs7 - pointer to initialized PKCS7 structure * * Returns 0 on success, negative upon error. */ -int wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag) +int wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag) { if (pkcs7 == NULL) { return BAD_FUNC_ARG; @@ -3554,7 +3554,7 @@ int wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag) /* return codes: >0: Size of signed PKCS7 output buffer, negative: error */ -int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) +int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) { int ret; @@ -3623,7 +3623,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) * outputSz - size of output buffer, octets * * Returns length of generated bundle on success, negative upon error. */ -int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey, +int wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey, word32 privateKeySz, int signOID, int hashOID, byte* content, word32 contentSz, PKCS7Attrib* signedAttribs, word32 signedAttribsSz, @@ -3692,7 +3692,7 @@ int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey, * outputSz - size of output buffer, octets * * Returns length of generated bundle on success, negative upon error. */ -int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, +int wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7, byte* encryptKey, word32 encryptKeySz, byte* privateKey, word32 privateKeySz, int encryptOID, int signOID, int hashOID, @@ -3800,7 +3800,7 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, * outputSz - size of output buffer, octets * * Returns length of generated bundle on success, negative upon error. */ -int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey, +int wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7, byte* privateKey, word32 privateKeySz, int signOID, int hashOID, byte* content, word32 contentSz, @@ -3904,7 +3904,7 @@ int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, byte* privateKey, * outputSz - size of output buffer, octets * * Returns length of generated bundle on success, negative upon error. */ -int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey, +int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7, byte* encryptKey, word32 encryptKeySz, byte* privateKey, word32 privateKeySz, int encryptOID, int signOID, int hashOID, byte* content, @@ -4018,7 +4018,7 @@ int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, byte* encryptKey, #ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK /* register raw RSA sign digest callback */ -int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb) +int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb) { if (pkcs7 == NULL || cb == NULL) { return BAD_FUNC_ARG; @@ -4031,7 +4031,7 @@ int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, CallbackRsaSignRawDigest cb) #endif /* returns size of signature put into out, negative on error */ -static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, +static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz, byte* hash, word32 hashSz) { int ret = 0, i; @@ -4163,7 +4163,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, #ifdef HAVE_ECC /* returns size of signature put into out, negative on error */ -static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, +static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz, byte* hash, word32 hashSz) { int ret = 0, i; @@ -4302,7 +4302,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, * plainDigestSz - [OUT] size of digest at plainDigest * * returns 0 on success, negative on error */ -static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, +static int wc_PKCS7_BuildSignedDataDigest(wc_PKCS7* pkcs7, byte* signedAttrib, word32 signedAttribSz, byte* pkcs7Digest, word32* pkcs7DigestSz, byte** plainDigest, word32* plainDigestSz, @@ -4441,7 +4441,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, * hashBufSz - size of hashBuf, octets * * return 0 on success, negative on error */ -static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, +static int wc_PKCS7_VerifyContentMessageDigest(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz) { @@ -4586,7 +4586,7 @@ static int wc_PKCS7_VerifyContentMessageDigest(PKCS7* pkcs7, * signedAttribSz - size of signedAttributes * * return 0 on success, negative on error */ -static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, +static int wc_PKCS7_SignedDataVerifySignature(wc_PKCS7* pkcs7, byte* sig, word32 sigSz, byte* signedAttrib, word32 signedAttribSz, const byte* hashBuf, word32 hashSz) @@ -4742,7 +4742,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, /* set correct public key OID based on signature OID, stores in * pkcs7->publicKeyOID and returns same value */ -static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) +static int wc_PKCS7_SetPublicKeyOID(wc_PKCS7* pkcs7, int sigOID) { if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -4830,7 +4830,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) * * returns the number of attributes parsed on success */ -static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) +static int wc_PKCS7_ParseAttribs(wc_PKCS7* pkcs7, byte* in, int inSz) { int found = 0; word32 idx = 0; @@ -4914,7 +4914,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) * * by default support for SignedData degenerate cases is on */ -void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag) +void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag) { if (pkcs7) { if (flag) { /* flag of 1 turns on support for degenerate */ @@ -4936,7 +4936,7 @@ void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag) * * returns 0 on success */ -static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_ParseSignerInfo(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idxIn, int degenerate, byte** signedAttrib, int* signedAttribSz) { int ret = 0; @@ -5110,10 +5110,10 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, * pkcs7->stream->content and stores its size in pkcs7->stream->contentSz. */ #ifndef NO_PKCS7_STREAM -static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* tmpIdx, word32* idx, int keepContent) { - int ret, length; + int ret, length = 0; word32 msgSz, i, contBufSz; byte tag; byte* msg = NULL; @@ -5341,11 +5341,11 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, * When adding support for the case of SignedAndEnvelopedData content types a * signer is required. In this case the PKCS7 flag noDegenerate could be set. */ -static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, +static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* in, word32 inSz, byte* in2, word32 in2Sz) { - word32 idx, maxIdx = inSz, outerContentType, contentTypeSz = 0, totalSz = 0; + word32 idx, maxIdx = inSz, outerContentType = 0, contentTypeSz = 0, totalSz = 0; int length = 0, version = 0, ret = 0; byte* content = NULL; byte* contentDynamic = NULL; @@ -6630,7 +6630,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, * return 0 on success and LENGTH_ONLY_E if just setting "outSz" for buffer * length needed. */ -int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz) +int wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz) { if (outSz == NULL || pkcs7 == NULL) { return BAD_FUNC_ARG; @@ -6683,7 +6683,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz) * Returns 0 on success, negative upon error. * */ -int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, word32 pkiMsgFootSz) { @@ -6691,7 +6691,7 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, pkiMsgHead, pkiMsgHeadSz, pkiMsgFoot, pkiMsgFootSz); } -int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) +int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) { return PKCS7_VerifySignedData(pkcs7, NULL, 0, pkiMsg, pkiMsgSz, NULL, 0); } @@ -6704,7 +6704,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) * len - length of key to be generated * * Returns 0 on success, negative upon error */ -static int PKCS7_GenerateContentEncryptionKey(PKCS7* pkcs7, word32 len) +static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len) { int ret; WC_RNG rng; @@ -6837,7 +6837,7 @@ typedef struct WC_PKCS7_KARI { /* allocate and create new WC_PKCS7_KARI struct, * returns struct pointer on success, NULL on failure */ -static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) +static WC_PKCS7_KARI* wc_PKCS7_KariNew(wc_PKCS7* pkcs7, byte direction) { WC_PKCS7_KARI* kari = NULL; @@ -7127,7 +7127,7 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) /* suppPubInfo */ suppPubInfoSeqSz = (int)SetImplicit(ASN_SEQUENCE, 2, - (word32)kekOctetSz + sizeof(word32), + (word32)kekOctetSz + (word32)sizeof(word32), suppPubInfoSeq, 0); sharedInfoSz += suppPubInfoSeqSz; @@ -7312,7 +7312,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng, * to CMS/PKCS#7 EnvelopedData structure. * * Returns 0 on success, negative upon error */ -int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, +int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz, int keyWrapOID, int keyAgreeOID, byte* ukm, word32 ukmSz, int options) { @@ -7682,7 +7682,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, * to CMS/PKCS#7 EnvelopedData structure. * * Returns 0 on success, negative upon error */ -int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, +int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz, int options) { Pkcs7EncodedRecip* recip = NULL; @@ -8119,7 +8119,7 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* abstraction for writing out PKCS7 bundle during creation returns 0 on success */ -int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input, +int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input, word32 inputSz) { int ret = 0; @@ -8157,7 +8157,7 @@ int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, const byte* input, /* encrypt content using encryptOID algo */ -static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, +static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* in, @@ -8214,7 +8214,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #ifdef WOLFSSL_AES_256 (encryptOID == AES256CBCb && keySz != 32 ) || #endif - (ivSz != AES_BLOCK_SIZE) ) + (ivSz != WC_AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK @@ -8402,7 +8402,7 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, /* decrypt content using encryptOID algo * returns 0 on success */ -static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, +static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out, int devId, void* heap) { @@ -8453,7 +8453,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, #ifdef WOLFSSL_AES_256 (encryptOID == AES256CBCb && keySz != 32 ) || #endif - (ivSz != AES_BLOCK_SIZE) ) + (ivSz != WC_AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, @@ -8605,7 +8605,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, /* Generate random block, place in out, return 0 on success negative on error. * Used for generation of IV, nonce, etc */ -static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out, +static int wc_PKCS7_GenerateBlock(wc_PKCS7* pkcs7, WC_RNG* rng, byte* out, word32 outSz) { int ret; @@ -8653,7 +8653,7 @@ static int wc_PKCS7_GenerateBlock(PKCS7* pkcs7, WC_RNG* rng, byte* out, * type - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID * * return 0 on success, negative upon error */ -int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type) +int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type) { if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -8677,7 +8677,7 @@ int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type) * sz - length of contentType array, octets * * return 0 on success, negative upon error */ -int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz) +int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz) { if (pkcs7 == NULL || contentType == NULL || sz == 0) return BAD_FUNC_ARG; @@ -8742,7 +8742,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, * to CMS/PKCS#7 EnvelopedData structure. * * Return 0 on success, negative upon error */ -int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, +int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, int options) { int oriTypeLenSz, blockKeySz, ret; @@ -8836,7 +8836,7 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, #if !defined(NO_PWDBASED) && !defined(NO_SHA) -static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, +static int wc_PKCS7_GenerateKEK_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen, byte* salt, word32 saltSz, int kdfOID, int prfOID, int iterations, byte* out, word32 outSz) @@ -8870,7 +8870,7 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, /* RFC3211 (Section 2.3.1) key wrap algorithm (id-alg-PWRI-KEK). * * Returns output size on success, negative upon error */ -static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, +static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kekSz, const byte* cek, word32 cekSz, byte* out, word32 *outSz, const byte* iv, word32 ivSz, int algID) @@ -8911,9 +8911,9 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, return BUFFER_E; out[0] = (byte)cekSz; - out[1] = ~cek[0]; - out[2] = ~cek[1]; - out[3] = ~cek[2]; + out[1] = (byte)~cek[0]; + out[2] = (byte)~cek[1]; + out[3] = (byte)~cek[2]; XMEMCPY(out + 4, cek, cekSz); /* random padding of size padSz */ @@ -8953,7 +8953,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, /* RFC3211 (Section 2.3.2) key unwrap algorithm (id-alg-PWRI-KEK). * * Returns cek size on success, negative upon error */ -static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, +static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kekSz, const byte* in, word32 inSz, byte* out, word32 outSz, const byte* iv, word32 ivSz, int algID) @@ -9056,7 +9056,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, * to CMS/PKCS#7 EnvelopedData structure. * * Return 0 on success, negative upon error */ -int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, +int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen, byte* salt, word32 saltSz, int kdfOID, int hashOID, int iterations, int kekEncryptOID, int options) @@ -9327,7 +9327,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, * the password info for decryption a EnvelopedData PWRI RecipientInfo. * * Returns 0 on success, negative upon error */ -int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen) +int wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen) { if (pkcs7 == NULL || passwd == NULL || pLen == 0) return BAD_FUNC_ARG; @@ -9357,7 +9357,7 @@ int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen) * otherSz - size of other (OPTIONAL) * * Returns 0 on success, negative upon error */ -int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, +int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek, word32 kekSz, byte* keyId, word32 keyIdSz, void* timePtr, byte* otherOID, word32 otherOIDSz, byte* other, word32 otherSz, @@ -9564,7 +9564,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } -static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType) +static int wc_PKCS7_GetCMSVersion(wc_PKCS7* pkcs7, int cmsContentType) { int version = -1; @@ -9606,7 +9606,7 @@ static int wc_PKCS7_GetCMSVersion(PKCS7* pkcs7, int cmsContentType) /* build PKCS#7 envelopedData content type, return enveloped size */ -int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) +int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) { int ret, idx = 0; int totalSz, padSz, encryptedOutSz; @@ -10013,7 +10013,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) #ifndef NO_RSA /* decode KeyTransRecipientInfo (ktri), return 0 on success, <0 on error */ -static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, byte* decryptedKey, word32* decryptedKeySz, int* recipFound) { @@ -10841,7 +10841,7 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari, #endif /* HAVE_ECC */ -int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx) +int wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx) { if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -10852,7 +10852,7 @@ int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx) } -int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx) +int wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx) { if (pkcs7 == NULL) @@ -10864,7 +10864,7 @@ int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx) } -int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb) +int wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb) { if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -10876,7 +10876,7 @@ int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb) /* return 0 on success */ -int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb) +int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb) { if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -10902,7 +10902,7 @@ int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, CallbackWrapCEK cb) * * Return 0 on success, negative upon error. */ -static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_DecryptOri(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, byte* decryptedKey, word32* decryptedKeySz, int* recipFound) { @@ -10988,7 +10988,7 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz, /* decode ASN.1 PasswordRecipientInfo (pwri), return 0 on success, * < 0 on error */ -static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, byte* decryptedKey, word32* decryptedKeySz, int* recipFound) { @@ -11222,7 +11222,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, /* decode ASN.1 KEKRecipientInfo (kekri), return 0 on success, * < 0 on error */ -static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, byte* decryptedKey, word32* decryptedKeySz, int* recipFound) { @@ -11364,7 +11364,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, /* decode ASN.1 KeyAgreeRecipientInfo (kari), return 0 on success, * < 0 on error */ -static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, +static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, byte* decryptedKey, word32* decryptedKeySz, int* recipFound) { @@ -11631,7 +11631,7 @@ static int wc_PKCS7_DecryptKari(PKCS7* pkcs7, byte* in, word32 inSz, /* decode ASN.1 RecipientInfos SET, return 0 on success, < 0 on error */ -static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in, +static int wc_PKCS7_DecryptRecipientInfos(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, byte* decryptedKey, word32* decryptedKeySz, int* recipFound) { @@ -11868,15 +11868,15 @@ static int wc_PKCS7_DecryptRecipientInfos(PKCS7* pkcs7, byte* in, /* Parse encoded EnvelopedData bundle up to RecipientInfo set. * * return size of RecipientInfo SET on success, negative upon error */ -static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in, +static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, word32 inSz, word32* idx, int type) { - int version = 0, length, ret = 0; - word32 contentType; - byte* pkiMsg = in; + int version = 0, length = 0, ret = 0; + word32 contentType= 0; word32 pkiMsgSz = inSz; - byte tag; + byte* pkiMsg = in; + byte tag = 0; #ifndef NO_PKCS7_STREAM word32 tmpIdx = 0; #endif @@ -12125,7 +12125,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(PKCS7* pkcs7, byte* in, * the secret key for decryption a EnvelopedData KEKRI RecipientInfo. * * Returns 0 on success, negative upon error */ -WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz) +WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz) { if (pkcs7 == NULL || key == NULL || keySz == 0) return BAD_FUNC_ARG; @@ -12139,7 +12139,7 @@ WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz) /* append data to encrypted content cache in PKCS7 structure * return 0 on success, negative on error */ -static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz) +static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz) { byte* oldCache; word32 oldCacheSz; @@ -12173,7 +12173,7 @@ static int PKCS7_CacheEncryptedContent(PKCS7* pkcs7, byte* in, word32 inSz) /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */ -WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, +WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, byte* output, word32 outputSz) { @@ -12566,7 +12566,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, /* build PKCS#7 authEnvelopedData content type, return enveloped size */ -int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, +int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) { #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) @@ -12600,7 +12600,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, byte encContentOctet[MAX_OCTET_STR_SZ]; byte macOctetString[MAX_OCTET_STR_SZ]; - byte authTag[AES_BLOCK_SIZE]; + byte authTag[WC_AES_BLOCK_SIZE]; byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */ byte macInt[MAX_VERSION_SZ]; byte algoParamSeq[MAX_SEQ_SZ]; @@ -13118,7 +13118,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* unwrap and decrypt PKCS#7 AuthEnvelopedData object, return decoded size */ -WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, +WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, byte* output, word32 outputSz) { @@ -13135,7 +13135,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, word32 pkiMsgSz = inSz; int expBlockSz = 0, blockKeySz = 0; - byte authTag[AES_BLOCK_SIZE]; + byte authTag[WC_AES_BLOCK_SIZE]; byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */ int nonceSz = 0, authTagSz = 0, macSz = 0; @@ -13155,7 +13155,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, byte* authAttrib = NULL; int authAttribSz = 0; word32 localIdx; - byte tag; + byte tag = 0; if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -13653,7 +13653,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, if (pkcs7->stream->tagSz > 0) { authTagSz = (int)pkcs7->stream->tagSz; - if (authTagSz > AES_BLOCK_SIZE) { + if (authTagSz > WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("PKCS7 saved tag is too large"); ret = BUFFER_E; break; @@ -13760,7 +13760,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, #ifndef NO_PKCS7_ENCRYPTED_DATA /* build PKCS#7 encryptedData content type, return encrypted size */ -int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) +int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) { int ret, idx = 0; int totalSz, padSz, encryptedOutSz; @@ -14022,7 +14022,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* decode and store unprotected attributes in PKCS7->decodedAttrib. Return * 0 on success, negative on error. User must call wc_PKCS7_Free(). */ -static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg, +static int wc_PKCS7_DecodeUnprotectedAttributes(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, word32* inOutIdx) { int ret, attribLen; @@ -14056,10 +14056,10 @@ static int wc_PKCS7_DecodeUnprotectedAttributes(PKCS7* pkcs7, byte* pkiMsg, /* unwrap and decrypt PKCS#7/CMS encrypted-data object, returned decoded size */ -int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, +int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, byte* output, word32 outputSz) { - int ret = 0, version, length = 0, haveAttribs = 0; + int ret = 0, version = 0, length = 0, haveAttribs = 0; word32 idx = 0; #ifndef NO_PKCS7_STREAM @@ -14077,7 +14077,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, byte* pkiMsg = in; word32 pkiMsgSz = inSz; - byte tag; + byte tag = 0; if (pkcs7 == NULL || ((pkcs7->encryptionKey == NULL || pkcs7->encryptionKeySz == 0) && @@ -14427,7 +14427,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, * on the parsed bundle so far. * returns 0 on success */ -int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7, +int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7, CallbackDecryptContent decryptionCb) { if (pkcs7 != NULL) { @@ -14440,7 +14440,7 @@ int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7, /* Set an optional user context that gets passed to callback * returns 0 on success */ -int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx) +int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx) { if (pkcs7 != NULL) { pkcs7->decryptionCtx = ctx; @@ -14452,7 +14452,7 @@ int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx) /* set stream mode for encoding and signing * returns 0 on success */ -int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag, +int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag, CallbackGetContent getContentCb, CallbackStreamOut streamOutCb, void* ctx) { @@ -14476,7 +14476,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag, /* returns to current stream mode flag on success, negative values on fail */ -int wc_PKCS7_GetStreamMode(PKCS7* pkcs7) +int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7) { if (pkcs7 == NULL) { return BAD_FUNC_ARG; @@ -14491,7 +14491,7 @@ int wc_PKCS7_GetStreamMode(PKCS7* pkcs7) /* set option to not include certificates when creating a bundle * returns 0 on success */ -int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag) +int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag) { if (pkcs7 == NULL) { return BAD_FUNC_ARG; @@ -14502,7 +14502,7 @@ int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag) /* returns the current noCerts flag value on success, negative values on fail */ -int wc_PKCS7_GetNoCerts(PKCS7* pkcs7) +int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7) { if (pkcs7 == NULL) { return BAD_FUNC_ARG; @@ -14514,7 +14514,7 @@ int wc_PKCS7_GetNoCerts(PKCS7* pkcs7) #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) /* build PKCS#7 compressedData content type, return encrypted size */ -int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz) +int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) { byte contentInfoSeq[MAX_SEQ_SZ]; byte contentInfoTypeOid[MAX_OID_SZ]; @@ -14686,7 +14686,7 @@ int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* unwrap and decompress PKCS#7/CMS compressedData object, * Handles content wrapped compressed data and raw compressed data packet * returned decoded size */ -int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, +int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz) { int length, version, ret; diff --git a/src/wolfcrypt/src/port/Espressif/esp32_aes.c b/src/wolfcrypt/src/port/Espressif/esp32_aes.c index f85343e..fc0fd7f 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -514,9 +514,9 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int ret; int i; int offset = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); byte *iv; - byte temp_block[AES_BLOCK_SIZE]; + byte temp_block[WC_AES_BLOCK_SIZE]; ESP_LOGV(TAG, "enter wc_esp32AesCbcEncrypt"); @@ -533,19 +533,19 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) if (ret == ESP_OK) { while (blocks--) { - XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE); /* XOR block with IV for CBC */ - for (i = 0; i < AES_BLOCK_SIZE; i++) { + for (i = 0; i < WC_AES_BLOCK_SIZE; i++) { temp_block[i] ^= iv[i]; } esp_aes_bk(temp_block, (out + offset)); - offset += AES_BLOCK_SIZE; + offset += WC_AES_BLOCK_SIZE; /* store IV for next block */ - XMEMCPY(iv, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + XMEMCPY(iv, out + offset - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); } /* while (blocks--) */ } /* if Set Mode successful (ret == ESP_OK) */ @@ -573,9 +573,9 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) int i; int offset = 0; - word32 blocks = (sz / AES_BLOCK_SIZE); + word32 blocks = (sz / WC_AES_BLOCK_SIZE); byte* iv; - byte temp_block[AES_BLOCK_SIZE]; + byte temp_block[WC_AES_BLOCK_SIZE]; ESP_LOGV(TAG, "enter wc_esp32AesCbcDecrypt"); @@ -592,19 +592,19 @@ int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) if (ret == ESP_OK) { while (blocks--) { - XMEMCPY(temp_block, in + offset, AES_BLOCK_SIZE); + XMEMCPY(temp_block, in + offset, WC_AES_BLOCK_SIZE); esp_aes_bk((in + offset), (out + offset)); /* XOR block with IV for CBC */ - for (i = 0; i < AES_BLOCK_SIZE; i++) { + for (i = 0; i < WC_AES_BLOCK_SIZE; i++) { (out + offset)[i] ^= iv[i]; } /* store IV for next block */ - XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE); - offset += AES_BLOCK_SIZE; + offset += WC_AES_BLOCK_SIZE; } /* while (blocks--) */ esp_aes_hw_Leave(); } /* if Set Mode was successful (ret == ESP_OK) */ diff --git a/src/wolfcrypt/src/port/Espressif/esp32_mp.c b/src/wolfcrypt/src/port/Espressif/esp32_mp.c index 458719d..6d9d2ab 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -3172,7 +3172,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #endif /* !NO_RSA || HAVE_ECC */ -/* Some optional metrics when using RSA HW Accleration */ +/* Some optional metrics when using RSA HW Acceleration */ #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) int esp_hw_show_mp_metrics(void) { diff --git a/src/wolfcrypt/src/port/Espressif/esp32_sha.c b/src/wolfcrypt/src/port/Espressif/esp32_sha.c index 6fa955a..65d635d 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -141,14 +141,27 @@ static const char* TAG = "wolf_hw_sha"; static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED; #endif -#if defined(ESP_MONITOR_HW_TASK_LOCK) +#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED) #ifdef SINGLE_THREADED uintptr_t esp_sha_mutex_ctx_owner(void) { return mutex_ctx_owner; } + + uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner) { + mutex_ctx_owner = new_mutex_ctx_owner; + return new_mutex_ctx_owner; + } + + uintptr_t esp_sha_mutex_ctx_owner_clear(void) { + return esp_sha_mutex_ctx_owner_set(NULLPTR); + } #else - static TaskHandle_t mutex_ctx_task = NULL; + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) + + static TaskHandle_t mutex_ctx_task = NULL; + #endif + uintptr_t esp_sha_mutex_ctx_owner(void) { uintptr_t ret = 0; @@ -159,7 +172,22 @@ static const char* TAG = "wolf_hw_sha"; taskEXIT_CRITICAL(&sha_crit_sect); return ret; }; - #endif + + uintptr_t esp_sha_mutex_ctx_owner_set(uintptr_t new_mutex_ctx_owner) + { + taskENTER_CRITICAL(&sha_crit_sect); + { + mutex_ctx_owner = new_mutex_ctx_owner; + } + taskEXIT_CRITICAL(&sha_crit_sect); + return new_mutex_ctx_owner; + }; + + uintptr_t esp_sha_mutex_ctx_owner_clear(void) { + return esp_sha_mutex_ctx_owner_set(NULLPTR); + } + #endif /* ! SINGLE_THREADED */ + #ifdef WOLFSSL_DEBUG_MUTEX WC_ESP32SHA* stray_ctx; @@ -192,7 +220,11 @@ int esp_set_hw(WC_ESP32SHA* ctx) ESP_LOGV(TAG, "esp_set_hw already locked: 0x%x", (intptr_t)ctx); } ctx->mode = ESP32_SHA_HW; +#if defined(ESP_MONITOR_HW_TASK_LOCK) || !defined(SINGLE_THREADED) + mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx); +#else mutex_ctx_owner = (uintptr_t)ctx; +#endif ret = ESP_OK; } else { @@ -413,7 +445,7 @@ int esp_sha_init_ctx(WC_ESP32SHA* ctx) if (esp_sha_hw_islocked(ctx)) { esp_sha_hw_unlock(ctx); } - mutex_ctx_owner = (uintptr_t)ctx; + mutex_ctx_owner = esp_sha_mutex_ctx_owner_set((uintptr_t)ctx); } else { ESP_LOGI(TAG, "MUTEX_DURING_INIT esp_sha_init_ctx for non-owner: " @@ -990,28 +1022,26 @@ int esp_sha_hw_in_use() uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx) { uintptr_t ret = 0; - #ifndef SINGLE_THREADED + #if !defined(WOLFSSL_DEBUG_MUTEX) && !defined(SINGLE_THREADED) TaskHandle_t mutexHolder; #endif CTX_STACK_CHECK(ctx); #ifdef WOLFSSL_DEBUG_MUTEX - taskENTER_CRITICAL(&sha_crit_sect); - { - ret = (uintptr_t)mutex_ctx_owner; - if (ctx == 0) { - /* we are not checking if a given ctx has the lock */ + ret = esp_sha_mutex_ctx_owner(); + if (ctx == 0) { + ESP_LOGV(TAG, "ctx == 0; Not checking if a given ctx has the lock"); + } + else { + if (ret == (uintptr_t)ctx->initializer) { + ESP_LOGV(TAG, "confirmed this object is the owner"); } else { - if (ret == (uintptr_t)ctx->initializer) { - /* confirmed this object is the owner */ - } - else { - /* this object is not the lock owner */ - } + ESP_LOGV(TAG, "this object is not the lock owner"); + } - } - taskEXIT_CRITICAL(&sha_crit_sect); + } /* ctx != 0 */ + #else #ifdef SINGLE_THREADED { @@ -1092,17 +1122,27 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) ESP_LOGW(TAG, "New mutex_ctx_owner = NULL"); #ifdef ESP_MONITOR_HW_TASK_LOCK { - mutex_ctx_owner = NULLPTR; + esp_sha_mutex_ctx_owner_clear(); } #endif } else { - /* the only mismatch expected may be in a multi-thread RTOS */ - ESP_LOGE(TAG, "ERROR: Release unfinished lock for %x but " - "found %x", ret, ctx->initializer); - } + #if defined(WOLFSSL_DEBUG_MUTEX) || defined(WOLFSSL_ESP32_HW_LOCK_DEBUG) + if (ctx->initializer == 0) { + /* A zero likely indicates prior cleanup for abandoned hash. + * Check the calling code to confirm this is the case. */ + ESP_LOGW(TAG, "Release already finished lock for %x ?", + ctx->initializer); + } + else { + /* Mismatch expected may be in a multi-thread RTOS. */ + ESP_LOGW(TAG, "ERROR: Release unfinished lock for %x but " + "found %x", ret, ctx->initializer); + } + #endif + } /* ret != ctx->initializer */ #ifdef WOLFSSL_DEBUG_MUTEX - ESP_LOGE(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret); + ESP_LOGW(TAG, "\n>>>> esp_sha_release_unfinished_lock %x\n", ret); #endif /* unlock only if this ctx is the initializer of the lock */ @@ -1153,11 +1193,22 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) { int ret = 0; + +#if defined(SINGLE_THREADED) + /* no mutex monitoring available in single thread mode */ +#else + /* thread safe get of global static mutex_ctx_owner: */ + uintptr_t this_mutex_owner; + + /* mutex_ctx_owner could change in multiple threads, assign once here: */ + this_mutex_owner = esp_sha_mutex_ctx_owner(); +#endif + CTX_STACK_CHECK(ctx); #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG - ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x", - (uintptr_t)ctx->initializer); + ESP_LOGI(TAG, "enter esp_sha_hw_lock for %x, initializer %x", + (uintptr_t)ctx, (uintptr_t)ctx->initializer); #endif #ifdef WOLFSSL_DEBUG_MUTEX @@ -1226,7 +1277,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) ret = esp_CryptHwMutexInit(&sha_mutex); if (ret == 0) { ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success."); - mutex_ctx_owner = NULLPTR; /* No one has the mutex yet.*/ + esp_sha_mutex_ctx_owner_clear(); /* No one has the mutex yet. */ #ifdef WOLFSSL_DEBUG_MUTEX { /* Take mutex for lock/unlock test drive to ensure it works: */ @@ -1247,8 +1298,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed."); #ifdef WOLFSSL_DEBUG_MUTEX { - ESP_LOGV(TAG, "Current mutext owner = %x", - (int)esp_sha_mutex_ctx_owner()); + ESP_LOGV(TAG, "Current mutext owner = %x", this_mutex_owner); } #endif @@ -1272,8 +1322,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) if (((WC_ESP32SHA*)mutex_ctx_owner)->mode == ESP32_SHA_FREED) { ESP_LOGW(TAG, "ESP32_SHA_FREED unlocking mutex_ctx_task = %x" " for mutex_ctx_owner = %x", - (int)mutex_ctx_task, - (int)mutex_ctx_owner); + (uintptr_t)mutex_ctx_task, + (uintptr_t)this_mutex_owner); } else { if (ctx->mode == ESP32_SHA_FREED) { @@ -1286,7 +1336,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* Not very interesting during init. */ if (ctx->mode == ESP32_SHA_INIT) { ESP_LOGV(TAG, "mutex_ctx_owner = 0x%x", - mutex_ctx_owner); + this_mutex_owner); ESP_LOGV(TAG, "This ctx = 0x%x is ESP32_SHA_INIT", (uintptr_t)ctx); } @@ -1297,7 +1347,10 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } /* mutex owner ESP32_SHA_FREED check */ } /* mutex_ctx_task is current task */ else { - ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task"); + ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task."); + ESP_LOGW(TAG, "Locking task: 0x%x", (word32)mutex_ctx_task); + ESP_LOGW(TAG, "This xTaskGetCurrentTaskHandle: 0x%x", + (word32)xTaskGetCurrentTaskHandle()); } } #endif /* ESP_MONITOR_HW_TASK_LOCK */ @@ -1306,7 +1359,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) if (ctx->mode == ESP32_SHA_INIT) { /* try to lock the HW engine */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG - ESP_LOGI(TAG, "ESP32_SHA_INIT for %x\n", (uintptr_t)ctx->initializer); + ESP_LOGI(TAG, "ESP32_SHA_INIT for %x, initializer %x\n", + (uintptr_t)ctx, (uintptr_t)ctx->initializer); #endif ESP_LOGV(TAG, "Init; release unfinished ESP32_SHA_INIT lock " "for ctx 0x%x", (uintptr_t)ctx); @@ -1324,8 +1378,9 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) if ((mutex_ctx_owner == NULLPTR) && esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == ESP_OK) { /* we've successfully locked */ - mutex_ctx_owner = (uintptr_t)ctx; - ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", mutex_ctx_owner); + this_mutex_owner = (uintptr_t)ctx; + esp_sha_mutex_ctx_owner_set(this_mutex_owner); + ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", this_mutex_owner); #ifdef ESP_MONITOR_HW_TASK_LOCK mutex_ctx_task = xTaskGetCurrentTaskHandle(); #endif @@ -1344,6 +1399,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) else { stray_ctx->initializer = (intptr_t)stray_ctx; mutex_ctx_owner = (intptr_t)stray_ctx->initializer; + this_mutex_owner = mutex_ctx_owner; } } taskEXIT_CRITICAL(&sha_crit_sect); @@ -1359,8 +1415,11 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) "\n\nLocking with stray\n\n" "WOLFSSL_DEBUG_MUTEX call count 8, " "ctx->mode = ESP32_SHA_SW %x\n\n", - (int)mutex_ctx_owner); + this_mutex_owner); + #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) + /* ctx->task_owner is only available for multi-threaded */ ctx->task_owner = xTaskGetCurrentTaskHandle(); + #endif ctx->mode = ESP32_SHA_SW; return ESP_OK; /* success, but revert to SW */ } @@ -1370,7 +1429,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) /* check to see if we had a prior fail and need to unroll enables */ #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGW(TAG, "Locking for ctx %x, current mutex_ctx_owner = %x", - (uintptr_t)&ctx, esp_sha_mutex_ctx_owner()); + (uintptr_t)&ctx, this_mutex_owner); ESP_LOGI(TAG, "ctx->lockDepth = %d", ctx->lockDepth); #endif if (ctx->mode == ESP32_SHA_INIT) { @@ -1402,7 +1461,7 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) } else { /* When the lock is already in use: is it for this ctx? */ - if ((uintptr_t)ctx == esp_sha_mutex_ctx_owner()) { + if ((uintptr_t)ctx == this_mutex_owner) { ESP_LOGV(TAG, "I'm the owner! 0x%x", (uintptr_t)ctx); ctx->mode = ESP32_SHA_SW; } @@ -1410,20 +1469,20 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) #ifdef WOLFSSL_DEBUG_MUTEX ESP_LOGW(TAG, "\nHardware in use by %x; " "Mode REVERT to ESP32_SHA_SW for %x\n", - esp_sha_mutex_ctx_owner(), + this_mutex_owner, (uintptr_t)ctx->initializer); ESP_LOGI(TAG, "Software Mode, lock depth = %d, for this %x", ctx->lockDepth, (uintptr_t)ctx->initializer); ESP_LOGI(TAG, "Current mutext owner = %x", - esp_sha_mutex_ctx_owner()); + this_mutex_owner); #endif ESP_LOGV(TAG, "I'm not owner! 0x%x; owner = 0x%x", (uintptr_t)ctx, mutex_ctx_owner); - if (mutex_ctx_owner) { + if (this_mutex_owner) { #ifdef WOLFSSL_DEBUG_MUTEX ESP_LOGW(TAG, "revert to SW since mutex_ctx_owner = %x" " but we are currently ctx = %x", - mutex_ctx_owner, (intptr_t)ctx); + this_mutex_owner, (intptr_t)ctx); #endif } else { diff --git a/src/wolfcrypt/src/port/Espressif/esp32_util.c b/src/wolfcrypt/src/port/Espressif/esp32_util.c index d5d77ed..f133875 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_util.c @@ -100,7 +100,7 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) { /* * Call the ESP-IDF mutex lock; xSemaphoreTake * this is a general mutex locker, used for different mutex objects for - * different HW acclerators or other single-use HW features. + * different HW accelerators or other single-use HW features. * * We should already have known if the resource is in use or not. * @@ -988,7 +988,7 @@ int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) { sscanf(&fromHexString[i], "%2x", &decimalValue); size_t index = i / 2; #if (0) - /* Optionall peek at new values */ + /* Optionally peek at new values */ byte new_val = (decimalValue & 0x0F) << ((i % 2) * 4); ESP_LOGI("hex", "Current char = %d", toVar[index]); ESP_LOGI("hex", "New val = %d", decimalValue); diff --git a/src/wolfcrypt/src/pwdbased.c b/src/wolfcrypt/src/pwdbased.c index fb06dce..208f667 100644 --- a/src/wolfcrypt/src/pwdbased.c +++ b/src/wolfcrypt/src/pwdbased.c @@ -826,7 +826,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, goto end; } /* Temporary for scryptROMix. */ - v = (byte*)XMALLOC((size_t)((1 << cost) * bSz), NULL, + v = (byte*)XMALLOC((size_t)((1U << cost) * bSz), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (v == NULL) { ret = MEMORY_E; @@ -848,7 +848,7 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, /* Step 2. */ for (i = 0; i < parallel; i++) - scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1 << cost); + scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1U << cost); /* Step 3. */ ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen, diff --git a/src/wolfcrypt/src/random.c b/src/wolfcrypt/src/random.c index 278e2d7..febc292 100644 --- a/src/wolfcrypt/src/random.c +++ b/src/wolfcrypt/src/random.c @@ -111,6 +111,8 @@ This library contains implementation for the random number generator. #include #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL) #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" +#elif defined(WOLFSSL_RPIPICO) + #include "wolfssl/wolfcrypt/port/rpi_pico/pico.h" #elif defined(NO_DEV_RANDOM) #elif defined(CUSTOM_RAND_GENERATE) #elif defined(CUSTOM_RAND_GENERATE_BLOCK) @@ -596,14 +598,14 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen dIdx = (int)dLen - 1; for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) { - carry += (word16)((word16)d[dIdx] + (word16)s[sIdx]); + carry = (word16)(carry + d[dIdx] + s[sIdx]); d[dIdx] = (byte)carry; carry >>= 8; dIdx--; } for (; dIdx >= 0; dIdx--) { - carry += (word16)d[dIdx]; + carry = (word16)(carry + d[dIdx]); d[dIdx] = (byte)carry; carry >>= 8; } @@ -1702,7 +1704,7 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, if (ret != 0) { #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG_EX("_InitRng failed. err = ", ret); + WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret); #endif } else { @@ -2968,7 +2970,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } return RAN_BLOCK_E; } - #elif !defined(WOLFSSL_CAAM) && \ (defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) || \ defined(FREESCALE_KSDK_BM) || defined(FREESCALE_FREE_RTOS)) diff --git a/src/wolfcrypt/src/rsa.c b/src/wolfcrypt/src/rsa.c index 9e34599..a3c0292 100644 --- a/src/wolfcrypt/src/rsa.c +++ b/src/wolfcrypt/src/rsa.c @@ -63,7 +63,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif @@ -277,7 +277,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->handle = NULL; #endif - #if defined(WOLFSSL_RENESAS_FSPSM) key->ctx.wrapped_pri1024_key = NULL; key->ctx.wrapped_pub1024_key = NULL; @@ -285,6 +284,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->ctx.wrapped_pub2048_key = NULL; key->ctx.keySz = 0; #endif + return ret; } @@ -2801,7 +2801,9 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, ret = wc_RsaEncryptSize(key); if (ret < 0) { +#ifdef DEBUG_WOLFSSL WOLFSSL_MSG_EX("wc_RsaEncryptSize failed err = %d", ret); +#endif return ret; } keyLen = (word32)ret; @@ -2924,7 +2926,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ -#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Performs direct RSA computation without padding. The input and output must * match the key size (ex: 2048-bits = 256 bytes). Returns the size of the * output on success or negative value on failure. */ @@ -3010,7 +3012,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, return ret; } -#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */ +#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(WOLFSSL_CRYPTOCELL) static int cc310_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -3108,7 +3110,8 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig, #endif /* WOLFSSL_CRYPTOCELL */ #ifndef WOLF_CRYPTO_CB_ONLY_RSA -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && !defined(NO_RSA_BOUNDS_CHECK) +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \ + !defined(NO_RSA_BOUNDS_CHECK) /* Check that 1 < in < n-1. (Requirement of 800-56B.) */ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, int checkSmallCt) @@ -3374,24 +3377,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, pad_value, pad_type, hash, mgf, label, labelSz, sz); } - #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ - (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) - /* SCE needs wrapped key which is passed via - * user ctx object of crypt-call back. - */ - #ifdef WOLF_CRYPTO_CB - if (key->devId != INVALID_DEVID) { - /* SCE supports 1024 and 2048 bits */ - ret = wc_CryptoCb_Rsa(in, inLen, out, - &outLen, rsa_type, key, rng); - if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) - return ret; - /* fall-through when unavailable */ - ret = 0; /* reset error code and try using software */ - } - #endif - #endif /* WOLFSSL_SE050 */ + #endif /* RSA CRYPTO HW */ #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) if (key->devId != INVALID_DEVID) { @@ -3561,21 +3547,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, } return ret; } - #elif defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) || \ - (!defined(WOLFSSL_RENESAS_TSIP_TLS) && \ - defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) - #ifdef WOLF_CRYPTO_CB - if (key->devId != INVALID_DEVID) { - ret = wc_CryptoCb_Rsa(in, inLen, out, - &outLen, rsa_type, key, rng); - if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) - return ret; - /* fall-through when unavailable */ - ret = 0; /* reset error code and try using software */ - } - #endif - - #endif /* WOLFSSL_CRYPTOCELL */ + #endif /* RSA CRYPTO HW */ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ @@ -3609,7 +3581,12 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, case RSA_STATE_DECRYPT_EXPTMOD: #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) - if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) { + if ((key->devId != INVALID_DEVID) + #if !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \ + !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) + && (rsa_type != RSA_PUBLIC_DECRYPT) + #endif + ) { /* Everything except verify goes to crypto cb if * WOLF_CRYPTO_CB_RSA_PAD defined */ XMEMSET(&padding, 0, sizeof(RsaPadding)); diff --git a/src/wolfcrypt/src/sakke.c b/src/wolfcrypt/src/sakke.c index 962299f..fab1067 100644 --- a/src/wolfcrypt/src/sakke.c +++ b/src/wolfcrypt/src/sakke.c @@ -47,7 +47,7 @@ #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif diff --git a/src/wolfcrypt/src/sha3.c b/src/wolfcrypt/src/sha3.c index 1a3596a..4ced66e 100644 --- a/src/wolfcrypt/src/sha3.c +++ b/src/wolfcrypt/src/sha3.c @@ -62,9 +62,9 @@ } #endif -#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) -#ifdef USE_INTEL_SPEEDUP +#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM)) #include word32 cpuid_flags; @@ -81,6 +81,8 @@ #endif #endif +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) + #ifdef WOLFSSL_SHA3_SMALL /* Rotate a 64-bit value left. * @@ -299,7 +301,7 @@ void BlockSha3(word64* s) */ #define ROTL64(a, n) (((a)<<(n))|((a)>>(64-(n)))) - +#if !defined(STM32_HASH_SHA3) /* An array of values to XOR for block operation. */ static const word64 hash_keccak_r[24] = { @@ -316,6 +318,7 @@ static const word64 hash_keccak_r[24] = W64LIT(0x8000000080008081), W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008) }; +#endif /* Indices used in swap and rotate operation. */ #define KI_0 6 @@ -533,6 +536,7 @@ do { \ while (0) #endif /* SHA3_BY_SPEC */ +#if !defined(STM32_HASH_SHA3) /* The block operation performed on the state. * * s The state. @@ -548,7 +552,7 @@ void BlockSha3(word64* s) #ifndef SHA3_BY_SPEC word64 t1; #endif - byte i; + word32 i; for (i = 0; i < 24; i += 2) { @@ -562,8 +566,10 @@ void BlockSha3(word64* s) } } #endif /* WOLFSSL_SHA3_SMALL */ +#endif /* STM32_HASH_SHA3 */ #endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ +#if !defined(STM32_HASH_SHA3) static WC_INLINE word64 Load64Unaligned(const unsigned char *a) { return ((word64)a[0] << 0) | @@ -617,6 +623,7 @@ static word64 Load64BitBigEndian(const byte* a) * sha3 wc_Sha3 object holding state. * returns 0 on success. */ + static int InitSha3(wc_Sha3* sha3) { int i; @@ -654,11 +661,37 @@ static int InitSha3(wc_Sha3* sha3) SHA3_BLOCK_N = NULL; } } +#define SHA3_FUNC_PTR +#endif +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + if (!cpuid_flags_set) { + cpuid_flags = cpuid_get_flags(); + cpuid_flags_set = 1; + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + if (IS_AARCH64_SHA3(cpuid_flags)) { + SHA3_BLOCK = BlockSha3_crypto; + SHA3_BLOCK_N = NULL; + } + else + #endif + { + SHA3_BLOCK = BlockSha3_base; + SHA3_BLOCK_N = NULL; + } + } +#define SHA3_FUNC_PTR #endif return 0; } +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) +void BlockSha3(word64* s) +{ + (*SHA3_BLOCK)(s); +} +#endif + /* Update the SHA-3 hash state with message data. * * sha3 wc_Sha3 object holding state. @@ -689,13 +722,13 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) } data += i; len -= i; - sha3->i += (byte) i; + sha3->i = (byte)(sha3->i + i); if (sha3->i == p * 8) { for (i = 0; i < p; i++) { sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); } - #ifdef USE_INTEL_SPEEDUP + #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); @@ -703,12 +736,12 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) sha3->i = 0; } } - blocks = len / (p * 8); - #ifdef USE_INTEL_SPEEDUP + blocks = len / (p * 8U); + #ifdef SHA3_FUNC_PTR if ((SHA3_BLOCK_N != NULL) && (blocks > 0)) { - (*SHA3_BLOCK_N)(sha3->s, data, blocks, p * 8); - len -= blocks * (p * 8); - data += blocks * (p * 8); + (*SHA3_BLOCK_N)(sha3->s, data, blocks, p * 8U); + len -= blocks * (p * 8U); + data += blocks * (p * 8U); blocks = 0; } #endif @@ -716,20 +749,20 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) for (i = 0; i < p; i++) { sha3->s[i] ^= Load64Unaligned(data + 8 * i); } - #ifdef USE_INTEL_SPEEDUP + #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); #endif - len -= p * 8; - data += p * 8; + len -= p * 8U; + data += p * 8U; } #if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) if (SHA3_BLOCK == sha3_block_avx2) RESTORE_VECTOR_REGISTERS(); #endif XMEMCPY(sha3->t, data, len); - sha3->i += (byte)len; + sha3->i = (byte)(sha3->i + len); return 0; } @@ -744,7 +777,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) */ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) { - word32 rate = p * 8; + word32 rate = p * 8U; word32 j; word32 i; @@ -756,7 +789,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) sha3->t[sha3->i ] = padChar; sha3->t[rate - 1] |= 0x80; if (rate - 1 > (word32)sha3->i + 1) { - XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1 - (sha3->i + 1)); + XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1U - (sha3->i + 1U)); } for (i = 0; i < p; i++) { sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); @@ -768,7 +801,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) #endif for (j = 0; l - j >= rate; j += rate) { - #ifdef USE_INTEL_SPEEDUP + #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); @@ -780,7 +813,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) #endif } if (j != l) { - #ifdef USE_INTEL_SPEEDUP + #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(sha3->s); #else BlockSha3(sha3->s); @@ -797,6 +830,84 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l) return 0; } +#endif +#if defined(STM32_HASH_SHA3) + + /* Supports CubeMX HAL or Standard Peripheral Library */ + + static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) + { + if (sha3 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha3, 0, sizeof(wc_Sha3)); + wc_Stm32_Hash_Init(&sha3->stmCtx); + return 0; + } + + static int Stm32GetAlgo(byte p) + { + switch(p) { + case WC_SHA3_224_COUNT: + return HASH_ALGOSELECTION_SHA3_224; + case WC_SHA3_256_COUNT: + return HASH_ALGOSELECTION_SHA3_256; + case WC_SHA3_384_COUNT: + return HASH_ALGOSELECTION_SHA3_384; + case WC_SHA3_512_COUNT: + return HASH_ALGOSELECTION_SHA3_512; + } + /* Should never get here */ + return WC_SHA3_224_COUNT; + } + + static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) + { + int ret = 0; + + if (sha3 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha3->stmCtx, + Stm32GetAlgo(p), data, len, p * 8); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) + { + int ret = 0; + + if (sha3 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha3->stmCtx, + Stm32GetAlgo(p), hash, len); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha3(sha3, NULL, 0); /* reset state */ + + return ret; + } +#else /* Initialize the state for a SHA-3 hash operation. * @@ -820,10 +931,10 @@ static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) ret = wolfAsync_DevCtxInit(&sha3->asyncDev, WOLFSSL_ASYNC_MARKER_SHA3, sha3->heap, devId); -#elif defined(WOLF_CRYPTO_CB) +#endif +#if defined(WOLF_CRYPTO_CB) sha3->devId = devId; -#endif /* WOLFSSL_ASYNC_CRYPT */ - +#endif (void)devId; return ret; @@ -944,7 +1055,7 @@ static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) return InitSha3(sha3); /* reset state */ } - +#endif /* Dispose of any dynamically allocated data from the SHA3-384 operation. * (Required for async ops.) * @@ -1420,7 +1531,7 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) SAVE_VECTOR_REGISTERS(return _svr_ret;); #endif for (; (blockCnt > 0); blockCnt--) { - #ifdef USE_INTEL_SPEEDUP + #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(shake->s); #else BlockSha3(shake->s); @@ -1558,7 +1669,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) SAVE_VECTOR_REGISTERS(return _svr_ret;); #endif for (; (blockCnt > 0); blockCnt--) { - #ifdef USE_INTEL_SPEEDUP + #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(shake->s); #else BlockSha3(shake->s); diff --git a/src/wolfcrypt/src/sha512.c b/src/wolfcrypt/src/sha512.c index 7f3e745..16c3c0f 100644 --- a/src/wolfcrypt/src/sha512.c +++ b/src/wolfcrypt/src/sha512.c @@ -219,6 +219,66 @@ { se050_hash_free(&sha512->se050Ctx); } +#elif defined(STM32_HASH_SHA512) + + /* Supports CubeMX HAL or Standard Peripheral Library */ + + int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) + { + if (sha512 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha512, 0, sizeof(wc_Sha512)); + wc_Stm32_Hash_Init(&sha512->stmCtx); + return 0; + } + + int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) + { + int ret = 0; + + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512, data, len, WC_SHA512_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + int wc_Sha512Final(wc_Sha512* sha512, byte* hash) + { + int ret = 0; + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512, hash, WC_SHA512_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha512(sha512); /* reset state */ + + return ret; + } #else @@ -1174,7 +1234,7 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ - +#elif defined(STM32_HASH_SHA512) #else static WC_INLINE int Sha512Final(wc_Sha512* sha512) @@ -1337,7 +1397,7 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ - +#elif defined(STM32_HASH_SHA512) #else static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) @@ -1407,10 +1467,12 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, size_t digestSz, return initfp(sha512); } +#ifndef STM32_HASH_SHA512 int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { return Sha512_Family_Final(sha512, hash, WC_SHA512_DIGEST_SIZE, InitSha512); } +#endif #endif /* WOLFSSL_KCAPI_HASH */ @@ -1592,6 +1654,64 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ +#elif defined(STM32_HASH_SHA384) + + int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) + { + if (sha384 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha384, 0, sizeof(wc_Sha384)); + wc_Stm32_Hash_Init(&sha384->stmCtx); + return 0; + } + + int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) + { + int ret = 0; + + if (sha384 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha384->stmCtx, + HASH_ALGOSELECTION_SHA384, data, len, WC_SHA384_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + int wc_Sha384Final(wc_Sha384* sha384, byte* hash) + { + int ret = 0; + + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha384->stmCtx, + HASH_ALGOSELECTION_SHA384, hash, WC_SHA384_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha384(sha384); /* reset state */ + + return ret; + } #else @@ -2011,17 +2131,75 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags) #if !defined(WOLFSSL_NOSHA512_224) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +#if defined(STM32_HASH_SHA512_224) +int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId) +{ + if (sha512 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha512, 0, sizeof(wc_Sha512)); + wc_Stm32_Hash_Init(&sha512->stmCtx); + return 0; +} + +int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + int ret = 0; + + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_224, data, len, WC_SHA512_224_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; +} + +int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_224, hash, WC_SHA512_224_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha512_224(sha512); /* reset state */ + + return ret; +} +#endif int wc_InitSha512_224(wc_Sha512* sha) { return wc_InitSha512_224_ex(sha, NULL, INVALID_DEVID); } - +#if !defined(STM32_HASH_SHA512_224) int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len) { return wc_Sha512Update(sha, data, len); } - +#endif #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_RENESAS_RSIP) && \ @@ -2029,6 +2207,7 @@ int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) +#elif defined(STM32_HASH_SHA512_224) #else int wc_Sha512_224FinalRaw(wc_Sha512* sha, byte* hash) @@ -2091,16 +2270,75 @@ int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data) #if !defined(WOLFSSL_NOSHA512_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +#if defined(STM32_HASH_SHA512_256) + int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId) + { + if (sha512 == NULL) + return BAD_FUNC_ARG; + + (void)devId; + (void)heap; + + XMEMSET(sha512, 0, sizeof(wc_Sha512)); + wc_Stm32_Hash_Init(&sha512->stmCtx); + return 0; + } + + int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len) + { + int ret = 0; + + if (sha512 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_256, data, len, WC_SHA512_256_BLOCK_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } + + int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash) + { + int ret = 0; + + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha512->stmCtx, + HASH_ALGOSELECTION_SHA512_256, hash, WC_SHA512_256_DIGEST_SIZE); + wolfSSL_CryptHwMutexUnLock(); + } + + (void)wc_InitSha512_256(sha512); /* reset state */ + + return ret; + } +#endif int wc_InitSha512_256(wc_Sha512* sha) { return wc_InitSha512_256_ex(sha, NULL, INVALID_DEVID); } - +#if !defined(STM32_HASH_SHA512_256) int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len) { return wc_Sha512Update(sha, data, len); } +#endif #if defined(WOLFSSL_KCAPI_HASH) /* functions defined in wolfcrypt/src/port/kcapi/kcapi_hash.c */ #elif defined(WOLFSSL_RENESAS_RSIP) && \ @@ -2108,7 +2346,7 @@ int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) - +#elif defined(STM32_HASH_SHA512_256) #else int wc_Sha512_256FinalRaw(wc_Sha512* sha, byte* hash) { @@ -2176,6 +2414,7 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ #elif defined(MAX3266X_SHA) /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) diff --git a/src/wolfcrypt/src/signature.c b/src/wolfcrypt/src/signature.c index 09ae526..83c92d8 100644 --- a/src/wolfcrypt/src/signature.c +++ b/src/wolfcrypt/src/signature.c @@ -48,6 +48,16 @@ /* Signature wrapper disabled check */ #ifndef NO_SIG_WRAPPER +#if !defined(NO_RSA) && defined(NO_ASN) + #ifndef MAX_DER_DIGEST_ASN_SZ + #define MAX_DER_DIGEST_ASN_SZ 36 + #endif + #ifndef MAX_ENCODED_SIG_SZ + #define MAX_ENCODED_SIG_SZ 1024 /* Supports 8192 bit keys */ + #endif +#endif + + #if !defined(NO_RSA) && defined(WOLFSSL_CRYPTOCELL) extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig, RsaKey* key, CRYS_RSA_HASH_OpMode_t mode); @@ -225,7 +235,8 @@ int wc_SignatureVerifyHash( WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) - ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key); + ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, + &plain_ptr, (RsaKey*)key); } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret >= 0 && plain_ptr) { if ((word32)ret == hash_len && diff --git a/src/wolfcrypt/src/siphash.c b/src/wolfcrypt/src/siphash.c index 54c02f6..b7c63c3 100644 --- a/src/wolfcrypt/src/siphash.c +++ b/src/wolfcrypt/src/siphash.c @@ -69,14 +69,14 @@ * @param [in] a Little-endian byte array. * @return 64-bit number. */ -#define GET_U64(a) (*(word64*)(a)) +#define GET_U64(a) readUnalignedWord64(a) /** * Decode little-endian byte array to 32-bit number. * * @param [in] a Little-endian byte array. * @return 32-bit number. */ -#define GET_U32(a) (*(word32*)(a)) +#define GET_U32(a) readUnalignedWord32(a) /** * Decode little-endian byte array to 16-bit number. * @@ -90,7 +90,7 @@ * @param [out] a Byte array to write into. * @param [in] n Number to encode. */ -#define SET_U64(a, n) ((*(word64*)(a)) = (n)) +#define SET_U64(a, n) writeUnalignedWord64(a, n) #else /** * Decode little-endian byte array to 64-bit number. @@ -112,7 +112,7 @@ * @param [in] a Little-endian byte array. * @return 32-bit number. */ -#define GET_U32(a) (((word64)((a)[3]) << 24) | \ +#define GET_U32(a) (((word32)((a)[3]) << 24) | \ ((word32)((a)[2]) << 16) | \ ((word32)((a)[1]) << 8) | \ ((word32)((a)[0]) )) @@ -256,14 +256,14 @@ int wc_SipHashUpdate(SipHash* sipHash, const unsigned char* in, word32 inSz) if ((ret == 0) && (inSz > 0)) { /* Add to cache if already started. */ if (sipHash->cacheCnt > 0) { - byte len = SIPHASH_BLOCK_SIZE - sipHash->cacheCnt; + byte len = (byte)(SIPHASH_BLOCK_SIZE - sipHash->cacheCnt); if (len > inSz) { len = (byte)inSz; } XMEMCPY(sipHash->cache + sipHash->cacheCnt, in, len); in += len; inSz -= len; - sipHash->cacheCnt += len; + sipHash->cacheCnt = (byte)(sipHash->cacheCnt + len); if (sipHash->cacheCnt == SIPHASH_BLOCK_SIZE) { /* Compress the block from the cache. */ @@ -331,7 +331,7 @@ int wc_SipHashFinal(SipHash* sipHash, unsigned char* out, unsigned char outSz) if (ret == 0) { /* Put in remaining cached message bytes. */ - XMEMSET(sipHash->cache + sipHash->cacheCnt, 0, 7 - sipHash->cacheCnt); + XMEMSET(sipHash->cache + sipHash->cacheCnt, 0, 7U - sipHash->cacheCnt); sipHash->cache[7] = (byte)(sipHash->inCnt + sipHash->cacheCnt); SipHashCompress(sipHash, sipHash->cache); diff --git a/src/wolfcrypt/src/sp_arm32.c b/src/wolfcrypt/src/sp_arm32.c index 68449be..13f5578 100644 --- a/src/wolfcrypt/src/sp_arm32.c +++ b/src/wolfcrypt/src/sp_arm32.c @@ -93,7 +93,8 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -104,12 +105,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } @@ -2756,7 +2765,7 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -2803,7 +2812,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -2853,7 +2862,7 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -2993,7 +3002,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -3071,7 +3080,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -3271,7 +3280,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -3405,7 +3414,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -5082,7 +5091,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -5167,7 +5176,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -5280,7 +5289,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -5356,7 +5365,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -5393,7 +5402,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -5811,7 +5820,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -5848,7 +5857,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -8451,7 +8460,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -8590,7 +8599,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -11304,7 +11313,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -11442,7 +11451,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -11841,7 +11850,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -12277,7 +12286,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -12528,7 +12537,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -15425,7 +15434,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -15559,7 +15568,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -15619,7 +15628,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -15757,7 +15766,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -16612,7 +16621,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -17170,7 +17179,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -17309,7 +17318,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -18287,7 +18296,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -18298,12 +18308,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -23971,7 +23989,7 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -24032,7 +24050,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -24096,7 +24114,7 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -24268,7 +24286,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -24374,7 +24392,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -24630,7 +24648,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -24820,7 +24838,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -27994,7 +28012,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -28093,7 +28111,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -28234,7 +28252,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -28310,7 +28328,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -28347,7 +28365,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -28765,7 +28783,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -28802,7 +28820,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -32429,7 +32447,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -32624,7 +32642,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -36522,7 +36540,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -36660,7 +36678,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -37235,7 +37253,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -37671,7 +37689,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -38034,7 +38052,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -42275,7 +42293,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -42465,7 +42483,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -42525,7 +42543,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -42663,7 +42681,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -43876,7 +43894,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -44434,7 +44452,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -44629,7 +44647,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -45799,7 +45817,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -45810,12 +45829,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -46186,7 +46213,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -46433,7 +46460,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Multiply a and b into r. (r = a * b) @@ -46549,7 +46576,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -46586,7 +46613,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -51236,7 +51263,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -51711,7 +51738,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -57297,7 +57324,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -57544,7 +57571,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -57604,7 +57631,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -57742,7 +57769,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -59307,7 +59334,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -59865,7 +59892,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -60116,7 +60143,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -65953,7 +65980,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -65990,7 +66017,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -66229,7 +66256,7 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, "lr", "r10" ); (void)m_p; - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Convert an mp_int to an array of sp_digit. @@ -71117,7 +71144,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -71323,7 +71350,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -71370,7 +71397,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -71425,7 +71452,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -74152,7 +74179,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -74180,7 +74207,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -76454,12 +76482,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -76833,7 +76869,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -76867,7 +76903,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -77299,7 +77335,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -77437,7 +77473,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -77540,7 +77576,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -78122,7 +78158,7 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -78158,7 +78194,7 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -78329,7 +78365,7 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_256_num_bits_8_table[] = { +static const byte L_sp_256_num_bits_8_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -78367,8 +78403,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = { static int sp_256_num_bits_8(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = - (unsigned char*)&L_sp_256_num_bits_8_table; + register byte* L_sp_256_num_bits_8_table_c asm ("r1") = + (byte*)&L_sp_256_num_bits_8_table; __asm__ __volatile__ ( "mov lr, %[L_sp_256_num_bits_8_table]\n\t" @@ -78685,7 +78721,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p) : : "memory", "cc", "r2", "r3", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -78774,7 +78810,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p) : : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */ @@ -88809,7 +88845,7 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -88853,7 +88889,7 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -89191,7 +89227,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -89260,7 +89296,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -89961,7 +89997,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -90227,7 +90263,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -90370,7 +90406,7 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -90413,7 +90449,7 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -90455,7 +90491,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -90524,7 +90560,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -91914,7 +91950,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -91942,7 +91978,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -94238,12 +94275,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } @@ -94617,7 +94662,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -94658,7 +94703,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -95218,7 +95263,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -95356,7 +95401,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -95463,13 +95508,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -96088,7 +96133,7 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_384_num_bits_12_table[] = { +static const byte L_sp_384_num_bits_12_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -96126,8 +96171,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = { static int sp_384_num_bits_12(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = - (unsigned char*)&L_sp_384_num_bits_12_table; + register byte* L_sp_384_num_bits_12_table_c asm ("r1") = + (byte*)&L_sp_384_num_bits_12_table; __asm__ __volatile__ ( "mov lr, %[L_sp_384_num_bits_12_table]\n\t" @@ -96696,7 +96741,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) : : "memory", "cc", "r2", "r3", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -96845,7 +96890,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) : : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */ @@ -115266,7 +115311,7 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -115321,7 +115366,7 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -115576,7 +115621,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -115664,7 +115709,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -116954,7 +116999,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -117272,7 +117317,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -119114,7 +119159,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -119142,7 +119187,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -122011,12 +122057,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -122837,7 +122891,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -122889,7 +122943,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -123609,7 +123663,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -123747,7 +123801,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -123861,14 +123915,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -124438,7 +124492,7 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -124492,7 +124546,7 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -124642,7 +124696,7 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) -static const unsigned char L_sp_521_num_bits_17_table[] = { +static const byte L_sp_521_num_bits_17_table[] = { 0x00, 0x01, 0x02, 0x02, 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, @@ -124680,8 +124734,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = { static int sp_521_num_bits_17(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = - (unsigned char*)&L_sp_521_num_bits_17_table; + register byte* L_sp_521_num_bits_17_table_c asm ("r1") = + (byte*)&L_sp_521_num_bits_17_table; __asm__ __volatile__ ( "mov lr, %[L_sp_521_num_bits_17_table]\n\t" @@ -125565,7 +125619,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) : : "memory", "cc", "r2", "r3", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -125789,7 +125843,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) : : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_ARM_ARCH && (WOLFSSL_ARM_ARCH < 7) */ @@ -126664,7 +126718,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 @@ -141833,7 +141887,7 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -141908,7 +141962,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -141986,7 +142040,7 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -142104,7 +142158,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi : : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -142621,7 +142675,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -142663,7 +142717,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -142802,7 +142856,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -142842,7 +142896,7 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -144042,7 +144096,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -144180,7 +144234,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) : : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -144609,7 +144663,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) : : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -146471,7 +146525,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -147428,7 +147482,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -147567,7 +147621,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, : : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -148805,7 +148859,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -148833,7 +148887,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -156661,12 +156716,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } diff --git a/src/wolfcrypt/src/sp_arm64.c b/src/wolfcrypt/src/sp_arm64.c index 0a465f4..2825042 100644 --- a/src/wolfcrypt/src/sp_arm64.c +++ b/src/wolfcrypt/src/sp_arm64.c @@ -22738,7 +22738,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -24197,13 +24197,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_256 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_256; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_4_6[66] = { +static const word8 recode_index_4_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -24212,7 +24212,7 @@ static const uint8_t recode_index_4_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_4_6[66] = { +static const word8 recode_neg_4_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -24230,7 +24230,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -24239,7 +24239,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -24253,12 +24253,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_4_6[y]; v[i].neg = recode_neg_4_6[y]; carry = (y >> 6) + v[i].neg; @@ -24905,7 +24905,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -24933,7 +24933,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i>= 7; @@ -27336,12 +27336,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_4_7[y]; v[i].neg = recode_neg_4_7[y]; carry = (y >> 7) + v[i].neg; @@ -39445,7 +39445,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, p->infinity = !v[i].i; sp_256_sub_4(negy, p256_mod, p->y); sp_256_norm_4(negy); - sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg); + sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_256_proj_point_add_qz1_4(rt, rt, p, tmp); } if (map != 0) { @@ -40519,7 +40519,7 @@ SP_NOINLINE static void sp_256_mont_mul_order_4(sp_digit* r, #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; @@ -43944,7 +43944,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -45159,13 +45159,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_6_6[66] = { +static const word8 recode_index_6_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -45174,7 +45174,7 @@ static const uint8_t recode_index_6_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_6_6[66] = { +static const word8 recode_neg_6_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -45192,7 +45192,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -45201,7 +45201,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -45215,12 +45215,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_6_6[y]; v[i].neg = recode_neg_6_6[y]; carry = (y >> 6) + v[i].neg; @@ -45831,7 +45831,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -45859,7 +45859,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i>= 7; @@ -48262,12 +48262,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_6_7[y]; v[i].neg = recode_neg_6_7[y]; carry = (y >> 7) + v[i].neg; @@ -66185,7 +66185,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, p->infinity = !v[i].i; sp_384_sub_6(negy, p384_mod, p->y); sp_384_norm_6(negy); - sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg); + sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_384_proj_point_add_qz1_6(rt, rt, p, tmp); } if (map != 0) { @@ -67122,13 +67122,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -72112,7 +72112,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -73516,13 +73516,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -73531,7 +73531,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -73549,7 +73549,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -73558,7 +73558,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -73572,12 +73572,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -74233,7 +74233,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -74261,7 +74261,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i>= 7; @@ -77318,12 +77318,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_9_7[y]; v[i].neg = recode_neg_9_7[y]; carry = (y >> 7) + v[i].neg; @@ -111319,7 +111319,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g, p->infinity = !v[i].i; sp_521_sub_9(negy, p521_mod, p->y); sp_521_norm_9(negy); - sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg); + sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_521_proj_point_add_qz1_9(rt, rt, p, tmp); } if (map != 0) { @@ -111996,14 +111996,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -113493,7 +113493,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 @@ -116078,7 +116078,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -117595,13 +117595,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_16_7[130] = { +static const word8 recode_index_16_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -117614,7 +117614,7 @@ static const uint8_t recode_index_16_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_16_7[130] = { +static const word8 recode_neg_16_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -117636,7 +117636,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -117645,7 +117645,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -117659,12 +117659,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 16) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_16_7[y]; v[i].neg = recode_neg_16_7[y]; carry = (y >> 7) + v[i].neg; @@ -118133,7 +118133,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -118161,7 +118161,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -104,12 +105,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } @@ -9528,7 +9537,7 @@ SP_NOINLINE static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Add b to a into r. (r = a + b) @@ -9616,7 +9625,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -9781,7 +9790,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_16(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -9940,7 +9949,7 @@ SP_NOINLINE static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -10155,7 +10164,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_16(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -10464,7 +10473,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -10759,7 +10768,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -11106,7 +11115,7 @@ SP_NOINLINE static sp_digit sp_2048_add_word_32(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -11703,7 +11712,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -12270,7 +12279,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -19367,7 +19376,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -19560,7 +19569,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -19889,7 +19898,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -20005,7 +20014,7 @@ SP_NOINLINE static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -20084,7 +20093,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_64(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -20881,7 +20890,7 @@ SP_NOINLINE static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -20954,7 +20963,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_in_place_32(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -21925,7 +21934,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #define sp_2048_mont_reduce_order_64 sp_2048_mont_reduce_64 @@ -23824,7 +23833,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* Compare a with b in constant time. @@ -23933,7 +23942,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -24397,7 +24406,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #define sp_2048_mont_reduce_order_64 sp_2048_mont_reduce_64 @@ -26122,7 +26131,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -26689,7 +26698,7 @@ SP_NOINLINE static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -27306,7 +27315,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -27519,7 +27528,7 @@ SP_NOINLINE static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -28105,7 +28114,7 @@ SP_NOINLINE static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* RSA private key operation. @@ -30275,7 +30284,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -30286,12 +30296,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -50970,7 +50988,7 @@ SP_NOINLINE static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Add b to a into r. (r = a + b) @@ -51090,7 +51108,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -51327,7 +51345,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_24(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -51554,7 +51572,7 @@ SP_NOINLINE static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -51837,7 +51855,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_24(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -52290,7 +52308,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -52721,7 +52739,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -53196,7 +53214,7 @@ SP_NOINLINE static sp_digit sp_3072_add_word_48(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -54081,7 +54099,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -54920,7 +54938,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -70307,7 +70325,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -70568,7 +70586,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -71033,7 +71051,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -71149,7 +71167,7 @@ SP_NOINLINE static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -71228,7 +71246,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_96(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -72050,7 +72068,7 @@ SP_NOINLINE static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -72123,7 +72141,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_in_place_48(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -73109,7 +73127,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #define sp_3072_mont_reduce_order_96 sp_3072_mont_reduce_96 @@ -75280,7 +75298,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* Compare a with b in constant time. @@ -75389,7 +75407,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -75853,7 +75871,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #define sp_3072_mont_reduce_order_96 sp_3072_mont_reduce_96 @@ -78132,7 +78150,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -78971,7 +78989,7 @@ SP_NOINLINE static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -79588,7 +79606,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -79806,7 +79824,7 @@ SP_NOINLINE static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -80392,7 +80410,7 @@ SP_NOINLINE static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* RSA private key operation. @@ -83360,7 +83378,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -83371,12 +83390,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -84040,7 +84067,7 @@ SP_NOINLINE static sp_digit sp_4096_add_word_64(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -85213,7 +85240,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -86324,7 +86351,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Multiply a and b into r. (r = a * b) @@ -86477,7 +86504,7 @@ SP_NOINLINE static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -86556,7 +86583,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_in_place_128(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -87581,7 +87608,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #define sp_4096_mont_reduce_order_128 sp_4096_mont_reduce_128 @@ -90404,7 +90431,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -91515,7 +91542,7 @@ SP_NOINLINE static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -92132,7 +92159,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -92351,7 +92378,7 @@ SP_NOINLINE static sp_int32 sp_4096_cmp_128(const sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -92942,7 +92969,7 @@ SP_NOINLINE static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* RSA private key operation. @@ -97455,7 +97482,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -97547,7 +97574,7 @@ SP_NOINLINE static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -98858,7 +98885,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -99039,7 +99066,7 @@ SP_NOINLINE static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -99108,7 +99135,7 @@ SP_NOINLINE static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Map the Montgomery form projective coordinate point to an affine point. @@ -101546,7 +101573,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -101574,7 +101601,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -103906,12 +103934,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -104321,7 +104357,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -104415,7 +104451,7 @@ SP_NOINLINE static sp_digit sp_256_sub_in_place_8(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -105218,7 +105254,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* AND m into each word of a and store in r. @@ -105321,7 +105357,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -105933,7 +105969,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -106024,7 +106060,7 @@ SP_NOINLINE static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -107206,7 +107242,7 @@ static int sp_256_num_bits_8(sp_digit* a) : : "memory", "r2", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Non-constant time modular inversion. @@ -109018,7 +109054,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -109144,7 +109180,7 @@ SP_NOINLINE static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -109504,7 +109540,7 @@ SP_NOINLINE static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #define sp_384_mont_reduce_order_12 sp_384_mont_reduce_12 @@ -110286,7 +110322,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -110483,7 +110519,7 @@ SP_NOINLINE static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -110645,7 +110681,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -110770,7 +110806,7 @@ SP_NOINLINE static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -110840,7 +110876,7 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Subtract two Montgomery form numbers (r = a - b % m). @@ -112394,7 +112430,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -112422,7 +112458,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -114806,12 +114843,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } @@ -115221,7 +115266,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -115351,7 +115396,7 @@ SP_NOINLINE static sp_digit sp_384_sub_in_place_12(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -116154,7 +116199,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* AND m into each word of a and store in r. @@ -116261,13 +116306,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -118378,7 +118423,7 @@ static int sp_384_num_bits_12(sp_digit* a) : : "memory", "r2", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Non-constant time modular inversion. @@ -120236,7 +120281,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -120406,7 +120451,7 @@ SP_NOINLINE static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -120683,7 +120728,7 @@ SP_NOINLINE static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Reduce the number back to 521 bits using Montgomery reduction. @@ -122551,7 +122596,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -122745,7 +122790,7 @@ SP_NOINLINE static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -124328,7 +124373,7 @@ SP_NOINLINE static sp_digit sp_521_cond_add_17(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Right shift a by 1 bit into r. (r = a >> 1) @@ -126018,7 +126063,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -126046,7 +126091,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -129039,12 +129085,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -131093,7 +131147,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -131269,7 +131323,7 @@ SP_NOINLINE static sp_digit sp_521_sub_in_place_17(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -132072,7 +132126,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* AND m into each word of a and store in r. @@ -132186,14 +132240,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -132788,7 +132842,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -132957,7 +133011,7 @@ SP_NOINLINE static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -135289,7 +135343,7 @@ static int sp_521_num_bits_17(sp_digit* a) : : "memory", "r2", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Non-constant time modular inversion. @@ -136163,7 +136217,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 @@ -199361,7 +199415,7 @@ SP_NOINLINE static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Add b to a into r. (r = a + b) @@ -199513,7 +199567,7 @@ SP_NOINLINE static sp_digit sp_1024_add_word_16(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -199822,7 +199876,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -200117,7 +200171,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -200342,7 +200396,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -201213,7 +201267,7 @@ SP_NOINLINE static sp_digit sp_1024_sub_in_place_32(sp_digit* a, : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -201277,7 +201331,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #ifdef WOLFSSL_SP_SMALL @@ -201351,7 +201405,7 @@ SP_NOINLINE static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, : : "memory", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -202154,7 +202208,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } /* AND m into each word of a and store in r. @@ -202293,7 +202347,7 @@ SP_NOINLINE static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -203744,7 +203798,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -208907,7 +208961,7 @@ SP_NOINLINE static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Right shift a by 1 bit into r. (r = a >> 1) @@ -210617,7 +210671,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -210645,7 +210699,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -218473,12 +218528,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } diff --git a/src/wolfcrypt/src/sp_c32.c b/src/wolfcrypt/src/sp_c32.c index 9520f86..a1f0eb2 100644 --- a/src/wolfcrypt/src/sp_c32.c +++ b/src/wolfcrypt/src/sp_c32.c @@ -20945,7 +20945,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -22385,13 +22385,13 @@ static void sp_256_proj_point_add_sub_9(sp_point_256* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_256 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_256; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -22400,7 +22400,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -22418,7 +22418,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -22427,7 +22427,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 29) { y &= 0x3f; n >>= 6; @@ -22441,12 +22441,12 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (29 - o)) & 0x3f); + y |= (word8)((n << (29 - o)) & 0x3f); o -= 23; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -23046,7 +23046,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -23074,7 +23074,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i> 4; v |= v >> 8; v |= v >> 16; - return sp_256_tab32_9[(uint32_t)(v*0x07C4ACDD) >> 27]; + return sp_256_tab32_9[(word32)(v*0x07C4ACDD) >> 27]; } static int sp_256_num_bits_9(const sp_digit* a) @@ -28328,7 +28328,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_15(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -29854,13 +29854,13 @@ static void sp_384_proj_point_add_sub_15(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_15_6[66] = { +static const word8 recode_index_15_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -29869,7 +29869,7 @@ static const uint8_t recode_index_15_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_15_6[66] = { +static const word8 recode_neg_15_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -29887,7 +29887,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -29896,7 +29896,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 26) { y &= 0x3f; n >>= 6; @@ -29910,12 +29910,12 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) } else if (++j < 15) { n = k[j]; - y |= (uint8_t)((n << (26 - o)) & 0x3f); + y |= (word8)((n << (26 - o)) & 0x3f); o -= 20; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_15_6[y]; v[i].neg = recode_neg_15_6[y]; carry = (y >> 6) + v[i].neg; @@ -30575,7 +30575,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -30603,7 +30603,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i> 4; v |= v >> 8; v |= v >> 16; - return sp_384_tab32_15[(uint32_t)(v*0x07C4ACDD) >> 27]; + return sp_384_tab32_15[(word32)(v*0x07C4ACDD) >> 27]; } static int sp_384_num_bits_15(const sp_digit* a) @@ -35976,7 +35976,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_21(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -37373,13 +37373,13 @@ static void sp_521_proj_point_add_sub_21(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_21_6[66] = { +static const word8 recode_index_21_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -37388,7 +37388,7 @@ static const uint8_t recode_index_21_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_21_6[66] = { +static const word8 recode_neg_21_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -37406,7 +37406,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -37415,7 +37415,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 25) { y &= 0x3f; n >>= 6; @@ -37429,12 +37429,12 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) } else if (++j < 21) { n = k[j]; - y |= (uint8_t)((n << (25 - o)) & 0x3f); + y |= (word8)((n << (25 - o)) & 0x3f); o -= 19; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_21_6[y]; v[i].neg = recode_neg_21_6[y]; carry = (y >> 6) + v[i].neg; @@ -38154,7 +38154,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -38182,7 +38182,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i> 4; v |= v >> 8; v |= v >> 16; - return sp_521_tab32_21[(uint32_t)(v*0x07C4ACDD) >> 27]; + return sp_521_tab32_21[(word32)(v*0x07C4ACDD) >> 27]; } static int sp_521_num_bits_21(const sp_digit* a) @@ -43092,7 +43092,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 @@ -44810,7 +44810,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_42(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -46182,13 +46182,13 @@ static void sp_1024_proj_point_add_sub_42(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_42_7[130] = { +static const word8 recode_index_42_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -46201,7 +46201,7 @@ static const uint8_t recode_index_42_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_42_7[130] = { +static const word8 recode_neg_42_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -46223,7 +46223,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -46232,7 +46232,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 25) { y &= 0x7f; n >>= 7; @@ -46246,12 +46246,12 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 42) { n = k[j]; - y |= (uint8_t)((n << (25 - o)) & 0x7f); + y |= (word8)((n << (25 - o)) & 0x7f); o -= 18; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_42_7[y]; v[i].neg = recode_neg_42_7[y]; carry = (y >> 7) + v[i].neg; @@ -46714,7 +46714,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -46742,7 +46742,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i>= 6; @@ -23377,12 +23377,12 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v) } else if (++j < 5) { n = k[j]; - y |= (uint8_t)((n << (52 - o)) & 0x3f); + y |= (word8)((n << (52 - o)) & 0x3f); o -= 46; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_5_6[y]; v[i].neg = recode_neg_5_6[y]; carry = (y >> 6) + v[i].neg; @@ -23942,7 +23942,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -23970,7 +23970,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i> 8; v |= v >> 16; v |= v >> 32; - return sp_256_tab64_5[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; + return sp_256_tab64_5[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; } static int sp_256_num_bits_5(const sp_digit* a) @@ -28793,7 +28793,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_7(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -30257,13 +30257,13 @@ static void sp_384_proj_point_add_sub_7(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_7_6[66] = { +static const word8 recode_index_7_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -30272,7 +30272,7 @@ static const uint8_t recode_index_7_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_7_6[66] = { +static const word8 recode_neg_7_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -30290,7 +30290,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -30299,7 +30299,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 55) { y &= 0x3f; n >>= 6; @@ -30313,12 +30313,12 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) } else if (++j < 7) { n = k[j]; - y |= (uint8_t)((n << (55 - o)) & 0x3f); + y |= (word8)((n << (55 - o)) & 0x3f); o -= 49; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_7_6[y]; v[i].neg = recode_neg_7_6[y]; carry = (y >> 6) + v[i].neg; @@ -30898,7 +30898,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -30926,7 +30926,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i> 8; v |= v >> 16; v |= v >> 32; - return sp_384_tab64_7[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; + return sp_384_tab64_7[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; } static int sp_384_num_bits_7(const sp_digit* a) @@ -36306,7 +36306,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -37654,13 +37654,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -37669,7 +37669,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -37687,7 +37687,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -37696,7 +37696,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 58) { y &= 0x3f; n >>= 6; @@ -37710,12 +37710,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (58 - o)) & 0x3f); + y |= (word8)((n << (58 - o)) & 0x3f); o -= 52; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -38315,7 +38315,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -38343,7 +38343,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i> 8; v |= v >> 16; v |= v >> 32; - return sp_521_tab64_9[((uint64_t)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; + return sp_521_tab64_9[((word64)((v - (v >> 1))*0x07EDD5E59A4E28C2)) >> 58]; } static int sp_521_num_bits_9(const sp_digit* a) @@ -42672,7 +42672,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 @@ -44236,7 +44236,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_18(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -45525,13 +45525,13 @@ static void sp_1024_proj_point_add_sub_18(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_18_7[130] = { +static const word8 recode_index_18_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -45544,7 +45544,7 @@ static const uint8_t recode_index_18_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_18_7[130] = { +static const word8 recode_neg_18_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -45566,7 +45566,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -45575,7 +45575,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 57) { y &= 0x7f; n >>= 7; @@ -45589,12 +45589,12 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 18) { n = k[j]; - y |= (uint8_t)((n << (57 - o)) & 0x7f); + y |= (word8)((n << (57 - o)) & 0x7f); o -= 50; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_18_7[y]; v[i].neg = recode_neg_18_7[y]; carry = (y >> 7) + v[i].neg; @@ -46057,7 +46057,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -46085,7 +46085,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -104,12 +105,20 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } @@ -776,7 +785,7 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -829,7 +838,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -885,7 +894,7 @@ static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -1031,7 +1040,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -1115,7 +1124,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -1321,7 +1330,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -1461,7 +1470,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -1938,7 +1947,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -2029,7 +2038,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -2148,7 +2157,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -2239,7 +2248,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -2291,7 +2300,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -2608,7 +2617,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -2660,7 +2669,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -3404,7 +3413,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -3548,7 +3557,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -4651,7 +4660,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -4733,7 +4742,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -5146,7 +5155,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -5596,7 +5605,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -5852,7 +5861,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -7113,7 +7122,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -7253,7 +7262,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -7319,7 +7328,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -7401,7 +7410,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -8269,7 +8278,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -8841,7 +8850,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -8985,7 +8994,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -9969,7 +9978,8 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -9980,12 +9990,20 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -11189,7 +11207,7 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -11256,7 +11274,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -11326,7 +11344,7 @@ static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -11504,7 +11522,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -11616,7 +11634,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -11878,7 +11896,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -12074,7 +12092,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -12891,7 +12909,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -12996,7 +13014,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -13143,7 +13161,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -13234,7 +13252,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -13286,7 +13304,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -13603,7 +13621,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -13655,7 +13673,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -14559,7 +14577,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -14759,7 +14777,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -16150,7 +16168,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -16232,7 +16250,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -16821,7 +16839,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -17271,7 +17289,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -17639,7 +17657,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -19316,7 +19334,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -19512,7 +19530,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -19578,7 +19596,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -19660,7 +19678,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -20880,7 +20898,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -21452,7 +21470,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -21652,7 +21670,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -22828,7 +22846,8 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) int j; byte* d; - for (i = n - 1,j = 0; i >= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -22839,12 +22858,20 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -23221,7 +23248,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -23473,7 +23500,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Multiply a and b into r. (r = a * b) @@ -23603,7 +23630,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -23655,7 +23682,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -24718,7 +24745,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -25198,7 +25225,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -27291,7 +27318,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -27543,7 +27570,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -27609,7 +27636,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -27691,7 +27718,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -29263,7 +29290,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -29835,7 +29862,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -30091,7 +30118,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -32641,7 +32668,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -32684,7 +32711,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -32931,7 +32958,7 @@ static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit* #else (void)m; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Convert an mp_int to an array of sp_digit. @@ -34541,7 +34568,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_8(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_minus_2[8] = { +static const word32 p256_mod_minus_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -34761,7 +34788,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -34823,7 +34850,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -34883,7 +34910,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -37129,7 +37156,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -37157,7 +37184,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -39437,12 +39465,20 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -39831,7 +39867,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -39871,7 +39907,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -40063,7 +40099,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -40145,7 +40181,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -40247,7 +40283,7 @@ static void sp_256_mont_mul_order_8(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint32_t p256_order_minus_2[8] = { +static const word32 p256_order_minus_2[8] = { 0xfc63254fU,0xf3b9cac2U,0xa7179e84U,0xbce6faadU,0xffffffffU,0xffffffffU, 0x00000000U,0xffffffffU }; @@ -40844,7 +40880,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -40886,7 +40922,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -41227,7 +41263,7 @@ static int sp_256_num_bits_8(const sp_digit* a) : : "memory", "r1", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Non-constant time modular inversion. @@ -44327,7 +44363,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -44377,7 +44413,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -44730,7 +44766,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -44804,7 +44840,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -45134,7 +45170,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_12(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint32_t p384_mod_minus_2[12] = { +static const word32 p384_mod_minus_2[12] = { 0xfffffffdU,0x00000000U,0x00000000U,0xffffffffU,0xfffffffeU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; @@ -45414,7 +45450,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -45589,7 +45625,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -45638,7 +45674,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -45695,7 +45731,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -45769,7 +45805,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -47170,7 +47206,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -47198,7 +47234,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -49500,12 +49537,20 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } @@ -49894,7 +49939,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -49941,7 +49986,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -50153,7 +50198,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -50235,7 +50280,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -50341,13 +50386,13 @@ static void sp_384_mont_mul_order_12(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint32_t p384_order_minus_2[12] = { +static const word32 p384_order_minus_2[12] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint32_t p384_order_low[6] = { +static const word32 p384_order_low[6] = { 0xccc52971U,0xecec196aU,0x48b0a77aU,0x581a0db2U,0xf4372ddfU,0xc7634d81U }; #endif /* WOLFSSL_SP_SMALL */ @@ -51286,7 +51331,7 @@ static int sp_384_num_bits_12(const sp_digit* a) : : "memory", "r1", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Non-constant time modular inversion. @@ -56042,7 +56087,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -56103,7 +56148,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -56373,7 +56418,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -56466,7 +56511,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -57169,7 +57214,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_17(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint32_t p521_mod_minus_2[17] = { +static const word32 p521_mod_minus_2[17] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU @@ -57501,7 +57546,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Normalize the values in each word to 32. @@ -59359,7 +59404,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -59387,7 +59432,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -62262,12 +62308,20 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER + switch (i) { + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough + } +#else switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough } +#endif j++; } @@ -63111,7 +63165,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #else @@ -63169,7 +63223,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -63406,7 +63460,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -63488,7 +63542,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -63601,14 +63655,14 @@ static void sp_521_mont_mul_order_17(sp_digit* r, const sp_digit* a, const sp_di #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint32_t p521_order_minus_2[17] = { +static const word32 p521_order_minus_2[17] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU,0xffffffffU,0xffffffffU,0xffffffffU, 0xffffffffU,0xffffffffU,0xffffffffU,0xffffffffU,0x000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint32_t p521_order_low[9] = { +static const word32 p521_order_low[9] = { 0x91386407U,0xbb6fb71eU,0x899c47aeU,0x3bb5c9b8U,0xf709a5d0U,0x7fcc0148U, 0xbf2f966bU,0x51868783U,0xfffffffaU }; @@ -64193,7 +64247,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -64253,7 +64307,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -64848,7 +64902,7 @@ static int sp_521_num_bits_17(const sp_digit* a) : : "memory", "r1", "r2", "r3", "r4", "r5", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Non-constant time modular inversion. @@ -65722,7 +65776,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint32_t p521_sqrt_power[17] = { +static const word32 p521_sqrt_power[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, 0x00000000,0x00000000,0x00000080 @@ -68866,7 +68920,7 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Sub b from a into a. (a -= b) @@ -68947,7 +69001,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Add b to a into r. (r = a + b) @@ -69031,7 +69085,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* AND m into each word of a and store in r. @@ -69155,7 +69209,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } /* Square a and put result in r. (r = a * a) @@ -69571,7 +69625,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } #endif /* WOLFSSL_SP_SMALL */ @@ -69628,7 +69682,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -69772,7 +69826,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -69827,7 +69881,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -70139,7 +70193,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #else @@ -70221,7 +70275,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit : : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)d1; + return (word32)(size_t)d1; } #endif @@ -70664,7 +70718,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) : : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)a; + return (word32)(size_t)a; } /* Divide d in a and put remainder into r (m*d + r = a) @@ -71569,7 +71623,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_32(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -72557,7 +72611,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #else @@ -72701,7 +72755,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig : : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" ); - return (uint32_t)(size_t)r; + return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ @@ -73945,7 +73999,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[16]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -73973,7 +74027,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; i= 3; i -= 4) { + j = 0; + for (i = n - 1; i >= 3; i -= 4) { r[j] = ((sp_digit)a[i - 0] << 0) | ((sp_digit)a[i - 1] << 8) | ((sp_digit)a[i - 2] << 16) | @@ -81801,12 +81856,20 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) if (i >= 0) { r[j] = 0; - d = (byte*)r; + d = (byte*)(r + j); +#ifdef BIG_ENDIAN_ORDER switch (i) { - case 2: d[n - 1 - 2] = a[2]; //fallthrough - case 1: d[n - 1 - 1] = a[1]; //fallthrough - case 0: d[n - 1 - 0] = a[0]; //fallthrough + case 2: d[1] = *(a++); //fallthrough + case 1: d[2] = *(a++); //fallthrough + case 0: d[3] = *a ; //fallthrough } +#else + switch (i) { + case 2: d[2] = a[2]; //fallthrough + case 1: d[1] = a[1]; //fallthrough + case 0: d[0] = a[0]; //fallthrough + } +#endif j++; } diff --git a/src/wolfcrypt/src/sp_dsp32.c b/src/wolfcrypt/src/sp_dsp32.c index f14e1ab..e65862d 100644 --- a/src/wolfcrypt/src/sp_dsp32.c +++ b/src/wolfcrypt/src/sp_dsp32.c @@ -1309,7 +1309,7 @@ static void sp_256_mont_sqr_n_10(sp_digit* r, const sp_digit* a, int n, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint32_t p256_mod_2[8] = { +static const word32 p256_mod_2[8] = { 0xfffffffdU,0xffffffffU,0xffffffffU,0x00000000U,0x00000000U,0x00000000U, 0x00000001U,0xffffffffU }; @@ -1390,10 +1390,10 @@ static void sp_256_mont_inv_10(sp_digit* r, const sp_digit* a, sp_digit* td) } -/* Map the Montgomery form projective co-ordinate point to an affine point. +/* Map the Montgomery form projective coordinate point to an affine point. * - * r Resulting affine co-ordinate point. - * p Montgomery form projective co-ordinate point. + * r Resulting affine coordinate point. + * p Montgomery form projective coordinate point. * t Temporary ordinate data. */ static void sp_256_map_10(sp_point* r, const sp_point* p, sp_digit* t) @@ -1910,7 +1910,7 @@ static void sp_256_proj_point_add_10(sp_point* r, const sp_point* p, const sp_po #ifdef WOLFSSL_SP_SMALL /* Multiply the point by the scalar and return the result. - * If map is true then convert result to affine co-ordinates. + * If map is true then convert result to affine coordinates. * * r Resulting point. * g Point to multiply. @@ -2006,7 +2006,7 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit* #elif !defined(WC_NO_CACHE_RESISTANT) /* Multiply the point by the scalar and return the result. - * If map is true then convert result to affine co-ordinates. + * If map is true then convert result to affine coordinates. * * r Resulting point. * g Point to multiply. @@ -2119,7 +2119,7 @@ typedef struct sp_table_entry { } sp_table_entry; /* Multiply the point by the scalar and return the result. - * If map is true then convert result to affine co-ordinates. + * If map is true then convert result to affine coordinates. * * r Resulting point. * g Point to multiply. @@ -2517,7 +2517,7 @@ static int sp_256_gen_stripe_table_10(const sp_point* a, #endif /* FP_ECC */ /* Multiply the point by the scalar and return the result. - * If map is true then convert result to affine co-ordinates. + * If map is true then convert result to affine coordinates. * * r Resulting point. * k Scalar to multiply by. @@ -2607,7 +2607,7 @@ typedef struct sp_cache_t { sp_digit x[10] __attribute__((aligned(128))); sp_digit y[10] __attribute__((aligned(128))); sp_table_entry table[256] __attribute__((aligned(128))); - uint32_t cnt; + word32 cnt; int set; } sp_cache_t; @@ -2625,7 +2625,7 @@ static THREAD_LS_T int sp_cache_inited = 0; static void sp_ecc_get_cache(const sp_point* g, sp_cache_t** cache) { int i, j; - uint32_t least; + word32 least; if (sp_cache_inited == 0) { for (i=0; i SP_INT_DIGITS)) { \ + if (((err) == MP_OKAY) && ((s) > (int)SP_INT_DIGITS)) { \ (err) = MP_VAL; \ } \ } \ @@ -3458,7 +3458,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, : : "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" ); - return (uint32_t)(size_t)hi; + return (sp_uint32)(size_t)hi; } #define SP_ASM_DIV_WORD @@ -5087,52 +5087,6 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct); static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #endif -/* Determine when mp_add_d is required. */ -#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(OPENSSL_EXTRA) -#define WOLFSSL_SP_ADD_D -#endif -/* Determine when mp_sub_d is required. */ -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) -#define WOLFSSL_SP_SUB_D -#endif -/* Determine when mp_read_radix with a radix of 10 is required. */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ - !defined(NO_DSA) || defined(OPENSSL_EXTRA) -#define WOLFSSL_SP_READ_RADIX_16 -#endif -/* Determine when mp_read_radix with a radix of 10 is required. */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY) -#define WOLFSSL_SP_READ_RADIX_10 -#endif -/* Determine when mp_invmod is required. */ -#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) -#define WOLFSSL_SP_INVMOD -#endif -/* Determine when mp_invmod_mont_ct is required. */ -#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -#define WOLFSSL_SP_INVMOD_MONT_CT -#endif - -/* Determine when mp_prime_gen is required. */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ - (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) -#define WOLFSSL_SP_PRIME_GEN -#endif - -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) -/* Determine when mp_mul_d is required */ -#define WOLFSSL_SP_MUL_D -#endif /* Set the multi-precision number to zero. * @@ -5352,7 +5306,7 @@ void sp_forcezero(sp_int* a) /* Zeroize when a vald pointer passed in. */ if (a != NULL) { /* Ensure all data zeroized - data not zeroed when used decreases. */ - ForceZero(a->dp, a->size * SP_WORD_SIZEOF); + ForceZero(a->dp, a->size * (word32)SP_WORD_SIZEOF); /* Set back to zero. */ #ifdef HAVE_WOLF_BIGINT /* Zeroize the raw data as well. */ @@ -5379,7 +5333,7 @@ static void _sp_copy(const sp_int* a, sp_int* r) r->dp[0] = 0; } else { - XMEMCPY(r->dp, a->dp, a->used * SP_WORD_SIZEOF); + XMEMCPY(r->dp, a->dp, a->used * (word32)SP_WORD_SIZEOF); } /* Set number of used words in result. */ r->used = a->used; @@ -6118,7 +6072,7 @@ int sp_set_bit(sp_int* a, int i) a->dp[w] |= (sp_int_digit)1 << s; /* Update used if necessary */ if (a->used <= w) { - a->used = w + 1; + a->used = (sp_size_t)(w + 1U); } } @@ -7363,7 +7317,7 @@ static void _sp_div_2(const sp_int* a, sp_int* r) /* Last word only needs to be shifted down. */ r->dp[i] = a->dp[i] >> 1; /* Set used to be all words seen. */ - r->used = (sp_size_t)i + 1; + r->used = (sp_size_t)(i + 1); /* Remove leading zeros. */ sp_clamp(r); #ifdef WOLFSSL_SP_INT_NEGATIVE @@ -7484,7 +7438,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) r->dp[i] = l; #endif /* Used includes carry - set or not. */ - r->used = i + 1; + r->used = (sp_size_t)(i + 1); #ifdef WOLFSSL_SP_INT_NEGATIVE r->sign = MP_ZPOS; #endif @@ -7872,7 +7826,7 @@ static int _sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m, { int err = MP_OKAY; /* Calculate used based on digits used in a and b. */ - sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1); + sp_size_t used = (sp_size_t)(((a->used >= b->used) ? a->used + 1U : b->used + 1U)); DECL_SP_INT(t, used); /* Allocate a temporary SP int to hold sum. */ @@ -7960,8 +7914,8 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, int err = MP_OKAY; #ifndef WOLFSSL_SP_INT_NEGATIVE unsigned int used = ((a->used >= m->used) ? - ((a->used >= b->used) ? (a->used + 1) : (b->used + 1)) : - ((b->used >= m->used)) ? (b->used + 1) : (m->used + 1)); + ((a->used >= b->used) ? (a->used + 1U) : (b->used + 1U)) : + ((b->used >= m->used)) ? (b->used + 1U) : (m->used + 1U)); DECL_SP_INT_ARRAY(t, used, 2); ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL); @@ -8452,11 +8406,11 @@ int sp_lshd(sp_int* a, int s) } if (err == MP_OKAY) { /* Move up digits. */ - XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF); + XMEMMOVE(a->dp + s, a->dp, a->used * (word32)SP_WORD_SIZEOF); /* Back fill with zeros. */ XMEMSET(a->dp, 0, (size_t)s * SP_WORD_SIZEOF); /* Update used. */ - a->used += (sp_size_t)s; + a->used = (sp_size_t)(a->used + s); /* Remove leading zeros. */ sp_clamp(a); } @@ -8493,7 +8447,7 @@ static int sp_lshb(sp_int* a, int n) } if (err == MP_OKAY) { /* Get count of bits to move in digit. */ - n &= SP_WORD_MASK; + n &= (int)SP_WORD_MASK; /* Check whether this is a complicated case. */ if (n != 0) { unsigned int i; @@ -8502,7 +8456,7 @@ static int sp_lshb(sp_int* a, int n) /* Get new most significant digit. */ sp_int_digit v = a->dp[a->used - 1] >> (SP_WORD_SIZE - n); /* Shift up each digit. */ - for (i = a->used - 1; i >= 1; i--) { + for (i = a->used - 1U; i >= 1U; i--) { a->dp[i + s] = (a->dp[i] << n) | (a->dp[i - 1] >> (SP_WORD_SIZE - n)); } @@ -8517,13 +8471,13 @@ static int sp_lshb(sp_int* a, int n) /* Only digits to move and ensure not zero. */ else if (s > 0) { /* Move up digits. */ - XMEMMOVE(a->dp + s, a->dp, a->used * SP_WORD_SIZEOF); + XMEMMOVE(a->dp + s, a->dp, a->used * (word32)SP_WORD_SIZEOF); } /* Update used digit count. */ - a->used += s; + a->used = (sp_size_t)(a->used + s); /* Back fill with zeros. */ - XMEMSET(a->dp, 0, SP_WORD_SIZEOF * s); + XMEMSET(a->dp, 0, (word32)SP_WORD_SIZEOF * s); } } @@ -8550,7 +8504,7 @@ void sp_rshd(sp_int* a, int c) sp_size_t i; /* Update used digits count. */ - a->used -= (sp_size_t)c; + a->used = (sp_size_t)(a->used - c); /* Move digits down. */ for (i = 0; i < a->used; i++, c++) { a->dp[i] = a->dp[c]; @@ -8594,13 +8548,13 @@ int sp_rshb(const sp_int* a, int n, sp_int* r) /* Handle simple case. */ if (n == 0) { /* Set the count of used digits. */ - r->used = a->used - i; + r->used = (sp_size_t)(a->used - i); /* Move digits down. */ if (r == a) { - XMEMMOVE(r->dp, r->dp + i, SP_WORD_SIZEOF * r->used); + XMEMMOVE(r->dp, r->dp + i, (word32)SP_WORD_SIZEOF * r->used); } else { - XMEMCPY(r->dp, a->dp + i, SP_WORD_SIZEOF * r->used); + XMEMCPY(r->dp, a->dp + i, (word32)SP_WORD_SIZEOF * r->used); } } else { @@ -8637,7 +8591,7 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r) sp_size_t i; /* Compare top digits of dividend with those of divisor up to last. */ - for (i = d->used - 1; i > 0; i--) { + for (i = (sp_size_t)(d->used - 1U); i > 0; i--) { /* Break if top divisor is not equal to dividend. */ if (a->dp[a->used - d->used + i] != d->dp[i]) { break; @@ -8650,7 +8604,7 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r) /* Get 'used' to restore - ensure zeros put into quotient. */ i = a->used; /* Subtract d from top of a. */ - _sp_sub_off(a, d, a, a->used - d->used); + _sp_sub_off(a, d, a, (sp_size_t)(a->used - d->used)); /* Restore 'used' on remainder. */ a->used = i; } @@ -8707,7 +8661,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial) /* Keep subtracting multiples of d as long as the digit count of a is * greater than equal to d. */ - for (i = a->used - 1; i >= d->used; i--) { + for (i = (sp_size_t)(a->used - 1U); i >= d->used; i--) { /* When top digits equal, guestimate maximum multiplier. * Worst case, multiplier is actually SP_DIGIT_MAX - 1. * That is, for w (word size in bits) > 1, n > 1, let: @@ -8761,7 +8715,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial) } #else /* Index of lowest digit trial is subtracted from. */ - o = i - d->used; + o = (sp_size_t)(i - d->used); do { #ifndef SQR_MUL_ASM sp_int_word tw = 0; @@ -8830,7 +8784,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial) #endif /* WOLFSSL_SP_SMALL */ } /* Update used. */ - a->used = i + 1; + a->used = (sp_size_t)(i + 1U); if (a->used == d->used) { /* Finish div now that length of dividend is same as divisor. */ _sp_div_same_size(a, d, r); @@ -8964,12 +8918,12 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem, trial = td[1]; /* Initialize sizes to minimal values. */ - _sp_init_size(sd, d->used + 1); + _sp_init_size(sd, (sp_size_t)(d->used + 1U)); _sp_init_size(trial, used); /* Move divisor to top of word. Adjust dividend as well. */ s = sp_count_bits(d); - s = SP_WORD_SIZE - (s & SP_WORD_MASK); + s = SP_WORD_SIZE - (s & (int)SP_WORD_MASK); _sp_copy(a, sa); /* Only shift if top bit of divisor no set. */ if (s != SP_WORD_SIZE) { @@ -9058,7 +9012,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem) /* May need to shift number being divided left into a new word. */ int bits = SP_WORD_SIZE - (sp_count_bits(d) % SP_WORD_SIZE); if ((bits != SP_WORD_SIZE) && - (sp_count_bits(a) + bits > SP_INT_DIGITS * SP_WORD_SIZE)) { + (sp_count_bits(a) + bits > (int)(SP_INT_DIGITS * SP_WORD_SIZE))) { err = MP_VAL; } else { @@ -9066,7 +9020,7 @@ int sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem) } } else { - used = a->used + 1; + used = (sp_size_t)(a->used + 1U); } } @@ -9328,7 +9282,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) } for (; k <= (sp_size_t)((a->used - 1) + (b->used - 1)); k++) { j = (int)(b->used - 1); - i = k - (sp_size_t)j; + i = (sp_size_t)(k - (sp_size_t)j); for (; (i < a->used) && (j >= 0); i++, j--) { SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]); } @@ -9396,7 +9350,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) o = 0; #endif for (k = 1; (int)k <= ((int)a->used - 1) + ((int)b->used - 1); k++) { - i = k - (sp_size_t)(b->used - 1); + i = (sp_size_t)(k - (b->used - 1)); i &= (sp_size_t)(((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U); j = (int)(k - i); for (; (i < a->used) && (j >= 0); i++, j--) { @@ -12198,7 +12152,7 @@ static int _sp_mulmod_tmp(const sp_int* a, const sp_int* b, const sp_int* m, ALLOC_SP_INT(t, a->used + b->used, err, NULL); if (err == MP_OKAY) { - err = sp_init_size(t, a->used + b->used); + err = sp_init_size(t, (sp_size_t)(a->used + b->used)); } /* Multiply and reduce. */ @@ -12434,7 +12388,7 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x, ALLOC_SP_INT(d, m->used + 1, err, NULL); if (err == MP_OKAY) { - err = sp_init_size(d, m->used + 1); + err = sp_init_size(d, (sp_size_t)(m->used + 1U)); } if (err == MP_OKAY) { @@ -12578,7 +12532,7 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r) * - x3 one word larger than modulus * - x1 one word longer than twice modulus used */ - ALLOC_SP_INT_ARRAY(t, m->used + 1, 3, err, NULL); + ALLOC_SP_INT_ARRAY(t, m->used + 1U, 3, err, NULL); ALLOC_SP_INT(c, 2 * m->used + 1, err, NULL); if (err == MP_OKAY) { u = t[0]; @@ -12589,16 +12543,16 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r) /* Initialize intermediate values with minimal sizes. */ if (err == MP_OKAY) { - err = sp_init_size(u, m->used + 1); + err = sp_init_size(u, (sp_size_t)(m->used + 1U)); } if (err == MP_OKAY) { - err = sp_init_size(v, m->used + 1); + err = sp_init_size(v, (sp_size_t)(m->used + 1U)); } if (err == MP_OKAY) { - err = sp_init_size(b, m->used + 1); + err = sp_init_size(b, (sp_size_t)(m->used + 1U)); } if (err == MP_OKAY) { - err = sp_init_size(c, (sp_size_t)(2 * m->used + 1)); + err = sp_init_size(c, (sp_size_t)(2U * m->used + 1U)); } if (err == MP_OKAY) { @@ -12793,10 +12747,10 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, #endif #ifndef WOLFSSL_SP_NO_MALLOC - ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err, + ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, NULL); #else - ALLOC_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err, NULL); + ALLOC_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, NULL); #endif if (err == MP_OKAY) { t = pre[CT_INV_MOD_PRE_CNT + 0]; @@ -13040,7 +12994,7 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 2, err, NULL); #else /* Working SP int needed when cache resistant. */ - ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 3, err, NULL); + ALLOC_SP_INT_ARRAY(t, 2U * m->used + 1U, 3, err, NULL); #endif if (err == MP_OKAY) { /* Initialize temporaries. */ @@ -13100,7 +13054,7 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, if (err == MP_OKAY) { /* 4.2. y = e[i] */ - int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1); + int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1); /* 4.3. j = y & s */ int j = y & s; /* 4.4 s = s | y */ @@ -13272,7 +13226,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 4); /* Allocate temporaries. */ - ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL); + ALLOC_SP_INT_ARRAY(t, m->used * 2U + 1U, 4, err, NULL); if (err == MP_OKAY) { /* Initialize temporaries. */ _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1)); @@ -13312,7 +13266,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, } if (err == MP_OKAY) { /* t[0] = t[0] mod m, temporary size has to be bigger than t[0]. */ - err = _sp_div(t[0], m, NULL, t[0], t[0]->used + 1); + err = _sp_div(t[0], m, NULL, t[0], t[0]->used + 1U); } if (err == MP_OKAY) { /* 4. t[1] = t[0] @@ -13339,7 +13293,7 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, if (err == MP_OKAY) { /* 6.2. y = e[i] */ - int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1); + int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1); /* 6.3 j = y & s */ int j = y & s; /* 6.4 s = s | y */ @@ -13807,10 +13761,10 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m, * - constant time add value for mod operation * - temporary result */ - ALLOC_SP_INT_ARRAY(d, m->used * 2 + 1, 2, err, NULL); + ALLOC_SP_INT_ARRAY(d, m->used * 2U + 1U, 2, err, NULL); #else /* Allocate sp_int for temporary result. */ - ALLOC_SP_INT(tr, m->used * 2 + 1, err, NULL); + ALLOC_SP_INT(tr, m->used * 2U + 1U, err, NULL); #endif if (err == MP_OKAY) { #ifndef WC_NO_HARDEN @@ -14058,7 +14012,8 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m, if ((!done) && (err == MP_OKAY)) { /* Use code optimized for specific sizes if possible */ #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ - (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) + ((defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(WOLFSSL_HAVE_SP_DH)) #ifndef WOLFSSL_SP_NO_2048 if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) && (eBits <= 1024)) { @@ -14268,9 +14223,9 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, * - Montgomery form of base */ #ifndef WOLFSSL_SP_NO_MALLOC - ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL); + ALLOC_DYN_SP_INT_ARRAY(t, m->used * 2U + 1U, (size_t)preCnt + 2, err, NULL); #else - ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, (size_t)preCnt + 2, err, NULL); + ALLOC_SP_INT_ARRAY(t, m->used * 2U + 1U, (size_t)preCnt + 2, err, NULL); #endif if (err == MP_OKAY) { /* Set variables to use allocate memory. */ @@ -14314,7 +14269,7 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, } if (err == MP_OKAY) { /* bm = bm mod m, temporary size has to be bigger than bm->used. */ - err = _sp_div(bm, m, NULL, bm, bm->used + 1); + err = _sp_div(bm, m, NULL, bm, bm->used + 1U); } if (err == MP_OKAY) { /* Copy Montgomery form of base into first element of table. */ @@ -14784,7 +14739,7 @@ int sp_mod_2d(const sp_int* a, int e, sp_int* r) if (err == MP_OKAY) { /* Copy a into r if not same pointer. */ if (a != r) { - XMEMCPY(r->dp, a->dp, digits * SP_WORD_SIZEOF); + XMEMCPY(r->dp, a->dp, digits * (word32)SP_WORD_SIZEOF); r->used = a->used; #ifdef WOLFSSL_SP_INT_NEGATIVE r->sign = a->sign; @@ -14998,7 +14953,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) } if (err == MP_OKAY) { - r->used = a->used * 2; + r->used = (sp_size_t)(a->used * 2U); sp_clamp(r); } @@ -17341,7 +17296,7 @@ static int _sp_sqrmod(const sp_int* a, const sp_int* m, sp_int* r) ALLOC_SP_INT(t, a->used * 2, err, NULL); if (err == MP_OKAY) { - err = sp_init_size(t, a->used * 2); + err = sp_init_size(t, a->used * 2U); } /* Square and reduce. */ @@ -17556,7 +17511,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) /* 4. a = a mod m * Always subtract but at a too high offset if a is less than m. */ - _sp_submod_ct(a, m, m, m->used + 1, a); + _sp_submod_ct(a, m, m, m->used + 1U, a); } @@ -17887,7 +17842,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) /* Constant time clamping. */ sp_clamp_ct(a); - _sp_submod_ct(a, m, m, m->used + 1, a); + _sp_submod_ct(a, m, m, m->used + 1U, a); } #if 0 @@ -18304,7 +18259,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) /* Put each digit in. */ i = 0; for (j = outSz - 1; j >= 0; ) { - int b; + unsigned int b; d = a->dp[i]; /* Place each byte of a digit into the buffer. */ for (b = 0; (j >= 0) && (b < SP_WORD_SIZEOF); b++) { @@ -18431,7 +18386,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in) a->dp[j] = d; } /* Update used count. */ - a->used = j + 1; + a->used = (sp_size_t)(j + 1U); /* Remove leading zeros. */ sp_clamp(a); } @@ -18469,7 +18424,7 @@ static int _sp_read_radix_10(sp_int* a, const char* in) /* Check character is valid. */ if ((ch >= '0') && (ch <= '9')) { /* Assume '0'..'9' are continuous values as characters. */ - ch -= '0'; + ch = (char)(ch - '0'); } else { if (CharIsWhiteSpace(ch)) @@ -19325,9 +19280,9 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result) n1 = t[0]; r = t[1]; - _sp_init_size(n1, a->used + 1); - _sp_init_size(r, a->used + 1); - _sp_init_size(b, (sp_size_t)(a->used * 2 + 1)); + _sp_init_size(n1, a->used + 1U); + _sp_init_size(r, a->used + 1U); + _sp_init_size(b, (sp_size_t)(a->used * 2U + 1U)); /* Do requested number of trials of Miller-Rabin test. */ for (i = 0; i < trials; i++) { @@ -19449,10 +19404,10 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result, sp_int* b = d[0]; sp_int* r = d[1]; - _sp_init_size(c , a->used + 1); - _sp_init_size(n1, a->used + 1); - _sp_init_size(b , (sp_size_t)(a->used * 2 + 1)); - _sp_init_size(r , (sp_size_t)(a->used * 2 + 1)); + _sp_init_size(c , a->used + 1U); + _sp_init_size(n1, a->used + 1U); + _sp_init_size(b , (sp_size_t)(a->used * 2U + 1U)); + _sp_init_size(r , (sp_size_t)(a->used * 2U + 1U)); _sp_sub_d(a, 2, c); @@ -19619,7 +19574,7 @@ static WC_INLINE int _sp_gcd(const sp_int* a, const sp_int* b, sp_int* r) /* Used for swapping sp_ints. */ sp_int* s; /* Determine maximum digit length numbers will reach. */ - unsigned int used = (a->used >= b->used) ? a->used + 1 : b->used + 1; + unsigned int used = (a->used >= b->used) ? a->used + 1U : b->used + 1U; DECL_SP_INT_ARRAY(d, used, 3); SAVE_VECTOR_REGISTERS(err = _svr_ret;); diff --git a/src/wolfcrypt/src/sp_x86_64.c b/src/wolfcrypt/src/sp_x86_64.c index 2529432..039820d 100644 --- a/src/wolfcrypt/src/sp_x86_64.c +++ b/src/wolfcrypt/src/sp_x86_64.c @@ -8438,7 +8438,7 @@ SP_NOINLINE static void sp_256_mont_sqr_n_4(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P256 curve. */ -static const uint64_t p256_mod_minus_2[4] = { +static const word64 p256_mod_minus_2[4] = { 0xfffffffffffffffdU,0x00000000ffffffffU,0x0000000000000000U, 0xffffffff00000001U }; @@ -9374,13 +9374,13 @@ static void sp_256_proj_point_add_sub_4(sp_point_256* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_256 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_256; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_4_6[66] = { +static const word8 recode_index_4_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -9389,7 +9389,7 @@ static const uint8_t recode_index_4_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_4_6[66] = { +static const word8 recode_neg_4_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -9407,7 +9407,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -9416,7 +9416,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -9430,12 +9430,12 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_4_6[y]; v[i].neg = recode_neg_4_6[y]; carry = (y >> 6) + v[i].neg; @@ -10976,7 +10976,7 @@ typedef struct sp_cache_256_t { /* Precomputation table for point. */ sp_table_entry_256 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_256_t; @@ -11004,7 +11004,7 @@ static void sp_ecc_get_cache_256(const sp_point_256* g, sp_cache_256_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_256_inited == 0) { for (i=0; i>= 7; @@ -12105,12 +12105,12 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v) } else if (++j < 4) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_4_7[y]; v[i].neg = recode_neg_4_7[y]; carry = (y >> 7) + v[i].neg; @@ -24173,7 +24173,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, p->infinity = !v[i].i; sp_256_sub_4(negy, p256_mod, p->y); sp_256_norm_4(negy); - sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg); + sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_256_proj_point_add_qz1_4(rt, rt, p, tmp); } if (map != 0) { @@ -24306,7 +24306,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256 p->infinity = !v[i].i; sp_256_sub_4(negy, p256_mod, p->y); sp_256_norm_4(negy); - sp_256_cond_copy_4(p->y, negy, 0 - v[i].neg); + sp_256_cond_copy_4(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_256_proj_point_add_qz1_avx2_4(rt, rt, p, tmp); } if (map != 0) { @@ -25121,13 +25121,13 @@ static void sp_256_mont_mul_order_4(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P256 curve. */ -static const uint64_t p256_order_minus_2[4] = { +static const word64 p256_order_minus_2[4] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U,0xffffffffffffffffU, 0xffffffff00000000U }; #else /* The low half of the order-2 of the P256 curve. */ -static const uint64_t p256_order_low[2] = { +static const word64 p256_order_low[2] = { 0xf3b9cac2fc63254fU,0xbce6faada7179e84U }; #endif /* WOLFSSL_SP_SMALL */ @@ -27593,7 +27593,7 @@ SP_NOINLINE static void sp_384_mont_sqr_n_6(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL || HAVE_COMP_KEY */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P384 curve. */ -static const uint64_t p384_mod_minus_2[6] = { +static const word64 p384_mod_minus_2[6] = { 0x00000000fffffffdU,0xffffffff00000000U,0xfffffffffffffffeU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; @@ -28535,13 +28535,13 @@ static void sp_384_proj_point_add_sub_6(sp_point_384* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_384 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_384; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_6_6[66] = { +static const word8 recode_index_6_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -28550,7 +28550,7 @@ static const uint8_t recode_index_6_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_6_6[66] = { +static const word8 recode_neg_6_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -28568,7 +28568,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -28577,7 +28577,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -28591,12 +28591,12 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_6_6[y]; v[i].neg = recode_neg_6_6[y]; carry = (y >> 6) + v[i].neg; @@ -30193,7 +30193,7 @@ typedef struct sp_cache_384_t { /* Precomputation table for point. */ sp_table_entry_384 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_384_t; @@ -30221,7 +30221,7 @@ static void sp_ecc_get_cache_384(const sp_point_384* g, sp_cache_384_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_384_inited == 0) { for (i=0; i>= 7; @@ -31325,12 +31325,12 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v) } else if (++j < 6) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_6_7[y]; v[i].neg = recode_neg_6_7[y]; carry = (y >> 7) + v[i].neg; @@ -49207,7 +49207,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, p->infinity = !v[i].i; sp_384_sub_6(negy, p384_mod, p->y); sp_384_norm_6(negy); - sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg); + sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_384_proj_point_add_qz1_6(rt, rt, p, tmp); } if (map != 0) { @@ -49340,7 +49340,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384 p->infinity = !v[i].i; sp_384_sub_6(negy, p384_mod, p->y); sp_384_norm_6(negy); - sp_384_cond_copy_6(p->y, negy, 0 - v[i].neg); + sp_384_cond_copy_6(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_384_proj_point_add_qz1_avx2_6(rt, rt, p, tmp); } if (map != 0) { @@ -50156,13 +50156,13 @@ static void sp_384_mont_mul_order_6(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P384 curve. */ -static const uint64_t p384_order_minus_2[6] = { +static const word64 p384_order_minus_2[6] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU }; #else /* The low half of the order-2 of the P384 curve. */ -static const uint64_t p384_order_low[3] = { +static const word64 p384_order_low[3] = { 0xecec196accc52971U,0x581a0db248b0a77aU,0xc7634d81f4372ddfU }; #endif /* WOLFSSL_SP_SMALL */ @@ -52503,7 +52503,7 @@ SP_NOINLINE static void sp_521_mont_sqr_n_9(sp_digit* r, #endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Mod-2 for the P521 curve. */ -static const uint64_t p521_mod_minus_2[9] = { +static const word64 p521_mod_minus_2[9] = { 0xfffffffffffffffdU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU @@ -53465,13 +53465,13 @@ static void sp_521_proj_point_add_sub_9(sp_point_521* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_521 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_521; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_9_6[66] = { +static const word8 recode_index_9_6[66] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 31, 30, 29, 28, 27, 26, 25, 24, 23, 22, 21, 20, 19, 18, 17, @@ -53480,7 +53480,7 @@ static const uint8_t recode_index_9_6[66] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_9_6[66] = { +static const word8 recode_neg_9_6[66] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -53498,7 +53498,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -53507,7 +53507,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -53521,12 +53521,12 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x3f); + y |= (word8)((n << (64 - o)) & 0x3f); o -= 58; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_9_6[y]; v[i].neg = recode_neg_9_6[y]; carry = (y >> 6) + v[i].neg; @@ -55100,7 +55100,7 @@ typedef struct sp_cache_521_t { /* Precomputation table for point. */ sp_table_entry_521 table[64]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_521_t; @@ -55128,7 +55128,7 @@ static void sp_ecc_get_cache_521(const sp_point_521* g, sp_cache_521_t** cache) { int i; int j; - uint32_t least; + word32 least; if (sp_cache_521_inited == 0) { for (i=0; i>= 7; @@ -56358,12 +56358,12 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v) } else if (++j < 9) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_9_7[y]; v[i].neg = recode_neg_9_7[y]; carry = (y >> 7) + v[i].neg; @@ -90300,7 +90300,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g, p->infinity = !v[i].i; sp_521_sub_9(negy, p521_mod, p->y); sp_521_norm_9(negy); - sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg); + sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_521_proj_point_add_qz1_9(rt, rt, p, tmp); } if (map != 0) { @@ -90433,7 +90433,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521 p->infinity = !v[i].i; sp_521_sub_9(negy, p521_mod, p->y); sp_521_norm_9(negy); - sp_521_cond_copy_9(p->y, negy, 0 - v[i].neg); + sp_521_cond_copy_9(p->y, negy, (sp_digit)(0 - v[i].neg)); sp_521_proj_point_add_qz1_avx2_9(rt, rt, p, tmp); } if (map != 0) { @@ -91277,14 +91277,14 @@ static void sp_521_mont_mul_order_9(sp_digit* r, const sp_digit* a, const sp_dig #if defined(HAVE_ECC_SIGN) || (defined(HAVE_ECC_VERIFY) && defined(WOLFSSL_SP_SMALL)) #ifdef WOLFSSL_SP_SMALL /* Order-2 for the P521 curve. */ -static const uint64_t p521_order_minus_2[9] = { +static const word64 p521_order_minus_2[9] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU,0xffffffffffffffffU, 0xffffffffffffffffU,0xffffffffffffffffU,0x00000000000001ffU }; #else /* The low half of the order-2 of the P521 curve. */ -static const uint64_t p521_order_low[5] = { +static const word64 p521_order_low[5] = { 0xbb6fb71e91386407U,0x3bb5c9b8899c47aeU,0x7fcc0148f709a5d0U, 0x51868783bf2f966bU,0xfffffffffffffffaU }; @@ -93041,7 +93041,7 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) #endif /* WOLFSSL_PUBLIC_ECC_ADD_DBL */ #ifdef HAVE_COMP_KEY /* Square root power for the P521 curve. */ -static const uint64_t p521_sqrt_power[9] = { +static const word64 p521_sqrt_power[9] = { 0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000, 0x0000000000000080 @@ -93842,7 +93842,7 @@ SP_NOINLINE static void sp_1024_mont_sqr_16(sp_digit* r, const sp_digit* a, } /* Mod-2 for the P1024 curve. */ -static const uint8_t p1024_mod_minus_2[] = { +static const word8 p1024_mod_minus_2[] = { 6,0x06, 7,0x0f, 7,0x0b, 6,0x0c, 7,0x1e, 9,0x09, 7,0x0c, 7,0x1f, 6,0x16, 6,0x06, 7,0x0e, 8,0x10, 6,0x03, 8,0x11, 6,0x0d, 7,0x14, 9,0x12, 6,0x0f, 7,0x04, 9,0x0d, 6,0x00, 7,0x13, 6,0x01, 6,0x07, @@ -94751,13 +94751,13 @@ static void sp_1024_proj_point_add_sub_16(sp_point_1024* ra, /* Structure used to describe recoding of scalar multiplication. */ typedef struct ecc_recode_1024 { /* Index into pre-computation table. */ - uint8_t i; + word8 i; /* Use the negative of the point. */ - uint8_t neg; + word8 neg; } ecc_recode_1024; /* The index into pre-computation table to use. */ -static const uint8_t recode_index_16_7[130] = { +static const word8 recode_index_16_7[130] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, @@ -94770,7 +94770,7 @@ static const uint8_t recode_index_16_7[130] = { }; /* Whether to negate y-ordinate. */ -static const uint8_t recode_neg_16_7[130] = { +static const word8 recode_neg_16_7[130] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -94792,7 +94792,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) { int i; int j; - uint8_t y; + word8 y; int carry = 0; int o; sp_digit n; @@ -94801,7 +94801,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (uint8_t)(int8_t)n; + y = (word8)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -94815,12 +94815,12 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) } else if (++j < 16) { n = k[j]; - y |= (uint8_t)((n << (64 - o)) & 0x7f); + y |= (word8)((n << (64 - o)) & 0x7f); o -= 57; n >>= o; } - y += (uint8_t)carry; + y = (word8)(y + carry); v[i].i = recode_index_16_7[y]; v[i].neg = recode_neg_16_7[y]; carry = (y >> 7) + v[i].neg; @@ -96329,7 +96329,7 @@ typedef struct sp_cache_1024_t { /* Precomputation table for point. */ sp_table_entry_1024 table[256]; /* Count of entries in table. */ - uint32_t cnt; + word32 cnt; /* Point and table set in entry. */ int set; } sp_cache_1024_t; @@ -96357,7 +96357,7 @@ static void sp_ecc_get_cache_1024(const sp_point_1024* g, sp_cache_1024_t** cach { int i; int j; - uint32_t least; + word32 least; if (sp_cache_1024_inited == 0) { for (i=0; idp[0] & 1); + mask = (fp_digit)0 - (a->dp[0] & 1); for (i = 0; i < b->used; i++) { - fp_digit mask_a = 0 - (i < a->used); + fp_digit mask_a = (fp_digit)0 - (i < a->used); w += b->dp[i] & mask; w += a->dp[i] & mask_a; diff --git a/src/wolfcrypt/src/wc_kyber.c b/src/wolfcrypt/src/wc_kyber.c index bca5e1f..040c4f0 100644 --- a/src/wolfcrypt/src/wc_kyber.c +++ b/src/wolfcrypt/src/wc_kyber.c @@ -68,7 +68,9 @@ volatile sword16 kyber_opt_blocker = 0; /** * Initialize the Kyber key. * - * @param [in] type Type of key: KYBER512, KYBER768, KYBER1024. + * @param [in] type Type of key: + * WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024, + * KYBER512, KYBER768, KYBER1024. * @param [out] key Kyber key object to initialize. * @param [in] heap Dynamic memory hint. * @param [in] devId Device Id. @@ -87,6 +89,27 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) if (ret == 0) { /* Validate type. */ switch (type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + #ifndef WOLFSSL_WC_ML_KEM_512 + /* Code not compiled in for Kyber-512. */ + ret = NOT_COMPILED_IN; + #endif + break; + case WC_ML_KEM_768: + #ifndef WOLFSSL_WC_ML_KEM_768 + /* Code not compiled in for Kyber-768. */ + ret = NOT_COMPILED_IN; + #endif + break; + case WC_ML_KEM_1024: + #ifndef WOLFSSL_WC_ML_KEM_1024 + /* Code not compiled in for Kyber-1024. */ + ret = NOT_COMPILED_IN; + #endif + break; + #endif + #ifdef WOLFSSL_KYBER_ORIGINAL case KYBER512: #ifndef WOLFSSL_KYBER512 /* Code not compiled in for Kyber-512. */ @@ -105,6 +128,7 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) ret = NOT_COMPILED_IN; #endif break; + #endif default: /* No other values supported. */ ret = BAD_FUNC_ARG; @@ -230,6 +254,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, if (ret == 0) { /* Establish parameters based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + kp = WC_ML_KEM_512_K; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + kp = WC_ML_KEM_768_K; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + kp = WC_ML_KEM_1024_K; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: kp = KYBER512_K; @@ -245,6 +287,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, kp = KYBER1024_K; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -266,13 +309,24 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, /* Error vector allocated at end of a. */ e = a + (kp * kp * KYBER_N); +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & KYBER_ORIGINAL) +#endif #ifdef WOLFSSL_KYBER_ORIGINAL - /* Expand 32 bytes of random to 32. */ - ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); -#else - buf[0] = kp; - /* Expand 33 bytes of random to 32. */ - ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); + { + /* Expand 32 bytes of random to 32. */ + ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); + } +#endif +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + buf[0] = kp; + /* Expand 33 bytes of random to 32. */ + ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); + } #endif } if (ret == 0) { @@ -333,6 +387,24 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) if (ret == 0) { /* Return in 'len' size of the cipher text for the type of this key. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: *len = KYBER512_CIPHER_TEXT_SIZE; @@ -348,6 +420,7 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) *len = KYBER1024_CIPHER_TEXT_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -398,6 +471,27 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, /* Establish parameters based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + kp = WC_ML_KEM_512_K; + compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + kp = WC_ML_KEM_768_K; + compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + kp = WC_ML_KEM_1024_K; + compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: kp = KYBER512_K; @@ -415,6 +509,7 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, kp = KYBER1024_K; compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; break; +#endif #endif default: /* No other values supported. */ @@ -463,19 +558,19 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, /* Perform encapsulation maths. */ kyber_encapsulate(key->pub, bp, v, at, sp, ep, epp, k, kp); - #ifdef WOLFSSL_KYBER512 + #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if (kp == KYBER512_K) { kyber_vec_compress_10(ct, bp, kp); kyber_compress_4(ct + compVecSz, v); } #endif - #ifdef WOLFSSL_KYBER768 + #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) if (kp == KYBER768_K) { kyber_vec_compress_10(ct, bp, kp); kyber_compress_4(ct + compVecSz, v); } #endif - #ifdef WOLFSSL_KYBER1024 + #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) if (kp == KYBER1024_K) { kyber_vec_compress_11(ct, bp); kyber_compress_5(ct + compVecSz, v); @@ -562,6 +657,18 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, if (ret == 0) { /* Establish parameters based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + #endif + break; +#endif #ifdef WOLFSSL_KYBER512 case KYBER512: ctSz = KYBER512_CIPHER_TEXT_SIZE; @@ -614,42 +721,80 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, #ifdef WOLFSSL_KYBER_ORIGINAL if (ret == 0) { - /* Hash random to anonymize as seed data. */ - ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); +#ifndef WOLFSSL_NO_ML_KEM + if (key->type & KYBER_ORIGINAL) +#endif + { + /* Hash random to anonymize as seed data. */ + ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); + } } #endif if (ret == 0) { /* Hash message into seed buffer. */ +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & KYBER_ORIGINAL) +#endif #ifdef WOLFSSL_KYBER_ORIGINAL - ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, - kr); -#else - ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, - kr); + { + ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, + KYBER_SYM_SZ, kr); + } +#endif +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, + KYBER_SYM_SZ, kr); + } #endif } if (ret == 0) { /* Encapsulate the message using the key and the seed (coins). */ +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & KYBER_ORIGINAL) +#endif #ifdef WOLFSSL_KYBER_ORIGINAL - ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); -#else - ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); + { + ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); + } +#endif +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); + } #endif } +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & KYBER_ORIGINAL) +#endif #ifdef WOLFSSL_KYBER_ORIGINAL - if (ret == 0) { - /* Hash the cipher text after the seed. */ - ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); - } - if (ret == 0) { - /* Derive the secret from the seed and hash of cipher text. */ - ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); + { + if (ret == 0) { + /* Hash the cipher text after the seed. */ + ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); + } + if (ret == 0) { + /* Derive the secret from the seed and hash of cipher text. */ + ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); + } } -#else - if (ret == 0) { - XMEMCPY(ss, kr, KYBER_SS_SZ); +#endif +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + if (ret == 0) { + XMEMCPY(ss, kr, KYBER_SS_SZ); + } } #endif @@ -683,6 +828,27 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, /* Establish parameters based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + kp = WC_ML_KEM_512_K; + compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + kp = WC_ML_KEM_768_K; + compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + kp = WC_ML_KEM_1024_K; + compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: kp = KYBER512_K; @@ -700,6 +866,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, kp = KYBER1024_K; compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; break; +#endif #endif default: /* No other values supported. */ @@ -723,19 +890,19 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, v = bp + kp * KYBER_N; mp = v + KYBER_N; - #ifdef WOLFSSL_KYBER512 + #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if (kp == KYBER512_K) { kyber_vec_decompress_10(bp, ct, kp); kyber_decompress_4(v, ct + compVecSz); } #endif - #ifdef WOLFSSL_KYBER768 + #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) if (kp == KYBER768_K) { kyber_vec_decompress_10(bp, ct, kp); kyber_decompress_4(v, ct + compVecSz); } #endif - #ifdef WOLFSSL_KYBER1024 + #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) if (kp == KYBER1024_K) { kyber_vec_decompress_11(bp, ct); kyber_decompress_5(v, ct + compVecSz); @@ -757,7 +924,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, return ret; } -#ifndef WOLFSSL_KYBER_ORIGINAL +#ifndef WOLFSSL_NO_ML_KEM /* Derive the secret from z and cipher text. * * @param [in] z Implicit rejection value. @@ -828,6 +995,24 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, if (ret == 0) { /* Establish cipher text size based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: ctSz = KYBER512_CIPHER_TEXT_SIZE; @@ -843,6 +1028,7 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, ctSz = KYBER1024_CIPHER_TEXT_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -882,25 +1068,36 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, /* Compare generated cipher text with that passed in. */ fail = kyber_cmp(ct, cmp, ctSz); +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & KYBER_ORIGINAL) +#endif #ifdef WOLFSSL_KYBER_ORIGINAL - /* Hash the cipher text after the seed. */ - ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); - } - if (ret == 0) { - /* Change seed to z on comparison failure. */ - for (i = 0; i < KYBER_SYM_SZ; i++) { - kr[i] ^= (kr[i] ^ key->z[i]) & fail; + { + /* Hash the cipher text after the seed. */ + ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); + if (ret == 0) { + /* Change seed to z on comparison failure. */ + for (i = 0; i < KYBER_SYM_SZ; i++) { + kr[i] ^= (kr[i] ^ key->z[i]) & fail; + } + + /* Derive the secret from the seed and hash of cipher text. */ + ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); + } } - - /* Derive the secret from the seed and hash of cipher text. */ - ret = KYBER_KDF(kr, 2 * KYBER_SYM_SZ, ss, KYBER_SS_SZ); -#else - ret = kyber_derive_secret(key->z, ct, ctSz, msg); - } - if (ret == 0) { - /* Change seed to z on comparison failure. */ - for (i = 0; i < KYBER_SYM_SZ; i++) { - ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); +#endif +#if defined(WOLFSSL_KYBER_ORIGINAL) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + ret = kyber_derive_secret(key->z, ct, ctSz, msg); + if (ret == 0) { + /* Change seed to z on comparison failure. */ + for (i = 0; i < KYBER_SYM_SZ; i++) { + ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); + } + } } #endif } @@ -947,6 +1144,30 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, if (ret == 0) { /* Establish parameters based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: k = KYBER512_K; @@ -968,6 +1189,7 @@ int wc_KyberKey_DecodePrivateKey(KyberKey* key, const unsigned char* in, pubLen = KYBER1024_PUBLIC_KEY_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -1030,6 +1252,27 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, if (ret == 0) { /* Establish parameters based on key type. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: k = KYBER512_K; @@ -1048,6 +1291,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, pubLen = KYBER1024_PUBLIC_KEY_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -1103,6 +1347,24 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) /* Return in 'len' size of the encoded private key for the type of this * key. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: *len = KYBER512_PRIVATE_KEY_SIZE; @@ -1118,6 +1380,7 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) *len = KYBER1024_PRIVATE_KEY_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -1150,6 +1413,24 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) /* Return in 'len' size of the encoded public key for the type of this * key. */ switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: *len = KYBER512_PUBLIC_KEY_SIZE; @@ -1165,6 +1446,7 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) *len = KYBER1024_PUBLIC_KEY_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -1206,6 +1488,30 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) if (ret == 0) { switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: k = KYBER512_K; @@ -1227,6 +1533,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) privLen = KYBER1024_PRIVATE_KEY_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; @@ -1293,6 +1600,27 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) if (ret == 0) { switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_KYBER_ORIGINAL #ifdef WOLFSSL_KYBER512 case KYBER512: k = KYBER512_K; @@ -1311,6 +1639,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) pubLen = KYBER1024_PUBLIC_KEY_SIZE; break; #endif +#endif default: /* No other values supported. */ ret = NOT_COMPILED_IN; diff --git a/src/wolfcrypt/src/wc_kyber_poly.c b/src/wolfcrypt/src/wc_kyber_poly.c index 52c8af3..76b5cd5 100644 --- a/src/wolfcrypt/src/wc_kyber_poly.c +++ b/src/wolfcrypt/src/wc_kyber_poly.c @@ -33,6 +33,12 @@ * WOLFSSL_WC_KYBER Default: OFF * Enables this code, wolfSSL implementation, to be built. * + * WOLFSSL_WC_ML_KEM_512 Default: OFF + * Enables the ML-KEM 512 parameter implementations. + * WOLFSSL_WC_ML_KEM_768 Default: OFF + * Enables the ML-KEM 768 parameter implementations. + * WOLFSSL_WC_ML_KEM_1024 Default: OFF + * Enables the ML-KEM 1024 parameter implementations. * WOLFSSL_KYBER512 Default: OFF * Enables the KYBER512 parameter implementations. * WOLFSSL_KYBER768 Default: OFF @@ -49,7 +55,7 @@ * WOLFSSL_SMALL_STACK Default: OFF * Use less stack by dynamically allocating local variables. * - * WOLFSSL_KYBER_NTT_UNROLL Defualt: OFF + * WOLFSSL_KYBER_NTT_UNROLL Default: OFF * Enable an alternative NTT implementation that may be faster on some * platforms and is smaller in code size. * WOLFSSL_KYBER_INVNTT_UNROLL Default: OFF @@ -61,6 +67,7 @@ #include #endif +#include #include #include #include @@ -1133,7 +1140,7 @@ void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, } } -/* Encapsuluate message. +/* Encapsulate message. * * @param [in] pub Public key vector of polynomials. * @param [out] bp Vector of polynomials. @@ -1266,7 +1273,7 @@ void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, } } -/* Encapsuluate message. +/* Encapsulate message. * * @param [in] pub Public key vector of polynomials. * @param [out] bp Vector of polynomials. @@ -1402,7 +1409,7 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, /******************************************************************************/ #ifdef USE_INTEL_SPEEDUP -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1492,7 +1499,7 @@ static int kyber_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed) } #endif -#ifdef WOLFSSL_KYBER768 +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1617,7 +1624,7 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) return 0; } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1706,9 +1713,9 @@ static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) return 0; } -#endif /* KYBER1024 */ +#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */ #elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1782,7 +1789,7 @@ static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) } #endif -#ifdef WOLFSSL_KYBER768 +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1848,7 +1855,7 @@ static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed) } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -2067,17 +2074,24 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64)); state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); - if (IS_INTEL_BMI2(cpuid_flags)) { - sha3_block_bmi2(state); - } - else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { - sha3_block_avx2(state); - RESTORE_VECTOR_REGISTERS(); - } - else { - BlockSha3(state); + while (outLen > 0) { + unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE); + + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && + (SAVE_VECTOR_REGISTERS2() == 0)) { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + else { + BlockSha3(state); + } + XMEMCPY(out, state, len); + out += len; + outLen -= len; } - XMEMCPY(out, state, outLen); return 0; #else @@ -2381,7 +2395,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, { int ret; -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if (kp == KYBER512_K) { #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed); @@ -2400,7 +2414,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, } else #endif -#ifdef WOLFSSL_KYBER768 +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) if (kp == KYBER768_K) { #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed); @@ -2419,7 +2433,7 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, } else #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) if (kp == KYBER1024_K) { #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed); @@ -2556,7 +2570,7 @@ static void kyber_cbd_eta2(sword16* p, const byte* r) #endif } -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Subtract one 3 bit value from another out of a larger number. * * @param [in] d Value containing sequential 3 bit values. @@ -2713,7 +2727,7 @@ static void kyber_cbd_eta3(sword16* p, const byte* r) /* Get noise/error by calculating random bytes and sampling to a binomial * distribution. * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [out] p Polynomial. * @param [in] seed Seed to use when calculating random. * @param [in] eta1 Size of noise/error integers. @@ -2726,7 +2740,7 @@ static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p, (void)eta1; -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if (eta1 == KYBER_CBD_ETA3) { byte rand[ETA3_RAND_SIZE]; @@ -2756,7 +2770,7 @@ static int kyber_get_noise_eta1_c(KYBER_PRF_T* prf, sword16* p, /* Get noise/error by calculating random bytes and sampling to a binomial * distribution. Values -2..2 * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [out] p Polynomial. * @param [in] seed Seed to use when calculating random. * @return 0 on success. @@ -2781,7 +2795,8 @@ static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p, #ifdef USE_INTEL_SPEEDUP #define PRF_RAND_SZ (2 * SHA3_256_BYTES) -#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_KYBER1024) +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \ + defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Get the noise/error by calculating random bytes. * * @param [out] rand Random number byte array. @@ -2804,7 +2819,7 @@ static void kyber_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o) } #endif -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Get the noise/error by calculating random bytes. * * @param [out] rand Random number byte array. @@ -2835,7 +2850,7 @@ static void kyber_get_noise_x4_eta3_avx2(byte* rand, byte* seed) /* Get noise/error by calculating random bytes and sampling to a binomial * distribution. Values -2..2 * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [out] p Polynomial. * @param [in] seed Seed to use when calculating random. * @return 0 on success. @@ -2858,7 +2873,7 @@ static int kyber_get_noise_eta2_avx2(KYBER_PRF_T* prf, sword16* p, /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [out] vec1 First Vector of polynomials. * @param [out] vec2 Second Vector of polynomials. * @param [out] poly Polynomial. @@ -2890,7 +2905,7 @@ static int kyber_get_noise_k2_avx2(KYBER_PRF_T* prf, sword16* vec1, } #endif -#ifdef WOLFSSL_KYBER768 +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2921,11 +2936,11 @@ static int kyber_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly, } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [out] vec1 First Vector of polynomials. * @param [out] vec2 Second Vector of polynomials. * @param [out] poly Polynomial. @@ -2981,7 +2996,7 @@ static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o) kyber_shake256_blocksx3_seed_neon(state, seed); } -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Get the noise/error by calculating random bytes. * * @param [out] rand Random number byte array. @@ -3068,7 +3083,7 @@ static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2, } #endif -#ifdef WOLFSSL_KYBER768 +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Get the noise/error by calculating random bytes. * * @param [out] rand Random number byte array. @@ -3122,7 +3137,7 @@ static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2, } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -3163,7 +3178,7 @@ static int kyber_get_noise_k4_aarch64(sword16* vec1, sword16* vec2, /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [in] kp Number of polynomials in vector. * @param [out] vec1 First Vector of polynomials. * @param [in] eta1 Size of noise/error integers with first vector. @@ -3208,7 +3223,7 @@ static int kyber_get_noise_c(KYBER_PRF_T* prf, int kp, sword16* vec1, int eta1, /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * - * @param [in, out] prf Psuedo-random function object. + * @param [in, out] prf Pseudo-random function object. * @param [in] kp Number of polynomials in vector. * @param [out] vec1 First Vector of polynomials. * @param [out] vec2 Second Vector of polynomials. @@ -3221,7 +3236,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, { int ret; -#ifdef WOLFSSL_KYBER512 +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if (kp == KYBER512_K) { #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed); @@ -3245,7 +3260,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, } else #endif -#ifdef WOLFSSL_KYBER768 +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) if (kp == KYBER768_K) { #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed); @@ -3265,7 +3280,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, } else #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) if (kp == KYBER1024_K) { #if defined(WOLFSSL_ARMASM) && defined(__aarch64__) ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed); @@ -3475,7 +3490,8 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) #endif /* CONV_WITH_DIV */ -#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Compress the vector of polynomials into a byte array with 10 bits each. * * @param [out] b Array of bytes. @@ -3593,7 +3609,7 @@ void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp) } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Compress the vector of polynomials into a byte array with 11 bits each. * * @param [out] b Array of bytes. @@ -3713,7 +3729,8 @@ void kyber_vec_compress_11(byte* r, sword16* v) v[(i) * KYBER_N + 8 * (j) + (k)] = \ (word16)((((word32)((t) & 0x7ff) * KYBER_Q) + 1024) >> 11) -#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Decompress the byte array of packed 10 bits into vector of polynomials. * * @param [out] v Vector of polynomials. @@ -3785,7 +3802,7 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b, } } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Decompress the byte array of packed 11 bits into vector of polynomials. * * @param [out] v Vector of polynomials. @@ -3948,7 +3965,8 @@ void kyber_vec_decompress_11(sword16* v, const unsigned char* b) #endif /* CONV_WITH_DIV */ -#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Compress a polynomial into byte array - on coefficients into 4 bits. * * @param [out] b Array of bytes. @@ -4020,7 +4038,7 @@ void kyber_compress_4(byte* b, sword16* p) } } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Compress a polynomial into byte array - on coefficients into 5 bits. * * @param [out] b Array of bytes. @@ -4117,7 +4135,8 @@ void kyber_compress_5(byte* b, sword16* p) #define DECOMP_5(p, i, j, t) \ p[(i) + (j)] = (((word32)((t) & 0x1f) * KYBER_Q) + 16) >> 5 -#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_KYBER768) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) /* Decompress the byte array of packed 4 bits into polynomial. * * @param [out] p Polynomial. @@ -4155,7 +4174,7 @@ void kyber_decompress_4(sword16* p, const unsigned char* b) } } #endif -#ifdef WOLFSSL_KYBER1024 +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) /* Decompress the byte array of packed 5 bits into polynomial. * * @param [out] p Polynomial. diff --git a/src/wolfcrypt/src/wc_lms.c b/src/wolfcrypt/src/wc_lms.c index 4559001..b2a3bf8 100644 --- a/src/wolfcrypt/src/wc_lms.c +++ b/src/wolfcrypt/src/wc_lms.c @@ -765,7 +765,7 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -880,7 +880,7 @@ int wc_LmsKey_Reload(LmsKey* key) #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -978,7 +978,7 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1239,7 +1239,7 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } diff --git a/src/wolfcrypt/src/wc_lms_impl.c b/src/wolfcrypt/src/wc_lms_impl.c index bb9345c..44bff83 100644 --- a/src/wolfcrypt/src/wc_lms_impl.c +++ b/src/wolfcrypt/src/wc_lms_impl.c @@ -41,6 +41,7 @@ #include #endif +#include #include #include @@ -103,7 +104,7 @@ #ifdef WC_LMS_DEBUG_PRINT_DATA -/* Print data when dubgging implementation. +/* Print data when debugging implementation. * * @param [in] name String to print before data. * @param [in] data Array of bytes. @@ -858,7 +859,7 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz, * } * y[i] = tmp * } - * x[i] can be calculated on the fly using psueodo key generation in Appendix A. + * x[i] can be calculated on the fly using pseudo key generation in Appendix A. * Appendix A, The elements of the LM-OTS private keys are computed as: * x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). * @@ -874,7 +875,7 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, const byte* msg, word32 msgSz, const byte* c, byte* y) { const LmsParams* params = state->params; - int ret = 0; + int ret; word16 i; byte q[LMS_MAX_NODE_LEN + LMS_CKSM_LEN]; #ifdef WOLFSSL_SMALL_STACK @@ -891,8 +892,8 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, ret = wc_lmots_msg_hash(state, msg, msgSz, c, q); if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, - a); + ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width, + params->ls, a); } #ifndef WC_LMS_FULL_HASH if (ret == 0) { @@ -1062,8 +1063,8 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, } if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, - a); + ret = wc_lmots_q_expand(q, (word8)params->hash_len, params->width, + params->ls, a); } #ifndef WC_LMS_FULL_HASH if (ret == 0) { @@ -1177,7 +1178,7 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, * } * K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) * ... - * x[i] can be calculated on the fly using psueodo key generation in Appendix A. + * x[i] can be calculated on the fly using pseudo key generation in Appendix A. * Appendix A, The elements of the LM-OTS private keys are computed as: * x_q[i] = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). * @@ -1962,7 +1963,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * params->hash_len, NULL, + stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -2088,7 +2089,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * params->hash_len, NULL, + stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -3678,11 +3679,11 @@ int wc_hss_sigsleft(const LmsParams* params, const byte* priv_raw) * * @param [in, out] state LMS state. * @param [in] pub HSS public key. - * @param [in] msg Message to rifyn. + * @param [in] msg Message to verify. * @param [in] msgSz Length of message in bytes. * @param [in] sig Signature of message. * @return 0 on success. - * @return SIG_VERFIY_E on failure. + * @return SIG_VERIFY_E on failure. */ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, word32 msgSz, const byte* sig) diff --git a/src/wolfcrypt/src/wc_pkcs11.c b/src/wolfcrypt/src/wc_pkcs11.c index 4a3b28a..b3df75c 100644 --- a/src/wolfcrypt/src/wc_pkcs11.c +++ b/src/wolfcrypt/src/wc_pkcs11.c @@ -108,6 +108,8 @@ static CK_OBJECT_CLASS privKeyClass = CKO_PRIVATE_KEY; static CK_OBJECT_CLASS secretKeyClass = CKO_SECRET_KEY; #endif +static CK_OBJECT_CLASS certClass = CKO_CERTIFICATE; + #ifdef WOLFSSL_DEBUG_PKCS11 /* Enable logging of PKCS#11 calls and return value. */ #define PKCS11_RV(op, rv) pkcs11_rv(op, rv) @@ -240,6 +242,10 @@ static void pkcs11_dump_template(const char* name, CK_ATTRIBUTE* templ, XSNPRINTF(line, sizeof(line), "%25s: SECRET", type); WOLFSSL_MSG(line); } + else if (keyClass == CKO_CERTIFICATE) { + XSNPRINTF(line, sizeof(line), "%25s: CERTIFICATE", type); + WOLFSSL_MSG(line); + } else { XSNPRINTF(line, sizeof(line), "%25s: UNKNOWN (%p)", type, @@ -1463,7 +1469,8 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) } #if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \ - (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC) + (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \ + !defined(NO_HMAC) || !defined(NO_CERTS) /** * Find the PKCS#11 object containing key data using template. @@ -2198,7 +2205,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) case WC_PK_TYPE_RSA_OAEP: mechanism = CKM_RSA_PKCS_OAEP; break; -#endif /* NO_PKCS11_RSA_PKCS */ +#endif /* !NO_PKCS11_RSA_PKCS */ case WC_PK_TYPE_RSA: mechanism = CKM_RSA_X_509; break; @@ -3671,7 +3678,7 @@ static int Pkcs11AesCbcEncrypt(Pkcs11Session* session, wc_CryptoInfo* info) if (ret == 0) { mech.mechanism = CKM_AES_CBC; - mech.ulParameterLen = AES_BLOCK_SIZE; + mech.ulParameterLen = WC_AES_BLOCK_SIZE; mech.pParameter = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg; rv = session->func->C_EncryptInit(session->handle, &mech, key); @@ -3747,7 +3754,7 @@ static int Pkcs11AesCbcDecrypt(Pkcs11Session* session, wc_CryptoInfo* info) if (ret == 0) { mech.mechanism = CKM_AES_CBC; - mech.ulParameterLen = AES_BLOCK_SIZE; + mech.ulParameterLen = WC_AES_BLOCK_SIZE; mech.pParameter = (CK_BYTE_PTR)info->cipher.aescbc.aes->reg; rv = session->func->C_DecryptInit(session->handle, &mech, key); @@ -3965,6 +3972,90 @@ static int Pkcs11RandomSeed(Pkcs11Session* session, wc_CryptoInfo* info) } #endif +#ifndef NO_CERTS + +static int Pkcs11GetCert(Pkcs11Session* session, wc_CryptoInfo* info) { + int ret = 0; + CK_RV rv = 0; + CK_ULONG count = 0; + CK_OBJECT_HANDLE certHandle = CK_INVALID_HANDLE; + byte *certData = NULL; + CK_ATTRIBUTE certTemplate[2] = { + { CKA_CLASS, &certClass, sizeof(certClass) } + }; + CK_ATTRIBUTE tmpl[] = { + { CKA_VALUE, NULL_PTR, 0 } + }; + CK_ULONG certTmplCnt = sizeof(certTemplate) / sizeof(*certTemplate); + CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); + + WOLFSSL_MSG("PKCS#11: Retrieve certificate"); + if (info->cert.labelLen > 0) { + certTemplate[1].type = CKA_LABEL; + certTemplate[1].pValue = (CK_VOID_PTR)info->cert.label; + certTemplate[1].ulValueLen = info->cert.labelLen; + } + else if (info->cert.idLen > 0) { + certTemplate[1].type = CKA_ID; + certTemplate[1].pValue = (CK_VOID_PTR)info->cert.id; + certTemplate[1].ulValueLen = info->cert.idLen; + } + else { + ret = BAD_FUNC_ARG; + goto exit; + } + + ret = Pkcs11FindKeyByTemplate( + &certHandle, session, certTemplate, certTmplCnt, &count); + if (ret == 0 && count == 0) { + ret = WC_HW_E; + goto exit; + } + + PKCS11_DUMP_TEMPLATE("Get Certificate Length", tmpl, tmplCnt); + rv = session->func->C_GetAttributeValue( + session->handle, certHandle, tmpl, tmplCnt); + PKCS11_RV("C_GetAttributeValue", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + goto exit; + } + + if (tmpl[0].ulValueLen <= 0) { + ret = WC_HW_E; + goto exit; + } + + certData = (byte *)XMALLOC( + (int)tmpl[0].ulValueLen, info->cert.heap, DYNAMIC_TYPE_CERT); + if (certData == NULL) { + ret = MEMORY_E; + goto exit; + } + + tmpl[0].pValue = certData; + rv = session->func->C_GetAttributeValue( + session->handle, certHandle, tmpl, tmplCnt); + PKCS11_RV("C_GetAttributeValue", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + goto exit; + } + + *info->cert.certDataOut = certData; + *info->cert.certSz = (word32)tmpl[0].ulValueLen; + if (info->cert.certFormatOut != NULL) { + *info->cert.certFormatOut = CTC_FILETYPE_ASN1; + } + certData = NULL; + +exit: + XFREE(certData, info->cert.heap, DYNAMIC_TYPE_CERT); + return ret; +} + +#endif /* !NO_CERTS */ + /** * Perform a cryptographic operation using PKCS#11 device. * @@ -4157,6 +4248,17 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) } #else ret = NOT_COMPILED_IN; + #endif + } + else if (info->algo_type == WC_ALGO_TYPE_CERT) { + #ifndef NO_CERTS + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11GetCert(&session, info); + Pkcs11CloseSession(token, &session); + } + #else + ret = NOT_COMPILED_IN; #endif } else diff --git a/src/wolfcrypt/src/wc_port.c b/src/wolfcrypt/src/wc_port.c index 7fe2d35..2ee85e3 100644 --- a/src/wolfcrypt/src/wc_port.c +++ b/src/wolfcrypt/src/wc_port.c @@ -1186,10 +1186,10 @@ int wc_strcasecmp(const char *s1, const char *s2) for (;;++s1, ++s2) { c1 = *s1; if ((c1 >= 'a') && (c1 <= 'z')) - c1 -= ('a' - 'A'); + c1 = (char)(c1 - ('a' - 'A')); c2 = *s2; if ((c2 >= 'a') && (c2 <= 'z')) - c2 -= ('a' - 'A'); + c2 = (char)(c2 - ('a' - 'A')); if ((c1 != c2) || (c1 == 0)) break; } @@ -1204,10 +1204,10 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) for (c1 = 0, c2 = 0; n > 0; --n, ++s1, ++s2) { c1 = *s1; if ((c1 >= 'a') && (c1 <= 'z')) - c1 -= ('a' - 'A'); + c1 = (char)(c1 - ('a' - 'A')); c2 = *s2; if ((c2 >= 'a') && (c2 <= 'z')) - c2 -= ('a' - 'A'); + c2 = (char)(c2 - ('a' - 'A')); if ((c1 != c2) || (c1 == 0)) break; } @@ -1232,7 +1232,7 @@ char* wc_strdup_ex(const char *src, int memType) { } #endif -#ifdef WOLFSSL_ATOMIC_OPS +#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED) #ifdef HAVE_C___ATOMIC /* Atomic ops using standard C lib */ @@ -1292,8 +1292,9 @@ int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i) #endif /* WOLFSSL_ATOMIC_OPS */ -#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_ATOMIC_OPS) -void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err) +#if !defined(SINGLE_THREADED) + +void wolfSSL_RefWithMutexInit(wolfSSL_RefWithMutex* ref, int* err) { int ret = wc_InitMutex(&ref->mutex); if (ret != 0) { @@ -1304,14 +1305,14 @@ void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err) *err = ret; } -void wolfSSL_RefFree(wolfSSL_Ref* ref) +void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref) { if (wc_FreeMutex(&ref->mutex) != 0) { WOLFSSL_MSG("Failed to free mutex of reference counting!"); } } -void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err) +void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref, int* err) { int ret = wc_LockMutex(&ref->mutex); if (ret != 0) { @@ -1324,7 +1325,17 @@ void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err) *err = ret; } -void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err) +int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref) +{ + return wc_LockMutex(&ref->mutex); +} + +int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref) +{ + return wc_UnLockMutex(&ref->mutex); +} + +void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref, int* isZero, int* err) { int ret = wc_LockMutex(&ref->mutex); if (ret != 0) { @@ -1341,7 +1352,7 @@ void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err) } *err = ret; } -#endif +#endif /* ! SINGLE_THREADED */ #if WOLFSSL_CRYPT_HW_MUTEX /* Mutex for protection of cryptography hardware */ @@ -1782,7 +1793,7 @@ int wolfSSL_HwPkMutexUnLock(void) static void destruct_key(void *buf) { if (buf != NULL) { - free(buf); + XFREE(buf, NULL, DYNAMIC_TYPE_OS_BUF); } } @@ -1911,7 +1922,7 @@ int wolfSSL_HwPkMutexUnLock(void) key_ptr = pthread_getspecific(key_own_hw_mutex); if (key_ptr == NULL) { - key_ptr = malloc(sizeof(int)); + key_ptr = XMALLOC(sizeof(int), NULL, DYNAMIC_TYPE_OS_BUF); if (key_ptr == NULL) { return MEMORY_E; } @@ -3604,7 +3615,8 @@ time_t stm32_hal_time(time_t *t1) #endif /* !NO_ASN_TIME */ -#if !defined(WOLFSSL_LEANPSK) && !defined(STRING_USER) +#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \ + defined(USE_WOLF_STRNSTR) char* mystrnstr(const char* s1, const char* s2, unsigned int n) { unsigned int s2_len = (unsigned int)XSTRLEN(s2); @@ -3900,7 +3912,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) XMEMSET(thread, 0, sizeof(*thread)); thread->threadStack = (void *)XMALLOC(WOLFSSL_NETOS_STACK_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_OS_BUF); if (thread->threadStack == NULL) return MEMORY_E; @@ -3922,7 +3934,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) 2, 2, 1, TX_AUTO_START); if (result != TX_SUCCESS) { - free(thread->threadStack); + XFREE(thread->threadStack, NULL, DYNAMIC_TYPE_OS_BUF); thread->threadStack = NULL; return MEMORY_E; } @@ -3933,7 +3945,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) int wolfSSL_JoinThread(THREAD_TYPE thread) { /* TODO: maybe have to use tx_thread_delete? */ - free(thread.threadStack); + XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_OS_BUF); thread.threadStack = NULL; return 0; } @@ -3954,6 +3966,14 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) XMEMSET(thread, 0, sizeof(*thread)); + thread->tid = (struct k_thread*)XMALLOC( + Z_KERNEL_STACK_SIZE_ADJUST(sizeof(struct k_thread)), + wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER); + if (thread->tid == NULL) { + WOLFSSL_MSG("error: XMALLOC thread->tid failed"); + return MEMORY_E; + } + /* TODO: Use the following once k_thread_stack_alloc makes it into a * release. * thread->threadStack = k_thread_stack_alloc(WOLFSSL_ZEPHYR_STACK_SZ, @@ -3963,14 +3983,18 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER); if (thread->threadStack == NULL) { - WOLFSSL_MSG("error: XMALLOC failed"); + XFREE(thread->tid, wolfsslThreadHeapHint, + DYNAMIC_TYPE_TMP_BUFFER); + thread->tid = NULL; + + WOLFSSL_MSG("error: XMALLOC thread->threadStack failed"); return MEMORY_E; } /* k_thread_create does not return any error codes */ /* Casting to k_thread_entry_t should be fine since we just ignore the * extra arguments being passed in */ - k_thread_create(&thread->tid, thread->threadStack, + k_thread_create(thread->tid, thread->threadStack, WOLFSSL_ZEPHYR_STACK_SZ, (k_thread_entry_t)cb, arg, NULL, NULL, 5, 0, K_NO_WAIT); @@ -3982,10 +4006,14 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) int ret = 0; int err; - err = k_thread_join(&thread.tid, K_FOREVER); + err = k_thread_join(thread.tid, K_FOREVER); if (err != 0) ret = MEMORY_E; + XFREE(thread.tid, wolfsslThreadHeapHint, + DYNAMIC_TYPE_TMP_BUFFER); + thread.tid = NULL; + /* TODO: Use the following once k_thread_stack_free makes it into a * release. * err = k_thread_stack_free(thread.threadStack); @@ -4226,3 +4254,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) #endif /* Environment check */ #endif /* not SINGLE_THREADED */ + +#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \ + defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE) +noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr, + __le32 *updptr, int nr_inst) +{ + return (wolfssl_linuxkm_get_pie_redirect_table()-> + alt_cb_patch_nops)(alt, origptr, updptr, nr_inst); +} +#endif diff --git a/src/wolfcrypt/src/wc_xmss.c b/src/wolfcrypt/src/wc_xmss.c index 5c016db..6546597 100644 --- a/src/wolfcrypt/src/wc_xmss.c +++ b/src/wolfcrypt/src/wc_xmss.c @@ -738,7 +738,7 @@ static WC_INLINE int wc_xmsskey_signupdate(XmssKey* key, byte* sig, #endif #ifdef WOLFSSL_SMALL_STACK - state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1109,7 +1109,7 @@ int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng) #endif #ifdef WOLFSSL_SMALL_STACK - state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1645,7 +1645,7 @@ int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen, #endif #ifdef WOLFSSL_SMALL_STACK - state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } diff --git a/src/wolfcrypt/src/wolfmath.c b/src/wolfcrypt/src/wolfmath.c index ce36b60..9a6e312 100644 --- a/src/wolfcrypt/src/wolfmath.c +++ b/src/wolfcrypt/src/wolfmath.c @@ -149,10 +149,10 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) for (; i < b->used; i++) { b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask; } - b->used ^= (a->used ^ b->used) & (mp_size_t)mask; + b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask; #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ defined(WOLFSSL_SP_INT_NEGATIVE) - b->sign ^= (mp_sign_t)(a->sign ^ b->sign) & (mp_sign_t)mask; + b->sign ^= (wc_mp_sign_t)(a->sign ^ b->sign) & (wc_mp_sign_t)mask; #endif } @@ -167,8 +167,6 @@ int get_rand_digit(WC_RNG* rng, mp_digit* d) return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit)); } -#if defined(WC_RSA_BLINDING) || defined(WOLFCRYPT_HAVE_SAKKE) || \ - defined(WOLFSSL_ECC_BLIND_K) int mp_rand(mp_int* a, int digits, WC_RNG* rng) { int ret = 0; @@ -196,7 +194,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) ret = BAD_FUNC_ARG; } if (ret == MP_OKAY) { - a->used = (mp_size_t)digits; + a->used = (wc_mp_size_t)digits; } #endif /* fill the data with random bytes */ @@ -222,7 +220,6 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) return ret; } -#endif /* WC_RSA_BLINDING || WOLFCRYPT_HAVE_SAKKE || WOLFSSL_ECC_BLIND_K */ #endif /* !WC_NO_RNG */ #if defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT) @@ -474,14 +471,16 @@ const char *wc_GetMathInfo(void) #elif defined(WOLFSSL_HAVE_SP_DH) " dh" #endif - #ifndef WOLFSSL_SP_NO_2048 - " 2048" - #endif - #ifndef WOLFSSL_SP_NO_3072 - " 3072" - #endif - #ifdef WOLFSSL_SP_4096 - " 4096" + #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) + #ifndef WOLFSSL_SP_NO_2048 + " 2048" + #endif + #ifndef WOLFSSL_SP_NO_3072 + " 3072" + #endif + #ifdef WOLFSSL_SP_4096 + " 4096" + #endif #endif #ifdef WOLFSSL_SP_ASM " asm" diff --git a/src/wolfssl.h b/src/wolfssl.h index 46ef50d..c7e39d4 100644 --- a/src/wolfssl.h +++ b/src/wolfssl.h @@ -27,7 +27,15 @@ #include -/* wolfSSL user_settings.h must be included from settings.h */ +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must be listed before any other wolfSSL include. + */ #include #include diff --git a/src/wolfssl/bio.c b/src/wolfssl/bio.c index ac4eb03..b265456 100644 --- a/src/wolfssl/bio.c +++ b/src/wolfssl/bio.c @@ -146,7 +146,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { bio->wrSz = bio->wrSzReset; } else { @@ -163,7 +163,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && - !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { + !(bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY)) { /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, @@ -200,6 +200,7 @@ int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b) } #ifndef WOLFCRYPT_ONLY +#ifndef NO_TLS /* Helper function to read from WOLFSSL_BIO_SSL type * * returns the number of bytes read on success @@ -231,10 +232,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return ret; } +#endif /* !NO_TLS */ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, (unsigned int)sz) != WOLFSSL_SUCCESS) { @@ -249,7 +251,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) } return sz; } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY */ /* Used to read data from a WOLFSSL_BIO structure @@ -331,7 +333,7 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif /* !NO_FILESYSTEM */ break; case WOLFSSL_BIO_SSL: - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) ret = wolfSSL_BIO_SSL_read(bio, buf, len, front); #else WOLFSSL_MSG("WOLFSSL_BIO_SSL used with WOLFCRYPT_ONLY"); @@ -500,7 +502,7 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } #endif /* WOLFSSL_BASE64_ENCODE */ -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) /* Helper function for writing to a WOLFSSL_BIO_SSL type * * returns the amount written in bytes on success @@ -531,7 +533,7 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, } return ret; } -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY && !NO_TLS */ /* Writes to a WOLFSSL_BIO_BIO type. * @@ -601,7 +603,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("one of input parameters is null"); return WOLFSSL_FAILURE; } - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { return WOLFSSL_FAILURE; } @@ -642,7 +644,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == WC_NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; @@ -746,7 +748,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif /* !NO_FILESYSTEM */ break; case WOLFSSL_BIO_SSL: - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) /* already got eof, again is error */ if (front->eof) { ret = WOLFSSL_FATAL_ERROR; @@ -823,7 +825,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) bio = bio->next; } -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) exit_chain: #endif @@ -866,23 +868,23 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) } switch(cmd) { - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: + case WOLFSSL_BIO_CTRL_PENDING: + case WOLFSSL_BIO_CTRL_WPENDING: ret = (long)wolfSSL_BIO_ctrl_pending(bio); break; - case BIO_CTRL_INFO: + case WOLFSSL_BIO_CTRL_INFO: ret = (long)wolfSSL_BIO_get_mem_data(bio, parg); break; - case BIO_CTRL_FLUSH: + case WOLFSSL_BIO_CTRL_FLUSH: ret = (long)wolfSSL_BIO_flush(bio); break; - case BIO_CTRL_RESET: + case WOLFSSL_BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; #ifdef WOLFSSL_HAVE_BIO_ADDR - case BIO_CTRL_DGRAM_CONNECT: - case BIO_CTRL_DGRAM_SET_PEER: + case WOLFSSL_BIO_CTRL_DGRAM_CONNECT: + case WOLFSSL_BIO_CTRL_DGRAM_SET_PEER: { socklen_t addr_size; if (parg == NULL) { @@ -899,7 +901,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) break; } - case BIO_CTRL_DGRAM_SET_CONNECTED: + case WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED: if (parg == NULL) { wolfSSL_BIO_ADDR_clear(&bio->peer_addr); bio->connected = 0; @@ -916,7 +918,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) ret = WOLFSSL_SUCCESS; break; - case BIO_CTRL_DGRAM_QUERY_MTU: + case WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU: ret = 0; /* not implemented */ break; @@ -1371,7 +1373,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) int closeFlag) { if (!bio || !bufMem || - (closeFlag != BIO_NOCLOSE && closeFlag != BIO_CLOSE)) + (closeFlag != WOLFSSL_BIO_NOCLOSE && closeFlag != WOLFSSL_BIO_CLOSE)) return BAD_FUNC_ARG; if (bio->mem_buf) @@ -1379,7 +1381,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) wolfSSL_BUF_MEM_free(bio->mem_buf); bio->mem_buf = bufMem; - bio->shutdown = closeFlag; + bio->shutdown = closeFlag ? WOLFSSL_BIO_CLOSE : WOLFSSL_BIO_NOCLOSE; bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; @@ -1717,7 +1719,7 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) case WOLFSSL_BIO_MEMORY: bio->rdIdx = 0; - if (bio->flags & BIO_FLAGS_MEM_RDONLY) { + if (bio->flags & WOLFSSL_BIO_FLAG_MEM_RDONLY) { bio->wrIdx = bio->wrSzReset; bio->wrSz = bio->wrSzReset; } @@ -1826,7 +1828,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + if (bio->ptr.fh != XBADFILE && bio->shutdown == WOLFSSL_BIO_CLOSE) { XFCLOSE(bio->ptr.fh); } @@ -1839,7 +1841,7 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } - bio->shutdown = BIO_CLOSE; + bio->shutdown = WOLFSSL_BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2201,7 +2203,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio->method != NULL && bio->method->ctrlCb != NULL) { WOLFSSL_MSG("Calling custom BIO flush callback"); - return (int)bio->method->ctrlCb(bio, BIO_CTRL_FLUSH, 0, NULL); + return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_FLUSH, 0, NULL); } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) @@ -2387,7 +2389,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->type = WOLFSSL_BIO_SOCKET; } else { - BIO_free(bio); + wolfSSL_BIO_free(bio); bio = NULL; } } @@ -2477,7 +2479,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } b->num.fd = sfd; - b->shutdown = BIO_CLOSE; + b->shutdown = WOLFSSL_BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2506,7 +2508,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } b->num.fd = sfd; - b->shutdown = BIO_CLOSE; + b->shutdown = WOLFSSL_BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; @@ -2516,7 +2518,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } /* Create a socket BIO for using the accept'ed connection */ - new_bio = wolfSSL_BIO_new_socket(newfd, BIO_CLOSE); + new_bio = wolfSSL_BIO_new_socket(newfd, WOLFSSL_BIO_CLOSE); if (new_bio == NULL) { WOLFSSL_MSG("wolfSSL_BIO_new_socket error"); CloseSocket(newfd); @@ -2560,6 +2562,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return ret; } +#ifndef NO_TLS long wolfSSL_BIO_do_handshake(WOLFSSL_BIO *b) { WOLFSSL_ENTER("wolfSSL_BIO_do_handshake"); @@ -2595,7 +2598,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (b->ptr.ssl != NULL) { int rc = wolfSSL_shutdown(b->ptr.ssl); - if (rc == SSL_SHUTDOWN_NOT_DONE) { + if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ wolfSSL_shutdown(b->ptr.ssl); @@ -2605,6 +2608,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("BIO has no SSL pointer set."); } } +#endif long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { @@ -2682,7 +2686,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else wolfSSL_set_connect_state(ssl); } - if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, BIO_CLOSE) != + if (err == 0 && wolfSSL_BIO_set_ssl(sslBio, ssl, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to set SSL pointer in BIO."); err = 1; @@ -2831,13 +2835,20 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) #else bio->method = method; #endif - bio->shutdown = BIO_CLOSE; /* default to close things */ + bio->shutdown = WOLFSSL_BIO_CLOSE; /* default to close things */ if ((bio->type == WOLFSSL_BIO_SOCKET) || (bio->type == WOLFSSL_BIO_DGRAM)) { bio->num.fd = SOCKET_INVALID; - } else { + } + else if (bio->type == WOLFSSL_BIO_FILE) { +#ifndef NO_FILESYSTEM + bio->ptr.fh = XBADFILE; +#endif + bio->num.fd = SOCKET_INVALID; + } + else { bio->num.length = 0; } bio->init = 1; @@ -2916,7 +2927,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { XMEMCPY(bio->ptr.mem_buf_data, buf, len); - bio->flags |= BIO_FLAGS_MEM_RDONLY; + bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2994,7 +3005,9 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } #ifndef NO_FILESYSTEM - if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { + if (bio->type == WOLFSSL_BIO_FILE && + bio->shutdown == WOLFSSL_BIO_CLOSE) + { if (bio->ptr.fh) { XFCLOSE(bio->ptr.fh); } @@ -3007,7 +3020,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } #endif - if (bio->shutdown != BIO_NOCLOSE) { + if (bio->shutdown != WOLFSSL_BIO_NOCLOSE) { if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr.mem_buf_data != NULL) { @@ -3409,7 +3422,7 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) if (fp == XBADFILE) return WOLFSSL_BAD_FILE; - if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(b, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { XFCLOSE(fp); return WOLFSSL_BAD_FILE; } @@ -3446,7 +3459,7 @@ WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) return bio; } - if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_set_fp(bio, fp, WOLFSSL_BIO_CLOSE) != WOLFSSL_SUCCESS) { XFCLOSE(fp); wolfSSL_BIO_free(bio); bio = NULL; diff --git a/src/wolfssl/callbacks.h b/src/wolfssl/callbacks.h index 1010eca..dc3ad89 100644 --- a/src/wolfssl/callbacks.h +++ b/src/wolfssl/callbacks.h @@ -36,7 +36,7 @@ enum { /* CALLBACK CONSTANTS */ MAX_CIPHERNAME_SZ = 24, MAX_TIMEOUT_NAME_SZ = 24, MAX_PACKETS_HANDSHAKE = 14, /* 12 for client auth plus 2 alerts */ - MAX_VALUE_SZ = 128, /* all handshake packets but Cert should + MAX_VALUE_SZ = 128 /* all handshake packets but Cert should fit here */ }; diff --git a/src/wolfssl/certs_test.h b/src/wolfssl/certs_test.h index 013b374..37e8da8 100644 --- a/src/wolfssl/certs_test.h +++ b/src/wolfssl/certs_test.h @@ -100,9 +100,9 @@ static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024); static const unsigned char client_cert_der_1024[] = { 0x30, 0x82, 0x04, 0x18, 0x30, 0x82, 0x03, 0x81, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0xF2, 0xEA, 0x44, 0x08, - 0xB5, 0x12, 0x30, 0xA0, 0x96, 0x93, 0xD1, 0xD1, 0x7F, 0xE1, - 0xEC, 0x49, 0x75, 0x9B, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x09, 0x1D, 0x03, 0x41, 0x8B, + 0x92, 0xBD, 0x2A, 0x2A, 0x1C, 0x77, 0xE0, 0x13, 0xA8, 0x3D, + 0xF0, 0x33, 0xDA, 0x7F, 0x72, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -120,10 +120,10 @@ static const unsigned char client_cert_der_1024[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -180,8 +180,8 @@ static const unsigned char client_cert_der_1024[] = 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, - 0x59, 0xF2, 0xEA, 0x44, 0x08, 0xB5, 0x12, 0x30, 0xA0, 0x96, - 0x93, 0xD1, 0xD1, 0x7F, 0xE1, 0xEC, 0x49, 0x75, 0x9B, 0xA2, + 0x09, 0x1D, 0x03, 0x41, 0x8B, 0x92, 0xBD, 0x2A, 0x2A, 0x1C, + 0x77, 0xE0, 0x13, 0xA8, 0x3D, 0xF0, 0x33, 0xDA, 0x7F, 0x72, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, @@ -191,20 +191,20 @@ static const unsigned char client_cert_der_1024[] = 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, - 0x03, 0x81, 0x81, 0x00, 0x45, 0x63, 0x6F, 0xF9, 0xED, 0xF4, - 0x12, 0x3C, 0x3C, 0xC5, 0x2C, 0x51, 0x08, 0x94, 0x61, 0x7E, - 0x08, 0xE8, 0x32, 0x46, 0x2B, 0x22, 0x02, 0xD0, 0xE8, 0x2B, - 0xA4, 0x23, 0x15, 0x48, 0x47, 0x87, 0x5D, 0x72, 0xAB, 0x38, - 0xD5, 0x34, 0xB9, 0xFC, 0xF4, 0x86, 0x93, 0x49, 0x95, 0xD8, - 0x81, 0x32, 0x1C, 0x21, 0xE3, 0xEF, 0xB8, 0x40, 0xC5, 0x87, - 0x02, 0xE8, 0x28, 0xAA, 0x54, 0x93, 0x2D, 0x8A, 0xE9, 0x1E, - 0xDD, 0x5D, 0x11, 0xF8, 0xBF, 0xCA, 0x4E, 0x33, 0x20, 0x56, - 0x4E, 0x6F, 0x53, 0xBB, 0x79, 0xB0, 0xDA, 0x65, 0xA1, 0x4B, - 0x9F, 0xC8, 0x55, 0xFA, 0x53, 0x26, 0x84, 0xC6, 0x1E, 0x0A, - 0x5E, 0x7A, 0x6E, 0xF2, 0x2D, 0x2A, 0x81, 0xA5, 0xD0, 0x2B, - 0xEC, 0xD5, 0x8E, 0xB9, 0xF0, 0xC7, 0x57, 0xD7, 0xD6, 0x14, - 0x1A, 0x3B, 0xDC, 0x09, 0x41, 0xB4, 0x9D, 0x0D, 0x72, 0x20, - 0x44, 0x79 + 0x03, 0x81, 0x81, 0x00, 0x9A, 0x1C, 0x8F, 0xC4, 0xBD, 0x54, + 0xDA, 0x63, 0xA7, 0xF8, 0xBA, 0x39, 0xB6, 0x64, 0x60, 0x9D, + 0xBA, 0xA5, 0xFC, 0x43, 0xF5, 0x57, 0x28, 0x31, 0x43, 0x09, + 0x4C, 0x03, 0x4C, 0xB8, 0xC3, 0x49, 0x2B, 0x4E, 0xBF, 0xF2, + 0x9B, 0x13, 0x4E, 0x37, 0x1E, 0xA1, 0x57, 0xC6, 0x0C, 0x7B, + 0x2C, 0x25, 0x19, 0x37, 0x9F, 0x06, 0x53, 0xEF, 0x8D, 0xD1, + 0xBA, 0xC0, 0x73, 0x6E, 0x7F, 0xC2, 0x0B, 0x46, 0x5F, 0x9B, + 0x56, 0xBB, 0x59, 0x19, 0x5C, 0xC9, 0xEE, 0xEA, 0x02, 0xDA, + 0x03, 0x2C, 0xFB, 0x29, 0xB6, 0x07, 0xDD, 0x55, 0xB7, 0xE9, + 0xCE, 0x60, 0x47, 0xE0, 0x6B, 0x44, 0x5A, 0x61, 0x74, 0x5C, + 0x96, 0xF6, 0x30, 0xD8, 0x1B, 0xA4, 0x15, 0x5E, 0x06, 0xC5, + 0x73, 0x4B, 0x8A, 0x4D, 0x94, 0x23, 0x13, 0x1B, 0x3F, 0xDB, + 0x67, 0xCA, 0xA7, 0xA6, 0x41, 0xC5, 0x28, 0x0F, 0xFD, 0x2E, + 0x0E, 0xF0 }; static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024); @@ -418,9 +418,9 @@ static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024); static const unsigned char ca_cert_der_1024[] = { 0x30, 0x82, 0x04, 0x09, 0x30, 0x82, 0x03, 0x72, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3, - 0xA8, 0x2A, 0xD8, 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7, - 0xD4, 0x59, 0x07, 0xAA, 0xDD, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A, + 0x25, 0x8F, 0x1B, 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF, + 0xFF, 0x9D, 0x43, 0x29, 0x47, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -438,9 +438,9 @@ static const unsigned char ca_cert_der_1024[] = 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, - 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, - 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, + 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, + 0x34, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x30, 0x81, 0x99, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, @@ -496,9 +496,9 @@ static const unsigned char ca_cert_der_1024[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3, - 0xA8, 0x2A, 0xD8, 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7, - 0xD4, 0x59, 0x07, 0xAA, 0xDD, 0x30, 0x0C, 0x06, 0x03, 0x55, + 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A, + 0x25, 0x8F, 0x1B, 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF, + 0xFF, 0x9D, 0x43, 0x29, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, @@ -507,20 +507,20 @@ static const unsigned char ca_cert_der_1024[] = 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x70, - 0x7D, 0x83, 0x94, 0xD0, 0xEE, 0xE1, 0x19, 0x8B, 0x17, 0xCA, - 0x79, 0x87, 0x12, 0x5B, 0x7F, 0x70, 0xA3, 0x51, 0x20, 0x4F, - 0x21, 0x99, 0x71, 0x69, 0x21, 0x28, 0x55, 0x61, 0x70, 0x85, - 0x54, 0x21, 0xA9, 0x70, 0xA2, 0xA9, 0x12, 0xDB, 0x44, 0x11, - 0x44, 0xE7, 0x41, 0x00, 0x70, 0x80, 0xB5, 0x37, 0x0C, 0x7E, - 0x78, 0x8F, 0x88, 0x64, 0xBC, 0xE5, 0xC0, 0x44, 0xA7, 0xA5, - 0x3D, 0xDB, 0x62, 0xC4, 0xD6, 0xCD, 0xAA, 0x4B, 0xAC, 0xFB, - 0x01, 0x46, 0xBB, 0xEC, 0xCB, 0x6F, 0x01, 0x67, 0xB4, 0x65, - 0xF3, 0x5E, 0x53, 0x39, 0x64, 0x99, 0x9B, 0x68, 0x80, 0x14, - 0x91, 0xA4, 0xA4, 0xEB, 0x04, 0xF3, 0x76, 0x9A, 0x7D, 0xB4, - 0x38, 0x05, 0x9C, 0xA5, 0xE0, 0xBC, 0x7E, 0xD9, 0xD2, 0xD3, - 0xD4, 0xE8, 0xC3, 0x9F, 0x38, 0x4B, 0x6C, 0x29, 0x94, 0xBE, - 0x35, 0xBD, 0x30, 0x1F, 0xB5, 0xB7, 0x3D + 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x09, + 0xC6, 0xDA, 0xFE, 0x2A, 0x45, 0x83, 0x9E, 0x8B, 0x66, 0xCF, + 0x63, 0x1F, 0x11, 0xCB, 0xD9, 0xB4, 0xEB, 0xB0, 0x97, 0x3D, + 0x33, 0xD4, 0xB9, 0x27, 0x56, 0x46, 0x14, 0x3C, 0xFE, 0x2B, + 0xB2, 0x36, 0x6E, 0x38, 0x7F, 0x08, 0xF5, 0x37, 0x3C, 0xF2, + 0xA2, 0x6A, 0x8A, 0xC7, 0xA0, 0xBE, 0x0F, 0xAC, 0xDD, 0xF4, + 0xF0, 0x97, 0xB3, 0x03, 0xA6, 0x70, 0x48, 0x44, 0xFC, 0xEF, + 0xEF, 0x7A, 0xC6, 0x1A, 0x8D, 0x3F, 0x19, 0xF6, 0x71, 0x92, + 0x7E, 0x3A, 0x00, 0x95, 0xF2, 0xB6, 0x57, 0x40, 0x77, 0xC2, + 0x80, 0x4E, 0x61, 0xF2, 0x71, 0x56, 0x22, 0xA0, 0x1E, 0xA9, + 0xDD, 0x5C, 0x54, 0x80, 0xAD, 0xE4, 0x27, 0xF2, 0x17, 0x20, + 0x9B, 0x5B, 0x89, 0x30, 0x6E, 0x6A, 0x31, 0x2A, 0x4E, 0x43, + 0x52, 0xF8, 0x8A, 0x51, 0xB7, 0xED, 0x3A, 0xAA, 0x78, 0x41, + 0x90, 0x95, 0xE8, 0x40, 0x2E, 0x66, 0xFC }; static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024); @@ -613,9 +613,9 @@ static const unsigned char server_cert_der_1024[] = 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, - 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, - 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x30, + 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, + 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, + 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, @@ -671,9 +671,9 @@ static const unsigned char server_cert_der_1024[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x14, 0x5C, 0x44, 0x2B, 0xBF, 0xD3, 0xA8, 0x2A, 0xD8, - 0xFD, 0x54, 0xC9, 0xCD, 0xAA, 0x7F, 0xF7, 0xD4, 0x59, 0x07, - 0xAA, 0xDD, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x82, 0x14, 0x59, 0x52, 0x6B, 0x92, 0x1A, 0x25, 0x8F, 0x1B, + 0xEE, 0x4C, 0x51, 0x9C, 0x47, 0x2F, 0xFF, 0xFF, 0x9D, 0x43, + 0x29, 0x47, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, @@ -682,20 +682,20 @@ static const unsigned char server_cert_der_1024[] = 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x35, 0x2E, 0x7B, 0x57, - 0x7B, 0x64, 0x70, 0x53, 0xE0, 0x81, 0xED, 0xF4, 0xAC, 0xB3, - 0x3A, 0x3B, 0xBA, 0x82, 0x8D, 0xA2, 0x31, 0xD9, 0xD4, 0xAC, - 0xD1, 0x8A, 0x6D, 0x35, 0x41, 0x15, 0xB3, 0xE8, 0x06, 0x91, - 0xCA, 0x2A, 0xF7, 0xFF, 0x28, 0x0E, 0x3D, 0xCD, 0xE7, 0x28, - 0xF0, 0x07, 0xC0, 0x78, 0x62, 0x9E, 0x88, 0x3D, 0xDC, 0x98, - 0xF0, 0x8C, 0x89, 0xA7, 0x1C, 0x5B, 0x77, 0x37, 0xB2, 0x55, - 0x38, 0xB2, 0x60, 0x42, 0xE8, 0x02, 0x81, 0xBF, 0x7C, 0xC3, - 0x54, 0x86, 0x7E, 0xE4, 0x2F, 0x7D, 0x74, 0x74, 0x27, 0xF7, - 0x9A, 0xE2, 0x8D, 0xA9, 0x2F, 0x7C, 0x82, 0x31, 0x41, 0xF1, - 0xCB, 0x48, 0xA0, 0x05, 0x00, 0x26, 0x3D, 0xA4, 0x6B, 0x27, - 0x43, 0x4C, 0x3F, 0x6F, 0x2F, 0x41, 0x2E, 0xEE, 0xBA, 0x0D, - 0x8F, 0x39, 0x42, 0x0D, 0x2D, 0x76, 0x00, 0x12, 0x4C, 0xF9, - 0x49, 0x2D, 0x7F, 0xED + 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x94, 0x67, 0x03, 0x63, + 0x2A, 0x3E, 0xE4, 0x56, 0xA5, 0x9F, 0x84, 0x89, 0x68, 0x8C, + 0xED, 0xEF, 0xA4, 0xFE, 0x1F, 0xDC, 0x03, 0x04, 0x1E, 0xD0, + 0x87, 0x90, 0x14, 0x7C, 0x82, 0x3F, 0x36, 0xA8, 0x7C, 0x14, + 0x64, 0xAB, 0x88, 0xD4, 0x9D, 0x81, 0xE8, 0xF6, 0xA7, 0xEC, + 0x12, 0x51, 0xEA, 0x25, 0xFD, 0xA4, 0xD1, 0x9C, 0x9B, 0x71, + 0x3D, 0xC8, 0xD0, 0xB3, 0xD2, 0x6D, 0xEB, 0x56, 0x11, 0x66, + 0x05, 0x4E, 0x92, 0x27, 0x0A, 0x76, 0x8C, 0x3A, 0x8B, 0xBD, + 0xE2, 0x46, 0xF5, 0x7B, 0x8E, 0xFF, 0x03, 0xF3, 0x89, 0x92, + 0xDC, 0x9B, 0x46, 0x79, 0xF4, 0xB8, 0x95, 0x7D, 0xB6, 0x29, + 0x79, 0xF3, 0x55, 0xC8, 0x70, 0xDE, 0xF7, 0x9F, 0x59, 0xE1, + 0xE2, 0x8D, 0xA7, 0x73, 0x1F, 0x97, 0x1C, 0x52, 0x64, 0x48, + 0x77, 0xCF, 0x6D, 0xA0, 0x27, 0xAD, 0xC0, 0x16, 0x56, 0x55, + 0x46, 0xB2, 0xBF, 0xF1 }; static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024); @@ -869,9 +869,9 @@ static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048); static const unsigned char client_cert_der_2048[] = { 0x30, 0x82, 0x05, 0x1D, 0x30, 0x82, 0x04, 0x05, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, - 0x5A, 0xEC, 0x55, 0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, - 0x13, 0xD9, 0x59, 0xB8, 0xE8, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, + 0xEE, 0xA2, 0x9B, 0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, + 0xF0, 0xCC, 0x23, 0xF2, 0xEC, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -889,10 +889,10 @@ static const unsigned char client_cert_der_2048[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -962,9 +962,9 @@ static const unsigned char client_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x14, 0x08, 0xB0, 0x54, 0x7A, 0x03, 0x5A, 0xEC, 0x55, - 0x8A, 0x12, 0xE8, 0xF9, 0x8E, 0x34, 0xB6, 0x13, 0xD9, 0x59, - 0xB8, 0xE8, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x82, 0x14, 0x4F, 0x0D, 0x8C, 0xC5, 0xFA, 0xEE, 0xA2, 0x9B, + 0xB7, 0x35, 0x9E, 0xE9, 0x4A, 0x17, 0x99, 0xF0, 0xCC, 0x23, + 0xF2, 0xEC, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, @@ -973,33 +973,33 @@ static const unsigned char client_cert_der_2048[] = 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x89, 0x84, 0xEB, - 0x6A, 0x70, 0x3B, 0x2A, 0x6E, 0xA8, 0x8B, 0xF2, 0x92, 0x79, - 0x97, 0x5C, 0xBD, 0x98, 0x8B, 0x71, 0xDB, 0xDB, 0x7C, 0xDF, - 0xDB, 0xA4, 0x2C, 0x59, 0xD3, 0xA6, 0x75, 0x41, 0xC2, 0x06, - 0xB6, 0x17, 0x1E, 0x0C, 0x1F, 0x7D, 0x0B, 0x7F, 0x58, 0x3E, - 0xC1, 0xE7, 0x0C, 0xF0, 0x62, 0x92, 0x77, 0xAB, 0x99, 0x79, - 0x7B, 0x85, 0xF4, 0xD9, 0x6C, 0xD0, 0x0E, 0xE5, 0x8B, 0x13, - 0x35, 0x65, 0x9E, 0xD7, 0x9A, 0x51, 0x98, 0xE4, 0x49, 0x44, - 0x51, 0xC8, 0xE3, 0xE0, 0x9A, 0xFF, 0xC2, 0xCB, 0x3D, 0x81, - 0xEB, 0xEE, 0xF4, 0x1A, 0xD1, 0x96, 0x4B, 0xE9, 0x7D, 0xDE, - 0x5B, 0xF2, 0x64, 0x40, 0xAD, 0xE1, 0xD9, 0xD6, 0xB7, 0xE1, - 0xEB, 0xA9, 0x3A, 0x52, 0x29, 0x89, 0xAA, 0x07, 0x37, 0x96, - 0x44, 0xE3, 0x23, 0x49, 0xF3, 0xBE, 0xF3, 0x0D, 0x70, 0xD1, - 0xA2, 0xCE, 0x78, 0x86, 0x22, 0xFC, 0x76, 0x00, 0x84, 0x1D, - 0xFA, 0x8B, 0x8A, 0xD2, 0x43, 0x93, 0x88, 0xFA, 0xEE, 0x22, - 0xCC, 0xA6, 0x86, 0xF5, 0x3F, 0x24, 0xF1, 0xD4, 0x70, 0x05, - 0x4F, 0x3B, 0x18, 0x32, 0x50, 0x67, 0xC1, 0x80, 0x77, 0x0D, - 0x3C, 0x78, 0x75, 0x35, 0xD0, 0xFD, 0x60, 0xF3, 0xED, 0xA1, - 0x30, 0xD0, 0x62, 0x25, 0x99, 0x6B, 0x80, 0x56, 0x17, 0x3D, - 0xB4, 0xAF, 0x1D, 0xDF, 0xAB, 0x48, 0x21, 0xC1, 0xD2, 0x0B, - 0x6B, 0x94, 0xA7, 0x33, 0xD1, 0xD0, 0x82, 0xB7, 0x3B, 0x92, - 0xEB, 0x9D, 0xD6, 0x6C, 0x32, 0x81, 0x5E, 0x07, 0x3C, 0x46, - 0x34, 0x32, 0x7B, 0xEA, 0x22, 0xDB, 0xA6, 0xA3, 0x18, 0x69, - 0x7C, 0xAD, 0x17, 0xE4, 0xC8, 0xA9, 0x8F, 0xA8, 0xBA, 0x67, - 0xAF, 0x99, 0x39, 0xEF, 0x6E, 0x0C, 0xF8, 0xA9, 0xB3, 0xBD, - 0xAB, 0x71, 0x94, 0xE0, 0x41, 0xAA, 0xA4, 0x2D, 0x72, 0x60, - 0x51, 0xD1, 0x5C + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x46, 0xAB, 0xE4, + 0x6D, 0xAE, 0x49, 0x5B, 0x6A, 0x0B, 0xA9, 0x87, 0xE1, 0x95, + 0x32, 0xA6, 0xD7, 0xAE, 0xDE, 0x28, 0xDC, 0xC7, 0x99, 0x68, + 0xE2, 0x5F, 0xC9, 0x5A, 0x4C, 0x64, 0xB8, 0xF5, 0x28, 0x42, + 0x5A, 0xE8, 0x5C, 0x59, 0x32, 0xFE, 0xD0, 0x1F, 0x0B, 0x55, + 0x89, 0xDB, 0x67, 0xE7, 0x78, 0xF3, 0x70, 0xCF, 0x18, 0x51, + 0x57, 0x8B, 0xF3, 0x2B, 0xA4, 0x66, 0x0B, 0xF6, 0x03, 0x6E, + 0x11, 0xAC, 0x83, 0x52, 0x16, 0x7E, 0xA2, 0x7C, 0x36, 0x77, + 0xF6, 0xBB, 0x13, 0x19, 0x40, 0x2C, 0xB8, 0x8C, 0xCA, 0xD6, + 0x7E, 0x79, 0x7D, 0xF4, 0x14, 0x8D, 0xB5, 0xA4, 0x09, 0xF6, + 0x2D, 0x4C, 0xE7, 0xF9, 0xB8, 0x25, 0x41, 0x15, 0x78, 0xF4, + 0xCA, 0x80, 0x41, 0xEA, 0x3A, 0x05, 0x08, 0xF6, 0xB5, 0x5B, + 0xA1, 0x3B, 0x5B, 0x48, 0xA8, 0x4B, 0x8C, 0x19, 0x8D, 0x6C, + 0x87, 0x31, 0x76, 0x74, 0x02, 0x16, 0x8B, 0xDD, 0x7F, 0xD1, + 0x11, 0x62, 0x27, 0x42, 0x39, 0xE0, 0x9A, 0x63, 0x26, 0x31, + 0x19, 0xCE, 0x3D, 0x41, 0xD5, 0x24, 0x47, 0x32, 0x0F, 0x76, + 0xD6, 0x41, 0x37, 0x44, 0xAD, 0x73, 0xF1, 0xB8, 0xEC, 0x2B, + 0x6E, 0x9C, 0x4F, 0x84, 0xC4, 0x4E, 0xD7, 0x92, 0x10, 0x7E, + 0x23, 0x32, 0xA0, 0x75, 0x6A, 0xE7, 0xFE, 0x55, 0x95, 0x9F, + 0x0A, 0xAD, 0xDF, 0xF9, 0x2A, 0xA2, 0x1A, 0x59, 0xD5, 0x82, + 0x63, 0xD6, 0x5D, 0x7D, 0x79, 0xF4, 0xA7, 0x2D, 0xDC, 0x8C, + 0x04, 0xCD, 0x98, 0xB0, 0x42, 0x0E, 0x84, 0xFA, 0x86, 0x50, + 0x10, 0x61, 0xAC, 0x73, 0xCD, 0x79, 0x45, 0x30, 0xE8, 0x42, + 0xA1, 0x6A, 0xF6, 0x77, 0x55, 0xEC, 0x07, 0xDB, 0x52, 0x29, + 0xCA, 0x7A, 0xC8, 0xA2, 0xDA, 0xE9, 0xF5, 0x98, 0x33, 0x6A, + 0xE8, 0xBC, 0x89, 0xED, 0x01, 0xE2, 0xFE, 0x44, 0x86, 0x86, + 0x80, 0x39, 0xEC }; static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048); @@ -1636,9 +1636,9 @@ static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048); static const unsigned char ca_cert_der_2048[] = { 0x30, 0x82, 0x04, 0xFF, 0x30, 0x82, 0x03, 0xE7, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x33, 0x44, 0x1A, 0xA8, 0x6C, - 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70, 0x51, 0x0A, 0x4C, 0xD1, - 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x6B, 0x9B, 0x70, 0xC6, 0xF1, + 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08, 0x58, 0xEF, 0xA7, 0x8D, + 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -1655,10 +1655,10 @@ static const unsigned char ca_cert_der_2048[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -1726,9 +1726,9 @@ static const unsigned char ca_cert_der_2048[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x82, 0x14, 0x33, 0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, - 0x60, 0xF2, 0x70, 0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, - 0xE9, 0x44, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x82, 0x14, 0x6B, 0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, + 0x19, 0xA1, 0x08, 0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, + 0xC1, 0xDA, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, @@ -1737,33 +1737,33 @@ static const unsigned char ca_cert_der_2048[] = 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2D, 0xFC, 0xF9, - 0x32, 0x5A, 0xBE, 0xD6, 0x9D, 0x42, 0x8B, 0x86, 0x4E, 0x67, - 0x22, 0xC3, 0x50, 0x2D, 0xCB, 0x14, 0x27, 0x1D, 0x94, 0xF3, - 0xCD, 0x88, 0x42, 0xDA, 0x41, 0x1C, 0x39, 0x24, 0x67, 0xA7, - 0x92, 0x4D, 0x27, 0xEA, 0x56, 0x82, 0x19, 0xBF, 0x11, 0xB2, - 0x43, 0xA4, 0x8D, 0x5D, 0x87, 0xB2, 0x27, 0x64, 0x66, 0x82, - 0x81, 0xDF, 0xC4, 0xFD, 0x5B, 0x62, 0xB0, 0xC2, 0x4D, 0x9D, - 0x29, 0xF2, 0x41, 0x32, 0xCC, 0x2E, 0xB5, 0xDA, 0x38, 0x06, - 0x1B, 0xE8, 0x7F, 0x8C, 0x6E, 0x3D, 0x80, 0x1E, 0x00, 0x56, - 0x49, 0xBF, 0x39, 0xE0, 0xDA, 0x68, 0x2F, 0xC4, 0xFD, 0x00, - 0xE6, 0xD1, 0x81, 0x1A, 0xD1, 0x4A, 0xBB, 0x76, 0x52, 0xCE, - 0x4D, 0x24, 0x9D, 0xC4, 0xA3, 0xA7, 0xF1, 0x65, 0x14, 0x2F, - 0x1F, 0xA8, 0x2D, 0xC6, 0xCB, 0xCE, 0xB1, 0xA7, 0x89, 0x74, - 0x26, 0x27, 0xC3, 0xF3, 0xA3, 0x84, 0x4C, 0x34, 0x01, 0x14, - 0x03, 0x7D, 0x16, 0x3A, 0xC8, 0x8B, 0x25, 0x2E, 0x7B, 0x90, - 0xCC, 0x46, 0xB1, 0x52, 0x34, 0xBA, 0x93, 0x6E, 0xEF, 0xFE, - 0x43, 0xA3, 0xAD, 0xC6, 0x6F, 0x51, 0xFB, 0xBA, 0xEA, 0x38, - 0xE3, 0x6F, 0xD6, 0xEE, 0x63, 0x62, 0x36, 0xEA, 0x5E, 0x08, - 0xB4, 0xE2, 0x2A, 0x46, 0x89, 0xE3, 0xAE, 0xB3, 0xB4, 0x06, - 0xEF, 0x63, 0x7A, 0x6E, 0x5D, 0xDD, 0xC9, 0xEC, 0x02, 0x4F, - 0xF7, 0x64, 0xC0, 0x27, 0x07, 0xB4, 0x6F, 0x4A, 0x18, 0x72, - 0x5B, 0x34, 0x74, 0x7C, 0xD0, 0xA9, 0x04, 0x8F, 0x40, 0x8B, - 0x6A, 0x39, 0xD2, 0x6B, 0x1A, 0x01, 0xF2, 0x01, 0xA8, 0x81, - 0x34, 0x3A, 0xE5, 0xB0, 0x55, 0xD1, 0x3C, 0x95, 0xCA, 0xB0, - 0x82, 0xD6, 0xED, 0x98, 0x28, 0x15, 0x59, 0x7E, 0x95, 0xA7, - 0x69, 0xC7, 0xB5, 0x7B, 0xEC, 0x01, 0xA7, 0x4D, 0xE6, 0xB9, - 0xA2, 0xFE, 0x35 + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0x3B, 0x3D, + 0x66, 0x74, 0xBC, 0x97, 0xFE, 0x40, 0x16, 0xE6, 0xBA, 0xA5, + 0xD5, 0xD1, 0x84, 0x08, 0x89, 0x69, 0x4F, 0x88, 0x0D, 0x57, + 0xA9, 0xEF, 0x8C, 0xC3, 0x97, 0x52, 0xC8, 0xBD, 0x8B, 0xA2, + 0x49, 0x3B, 0xB7, 0xF7, 0x5D, 0x1E, 0xD6, 0x14, 0x7F, 0xB2, + 0x80, 0x33, 0xDA, 0xA0, 0x8A, 0xD3, 0xE1, 0x2F, 0xD5, 0xBC, + 0x33, 0x9F, 0xEA, 0x5A, 0x72, 0x24, 0xE5, 0xF8, 0xB8, 0x4B, + 0xB3, 0xDF, 0x62, 0x90, 0x3B, 0xA8, 0x21, 0xEF, 0x27, 0x42, + 0x75, 0xBC, 0x60, 0x02, 0x8E, 0x37, 0x35, 0x99, 0xEB, 0xA3, + 0x28, 0xF2, 0x65, 0x4C, 0xFF, 0x7A, 0xF8, 0x8E, 0xCC, 0x23, + 0x6D, 0xE5, 0x6A, 0xFE, 0x22, 0x5A, 0xD9, 0xB2, 0x4F, 0x47, + 0xC7, 0xE0, 0xAE, 0x98, 0xEF, 0x94, 0xAC, 0xB6, 0x4F, 0x61, + 0x81, 0x29, 0x8E, 0xE1, 0x79, 0x2C, 0x46, 0xFC, 0xE9, 0x1A, + 0xC3, 0x96, 0x1F, 0x19, 0x93, 0x64, 0x2E, 0x9F, 0x37, 0x72, + 0xC5, 0xE4, 0x93, 0x4E, 0x61, 0x5F, 0x38, 0x8E, 0xAE, 0xE8, + 0x39, 0x19, 0xE6, 0x97, 0xA8, 0x91, 0xD4, 0x23, 0x7E, 0x1E, + 0xD2, 0xD0, 0x53, 0xEC, 0xCC, 0xAC, 0xA0, 0x1D, 0xD0, 0xB7, + 0xDD, 0xB1, 0xB7, 0x01, 0x2E, 0x96, 0xCD, 0x85, 0x27, 0xE0, + 0xE7, 0x47, 0xE2, 0xC1, 0xC1, 0x00, 0xF6, 0x94, 0xDF, 0x77, + 0xE7, 0xFA, 0xC6, 0xEF, 0x8A, 0xC0, 0x7C, 0x67, 0xBC, 0xFF, + 0xA0, 0x7C, 0x94, 0x3B, 0x7D, 0x86, 0x42, 0xAF, 0x3D, 0x83, + 0x31, 0xEE, 0x2A, 0x3B, 0x7B, 0xF0, 0x2C, 0x9E, 0x6F, 0xE9, + 0xC4, 0x07, 0x81, 0x24, 0xDA, 0x05, 0x70, 0x4D, 0xDD, 0x09, + 0xAE, 0x9E, 0x72, 0xB8, 0x21, 0x0E, 0x8C, 0xB2, 0xAB, 0xAA, + 0x4C, 0x49, 0x10, 0xF7, 0x76, 0xF9, 0xB5, 0x0D, 0x6C, 0x20, + 0xD3, 0xDF, 0x7A, 0x06, 0x32, 0x8D, 0x29, 0x1F, 0x28, 0x1D, + 0x8D, 0x26, 0x33 }; static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); @@ -1771,9 +1771,9 @@ static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048); static const unsigned char ca_cert_chain_der[] = { 0x30, 0x82, 0x03, 0xFA, 0x30, 0x82, 0x03, 0x63, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x5D, 0x82, 0xE6, 0x32, 0x61, - 0xE7, 0x3B, 0x5E, 0x77, 0x3D, 0xDA, 0xA6, 0xF3, 0xFC, 0x54, - 0xB5, 0x04, 0xD4, 0x10, 0x4E, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x22, 0x3E, 0x28, 0x4D, 0xF0, + 0xF6, 0xC5, 0x97, 0x06, 0xB3, 0xAD, 0x8A, 0x59, 0x4D, 0xA0, + 0x87, 0x3F, 0xB3, 0xCE, 0x8C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -1790,10 +1790,10 @@ static const unsigned char ca_cert_chain_der[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -1848,8 +1848,8 @@ static const unsigned char ca_cert_chain_der[] = 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, - 0x5D, 0x82, 0xE6, 0x32, 0x61, 0xE7, 0x3B, 0x5E, 0x77, 0x3D, - 0xDA, 0xA6, 0xF3, 0xFC, 0x54, 0xB5, 0x04, 0xD4, 0x10, 0x4E, + 0x22, 0x3E, 0x28, 0x4D, 0xF0, 0xF6, 0xC5, 0x97, 0x06, 0xB3, + 0xAD, 0x8A, 0x59, 0x4D, 0xA0, 0x87, 0x3F, 0xB3, 0xCE, 0x8C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, @@ -1859,20 +1859,20 @@ static const unsigned char ca_cert_chain_der[] = 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, - 0x03, 0x81, 0x81, 0x00, 0x23, 0x19, 0xF7, 0x04, 0xB7, 0x99, - 0x84, 0x86, 0xCE, 0x45, 0x9E, 0xA4, 0x55, 0x2D, 0x14, 0xAC, - 0xC5, 0x1C, 0x2D, 0x2F, 0x8D, 0xD3, 0x14, 0x81, 0x91, 0x27, - 0x1C, 0x0C, 0x3C, 0x44, 0x14, 0x8B, 0x99, 0x46, 0xF2, 0x43, - 0xB3, 0x51, 0x33, 0x1B, 0xFA, 0x77, 0x95, 0x07, 0x5C, 0xE4, - 0x3C, 0x11, 0x17, 0x55, 0x57, 0xBF, 0x9D, 0xF4, 0xB5, 0xD4, - 0xAD, 0x7C, 0xB1, 0x82, 0x62, 0x77, 0xC8, 0xAA, 0x02, 0xEE, - 0x73, 0xEE, 0x77, 0x67, 0xD5, 0xB5, 0x58, 0xD7, 0x19, 0x6F, - 0x0F, 0xFD, 0x8B, 0xFC, 0xD4, 0x32, 0xFF, 0x86, 0x48, 0xF8, - 0x49, 0x5B, 0xD8, 0xF1, 0xFB, 0x36, 0x28, 0x27, 0xC1, 0x7D, - 0xDD, 0x0F, 0xFF, 0x7F, 0x95, 0x16, 0x5B, 0x85, 0xCA, 0x3E, - 0x9B, 0xDC, 0x78, 0xB7, 0x6B, 0xB1, 0xF1, 0x75, 0xFA, 0x61, - 0xDA, 0xCE, 0x8A, 0x4E, 0x5F, 0x90, 0x7C, 0x38, 0x9E, 0x31, - 0x00, 0x66 + 0x03, 0x81, 0x81, 0x00, 0x4E, 0x35, 0x89, 0x4C, 0x99, 0xC8, + 0x51, 0x46, 0x5B, 0x86, 0x21, 0xF3, 0x92, 0x13, 0x2D, 0x0E, + 0x73, 0x78, 0x85, 0xBC, 0x81, 0xBB, 0xD1, 0x4B, 0xC3, 0x1B, + 0x65, 0xB5, 0x39, 0x71, 0xA7, 0x04, 0x39, 0x8D, 0x57, 0x20, + 0x02, 0xA0, 0x33, 0x8C, 0xFF, 0xD5, 0xFC, 0x2E, 0x94, 0x56, + 0x48, 0xFC, 0x08, 0x4A, 0x37, 0x19, 0x98, 0x81, 0xAF, 0x51, + 0x3F, 0xB7, 0x91, 0x0A, 0x86, 0x4E, 0x97, 0xE2, 0x39, 0x92, + 0xF5, 0x3E, 0x99, 0xB2, 0x88, 0x1B, 0xAA, 0x97, 0x95, 0x77, + 0x2E, 0xDA, 0x41, 0x11, 0xD7, 0x8F, 0x74, 0x9D, 0x34, 0xD0, + 0x70, 0xCA, 0x37, 0xAA, 0xF7, 0xD7, 0x39, 0xD6, 0xA8, 0x48, + 0x34, 0x06, 0x3A, 0x6A, 0xDA, 0xDE, 0x8A, 0x1D, 0x3C, 0x41, + 0x56, 0xA3, 0x4E, 0xAE, 0x9F, 0x50, 0xB4, 0x8E, 0x10, 0x39, + 0xD9, 0xA2, 0x38, 0xD0, 0x22, 0x04, 0xCA, 0x31, 0x1C, 0xAC, + 0x3C, 0xF2 }; static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der); @@ -2023,10 +2023,10 @@ static const unsigned char server_cert_der_2048[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, - 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, - 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, - 0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, + 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, + 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -2093,9 +2093,9 @@ static const unsigned char server_cert_der_2048[] = 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x33, - 0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70, - 0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x6B, + 0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08, + 0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, @@ -2105,32 +2105,32 @@ static const unsigned char server_cert_der_2048[] = 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x4A, 0xFF, 0xB9, 0xE5, 0x85, 0x9B, - 0xDA, 0x53, 0x66, 0x7F, 0x07, 0x22, 0xBF, 0xB6, 0x19, 0xEA, - 0x42, 0xEB, 0xA4, 0x11, 0x07, 0x62, 0xFF, 0x39, 0x5F, 0x33, - 0x37, 0x3A, 0x87, 0x26, 0x71, 0x3D, 0x13, 0xB2, 0xCA, 0xB8, - 0x64, 0x38, 0x7B, 0x8A, 0x99, 0x48, 0x0E, 0xA5, 0xA4, 0x6B, - 0xB1, 0x99, 0x6E, 0xE0, 0x46, 0x51, 0xBD, 0x19, 0x52, 0xAD, - 0xBC, 0xA6, 0x7E, 0x2A, 0x7A, 0x7C, 0x23, 0xA7, 0xCC, 0xDB, - 0x5E, 0x43, 0x7D, 0x6B, 0x04, 0xC8, 0xB7, 0xDD, 0x95, 0xAD, - 0xF0, 0x91, 0x80, 0x59, 0xC5, 0x19, 0x91, 0x26, 0x27, 0x91, - 0xB8, 0x48, 0x1C, 0xEB, 0x55, 0xB6, 0xAA, 0x7D, 0xA4, 0x38, - 0xF1, 0x03, 0xBC, 0x6C, 0x8B, 0xAA, 0x94, 0xD6, 0x3C, 0x05, - 0x7A, 0x96, 0xC5, 0x06, 0xF1, 0x26, 0x14, 0x2E, 0x75, 0xFB, - 0xDD, 0xE5, 0x35, 0xB3, 0x01, 0x2C, 0xB3, 0xAD, 0x62, 0x5A, - 0x21, 0x9A, 0x08, 0xBE, 0x56, 0xFC, 0xF9, 0xA2, 0x42, 0x87, - 0x86, 0xE5, 0xA9, 0xC5, 0x99, 0xCF, 0xAE, 0x14, 0xBE, 0xE0, - 0xB9, 0x08, 0x24, 0x0D, 0x1D, 0x5C, 0xD6, 0x14, 0xE1, 0x4C, - 0x9F, 0x40, 0xB3, 0xA9, 0xE9, 0x2D, 0x52, 0x8B, 0x4C, 0xBF, - 0xAC, 0x44, 0x31, 0x67, 0xC1, 0x8D, 0x06, 0x85, 0xEC, 0x0F, - 0xE4, 0x99, 0xD7, 0x4B, 0x7B, 0x21, 0x06, 0x66, 0xD4, 0xE4, - 0xF5, 0x9D, 0xFF, 0x8E, 0xF0, 0x86, 0x39, 0x58, 0x1D, 0xA4, - 0x5B, 0xE2, 0x63, 0xEF, 0x7C, 0xC9, 0x18, 0x87, 0xA8, 0x02, - 0x25, 0x10, 0x3E, 0x87, 0x28, 0xF9, 0xF5, 0xEF, 0x47, 0x9E, - 0xA5, 0x80, 0x08, 0x11, 0x90, 0x68, 0xFE, 0xD1, 0xA3, 0xA8, - 0x51, 0xB9, 0x37, 0xFF, 0xD5, 0xCA, 0x7C, 0x87, 0x7F, 0x6B, - 0xBC, 0x2C, 0x12, 0xC8, 0xC5, 0x85, 0x8B, 0xFC, 0x0C, 0xC6, - 0xB9, 0x86, 0xB8, 0xC9, 0x04, 0xC3, 0x51, 0x37, 0xD2, 0x4F + 0x82, 0x01, 0x01, 0x00, 0x8A, 0xF1, 0x4E, 0xE8, 0x9F, 0x59, + 0xB2, 0xD9, 0x13, 0xAC, 0xFC, 0x42, 0xC4, 0x81, 0x34, 0x9F, + 0x6B, 0x39, 0x57, 0x9C, 0xE9, 0x92, 0x5D, 0x41, 0xAC, 0x05, + 0x35, 0xB1, 0x26, 0x93, 0x4D, 0x4A, 0xDA, 0xF8, 0x51, 0x82, + 0xD2, 0x8D, 0x7F, 0xD3, 0x5C, 0x6E, 0x29, 0x80, 0x8D, 0x9B, + 0x02, 0x10, 0x2B, 0x64, 0xF5, 0xD1, 0x31, 0x06, 0xFA, 0x85, + 0x2B, 0x8F, 0x63, 0x32, 0x14, 0x76, 0x7A, 0x39, 0x15, 0xF3, + 0x4E, 0xDD, 0xFD, 0xE2, 0x2C, 0x90, 0x15, 0xD1, 0x6F, 0x73, + 0x87, 0xEE, 0xE6, 0xC8, 0xEB, 0xAD, 0x40, 0xD5, 0xE8, 0x94, + 0x1F, 0xA6, 0x7E, 0x26, 0x5B, 0x87, 0xBA, 0x0F, 0x06, 0x5A, + 0x4D, 0x55, 0x7A, 0xAA, 0xC4, 0x09, 0x34, 0x8B, 0xF7, 0xE5, + 0xCC, 0xD6, 0xB7, 0x6C, 0x46, 0x6D, 0xA1, 0xE6, 0x66, 0x66, + 0x4C, 0x4B, 0xE5, 0x12, 0x31, 0x37, 0x54, 0x49, 0x64, 0xA5, + 0x66, 0xEB, 0xE0, 0xC6, 0xA1, 0x49, 0xF8, 0x4D, 0xC3, 0xD3, + 0x55, 0xA4, 0x05, 0xD2, 0xAC, 0xFB, 0xE1, 0xC8, 0x69, 0x30, + 0x4B, 0x98, 0xFD, 0x72, 0x1A, 0xAB, 0x9F, 0x86, 0xEB, 0x0D, + 0xBD, 0x7C, 0xA6, 0x3D, 0x81, 0xD9, 0x01, 0xA7, 0x8A, 0x79, + 0xAB, 0x3C, 0xCE, 0xE5, 0xB6, 0xC3, 0x1B, 0xEF, 0x7D, 0x5E, + 0x37, 0x7B, 0x37, 0x7C, 0x91, 0x89, 0x59, 0x11, 0x21, 0x11, + 0x7C, 0x05, 0x80, 0xE1, 0xA8, 0xD6, 0xF9, 0x35, 0xDA, 0x1B, + 0x86, 0x06, 0x5A, 0x32, 0x67, 0x6C, 0xA9, 0x2B, 0xE0, 0x31, + 0x7B, 0x89, 0x53, 0x37, 0x42, 0xAF, 0x34, 0xA4, 0x53, 0xD2, + 0x7C, 0x91, 0x50, 0x63, 0x3A, 0x8E, 0x4A, 0x1F, 0xA3, 0x90, + 0x4E, 0x7C, 0x41, 0x59, 0x1D, 0xEB, 0x7B, 0xA2, 0x14, 0x87, + 0xBA, 0x76, 0x36, 0xA4, 0x77, 0x46, 0x34, 0xF2, 0x55, 0x50, + 0xF0, 0x24, 0x9F, 0x83, 0x83, 0xDA, 0xA6, 0xAA, 0x3C, 0xC8 }; static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048); @@ -2502,183 +2502,186 @@ static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072); /* ./certs/3072/client-key.der, 3072-bit */ static const unsigned char client_key_der_3072[] = { - 0x30, 0x82, 0x06, 0xE4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, - 0x81, 0x00, 0xAC, 0x39, 0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10, - 0x9B, 0x68, 0x96, 0xD3, 0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41, - 0x62, 0xE3, 0xB3, 0x41, 0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88, - 0x16, 0x9B, 0xE0, 0x97, 0x74, 0x5F, 0x42, 0x79, 0x73, 0x42, - 0xDF, 0x93, 0xF3, 0xAA, 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, - 0x27, 0x90, 0x84, 0xC0, 0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C, - 0x66, 0x1D, 0x70, 0x9C, 0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58, - 0xC9, 0x3E, 0x8E, 0x9B, 0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00, - 0x9C, 0x65, 0x56, 0x82, 0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A, - 0xEF, 0xDF, 0x9A, 0xD0, 0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B, - 0x1C, 0x63, 0x61, 0xFF, 0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E, - 0x0F, 0x40, 0x3C, 0x7A, 0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64, - 0xAE, 0x10, 0x3D, 0xA8, 0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, - 0x82, 0xE2, 0xF9, 0x01, 0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89, - 0xA0, 0x74, 0xD3, 0xB6, 0x05, 0x11, 0xF2, 0x62, 0x06, 0x48, - 0x2A, 0xF7, 0x66, 0xCE, 0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA, - 0xCA, 0x12, 0xA5, 0x91, 0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59, - 0x51, 0xC0, 0xE7, 0x13, 0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0, - 0x56, 0x2F, 0x5E, 0x1D, 0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7, - 0x01, 0xDA, 0xBD, 0x85, 0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8, - 0xF9, 0x7A, 0x9F, 0x89, 0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D, - 0x04, 0x82, 0x35, 0x10, 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, - 0xE2, 0x62, 0x87, 0x26, 0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C, - 0xE8, 0x73, 0x4F, 0x88, 0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC, - 0xFA, 0x1E, 0x8A, 0xB0, 0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1, - 0x58, 0x8A, 0x49, 0x0F, 0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9, - 0x8F, 0x8D, 0x57, 0x19, 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, - 0xB7, 0x96, 0x7A, 0x3B, 0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC, - 0xC9, 0x06, 0x8F, 0x93, 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, - 0x3E, 0x39, 0x5D, 0x41, 0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F, - 0x76, 0xC7, 0x28, 0xDA, 0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35, - 0x40, 0xBE, 0xAD, 0xC7, 0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA, - 0xE8, 0x51, 0xEB, 0xC0, 0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1, - 0x14, 0xBC, 0xF8, 0x61, 0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4, - 0xAB, 0xBB, 0x6A, 0x21, 0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F, - 0x7F, 0x91, 0xE5, 0x0E, 0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13, - 0x58, 0x72, 0xA0, 0xAA, 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57, - 0x5E, 0x87, 0xD2, 0x73, 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, - 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x01, 0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5, - 0xCA, 0x48, 0x49, 0xA6, 0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B, - 0x0D, 0xBB, 0xC9, 0xEA, 0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC, - 0xEE, 0xE4, 0x3D, 0x42, 0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7, - 0x70, 0x1C, 0x7E, 0x1F, 0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F, - 0x01, 0x98, 0xC2, 0x3E, 0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B, - 0x13, 0x87, 0xAE, 0xAC, 0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25, - 0x4E, 0x59, 0xBA, 0x09, 0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8, - 0x93, 0xC6, 0xBB, 0x03, 0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87, - 0x6A, 0x36, 0x41, 0x7C, 0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39, - 0xEB, 0x14, 0xA7, 0xA6, 0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6, - 0x57, 0x9A, 0x1B, 0x01, 0x02, 0x1F, 0x80, 0x34, 0x45, 0x09, - 0xE6, 0xBF, 0x31, 0x19, 0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A, - 0xB0, 0xCD, 0xF5, 0xA6, 0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F, - 0xEA, 0x7E, 0xF6, 0x0A, 0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70, - 0x0D, 0x1B, 0xD9, 0x70, 0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC, - 0xD4, 0x93, 0x16, 0xC7, 0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A, - 0x1F, 0xAD, 0xDD, 0x40, 0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2, - 0x04, 0xA0, 0x24, 0x05, 0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9, - 0x5C, 0xC2, 0x5E, 0xE4, 0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77, - 0xBB, 0x84, 0x69, 0x54, 0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38, - 0xD8, 0xF7, 0xF3, 0x9F, 0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6, - 0x7A, 0x65, 0xF5, 0x69, 0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28, - 0xA4, 0x29, 0xAC, 0xD9, 0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4, - 0xBA, 0xDF, 0xD0, 0xF1, 0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7, - 0x5A, 0x94, 0xCF, 0xD9, 0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91, - 0x2E, 0x77, 0x15, 0x18, 0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1, - 0x92, 0x9D, 0xD6, 0x04, 0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7, - 0x2D, 0x64, 0xF8, 0xDF, 0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88, - 0x83, 0x5F, 0x67, 0x90, 0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA, - 0x30, 0x13, 0xCA, 0x9F, 0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE, - 0xF9, 0x96, 0xDD, 0x5E, 0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F, - 0x7F, 0x33, 0x2A, 0x38, 0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47, - 0x06, 0xCC, 0x96, 0x44, 0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7, - 0xD0, 0xD3, 0xC3, 0xC5, 0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE, - 0x2A, 0xA4, 0x86, 0xE7, 0x76, 0x74, 0x90, 0xD1, 0x04, 0x37, - 0x64, 0x1A, 0xED, 0x08, 0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B, - 0x89, 0x99, 0xA4, 0xB0, 0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4, - 0xEE, 0x3C, 0xC4, 0x00, 0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02, - 0x81, 0xC1, 0x00, 0xD9, 0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2, - 0xE7, 0x15, 0xA7, 0x0A, 0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6, - 0xA9, 0x6F, 0x73, 0x88, 0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80, - 0xB5, 0x2E, 0x29, 0x8B, 0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18, - 0x1C, 0x0D, 0x0E, 0x38, 0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C, - 0x4E, 0x24, 0x05, 0xA7, 0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C, - 0x1D, 0x0A, 0x2C, 0xFE, 0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D, - 0xF8, 0xEB, 0x2F, 0xDA, 0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97, - 0x64, 0x14, 0xAB, 0xEA, 0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63, - 0x35, 0x90, 0xEE, 0x7F, 0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB, - 0x87, 0x47, 0x9B, 0x45, 0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3, - 0x8A, 0x0B, 0x9B, 0xE6, 0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC, - 0x3E, 0x35, 0xDB, 0xED, 0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29, - 0x79, 0xF8, 0x3F, 0xC2, 0x58, 0x40, 0x32, 0x66, 0x87, 0x56, - 0x50, 0xFF, 0xBF, 0x3E, 0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE, - 0x87, 0x2D, 0xEF, 0x64, 0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94, - 0xDA, 0x5B, 0x0C, 0x8C, 0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE, - 0x40, 0x02, 0x65, 0x36, 0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07, - 0xB4, 0x7F, 0x14, 0x0E, 0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F, - 0xDC, 0xA2, 0xE8, 0xC7, 0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA, - 0xED, 0xA5, 0x3F, 0x59, 0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02, - 0x95, 0x80, 0xA0, 0xAF, 0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72, - 0x41, 0x2C, 0x5C, 0xB4, 0x43, 0x85, 0x46, 0x73, 0x9F, 0x58, - 0xE9, 0x40, 0x8B, 0xEC, 0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE, - 0xC8, 0x6C, 0x74, 0x75, 0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6, - 0x99, 0xA2, 0x70, 0xDE, 0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49, - 0x13, 0xA0, 0xE2, 0x20, 0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3, - 0x25, 0x09, 0xCE, 0x75, 0x13, 0x75, 0x36, 0x11, 0x47, 0x2C, - 0x3C, 0x15, 0x1F, 0xF0, 0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07, - 0xAC, 0x3D, 0x83, 0x46, 0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8, - 0x19, 0x7C, 0xFF, 0xDE, 0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E, - 0xBD, 0xFA, 0x96, 0xDD, 0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17, - 0x90, 0x6F, 0x14, 0x35, 0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A, - 0xA0, 0x53, 0x10, 0x15, 0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6, - 0x48, 0xC0, 0x5D, 0xB4, 0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75, - 0xCD, 0xC3, 0x64, 0x66, 0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14, - 0x34, 0xE6, 0x60, 0x3C, 0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79, - 0x93, 0x5D, 0x4A, 0x42, 0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E, - 0x63, 0xBD, 0xB6, 0x5F, 0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70, - 0xB1, 0x02, 0x81, 0xC0, 0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD, - 0xF6, 0xB1, 0x66, 0xC5, 0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B, - 0xDE, 0xD4, 0x4A, 0xFF, 0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B, - 0x32, 0x35, 0x84, 0x83, 0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B, - 0x7E, 0xCA, 0xE7, 0xB8, 0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4, - 0x24, 0xED, 0x1A, 0xC1, 0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64, - 0xC0, 0xC2, 0xFB, 0xFA, 0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3, - 0x92, 0x95, 0x4E, 0xC2, 0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6, - 0x78, 0x79, 0xC7, 0xDC, 0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65, - 0xFE, 0x56, 0x8F, 0xB2, 0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80, - 0x49, 0x8A, 0x36, 0xBF, 0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5, - 0x1D, 0x64, 0x17, 0x26, 0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B, - 0x99, 0x27, 0x04, 0x64, 0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26, - 0xC3, 0x56, 0xF9, 0xEE, 0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73, - 0xF6, 0x67, 0x83, 0xBC, 0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA, - 0xBD, 0xE0, 0x24, 0x34, 0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3, - 0xE3, 0x3D, 0x17, 0xBC, 0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6, - 0x2F, 0xCB, 0xB4, 0xAF, 0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D, - 0xB4, 0x7F, 0x1B, 0x26, 0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F, - 0xF6, 0x9A, 0xB7, 0xC1, 0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00, - 0xB0, 0x6D, 0x20, 0x68, 0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E, - 0x22, 0x06, 0xFC, 0xC7, 0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE, - 0x7D, 0xC5, 0x2F, 0xDE, 0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF, - 0xE0, 0x4B, 0x1A, 0xB5, 0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65, - 0x03, 0x3D, 0xD9, 0x1C, 0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31, - 0x2A, 0x19, 0x54, 0x63, 0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE, - 0xC8, 0xD3, 0xE9, 0xE1, 0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6, - 0x7A, 0xBD, 0xCE, 0xE2, 0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76, - 0xA9, 0x7C, 0xAB, 0x19, 0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6, - 0x36, 0x57, 0x87, 0x3B, 0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67, - 0x72, 0x6A, 0x86, 0x84, 0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48, - 0x09, 0x3B, 0x5E, 0x6C, 0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E, - 0xC2, 0x27, 0xEE, 0x8A, 0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80, - 0xA3, 0x65, 0x74, 0x11, 0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B, - 0x69, 0xB4, 0xC2, 0x9A, 0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C, - 0x66, 0x5B, 0x38, 0x6F, 0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02, - 0xAC, 0x8C, 0xB9, 0x66, 0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42, - 0x12, 0xB7, 0x0E, 0x3A, 0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F, - 0x53, 0x81, 0x7F, 0xE4, 0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39, - 0xE4, 0x61, 0x02, 0x81, 0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B, - 0xFD, 0x84, 0x2E, 0x83, 0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8, - 0x3C, 0xC5, 0x0C, 0xCB, 0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7, - 0xB0, 0xE9, 0xA4, 0x6A, 0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7, - 0xDF, 0xEC, 0xC2, 0x03, 0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79, - 0xA9, 0xAB, 0xBD, 0xAF, 0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53, - 0xB3, 0xB2, 0xC0, 0xB1, 0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE, - 0x67, 0xC7, 0xF3, 0x57, 0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75, - 0x0D, 0xAC, 0x79, 0x90, 0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3, - 0xE4, 0x46, 0xB2, 0x10, 0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A, - 0x8F, 0x39, 0x42, 0x0E, 0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3, - 0xA7, 0x7F, 0x2F, 0x82, 0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E, - 0x05, 0x6E, 0x75, 0x83, 0x04, 0x35, 0x66, 0x4A, 0x06, 0x57, - 0x39, 0xAB, 0x21, 0x0B, 0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE, - 0x98, 0x45, 0x8F, 0x96, 0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10, - 0x8E, 0x41, 0x7A, 0xDD, 0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC, - 0xFE, 0xA3, 0x2D, 0xA9, 0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7, - 0xBC, 0xF9, 0x71, 0xCC, 0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD, - 0x1A, 0x9E, 0xC7, 0x08, 0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE, - 0xE3, 0xF8, 0xBE, 0x1E, 0xC7, 0xD2, 0x28, 0x97 + 0x30, 0x82, 0x06, 0xFE, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x04, 0x82, 0x06, 0xE8, 0x30, 0x82, 0x06, 0xE4, + 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x81, 0x00, 0xAC, 0x39, + 0x50, 0x68, 0x8F, 0x78, 0xF8, 0x10, 0x9B, 0x68, 0x96, 0xD3, + 0xE1, 0x9C, 0x56, 0x68, 0x5A, 0x41, 0x62, 0xE3, 0xB3, 0x41, + 0xB0, 0x55, 0x80, 0x17, 0xB0, 0x88, 0x16, 0x9B, 0xE0, 0x97, + 0x74, 0x5F, 0x42, 0x79, 0x73, 0x42, 0xDF, 0x93, 0xF3, 0xAA, + 0x9D, 0xEE, 0x2D, 0x6F, 0xAA, 0xBC, 0x27, 0x90, 0x84, 0xC0, + 0x5D, 0xC7, 0xEC, 0x49, 0xEA, 0x5C, 0x66, 0x1D, 0x70, 0x9C, + 0x53, 0x5C, 0xBA, 0xA1, 0xB3, 0x58, 0xC9, 0x3E, 0x8E, 0x9B, + 0x72, 0x3D, 0x6E, 0x02, 0x02, 0x00, 0x9C, 0x65, 0x56, 0x82, + 0xA3, 0x22, 0xB4, 0x08, 0x5F, 0x2A, 0xEF, 0xDF, 0x9A, 0xD0, + 0xE7, 0x31, 0x59, 0x26, 0x5B, 0x0B, 0x1C, 0x63, 0x61, 0xFF, + 0xD5, 0x69, 0x32, 0x19, 0x06, 0x7E, 0x0F, 0x40, 0x3C, 0x7A, + 0x1E, 0xC8, 0xFC, 0x58, 0x6C, 0x64, 0xAE, 0x10, 0x3D, 0xA8, + 0x23, 0xFF, 0x8E, 0x1A, 0xCA, 0x6A, 0x82, 0xE2, 0xF9, 0x01, + 0x64, 0x2C, 0x97, 0xA0, 0x1A, 0x89, 0xA0, 0x74, 0xD3, 0xB6, + 0x05, 0x11, 0xF2, 0x62, 0x06, 0x48, 0x2A, 0xF7, 0x66, 0xCE, + 0xC1, 0x85, 0xE1, 0xD2, 0x27, 0xEA, 0xCA, 0x12, 0xA5, 0x91, + 0x97, 0x3E, 0xFC, 0x94, 0x06, 0x59, 0x51, 0xC0, 0xE7, 0x13, + 0xB6, 0x87, 0x7B, 0x5F, 0xD2, 0xC0, 0x56, 0x2F, 0x5E, 0x1D, + 0x02, 0xC3, 0x11, 0x2C, 0xDF, 0xF7, 0x01, 0xDA, 0xBD, 0x85, + 0x54, 0x35, 0x32, 0x5F, 0xC5, 0xC8, 0xF9, 0x7A, 0x9F, 0x89, + 0xF7, 0x03, 0x0E, 0x7E, 0x79, 0x5D, 0x04, 0x82, 0x35, 0x10, + 0xFE, 0x6D, 0x9B, 0xBF, 0xB8, 0xEE, 0xE2, 0x62, 0x87, 0x26, + 0x5E, 0x2F, 0x50, 0x2F, 0x78, 0x0C, 0xE8, 0x73, 0x4F, 0x88, + 0x6A, 0xD6, 0x26, 0xA4, 0xC9, 0xFC, 0xFA, 0x1E, 0x8A, 0xB0, + 0xF4, 0x32, 0xCF, 0x57, 0xCD, 0xA1, 0x58, 0x8A, 0x49, 0x0F, + 0xBB, 0xA9, 0x1D, 0x86, 0xAB, 0xB9, 0x8F, 0x8D, 0x57, 0x19, + 0xB2, 0x5A, 0x7E, 0xA4, 0xEA, 0xCC, 0xB7, 0x96, 0x7A, 0x3B, + 0x38, 0xCD, 0xDE, 0xE0, 0x61, 0xFC, 0xC9, 0x06, 0x8F, 0x93, + 0x5A, 0xCE, 0xAD, 0x2A, 0xE3, 0x2D, 0x3E, 0x39, 0x5D, 0x41, + 0x83, 0x01, 0x1F, 0x0F, 0xE1, 0x7F, 0x76, 0xC7, 0x28, 0xDA, + 0x56, 0xEF, 0xBF, 0xDC, 0x26, 0x35, 0x40, 0xBE, 0xAD, 0xC7, + 0x38, 0xAD, 0xA4, 0x06, 0xAC, 0xCA, 0xE8, 0x51, 0xEB, 0xC0, + 0xF8, 0x68, 0x02, 0x2C, 0x9B, 0xA1, 0x14, 0xBC, 0xF8, 0x61, + 0x86, 0xD7, 0x56, 0xD7, 0x73, 0xF4, 0xAB, 0xBB, 0x6A, 0x21, + 0xD3, 0x88, 0x22, 0xB4, 0xE7, 0x6F, 0x7F, 0x91, 0xE5, 0x0E, + 0xC6, 0x08, 0x49, 0xDE, 0xEA, 0x13, 0x58, 0x72, 0xA0, 0xAA, + 0x3A, 0xF9, 0x36, 0x03, 0x45, 0x57, 0x5E, 0x87, 0xD2, 0x73, + 0x65, 0xC4, 0x8C, 0xA3, 0xEE, 0xC9, 0xD6, 0x73, 0x7C, 0x96, + 0x41, 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x80, 0x40, 0x19, 0x74, 0xDB, 0xF5, 0xCA, 0x48, 0x49, 0xA6, + 0x0D, 0xDF, 0x55, 0x2C, 0xFB, 0x4B, 0x0D, 0xBB, 0xC9, 0xEA, + 0x4C, 0x65, 0x43, 0x65, 0xA5, 0xEC, 0xEE, 0xE4, 0x3D, 0x42, + 0x6C, 0xF1, 0xC2, 0x6D, 0x05, 0xA7, 0x70, 0x1C, 0x7E, 0x1F, + 0x48, 0xA9, 0xC0, 0x2E, 0xD7, 0x9F, 0x01, 0x98, 0xC2, 0x3E, + 0xD7, 0x83, 0x11, 0x35, 0xD6, 0x5B, 0x13, 0x87, 0xAE, 0xAC, + 0x32, 0xF8, 0xDE, 0xB6, 0x08, 0x25, 0x4E, 0x59, 0xBA, 0x09, + 0xEC, 0xC6, 0x97, 0x04, 0x85, 0xE8, 0x93, 0xC6, 0xBB, 0x03, + 0x7A, 0x94, 0x20, 0x3B, 0x27, 0x87, 0x6A, 0x36, 0x41, 0x7C, + 0xD5, 0xF4, 0x81, 0x1C, 0x0B, 0x39, 0xEB, 0x14, 0xA7, 0xA6, + 0x01, 0x37, 0x50, 0x48, 0xD5, 0xC6, 0x57, 0x9A, 0x1B, 0x01, + 0x02, 0x1F, 0x80, 0x34, 0x45, 0x09, 0xE6, 0xBF, 0x31, 0x19, + 0xB7, 0xE1, 0xBA, 0xDA, 0xEB, 0x1A, 0xB0, 0xCD, 0xF5, 0xA6, + 0x91, 0x63, 0xAC, 0x28, 0xE4, 0x8F, 0xEA, 0x7E, 0xF6, 0x0A, + 0x4A, 0x71, 0x21, 0xA5, 0xF1, 0x70, 0x0D, 0x1B, 0xD9, 0x70, + 0x64, 0x74, 0x57, 0x2F, 0x9F, 0xEC, 0xD4, 0x93, 0x16, 0xC7, + 0xEE, 0xF8, 0xC0, 0x9F, 0x52, 0x4A, 0x1F, 0xAD, 0xDD, 0x40, + 0x98, 0x53, 0x68, 0xFA, 0xDE, 0xA2, 0x04, 0xA0, 0x24, 0x05, + 0xEF, 0xCB, 0x4F, 0x70, 0xDF, 0xB9, 0x5C, 0xC2, 0x5E, 0xE4, + 0xC9, 0xCD, 0x0F, 0x5E, 0x4B, 0x77, 0xBB, 0x84, 0x69, 0x54, + 0x98, 0x41, 0xB7, 0x9C, 0x0E, 0x38, 0xD8, 0xF7, 0xF3, 0x9F, + 0xEF, 0xE5, 0x9B, 0xB6, 0x4B, 0xD6, 0x7A, 0x65, 0xF5, 0x69, + 0xFA, 0xC2, 0x13, 0x70, 0x6C, 0x28, 0xA4, 0x29, 0xAC, 0xD9, + 0xBF, 0xEC, 0x6A, 0x2E, 0xED, 0xE4, 0xBA, 0xDF, 0xD0, 0xF1, + 0xF3, 0x3C, 0x6C, 0x84, 0xDF, 0xB7, 0x5A, 0x94, 0xCF, 0xD9, + 0x2D, 0xEA, 0xEA, 0xB4, 0xD0, 0x91, 0x2E, 0x77, 0x15, 0x18, + 0x0D, 0x6B, 0xBA, 0x2A, 0x0C, 0xF1, 0x92, 0x9D, 0xD6, 0x04, + 0x05, 0xB6, 0x38, 0xC2, 0xE0, 0xA7, 0x2D, 0x64, 0xF8, 0xDF, + 0x0C, 0x3A, 0x93, 0x83, 0xE1, 0x88, 0x83, 0x5F, 0x67, 0x90, + 0x9F, 0x2B, 0xE0, 0x60, 0x8E, 0xCA, 0x30, 0x13, 0xCA, 0x9F, + 0xCF, 0x7B, 0x6D, 0xD8, 0xCD, 0xEE, 0xF9, 0x96, 0xDD, 0x5E, + 0xF4, 0x47, 0xC9, 0x4C, 0xE6, 0x8F, 0x7F, 0x33, 0x2A, 0x38, + 0x30, 0xAF, 0xD5, 0x4A, 0x79, 0x47, 0x06, 0xCC, 0x96, 0x44, + 0x29, 0x8C, 0x60, 0x2B, 0x08, 0xC7, 0xD0, 0xD3, 0xC3, 0xC5, + 0x2C, 0x63, 0x6C, 0x87, 0xD2, 0xAE, 0x2A, 0xA4, 0x86, 0xE7, + 0x76, 0x74, 0x90, 0xD1, 0x04, 0x37, 0x64, 0x1A, 0xED, 0x08, + 0xD9, 0x98, 0x07, 0x1A, 0x98, 0x0B, 0x89, 0x99, 0xA4, 0xB0, + 0x8C, 0x1A, 0x10, 0xEB, 0xEC, 0xF4, 0xEE, 0x3C, 0xC4, 0x00, + 0xCC, 0x30, 0x9C, 0x43, 0x01, 0x02, 0x81, 0xC1, 0x00, 0xD9, + 0x43, 0xF6, 0x2C, 0x78, 0x26, 0xD2, 0xE7, 0x15, 0xA7, 0x0A, + 0x88, 0x5E, 0xDB, 0x2D, 0xAF, 0xC6, 0xA9, 0x6F, 0x73, 0x88, + 0x3B, 0x6A, 0x08, 0x1F, 0xF5, 0x80, 0xB5, 0x2E, 0x29, 0x8B, + 0x72, 0xF8, 0x35, 0xC8, 0x23, 0x18, 0x1C, 0x0D, 0x0E, 0x38, + 0x82, 0xBB, 0x5B, 0x2F, 0xB4, 0x5C, 0x4E, 0x24, 0x05, 0xA7, + 0x4C, 0x79, 0x48, 0x89, 0x8D, 0x1C, 0x1D, 0x0A, 0x2C, 0xFE, + 0xD9, 0x99, 0xDF, 0x25, 0x8A, 0x2D, 0xF8, 0xEB, 0x2F, 0xDA, + 0x1B, 0x63, 0xE1, 0xCD, 0x09, 0x97, 0x64, 0x14, 0xAB, 0xEA, + 0x0B, 0xD8, 0xE2, 0xA8, 0x2A, 0x63, 0x35, 0x90, 0xEE, 0x7F, + 0xEA, 0xCE, 0xA5, 0xEF, 0x7F, 0xAB, 0x87, 0x47, 0x9B, 0x45, + 0x35, 0x9A, 0xDA, 0x8C, 0xF4, 0xD3, 0x8A, 0x0B, 0x9B, 0xE6, + 0xEA, 0x92, 0xBB, 0x05, 0xE1, 0xAC, 0x3E, 0x35, 0xDB, 0xED, + 0x65, 0x1D, 0xB6, 0x92, 0xEB, 0x29, 0x79, 0xF8, 0x3F, 0xC2, + 0x58, 0x40, 0x32, 0x66, 0x87, 0x56, 0x50, 0xFF, 0xBF, 0x3E, + 0xBD, 0xE9, 0x94, 0xBF, 0x31, 0xBE, 0x87, 0x2D, 0xEF, 0x64, + 0x1E, 0x0E, 0x67, 0x3A, 0x9C, 0x94, 0xDA, 0x5B, 0x0C, 0x8C, + 0x3D, 0xEE, 0x9D, 0xCD, 0x92, 0xDE, 0x40, 0x02, 0x65, 0x36, + 0xC9, 0x1B, 0xF5, 0x7E, 0x4E, 0x07, 0xB4, 0x7F, 0x14, 0x0E, + 0x03, 0x2E, 0x86, 0xF0, 0x45, 0x5F, 0xDC, 0xA2, 0xE8, 0xC7, + 0x83, 0x02, 0x81, 0xC1, 0x00, 0xCA, 0xED, 0xA5, 0x3F, 0x59, + 0xAC, 0x4C, 0xAD, 0xAB, 0x23, 0x02, 0x95, 0x80, 0xA0, 0xAF, + 0x35, 0x17, 0xDB, 0xE7, 0x7F, 0x72, 0x41, 0x2C, 0x5C, 0xB4, + 0x43, 0x85, 0x46, 0x73, 0x9F, 0x58, 0xE9, 0x40, 0x8B, 0xEC, + 0xB0, 0xEF, 0x86, 0x4C, 0x31, 0xDE, 0xC8, 0x6C, 0x74, 0x75, + 0xA2, 0xDB, 0x65, 0xF4, 0x50, 0xC6, 0x99, 0xA2, 0x70, 0xDE, + 0xB6, 0x22, 0xC2, 0x01, 0x15, 0x49, 0x13, 0xA0, 0xE2, 0x20, + 0x78, 0x44, 0xEC, 0x1F, 0x42, 0xB3, 0x25, 0x09, 0xCE, 0x75, + 0x13, 0x75, 0x36, 0x11, 0x47, 0x2C, 0x3C, 0x15, 0x1F, 0xF0, + 0x54, 0xD5, 0x18, 0xAE, 0x61, 0x07, 0xAC, 0x3D, 0x83, 0x46, + 0x03, 0x8C, 0xBF, 0x63, 0x26, 0xA8, 0x19, 0x7C, 0xFF, 0xDE, + 0x20, 0x78, 0xD0, 0xDA, 0x70, 0x2E, 0xBD, 0xFA, 0x96, 0xDD, + 0x15, 0x78, 0x9B, 0xEF, 0xED, 0x17, 0x90, 0x6F, 0x14, 0x35, + 0x50, 0x8E, 0x1D, 0x78, 0xB0, 0x8A, 0xA0, 0x53, 0x10, 0x15, + 0x64, 0xCC, 0x47, 0x05, 0xB6, 0xC6, 0x48, 0xC0, 0x5D, 0xB4, + 0x4B, 0x1A, 0x5F, 0xB8, 0x9E, 0x75, 0xCD, 0xC3, 0x64, 0x66, + 0x88, 0x10, 0x9C, 0x8B, 0x87, 0x14, 0x34, 0xE6, 0x60, 0x3C, + 0xA5, 0xB7, 0x81, 0x1D, 0x0B, 0x79, 0x93, 0x5D, 0x4A, 0x42, + 0x7A, 0x7F, 0x33, 0xF0, 0x3E, 0x9E, 0x63, 0xBD, 0xB6, 0x5F, + 0xF9, 0x47, 0xA7, 0x0A, 0x49, 0x70, 0xB1, 0x02, 0x81, 0xC0, + 0x6F, 0xC6, 0xF4, 0x3E, 0xDA, 0xAD, 0xF6, 0xB1, 0x66, 0xC5, + 0x62, 0xB8, 0xD8, 0x3C, 0x61, 0x1B, 0xDE, 0xD4, 0x4A, 0xFF, + 0xA0, 0x66, 0x18, 0xDE, 0x07, 0x3B, 0x32, 0x35, 0x84, 0x83, + 0x61, 0x38, 0x0C, 0x14, 0xF7, 0x5B, 0x7E, 0xCA, 0xE7, 0xB8, + 0x9A, 0x40, 0x40, 0x0D, 0xE0, 0xD4, 0x24, 0xED, 0x1A, 0xC1, + 0x41, 0xDA, 0x29, 0x47, 0xB5, 0x64, 0xC0, 0xC2, 0xFB, 0xFA, + 0x3C, 0x3F, 0x4D, 0x57, 0xAD, 0xA3, 0x92, 0x95, 0x4E, 0xC2, + 0x76, 0xAE, 0xC2, 0xCB, 0x67, 0xC6, 0x78, 0x79, 0xC7, 0xDC, + 0xCE, 0x73, 0xBB, 0xE8, 0x98, 0x65, 0xFE, 0x56, 0x8F, 0xB2, + 0xF4, 0x62, 0xA4, 0x60, 0x60, 0x80, 0x49, 0x8A, 0x36, 0xBF, + 0xDE, 0x72, 0x7E, 0xB1, 0xD3, 0xF5, 0x1D, 0x64, 0x17, 0x26, + 0xE5, 0x3D, 0x67, 0xB2, 0x0A, 0x8B, 0x99, 0x27, 0x04, 0x64, + 0x9A, 0x94, 0xFC, 0x1D, 0x73, 0x26, 0xC3, 0x56, 0xF9, 0xEE, + 0x2B, 0x99, 0x65, 0xA5, 0xC8, 0x73, 0xF6, 0x67, 0x83, 0xBC, + 0x2B, 0x96, 0x5F, 0x36, 0xE4, 0xCA, 0xBD, 0xE0, 0x24, 0x34, + 0xD6, 0x48, 0x54, 0x56, 0xAD, 0xA3, 0xE3, 0x3D, 0x17, 0xBC, + 0xB3, 0xE6, 0x24, 0xFE, 0x50, 0xC6, 0x2F, 0xCB, 0xB4, 0xAF, + 0xC7, 0xE8, 0xDD, 0x96, 0x86, 0x9D, 0xB4, 0x7F, 0x1B, 0x26, + 0x01, 0x33, 0x87, 0xDB, 0x6A, 0x7F, 0xF6, 0x9A, 0xB7, 0xC1, + 0x94, 0xEB, 0x02, 0x81, 0xC1, 0x00, 0xB0, 0x6D, 0x20, 0x68, + 0x0D, 0x7C, 0x81, 0x45, 0xD4, 0x2E, 0x22, 0x06, 0xFC, 0xC7, + 0xB6, 0xCC, 0x40, 0x2C, 0x0D, 0xFE, 0x7D, 0xC5, 0x2F, 0xDE, + 0x81, 0x52, 0xDA, 0xC2, 0x3F, 0xAF, 0xE0, 0x4B, 0x1A, 0xB5, + 0x0C, 0x59, 0x60, 0x45, 0xB0, 0x65, 0x03, 0x3D, 0xD9, 0x1C, + 0xFF, 0x51, 0x51, 0xD2, 0x38, 0x31, 0x2A, 0x19, 0x54, 0x63, + 0x31, 0x1D, 0xC4, 0xE6, 0x4A, 0xAE, 0xC8, 0xD3, 0xE9, 0xE1, + 0xEF, 0x3C, 0xE1, 0x1F, 0x30, 0xA6, 0x7A, 0xBD, 0xCE, 0xE2, + 0xD2, 0x62, 0xD2, 0x5A, 0xE9, 0x76, 0xA9, 0x7C, 0xAB, 0x19, + 0x13, 0x87, 0x8D, 0xA5, 0x61, 0xA6, 0x36, 0x57, 0x87, 0x3B, + 0x64, 0x59, 0x9D, 0xBA, 0x9F, 0x67, 0x72, 0x6A, 0x86, 0x84, + 0xA6, 0x08, 0x31, 0x41, 0xD3, 0x48, 0x09, 0x3B, 0x5E, 0x6C, + 0x5F, 0x56, 0x55, 0x7F, 0xAD, 0x7E, 0xC2, 0x27, 0xEE, 0x8A, + 0xF1, 0x37, 0x51, 0xF7, 0x49, 0x80, 0xA3, 0x65, 0x74, 0x11, + 0xDD, 0xA7, 0xBE, 0xFA, 0x58, 0x7B, 0x69, 0xB4, 0xC2, 0x9A, + 0x35, 0x2F, 0xBE, 0x84, 0x4E, 0x2C, 0x66, 0x5B, 0x38, 0x6F, + 0x47, 0xBD, 0x30, 0x44, 0x0A, 0x02, 0xAC, 0x8C, 0xB9, 0x66, + 0x1E, 0x14, 0x2D, 0x90, 0x71, 0x42, 0x12, 0xB7, 0x0E, 0x3A, + 0x8B, 0xC5, 0x98, 0x65, 0xFD, 0x8F, 0x53, 0x81, 0x7F, 0xE4, + 0xD9, 0x58, 0x0E, 0xF5, 0xA9, 0x39, 0xE4, 0x61, 0x02, 0x81, + 0xC1, 0x00, 0xB3, 0x94, 0x8F, 0x2B, 0xFD, 0x84, 0x2E, 0x83, + 0x42, 0x86, 0x56, 0x7E, 0xB5, 0xF8, 0x3C, 0xC5, 0x0C, 0xCB, + 0xBD, 0x32, 0x0C, 0xD7, 0xAA, 0xA7, 0xB0, 0xE9, 0xA4, 0x6A, + 0xD1, 0x01, 0xDB, 0x87, 0x2A, 0xF7, 0xDF, 0xEC, 0xC2, 0x03, + 0x5D, 0x55, 0xA8, 0x66, 0x73, 0x79, 0xA9, 0xAB, 0xBD, 0xAF, + 0x69, 0x37, 0xFE, 0x41, 0xB5, 0x53, 0xB3, 0xB2, 0xC0, 0xB1, + 0x80, 0x34, 0xE6, 0xE1, 0x7B, 0xAE, 0x67, 0xC7, 0xF3, 0x57, + 0xFE, 0x12, 0xBC, 0x78, 0xAA, 0x75, 0x0D, 0xAC, 0x79, 0x90, + 0x14, 0x49, 0xFE, 0x6B, 0x51, 0xE3, 0xE4, 0x46, 0xB2, 0x10, + 0x4D, 0x05, 0x6A, 0x12, 0x80, 0x2A, 0x8F, 0x39, 0x42, 0x0E, + 0x3B, 0x24, 0x2B, 0x50, 0x5D, 0xF3, 0xA7, 0x7F, 0x2F, 0x82, + 0x89, 0x87, 0x9F, 0xF8, 0x7B, 0x1E, 0x05, 0x6E, 0x75, 0x83, + 0x04, 0x35, 0x66, 0x4A, 0x06, 0x57, 0x39, 0xAB, 0x21, 0x0B, + 0x94, 0x41, 0x6A, 0x2A, 0xC7, 0xDE, 0x98, 0x45, 0x8F, 0x96, + 0x1C, 0xF2, 0xD8, 0xFB, 0x9C, 0x10, 0x8E, 0x41, 0x7A, 0xDD, + 0xDD, 0x1D, 0xEF, 0xA5, 0x67, 0xEC, 0xFE, 0xA3, 0x2D, 0xA9, + 0xFD, 0xF3, 0xEE, 0x35, 0xF4, 0xA7, 0xBC, 0xF9, 0x71, 0xCC, + 0xB9, 0xC0, 0x5F, 0x58, 0x5B, 0xBD, 0x1A, 0x9E, 0xC7, 0x08, + 0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE, 0xE3, 0xF8, 0xBE, 0x1E, + 0xC7, 0xD2, 0x28, 0x97 }; static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072); @@ -2735,9 +2738,9 @@ static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072); static const unsigned char client_cert_der_3072[] = { 0x30, 0x82, 0x06, 0x1D, 0x30, 0x82, 0x04, 0x85, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x0B, 0x5C, 0x9F, 0x12, 0x25, - 0x90, 0xAA, 0x52, 0xC0, 0xDF, 0xE1, 0xE1, 0x1F, 0xED, 0xA9, - 0x31, 0x01, 0x0A, 0x09, 0x8B, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x1E, 0xD5, 0xB7, 0x66, 0x40, + 0x3A, 0xE9, 0x9B, 0xDD, 0x58, 0xE4, 0xE4, 0x9A, 0xC0, 0xDA, + 0x1E, 0xD7, 0xB9, 0x5A, 0x1F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -2755,10 +2758,10 @@ static const unsigned char client_cert_der_3072[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -2841,8 +2844,8 @@ static const unsigned char client_cert_der_3072[] = 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, - 0x0B, 0x5C, 0x9F, 0x12, 0x25, 0x90, 0xAA, 0x52, 0xC0, 0xDF, - 0xE1, 0xE1, 0x1F, 0xED, 0xA9, 0x31, 0x01, 0x0A, 0x09, 0x8B, + 0x1E, 0xD5, 0xB7, 0x66, 0x40, 0x3A, 0xE9, 0x9B, 0xDD, 0x58, + 0xE4, 0xE4, 0x9A, 0xC0, 0xDA, 0x1E, 0xD7, 0xB9, 0x5A, 0x1F, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, @@ -2852,45 +2855,45 @@ static const unsigned char client_cert_der_3072[] = 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x81, 0x00, 0x14, 0x27, 0x57, 0x47, 0x12, - 0xA4, 0x78, 0xA2, 0xC9, 0xDC, 0x93, 0xF8, 0x47, 0xEE, 0xF4, - 0xFD, 0x66, 0x80, 0x13, 0x43, 0x9E, 0xDE, 0x23, 0x8C, 0xF7, - 0x3F, 0xFE, 0x46, 0x9C, 0x85, 0x58, 0x2A, 0x6F, 0x8D, 0x22, - 0x92, 0x8C, 0xD6, 0x36, 0xCA, 0x90, 0x4F, 0x45, 0xC3, 0xAB, - 0x78, 0xCA, 0x3C, 0xFE, 0xD0, 0xF5, 0x0F, 0x6D, 0x00, 0xFE, - 0x3B, 0x42, 0xB0, 0x86, 0x0B, 0x75, 0xF2, 0x7C, 0xD3, 0xC7, - 0xDB, 0x0B, 0x70, 0xE8, 0xEC, 0xB7, 0xBF, 0x26, 0x30, 0xA8, - 0x19, 0x67, 0xBD, 0x74, 0x03, 0xCF, 0xD1, 0x08, 0x8E, 0x9C, - 0xD5, 0x1B, 0x45, 0x28, 0xB2, 0x67, 0x8E, 0x3A, 0xA5, 0x27, - 0xC9, 0x1B, 0x6A, 0xE9, 0x93, 0xCE, 0x94, 0xC0, 0x00, 0x0C, - 0xE8, 0xF1, 0x76, 0x02, 0xA4, 0x30, 0x72, 0xA8, 0xFD, 0x55, - 0x1C, 0xD1, 0xB8, 0x25, 0xF1, 0x62, 0xF6, 0xBA, 0x28, 0xFD, - 0x30, 0xB1, 0x11, 0x63, 0xF7, 0xB3, 0x78, 0x54, 0x09, 0x04, - 0xC1, 0x66, 0x12, 0xC7, 0x01, 0xAE, 0x99, 0xE3, 0x55, 0xC4, - 0x29, 0xBD, 0x1B, 0x1A, 0xDA, 0xB9, 0x77, 0xFD, 0x04, 0xDB, - 0xB1, 0x68, 0x56, 0x35, 0x65, 0xE1, 0xAA, 0x67, 0xC8, 0xAC, - 0xBE, 0xE5, 0xF8, 0x27, 0xFB, 0xB4, 0x51, 0x4F, 0x38, 0xE5, - 0xDE, 0x09, 0xA6, 0x81, 0xA9, 0xEF, 0xDC, 0xD6, 0x4A, 0x96, - 0x47, 0xB8, 0x38, 0x14, 0xF8, 0x25, 0x5D, 0xAC, 0xF3, 0xE5, - 0x3B, 0xF2, 0x1B, 0x70, 0x32, 0x3B, 0x2D, 0xFA, 0x20, 0xCA, - 0x2E, 0xA5, 0xCA, 0x13, 0x9D, 0x84, 0xD2, 0xD4, 0x35, 0x16, - 0x58, 0x6E, 0x52, 0x5E, 0x09, 0x61, 0x83, 0xC2, 0xE2, 0x56, - 0x2C, 0xAB, 0x52, 0xBF, 0x54, 0xDC, 0xBD, 0xF3, 0xBF, 0xA7, - 0x16, 0x6E, 0x0E, 0xCA, 0x68, 0x54, 0xD1, 0x5C, 0x4D, 0x06, - 0x7A, 0x93, 0x47, 0x1C, 0xCC, 0xA9, 0x66, 0xDA, 0x69, 0x0F, - 0xF9, 0x1F, 0x25, 0x64, 0x29, 0x40, 0x97, 0x50, 0x3B, 0xCF, - 0x0C, 0x50, 0x9B, 0x4D, 0xFF, 0x60, 0xBC, 0xD3, 0xE4, 0xA0, - 0xB7, 0x64, 0xC6, 0x66, 0x2A, 0xF6, 0x02, 0xE2, 0x3F, 0x92, - 0x31, 0x3B, 0xD7, 0xEA, 0x1A, 0xC3, 0x1A, 0x0C, 0x19, 0x88, - 0xAB, 0x5F, 0x74, 0xB7, 0x9D, 0x7B, 0x8D, 0x4D, 0x3A, 0x84, - 0x43, 0xF2, 0x67, 0xB1, 0xBE, 0xA0, 0x9E, 0xFD, 0x3D, 0xAA, - 0xC1, 0x38, 0x1A, 0xDF, 0xAC, 0x30, 0xFE, 0x63, 0x69, 0xAF, - 0xD6, 0xF2, 0x21, 0x63, 0x11, 0x63, 0x29, 0xAC, 0x63, 0x9E, - 0x9F, 0x9F, 0xC4, 0x53, 0xB3, 0xDB, 0x78, 0xC0, 0x2D, 0x79, - 0x68, 0x1F, 0xD2, 0xD1, 0x36, 0xD1, 0xFB, 0xE3, 0xC0, 0xA7, - 0x31, 0xEB, 0x15, 0x63, 0x99, 0x0B, 0x93, 0x9D, 0x87, 0xC7, - 0xFE, 0x56, 0x5D, 0xFC, 0xE7, 0x29, 0x2A, 0x9E, 0x15, 0xBE, - 0xEF, 0x54, 0xE7, 0x0F, 0x6D, 0x9B, 0x36, 0xB6, 0x17 + 0x03, 0x82, 0x01, 0x81, 0x00, 0x5E, 0xB0, 0xED, 0x38, 0x36, + 0xB8, 0xF7, 0xE4, 0x0C, 0xB0, 0xC3, 0x6A, 0xBB, 0x7A, 0xB9, + 0x61, 0x05, 0x9D, 0xB9, 0x82, 0x12, 0x2D, 0x9C, 0x9E, 0x91, + 0x7B, 0xEC, 0xD0, 0x9B, 0x81, 0xCA, 0x51, 0xE8, 0xD4, 0x55, + 0x2D, 0x1A, 0xFF, 0x88, 0x5A, 0xC3, 0xE1, 0xD8, 0x82, 0x17, + 0xC5, 0x4A, 0x7A, 0xD4, 0x17, 0xC8, 0xA2, 0x1C, 0x97, 0x61, + 0xA7, 0xCF, 0xDE, 0x12, 0xF9, 0x5A, 0xD8, 0xB0, 0x63, 0x63, + 0x84, 0xD4, 0x7B, 0xB9, 0x81, 0x37, 0xA0, 0x49, 0xF3, 0x68, + 0x30, 0x0C, 0x84, 0xF8, 0x6C, 0x18, 0x54, 0x34, 0x6F, 0x8D, + 0xA3, 0x22, 0xD3, 0xD2, 0x3B, 0x42, 0xBC, 0x3B, 0x28, 0x0F, + 0x95, 0x35, 0xF4, 0x9F, 0xDC, 0x18, 0x9D, 0x4F, 0xC5, 0x5F, + 0x0D, 0xD2, 0xBD, 0x88, 0xB8, 0xA7, 0x88, 0x82, 0xD3, 0x74, + 0x5B, 0xA6, 0xAD, 0xB0, 0x2B, 0x70, 0x33, 0xC9, 0x08, 0x7E, + 0x5F, 0x9B, 0x99, 0x3C, 0x61, 0xF0, 0x1B, 0x3C, 0x1C, 0x4A, + 0x2A, 0x05, 0x84, 0xF1, 0x47, 0x17, 0xA2, 0xEA, 0x06, 0x3A, + 0xDC, 0xF6, 0xB3, 0x83, 0x30, 0x9C, 0x12, 0xB1, 0x4C, 0xE9, + 0xBE, 0x40, 0x86, 0x3E, 0x72, 0x58, 0x4E, 0x44, 0xB8, 0x99, + 0x59, 0xC3, 0x58, 0x0F, 0xD7, 0xCF, 0x02, 0x60, 0x77, 0xAD, + 0x6F, 0x9C, 0x41, 0x58, 0xEF, 0x78, 0x63, 0xC0, 0xF7, 0x7D, + 0xA7, 0xED, 0x67, 0xC2, 0x49, 0xAE, 0x06, 0xFC, 0x46, 0xF7, + 0x70, 0x53, 0x88, 0xEB, 0x53, 0x2F, 0x25, 0x8D, 0x7A, 0xAC, + 0xAB, 0xC4, 0xB5, 0xB0, 0x27, 0x90, 0x57, 0xD0, 0x31, 0x79, + 0x2F, 0xAD, 0xDA, 0x20, 0xC1, 0x6A, 0x00, 0xCC, 0xD9, 0xB4, + 0x36, 0x5A, 0x90, 0x99, 0x3D, 0xE3, 0xE2, 0xF4, 0xB6, 0xE7, + 0x85, 0x16, 0x77, 0x3D, 0x69, 0xBB, 0x42, 0x6C, 0xA5, 0x83, + 0x45, 0x9F, 0x53, 0xC4, 0x43, 0x78, 0x17, 0x43, 0xBD, 0x27, + 0xC0, 0x6E, 0x4B, 0x40, 0x0F, 0x64, 0x0B, 0xAC, 0x38, 0x1E, + 0x09, 0x6D, 0x62, 0x5A, 0x54, 0x8A, 0x2C, 0x96, 0x99, 0x23, + 0xDB, 0xF5, 0x4B, 0x4A, 0xAA, 0x69, 0xBE, 0x6E, 0x8A, 0x9A, + 0x3E, 0xD5, 0xE6, 0xA3, 0xA9, 0xA9, 0xE9, 0xE8, 0xA9, 0x28, + 0x28, 0x3B, 0xF9, 0x9D, 0xD9, 0x5F, 0xE3, 0xCB, 0x2B, 0x2B, + 0x38, 0xBA, 0xF1, 0xBC, 0x45, 0xD8, 0x4A, 0x5A, 0xB1, 0xB3, + 0x8A, 0x48, 0x64, 0x78, 0x33, 0x21, 0x55, 0xCD, 0x04, 0x14, + 0xE7, 0x7B, 0x73, 0xC2, 0xB6, 0xF2, 0xDE, 0x81, 0x01, 0xD8, + 0x8D, 0xC6, 0xCF, 0xF2, 0x85, 0x0F, 0x32, 0x72, 0x0F, 0x6C, + 0x60, 0xBE, 0xF5, 0x31, 0x75, 0x39, 0x4B, 0xE3, 0xAE, 0xED, + 0x0C, 0x1E, 0x15, 0x83, 0xAC, 0xF9, 0x4C, 0x86, 0xCF, 0xDF, + 0x54, 0xB0, 0x7C, 0x6F, 0xF5, 0xDE, 0x26, 0x66, 0xC0, 0xBA, + 0x85, 0x38, 0xD0, 0x25, 0xFE, 0xB9, 0xBF, 0x12, 0x98 }; static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072); @@ -2901,241 +2904,244 @@ static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072); /* ./certs/4096/client-key.der, 4096-bit */ static const unsigned char client_key_der_4096[] = { - 0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, - 0x01, 0x00, 0xF5, 0xD0, 0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3, - 0x07, 0x50, 0xDD, 0x16, 0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC, - 0x46, 0x0E, 0x57, 0x12, 0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A, - 0x33, 0xEA, 0x4F, 0xD9, 0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF, - 0x59, 0x11, 0x08, 0x02, 0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE, - 0x0C, 0xDC, 0x87, 0xD4, 0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1, - 0x76, 0x5A, 0x62, 0x37, 0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB, - 0x1E, 0x6D, 0x29, 0x75, 0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F, - 0x87, 0xCB, 0x14, 0x95, 0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1, - 0x4C, 0xDA, 0xD7, 0x91, 0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07, - 0x1A, 0x76, 0x4D, 0xB0, 0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB, - 0xBA, 0xCB, 0x25, 0xD9, 0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC, - 0x40, 0xE9, 0x36, 0xCD, 0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F, - 0x36, 0xEB, 0xA5, 0x4E, 0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64, - 0x62, 0x7A, 0x3F, 0x0D, 0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C, - 0xA8, 0x8F, 0xE9, 0xED, 0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0, - 0x03, 0xAC, 0xE3, 0x03, 0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A, - 0x7E, 0x08, 0xB1, 0xD3, 0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37, - 0x50, 0x43, 0xC2, 0x6A, 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB, - 0x8D, 0x3F, 0x81, 0x02, 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E, - 0x80, 0x0C, 0x04, 0x25, 0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22, - 0x35, 0x4A, 0xF4, 0x85, 0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F, - 0xA2, 0x3B, 0x24, 0x00, 0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6, - 0xAC, 0x31, 0x12, 0xDB, 0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89, - 0x4A, 0x39, 0x60, 0x77, 0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06, - 0xF1, 0x95, 0x56, 0x2A, 0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE, - 0x58, 0x44, 0xAC, 0x46, 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D, - 0xA1, 0xD3, 0x55, 0x37, 0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8, - 0xA7, 0x61, 0x48, 0x41, 0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80, - 0x23, 0x7D, 0x43, 0xB4, 0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7, - 0x44, 0x19, 0x4D, 0x77, 0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C, - 0x2F, 0xD6, 0x5A, 0x44, 0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96, - 0x40, 0x99, 0x2C, 0x56, 0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59, - 0xD7, 0x2C, 0xD4, 0xB4, 0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E, - 0xFB, 0xFF, 0x04, 0xEB, 0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28, - 0x4F, 0x5C, 0x17, 0x96, 0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B, - 0x1B, 0x48, 0x40, 0x25, 0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF, - 0x73, 0x76, 0xDA, 0xEB, 0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54, - 0x6A, 0x93, 0xE1, 0x8D, 0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC, - 0x87, 0x02, 0x30, 0x22, 0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3, - 0xAE, 0xE4, 0x02, 0x9B, 0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72, - 0xE9, 0x8D, 0x13, 0x2D, 0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61, - 0x71, 0xC9, 0xCC, 0x48, 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A, - 0xDF, 0x67, 0xD3, 0x20, 0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7, - 0x0E, 0x63, 0x16, 0x83, 0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5, - 0x2A, 0x5C, 0x45, 0x54, 0x13, 0xB2, 0x81, 0x18, 0x06, 0x20, - 0x2E, 0x2E, 0x66, 0x5A, 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E, - 0x89, 0x01, 0x56, 0x70, 0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E, - 0xD1, 0xB9, 0x3A, 0xB7, 0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08, - 0xDD, 0x9C, 0xF4, 0x14, 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, - 0x7E, 0x02, 0x37, 0x31, 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, - 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, - 0x82, 0x02, 0x01, 0x00, 0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68, - 0x1A, 0x8E, 0xC6, 0x63, 0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2, - 0x74, 0xEA, 0x12, 0xC4, 0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6, - 0x9E, 0x1A, 0x7F, 0x95, 0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27, - 0x26, 0x95, 0x5A, 0x91, 0x09, 0xE4, 0x40, 0x13, 0x45, 0x91, - 0x9F, 0xA0, 0x2B, 0xE8, 0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C, - 0xC2, 0x0F, 0xA9, 0xE9, 0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D, - 0x92, 0x3E, 0xFC, 0x74, 0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21, - 0x92, 0x4D, 0x28, 0x82, 0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2, - 0x8C, 0x29, 0x1C, 0x19, 0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5, - 0x2D, 0xA3, 0xC7, 0x28, 0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8, - 0xD0, 0xFF, 0xF0, 0x0F, 0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6, - 0xED, 0x0D, 0x5F, 0xBF, 0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3, - 0xEF, 0x86, 0xE9, 0x51, 0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F, - 0xE9, 0x5F, 0x3C, 0x94, 0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1, - 0x6C, 0xE9, 0xF3, 0xA6, 0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B, - 0x20, 0xD5, 0x2F, 0xDE, 0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49, - 0x6B, 0xF5, 0x10, 0x85, 0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C, - 0xA0, 0x4A, 0x4C, 0xDA, 0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC, - 0xF8, 0xDD, 0xA3, 0x3B, 0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9, - 0x97, 0x5B, 0x07, 0x95, 0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C, - 0xE8, 0x8F, 0x4C, 0x4C, 0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE, - 0xDE, 0x16, 0x31, 0xF6, 0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC, - 0xAF, 0x2E, 0x47, 0xE8, 0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90, - 0x98, 0x99, 0xA4, 0xDC, 0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB, - 0x08, 0x93, 0xAF, 0x61, 0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89, - 0x64, 0x10, 0xE1, 0xE6, 0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6, - 0x5A, 0x89, 0x83, 0xFC, 0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12, - 0xCC, 0x72, 0xBB, 0x1E, 0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E, - 0xB9, 0x2E, 0x8E, 0x84, 0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A, - 0x6F, 0x9D, 0x19, 0xE6, 0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23, - 0x16, 0x9A, 0x68, 0x2C, 0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE, - 0x8E, 0xEC, 0x5E, 0x46, 0x9D, 0x60, 0x52, 0x32, 0x17, 0x28, - 0x59, 0xC4, 0x49, 0x2A, 0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6, - 0x3D, 0xF7, 0xC5, 0xCF, 0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D, - 0xBE, 0xF4, 0x63, 0xFC, 0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6, - 0xAD, 0x35, 0xEE, 0xDE, 0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE, - 0x33, 0xA0, 0xA8, 0xFC, 0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB, - 0x03, 0x19, 0xA1, 0xE8, 0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE, - 0xFE, 0xF2, 0x5F, 0xBB, 0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35, - 0x57, 0xDD, 0xE5, 0x50, 0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2, - 0x7A, 0x11, 0xB1, 0x43, 0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69, - 0xB9, 0xE5, 0xA5, 0xC9, 0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5, - 0x95, 0xB9, 0x58, 0xC0, 0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD, - 0x84, 0xB1, 0x2B, 0x67, 0x42, 0x82, 0xC3, 0x95, 0x55, 0x45, - 0xD5, 0xEA, 0xC3, 0x8A, 0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD, - 0xD2, 0xEA, 0xFC, 0xDF, 0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03, - 0x19, 0xB2, 0x1D, 0x4A, 0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86, - 0xC5, 0x1A, 0x10, 0xC3, 0x08, 0xD2, 0xED, 0x85, 0x93, 0x08, - 0x51, 0x05, 0xA6, 0x37, 0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63, - 0x01, 0x5D, 0x5B, 0x4F, 0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91, - 0x21, 0xE4, 0x8E, 0xB7, 0xF0, 0x81, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xFD, 0x27, 0xC8, 0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB, - 0x8A, 0x22, 0x87, 0x61, 0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4, - 0x5C, 0x8A, 0xCA, 0x5C, 0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66, - 0x90, 0x2C, 0xA3, 0xED, 0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42, - 0xB4, 0xE0, 0xE0, 0x45, 0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B, - 0x8E, 0x7D, 0x9D, 0x73, 0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9, - 0x8C, 0xAD, 0x3A, 0x64, 0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F, - 0x4B, 0xC9, 0xBD, 0x4F, 0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F, - 0xE2, 0x99, 0x72, 0x66, 0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF, - 0x3A, 0x20, 0x37, 0x2A, 0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA, - 0x18, 0xB1, 0x1F, 0x6E, 0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82, - 0x9B, 0xDB, 0x50, 0x6B, 0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9, - 0x81, 0x11, 0x04, 0x14, 0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5, - 0xF9, 0x7C, 0xA1, 0x78, 0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F, - 0x79, 0x88, 0x8D, 0x14, 0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42, - 0xB9, 0xE8, 0x59, 0x76, 0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF, - 0x0A, 0xC1, 0x42, 0xC7, 0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91, - 0x4B, 0x1E, 0xF8, 0x46, 0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E, - 0xC8, 0xD0, 0x31, 0xD3, 0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30, - 0x0C, 0x58, 0xD8, 0xB7, 0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64, - 0x6D, 0xE4, 0xC6, 0x59, 0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8, - 0xC4, 0x84, 0x44, 0x7E, 0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1, - 0x27, 0x96, 0xB2, 0x19, 0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3, - 0xD7, 0x1F, 0xCD, 0x1B, 0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F, - 0x98, 0x05, 0x47, 0x46, 0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF, - 0x53, 0xE3, 0xC5, 0xB1, 0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xF8, 0x93, 0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9, - 0xC4, 0x0A, 0xC3, 0xE8, 0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE, - 0x14, 0xE7, 0x43, 0xC6, 0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E, - 0x08, 0x6A, 0x19, 0x6B, 0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B, - 0xDA, 0xFE, 0x4B, 0x94, 0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5, - 0x43, 0x70, 0xFB, 0x01, 0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D, - 0x51, 0xEE, 0xA0, 0xDC, 0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0, - 0x86, 0xB7, 0x83, 0xFF, 0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE, - 0xC4, 0x26, 0x36, 0xBC, 0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90, - 0x97, 0xE5, 0xA6, 0x38, 0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23, - 0xD2, 0x33, 0x1F, 0x81, 0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38, - 0x10, 0x03, 0xE6, 0x88, 0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2, - 0x4D, 0x27, 0x33, 0x85, 0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82, - 0x58, 0xD9, 0xDF, 0xEE, 0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF, - 0x06, 0x12, 0x16, 0xD1, 0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A, - 0xBD, 0xE2, 0xCF, 0x56, 0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4, - 0x73, 0x0A, 0x98, 0x8D, 0x61, 0x84, 0x38, 0x46, 0xDC, 0x95, - 0xCF, 0x3F, 0x6B, 0xE7, 0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57, - 0xE2, 0x3D, 0xC4, 0x2B, 0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F, - 0xC0, 0x06, 0x12, 0x8C, 0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81, - 0xC3, 0x23, 0x15, 0xEB, 0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E, - 0x59, 0xFA, 0x10, 0xCA, 0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86, - 0x26, 0x1E, 0x55, 0xB9, 0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5, - 0xD9, 0x63, 0x8D, 0x51, 0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33, - 0x10, 0x21, 0x5E, 0xEC, 0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC, - 0x3E, 0x50, 0xF5, 0xBE, 0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82, - 0x01, 0x00, 0x21, 0x7C, 0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68, - 0xA7, 0xAD, 0xDD, 0x05, 0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6, - 0x42, 0x70, 0x8F, 0x57, 0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05, - 0x56, 0x9C, 0xC9, 0x9A, 0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F, - 0xA6, 0x0D, 0x41, 0x15, 0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25, - 0x02, 0x63, 0x55, 0xD0, 0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41, - 0x46, 0x96, 0xAA, 0x2F, 0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F, - 0xD0, 0xD3, 0x28, 0x9B, 0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3, - 0xE2, 0x8E, 0x79, 0xD7, 0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6, - 0xDA, 0x07, 0xF9, 0x4C, 0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1, - 0xFA, 0x05, 0x0C, 0x20, 0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A, - 0xDE, 0xCE, 0xF9, 0x02, 0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A, - 0x8D, 0x8C, 0x3A, 0x10, 0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A, - 0x36, 0x41, 0x4B, 0x30, 0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD, - 0x7D, 0x2B, 0x89, 0x59, 0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0, - 0x25, 0x68, 0x6C, 0x08, 0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08, - 0xB2, 0xC6, 0x3C, 0x6C, 0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8, - 0x5C, 0x7B, 0xC0, 0x5B, 0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99, - 0x46, 0xE2, 0x5F, 0x4F, 0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B, - 0x33, 0x10, 0xDF, 0x0B, 0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A, - 0xF2, 0x1A, 0xEB, 0x41, 0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96, - 0x88, 0x46, 0xEE, 0x6C, 0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E, - 0xD4, 0x3F, 0x05, 0x5B, 0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63, - 0xCA, 0xC4, 0x71, 0x0B, 0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4, - 0x12, 0x8C, 0x4C, 0x5E, 0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61, - 0x0C, 0x74, 0x5F, 0x53, 0xBE, 0x39, 0x34, 0x61, 0x02, 0x82, - 0x01, 0x00, 0x5F, 0xF2, 0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E, - 0xCC, 0x96, 0x5F, 0x32, 0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73, - 0xBC, 0xCB, 0xDB, 0xF4, 0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95, - 0x80, 0x97, 0xFB, 0xC1, 0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2, - 0x2C, 0x00, 0xF6, 0x89, 0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C, - 0x87, 0x60, 0xC7, 0xF2, 0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37, - 0x4E, 0x95, 0xEE, 0xCF, 0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D, - 0x95, 0x82, 0xA6, 0xD7, 0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB, - 0x94, 0x09, 0x30, 0x1D, 0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A, - 0x3E, 0x27, 0xAD, 0xF6, 0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03, - 0xCF, 0xB2, 0x5E, 0x1A, 0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75, - 0x92, 0x70, 0xFE, 0xFE, 0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D, - 0x45, 0xBC, 0xB8, 0xFD, 0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE, - 0x9A, 0x7F, 0x57, 0x19, 0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B, - 0xAC, 0x6B, 0x35, 0x15, 0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7, - 0x2E, 0xAE, 0xAA, 0xDB, 0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB, - 0xE4, 0x90, 0x15, 0x7C, 0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13, - 0x02, 0x91, 0x77, 0x84, 0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01, - 0x0B, 0x5A, 0x4E, 0x2B, 0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61, - 0x1B, 0x6C, 0xFC, 0xA1, 0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C, - 0x7E, 0x97, 0x3F, 0x71, 0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12, - 0xEC, 0x26, 0x43, 0x6E, 0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D, - 0x12, 0xFF, 0xA8, 0x95, 0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55, - 0xC3, 0x68, 0xD2, 0xF6, 0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2, - 0xC9, 0x2A, 0x28, 0x6A, 0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A, - 0x26, 0x6F, 0xB7, 0xBB, 0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82, - 0x01, 0x00, 0x56, 0xBA, 0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E, - 0x1B, 0x1E, 0x2F, 0xF3, 0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68, - 0x4A, 0xE1, 0xEA, 0xB3, 0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA, - 0x63, 0x5E, 0xDF, 0x05, 0x24, 0x32, 0x71, 0x65, 0x1A, 0x36, - 0x2F, 0xBC, 0x07, 0x75, 0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95, - 0x4D, 0x3F, 0xC9, 0x06, 0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95, - 0xAB, 0x9A, 0xEB, 0x04, 0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56, - 0x53, 0xA2, 0x28, 0xF2, 0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63, - 0xAC, 0x9B, 0x56, 0xA9, 0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70, - 0xFF, 0x2B, 0x6D, 0x0C, 0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1, - 0xA7, 0x4B, 0x5E, 0x49, 0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58, - 0x13, 0x66, 0x8F, 0x2F, 0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94, - 0x30, 0x3E, 0xEC, 0x96, 0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30, - 0xB4, 0xEB, 0x41, 0x00, 0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE, - 0x31, 0x70, 0x17, 0x39, 0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B, - 0x90, 0x20, 0xBC, 0x39, 0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C, - 0x4F, 0x45, 0x6B, 0x82, 0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F, - 0x2D, 0x83, 0xB3, 0x3D, 0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54, - 0x2E, 0xFE, 0x16, 0x2E, 0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1, - 0xD8, 0xBB, 0x87, 0xE1, 0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8, - 0x00, 0x3E, 0x49, 0x8A, 0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31, - 0x31, 0x21, 0x98, 0x18, 0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7, - 0x9B, 0x09, 0x2E, 0xBB, 0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1, - 0x44, 0x75, 0x80, 0x1D, 0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0, - 0xFC, 0x19, 0x3C, 0xFF, 0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1, - 0x4E, 0xFE, 0x4D, 0x2B, 0x4B, 0x18, 0xE6, 0xCE + 0x30, 0x82, 0x09, 0x42, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x04, 0x82, 0x09, 0x2C, 0x30, 0x82, 0x09, 0x28, + 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xF5, 0xD0, + 0x31, 0xE4, 0x71, 0x59, 0x58, 0xB3, 0x07, 0x50, 0xDD, 0x16, + 0x79, 0xFC, 0xC6, 0x95, 0x50, 0xFC, 0x46, 0x0E, 0x57, 0x12, + 0x86, 0x71, 0x8D, 0xE3, 0x9B, 0x4A, 0x33, 0xEA, 0x4F, 0xD9, + 0x17, 0x13, 0x6D, 0x48, 0x69, 0xDF, 0x59, 0x11, 0x08, 0x02, + 0x9D, 0xAF, 0x2B, 0xC7, 0x30, 0xBE, 0x0C, 0xDC, 0x87, 0xD4, + 0x5A, 0x12, 0x09, 0x23, 0x5D, 0xE1, 0x76, 0x5A, 0x62, 0x37, + 0x46, 0x74, 0xEF, 0x03, 0x05, 0xBB, 0x1E, 0x6D, 0x29, 0x75, + 0x6C, 0x2E, 0x9D, 0x87, 0x0D, 0x8F, 0x87, 0xCB, 0x14, 0x95, + 0x9B, 0xBE, 0x17, 0x6B, 0x51, 0xD1, 0x4C, 0xDA, 0xD7, 0x91, + 0x66, 0xC5, 0x36, 0xEB, 0xE0, 0x07, 0x1A, 0x76, 0x4D, 0xB0, + 0xFB, 0xC1, 0xF5, 0x5E, 0x05, 0xDB, 0xBA, 0xCB, 0x25, 0xD9, + 0x99, 0x13, 0x1C, 0xC0, 0x35, 0xDC, 0x40, 0xE9, 0x36, 0xCD, + 0xC4, 0xD5, 0x7A, 0x41, 0x70, 0x0F, 0x36, 0xEB, 0xA5, 0x4E, + 0x17, 0x05, 0xD5, 0x75, 0x1B, 0x64, 0x62, 0x7A, 0x3F, 0x0D, + 0x28, 0x48, 0x6A, 0xE3, 0xAC, 0x9C, 0xA8, 0x8F, 0xE9, 0xED, + 0xF7, 0xCD, 0x24, 0xA0, 0xB1, 0xA0, 0x03, 0xAC, 0xE3, 0x03, + 0xF5, 0x3F, 0xD1, 0x96, 0xFF, 0x2A, 0x7E, 0x08, 0xB1, 0xD3, + 0xE0, 0x18, 0x14, 0xEC, 0x65, 0x37, 0x50, 0x43, 0xC2, 0x6A, + 0x8C, 0xF4, 0x5B, 0xFE, 0xC4, 0xCB, 0x8D, 0x3F, 0x81, 0x02, + 0xF7, 0xC2, 0xDD, 0xE4, 0xC1, 0x8E, 0x80, 0x0C, 0x04, 0x25, + 0x2D, 0x80, 0x5A, 0x2E, 0x0F, 0x22, 0x35, 0x4A, 0xF4, 0x85, + 0xED, 0x51, 0xD8, 0xAB, 0x6D, 0x8F, 0xA2, 0x3B, 0x24, 0x00, + 0x6E, 0x81, 0xE2, 0x1E, 0x76, 0xD6, 0xAC, 0x31, 0x12, 0xDB, + 0xF3, 0x8E, 0x07, 0xA1, 0xDE, 0x89, 0x4A, 0x39, 0x60, 0x77, + 0xC5, 0xAA, 0xF1, 0x51, 0xE6, 0x06, 0xF1, 0x95, 0x56, 0x2A, + 0xE1, 0x8E, 0x92, 0x30, 0x9F, 0xFE, 0x58, 0x44, 0xAC, 0x46, + 0xF2, 0xFD, 0x9A, 0xFC, 0xA8, 0x1D, 0xA1, 0xD3, 0x55, 0x37, + 0x4A, 0x8B, 0xFC, 0x9C, 0x33, 0xF8, 0xA7, 0x61, 0x48, 0x41, + 0x7C, 0x9C, 0x77, 0x3F, 0xF5, 0x80, 0x23, 0x7D, 0x43, 0xB4, + 0xD5, 0x88, 0x0A, 0xC9, 0x75, 0xD7, 0x44, 0x19, 0x4D, 0x77, + 0x6C, 0x0B, 0x0A, 0x49, 0xAA, 0x1C, 0x2F, 0xD6, 0x5A, 0x44, + 0xA6, 0x47, 0x4D, 0xE5, 0x36, 0x96, 0x40, 0x99, 0x2C, 0x56, + 0x26, 0xB1, 0xF2, 0x92, 0x31, 0x59, 0xD7, 0x2C, 0xD4, 0xB4, + 0x21, 0xD6, 0x65, 0x13, 0x0B, 0x3E, 0xFB, 0xFF, 0x04, 0xEB, + 0xB9, 0x85, 0xB9, 0xD8, 0xD8, 0x28, 0x4F, 0x5C, 0x17, 0x96, + 0xA3, 0x51, 0xBE, 0xFE, 0x7D, 0x0B, 0x1B, 0x48, 0x40, 0x25, + 0x76, 0x94, 0xDC, 0x41, 0xFB, 0xBF, 0x73, 0x76, 0xDA, 0xEB, + 0xB3, 0x62, 0xE7, 0xC1, 0xC8, 0x54, 0x6A, 0x93, 0xE1, 0x8D, + 0x31, 0xE8, 0x3E, 0x3E, 0xDF, 0xBC, 0x87, 0x02, 0x30, 0x22, + 0x57, 0xC4, 0xE0, 0x18, 0x7A, 0xD3, 0xAE, 0xE4, 0x02, 0x9B, + 0xAA, 0xBD, 0x4E, 0x49, 0x47, 0x72, 0xE9, 0x8D, 0x13, 0x2D, + 0x54, 0x9B, 0x00, 0xA7, 0x91, 0x61, 0x71, 0xC9, 0xCC, 0x48, + 0x4F, 0xEE, 0xDF, 0x5E, 0x1B, 0x1A, 0xDF, 0x67, 0xD3, 0x20, + 0xE6, 0x44, 0x45, 0x98, 0x7E, 0xE7, 0x0E, 0x63, 0x16, 0x83, + 0xC9, 0x26, 0x5D, 0x90, 0xC1, 0xE5, 0x2A, 0x5C, 0x45, 0x54, + 0x13, 0xB2, 0x81, 0x18, 0x06, 0x20, 0x2E, 0x2E, 0x66, 0x5A, + 0xB5, 0x7B, 0x6E, 0xD6, 0x0C, 0x4E, 0x89, 0x01, 0x56, 0x70, + 0xBB, 0xAE, 0xDE, 0xE9, 0x99, 0x5E, 0xD1, 0xB9, 0x3A, 0xB7, + 0x6C, 0x17, 0xB6, 0x03, 0xA9, 0x08, 0xDD, 0x9C, 0xF4, 0x14, + 0xC9, 0xC9, 0x59, 0x39, 0x72, 0xD4, 0x7E, 0x02, 0x37, 0x31, + 0xCD, 0x0E, 0xA7, 0x3D, 0xF8, 0xF2, 0xCF, 0x6B, 0x15, 0xAB, + 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x02, 0x01, 0x00, + 0xC5, 0x76, 0x57, 0x7D, 0xF1, 0x68, 0x1A, 0x8E, 0xC6, 0x63, + 0xB9, 0x16, 0xA3, 0x2B, 0xE1, 0xC2, 0x74, 0xEA, 0x12, 0xC4, + 0xD6, 0x41, 0x75, 0x6A, 0xA6, 0xD6, 0x9E, 0x1A, 0x7F, 0x95, + 0xCC, 0x4A, 0xD1, 0xF4, 0xB3, 0x27, 0x26, 0x95, 0x5A, 0x91, + 0x09, 0xE4, 0x40, 0x13, 0x45, 0x91, 0x9F, 0xA0, 0x2B, 0xE8, + 0xC3, 0xDC, 0x5B, 0xF6, 0x7D, 0x0C, 0xC2, 0x0F, 0xA9, 0xE9, + 0x75, 0x58, 0x7D, 0xEA, 0xD5, 0x4D, 0x92, 0x3E, 0xFC, 0x74, + 0x28, 0x87, 0xC1, 0x3D, 0xB9, 0x21, 0x92, 0x4D, 0x28, 0x82, + 0x84, 0xA8, 0xA2, 0x11, 0x93, 0xF2, 0x8C, 0x29, 0x1C, 0x19, + 0xF8, 0x6D, 0x3F, 0x27, 0x51, 0xB5, 0x2D, 0xA3, 0xC7, 0x28, + 0x1D, 0xC4, 0xFC, 0x98, 0x94, 0xA8, 0xD0, 0xFF, 0xF0, 0x0F, + 0xDC, 0xF9, 0xED, 0xB3, 0xA2, 0xB6, 0xED, 0x0D, 0x5F, 0xBF, + 0x78, 0x5C, 0xD7, 0xAF, 0xBD, 0xA3, 0xEF, 0x86, 0xE9, 0x51, + 0x66, 0xDB, 0x52, 0x37, 0x47, 0x7F, 0xE9, 0x5F, 0x3C, 0x94, + 0x83, 0x2D, 0xE8, 0x9C, 0x33, 0xF1, 0x6C, 0xE9, 0xF3, 0xA6, + 0x97, 0xFE, 0xA7, 0xBF, 0x4D, 0x9B, 0x20, 0xD5, 0x2F, 0xDE, + 0xA4, 0x06, 0xBB, 0xEE, 0x66, 0x49, 0x6B, 0xF5, 0x10, 0x85, + 0x9F, 0x84, 0x5A, 0x52, 0x3E, 0x0C, 0xA0, 0x4A, 0x4C, 0xDA, + 0x01, 0xC5, 0x62, 0x31, 0xB1, 0xEC, 0xF8, 0xDD, 0xA3, 0x3B, + 0xCE, 0x41, 0x3A, 0x12, 0x79, 0xF9, 0x97, 0x5B, 0x07, 0x95, + 0x9F, 0x86, 0xD6, 0x04, 0x73, 0x6C, 0xE8, 0x8F, 0x4C, 0x4C, + 0x48, 0x1D, 0x85, 0xC4, 0xE7, 0xCE, 0xDE, 0x16, 0x31, 0xF6, + 0x5C, 0x37, 0x54, 0x8E, 0x55, 0xBC, 0xAF, 0x2E, 0x47, 0xE8, + 0xAC, 0x03, 0xB0, 0xA4, 0xF9, 0x90, 0x98, 0x99, 0xA4, 0xDC, + 0x6E, 0x98, 0x08, 0x5C, 0x07, 0xBB, 0x08, 0x93, 0xAF, 0x61, + 0x8D, 0x74, 0xA8, 0xF8, 0xC4, 0x89, 0x64, 0x10, 0xE1, 0xE6, + 0xC0, 0xCD, 0x1D, 0x39, 0x20, 0xD6, 0x5A, 0x89, 0x83, 0xFC, + 0x37, 0xE2, 0x12, 0x66, 0xA8, 0x12, 0xCC, 0x72, 0xBB, 0x1E, + 0xFB, 0x6A, 0xE3, 0x7C, 0x71, 0x7E, 0xB9, 0x2E, 0x8E, 0x84, + 0x66, 0xE1, 0xB9, 0xD0, 0x25, 0x9A, 0x6F, 0x9D, 0x19, 0xE6, + 0x7E, 0xE8, 0xD8, 0xF0, 0xC5, 0x23, 0x16, 0x9A, 0x68, 0x2C, + 0x1D, 0x55, 0xAE, 0x8E, 0x90, 0xEE, 0x8E, 0xEC, 0x5E, 0x46, + 0x9D, 0x60, 0x52, 0x32, 0x17, 0x28, 0x59, 0xC4, 0x49, 0x2A, + 0x20, 0x3E, 0x95, 0xC5, 0xDF, 0xF6, 0x3D, 0xF7, 0xC5, 0xCF, + 0xB1, 0xC2, 0xC9, 0x76, 0xF8, 0x3D, 0xBE, 0xF4, 0x63, 0xFC, + 0x2A, 0x00, 0x6F, 0x99, 0xA6, 0xB6, 0xAD, 0x35, 0xEE, 0xDE, + 0xC5, 0xE0, 0x97, 0xC6, 0x73, 0xEE, 0x33, 0xA0, 0xA8, 0xFC, + 0x4C, 0x8F, 0xF2, 0x8C, 0x61, 0xFB, 0x03, 0x19, 0xA1, 0xE8, + 0x17, 0x4E, 0xE3, 0x21, 0x58, 0xCE, 0xFE, 0xF2, 0x5F, 0xBB, + 0xDD, 0x4F, 0xF7, 0x18, 0xCB, 0x35, 0x57, 0xDD, 0xE5, 0x50, + 0x2A, 0x7B, 0x1A, 0xE9, 0x12, 0xF2, 0x7A, 0x11, 0xB1, 0x43, + 0xB9, 0x70, 0x07, 0x0C, 0x8F, 0x69, 0xB9, 0xE5, 0xA5, 0xC9, + 0xE2, 0x1B, 0x96, 0x74, 0x11, 0xF5, 0x95, 0xB9, 0x58, 0xC0, + 0xBD, 0x37, 0xFB, 0x28, 0x2A, 0xBD, 0x84, 0xB1, 0x2B, 0x67, + 0x42, 0x82, 0xC3, 0x95, 0x55, 0x45, 0xD5, 0xEA, 0xC3, 0x8A, + 0x42, 0x3A, 0x43, 0x17, 0x5E, 0xCD, 0xD2, 0xEA, 0xFC, 0xDF, + 0x67, 0xEC, 0xE1, 0x6C, 0xA8, 0x03, 0x19, 0xB2, 0x1D, 0x4A, + 0x5F, 0x4F, 0xE7, 0xD3, 0xE0, 0x86, 0xC5, 0x1A, 0x10, 0xC3, + 0x08, 0xD2, 0xED, 0x85, 0x93, 0x08, 0x51, 0x05, 0xA6, 0x37, + 0x15, 0x32, 0xBD, 0x6C, 0x73, 0x63, 0x01, 0x5D, 0x5B, 0x4F, + 0x6A, 0xDC, 0x6D, 0x1D, 0x55, 0x91, 0x21, 0xE4, 0x8E, 0xB7, + 0xF0, 0x81, 0x02, 0x82, 0x01, 0x01, 0x00, 0xFD, 0x27, 0xC8, + 0xFE, 0x76, 0x5C, 0x89, 0x32, 0xCB, 0x8A, 0x22, 0x87, 0x61, + 0x48, 0x91, 0x4A, 0x05, 0xAD, 0xA4, 0x5C, 0x8A, 0xCA, 0x5C, + 0x02, 0x88, 0x7E, 0x51, 0xC5, 0x66, 0x90, 0x2C, 0xA3, 0xED, + 0xA7, 0x43, 0x19, 0x0B, 0xA2, 0x42, 0xB4, 0xE0, 0xE0, 0x45, + 0xBF, 0xFE, 0xA0, 0xF2, 0x75, 0x0B, 0x8E, 0x7D, 0x9D, 0x73, + 0x67, 0xD3, 0x10, 0x09, 0xC5, 0xD9, 0x8C, 0xAD, 0x3A, 0x64, + 0x72, 0xAD, 0x96, 0x35, 0x91, 0x0F, 0x4B, 0xC9, 0xBD, 0x4F, + 0x65, 0x47, 0xA6, 0x2D, 0xEB, 0x3F, 0xE2, 0x99, 0x72, 0x66, + 0x12, 0xED, 0xEB, 0xD2, 0x7C, 0xFF, 0x3A, 0x20, 0x37, 0x2A, + 0xD3, 0x65, 0x51, 0x9B, 0xC3, 0xAA, 0x18, 0xB1, 0x1F, 0x6E, + 0x9D, 0x40, 0x47, 0xA4, 0x1F, 0x82, 0x9B, 0xDB, 0x50, 0x6B, + 0x86, 0x2F, 0xFB, 0x3F, 0x31, 0xB9, 0x81, 0x11, 0x04, 0x14, + 0x63, 0x86, 0x4F, 0x40, 0x2A, 0xF5, 0xF9, 0x7C, 0xA1, 0x78, + 0x19, 0x13, 0xD0, 0x51, 0x51, 0x0F, 0x79, 0x88, 0x8D, 0x14, + 0xA3, 0xDE, 0xB6, 0x33, 0x29, 0x42, 0xB9, 0xE8, 0x59, 0x76, + 0xF7, 0x43, 0x1A, 0xB6, 0xA6, 0xDF, 0x0A, 0xC1, 0x42, 0xC7, + 0x3F, 0x1C, 0x7E, 0x5C, 0x2C, 0x91, 0x4B, 0x1E, 0xF8, 0x46, + 0x91, 0x1F, 0xEE, 0x56, 0xB3, 0x0E, 0xC8, 0xD0, 0x31, 0xD3, + 0x3D, 0xED, 0x3D, 0xD9, 0xC5, 0x30, 0x0C, 0x58, 0xD8, 0xB7, + 0xB5, 0xEC, 0x14, 0xAC, 0x41, 0x64, 0x6D, 0xE4, 0xC6, 0x59, + 0xFD, 0x14, 0x05, 0x60, 0x65, 0xD8, 0xC4, 0x84, 0x44, 0x7E, + 0x1B, 0xB4, 0xA4, 0x16, 0x75, 0xC1, 0x27, 0x96, 0xB2, 0x19, + 0xD6, 0x39, 0x54, 0xC0, 0x93, 0xF3, 0xD7, 0x1F, 0xCD, 0x1B, + 0xDF, 0xF8, 0x12, 0x88, 0x14, 0x9F, 0x98, 0x05, 0x47, 0x46, + 0x71, 0x81, 0x6C, 0xDF, 0x91, 0xEF, 0x53, 0xE3, 0xC5, 0xB1, + 0x89, 0x2F, 0xE1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xF8, 0x93, + 0x4A, 0x28, 0x77, 0x94, 0xEF, 0xE9, 0xC4, 0x0A, 0xC3, 0xE8, + 0x52, 0x59, 0xB6, 0x1D, 0x8D, 0xCE, 0x14, 0xE7, 0x43, 0xC6, + 0xED, 0x09, 0x27, 0x5D, 0xF3, 0x8E, 0x08, 0x6A, 0x19, 0x6B, + 0x2C, 0x97, 0x9B, 0x88, 0x53, 0x2B, 0xDA, 0xFE, 0x4B, 0x94, + 0x66, 0x84, 0xD5, 0xA9, 0xCE, 0xA5, 0x43, 0x70, 0xFB, 0x01, + 0x5A, 0x6F, 0xCD, 0xF7, 0xD1, 0x9D, 0x51, 0xEE, 0xA0, 0xDC, + 0x46, 0xF5, 0x7D, 0xA7, 0xEE, 0xA0, 0x86, 0xB7, 0x83, 0xFF, + 0x21, 0x8B, 0x76, 0x05, 0x7D, 0xDE, 0xC4, 0x26, 0x36, 0xBC, + 0xB4, 0x8A, 0x48, 0xC3, 0x06, 0x90, 0x97, 0xE5, 0xA6, 0x38, + 0xC3, 0xE6, 0x7C, 0xD0, 0xF8, 0x23, 0xD2, 0x33, 0x1F, 0x81, + 0xC3, 0xE3, 0x7D, 0x85, 0x5A, 0x38, 0x10, 0x03, 0xE6, 0x88, + 0xDB, 0xC8, 0x4C, 0xD0, 0xF7, 0xB2, 0x4D, 0x27, 0x33, 0x85, + 0xCD, 0x3A, 0x74, 0x83, 0x6B, 0x82, 0x58, 0xD9, 0xDF, 0xEE, + 0xF5, 0xD3, 0xE9, 0xFE, 0x1C, 0xEF, 0x06, 0x12, 0x16, 0xD1, + 0x4C, 0xAE, 0x54, 0x4B, 0x0D, 0x1A, 0xBD, 0xE2, 0xCF, 0x56, + 0xB3, 0x74, 0xBE, 0x44, 0x4F, 0xA4, 0x73, 0x0A, 0x98, 0x8D, + 0x61, 0x84, 0x38, 0x46, 0xDC, 0x95, 0xCF, 0x3F, 0x6B, 0xE7, + 0x65, 0x87, 0x02, 0xBF, 0x4B, 0x57, 0xE2, 0x3D, 0xC4, 0x2B, + 0x1C, 0x82, 0x1D, 0xCC, 0x13, 0x7F, 0xC0, 0x06, 0x12, 0x8C, + 0x6F, 0x97, 0x50, 0x7B, 0x8C, 0x81, 0xC3, 0x23, 0x15, 0xEB, + 0x70, 0x07, 0x8E, 0xA1, 0x07, 0x1E, 0x59, 0xFA, 0x10, 0xCA, + 0x7E, 0x0F, 0xE2, 0xBB, 0xEE, 0x86, 0x26, 0x1E, 0x55, 0xB9, + 0x98, 0x66, 0x85, 0xEC, 0x27, 0xC5, 0xD9, 0x63, 0x8D, 0x51, + 0x77, 0xAA, 0xA0, 0x36, 0x55, 0x33, 0x10, 0x21, 0x5E, 0xEC, + 0x47, 0x67, 0x71, 0xD1, 0xAF, 0xFC, 0x3E, 0x50, 0xF5, 0xBE, + 0xD6, 0x92, 0xE7, 0x0B, 0x02, 0x82, 0x01, 0x00, 0x21, 0x7C, + 0x8A, 0xC4, 0xC6, 0x29, 0x55, 0x68, 0xA7, 0xAD, 0xDD, 0x05, + 0x65, 0x63, 0xF0, 0xFC, 0x06, 0xA6, 0x42, 0x70, 0x8F, 0x57, + 0x57, 0x36, 0x6A, 0x91, 0xB3, 0x05, 0x56, 0x9C, 0xC9, 0x9A, + 0xE1, 0x8B, 0xD7, 0x7F, 0x4F, 0x9F, 0xA6, 0x0D, 0x41, 0x15, + 0xC9, 0x84, 0x2D, 0x0D, 0x63, 0x25, 0x02, 0x63, 0x55, 0xD0, + 0x66, 0xFC, 0x9B, 0xD9, 0xAA, 0x41, 0x46, 0x96, 0xAA, 0x2F, + 0x68, 0x2C, 0x17, 0x34, 0x20, 0x5F, 0xD0, 0xD3, 0x28, 0x9B, + 0x67, 0x0E, 0x31, 0x9D, 0x14, 0xC3, 0xE2, 0x8E, 0x79, 0xD7, + 0xBD, 0x12, 0xD1, 0xEF, 0xF8, 0xC6, 0xDA, 0x07, 0xF9, 0x4C, + 0xF2, 0xD8, 0x45, 0xB5, 0xB6, 0xD1, 0xFA, 0x05, 0x0C, 0x20, + 0xE9, 0x43, 0xD9, 0xC5, 0xE0, 0x3A, 0xDE, 0xCE, 0xF9, 0x02, + 0xB9, 0x46, 0x65, 0xC0, 0x69, 0x4A, 0x8D, 0x8C, 0x3A, 0x10, + 0xFD, 0x15, 0x71, 0x25, 0xB8, 0x8A, 0x36, 0x41, 0x4B, 0x30, + 0x1C, 0xAF, 0xCC, 0x84, 0x28, 0xCD, 0x7D, 0x2B, 0x89, 0x59, + 0x88, 0x1A, 0x69, 0x12, 0x56, 0xD0, 0x25, 0x68, 0x6C, 0x08, + 0xB1, 0x88, 0xE1, 0x92, 0x7E, 0x08, 0xB2, 0xC6, 0x3C, 0x6C, + 0x35, 0xE8, 0xEE, 0x3E, 0xF4, 0xB8, 0x5C, 0x7B, 0xC0, 0x5B, + 0xFD, 0x11, 0xA3, 0x54, 0xA6, 0x99, 0x46, 0xE2, 0x5F, 0x4F, + 0xC7, 0xEE, 0x90, 0x1C, 0x37, 0x5B, 0x33, 0x10, 0xDF, 0x0B, + 0xC3, 0xB9, 0x47, 0xC2, 0x30, 0x4A, 0xF2, 0x1A, 0xEB, 0x41, + 0x25, 0x94, 0x29, 0x7A, 0xD0, 0x96, 0x88, 0x46, 0xEE, 0x6C, + 0x14, 0xF6, 0x5B, 0x3D, 0xBD, 0x4E, 0xD4, 0x3F, 0x05, 0x5B, + 0x07, 0xB9, 0xE3, 0x99, 0x87, 0x63, 0xCA, 0xC4, 0x71, 0x0B, + 0x73, 0x9D, 0x7B, 0xB6, 0x0F, 0xD4, 0x12, 0x8C, 0x4C, 0x5E, + 0x72, 0x3D, 0xFF, 0x6D, 0xC4, 0x61, 0x0C, 0x74, 0x5F, 0x53, + 0xBE, 0x39, 0x34, 0x61, 0x02, 0x82, 0x01, 0x00, 0x5F, 0xF2, + 0xF2, 0xB0, 0x16, 0x20, 0x8E, 0x4E, 0xCC, 0x96, 0x5F, 0x32, + 0x80, 0xFF, 0x11, 0xF5, 0xEC, 0x73, 0xBC, 0xCB, 0xDB, 0xF4, + 0xA0, 0x30, 0x65, 0x5A, 0xB5, 0x95, 0x80, 0x97, 0xFB, 0xC1, + 0xCB, 0xCF, 0xA5, 0x80, 0x84, 0xA2, 0x2C, 0x00, 0xF6, 0x89, + 0x8C, 0xDC, 0xFF, 0x60, 0x71, 0x5C, 0x87, 0x60, 0xC7, 0xF2, + 0xA8, 0xC6, 0xF9, 0x59, 0x0C, 0x37, 0x4E, 0x95, 0xEE, 0xCF, + 0xB8, 0x30, 0x30, 0x55, 0xAF, 0x1D, 0x95, 0x82, 0xA6, 0xD7, + 0xC7, 0x49, 0xFE, 0xBF, 0x75, 0xEB, 0x94, 0x09, 0x30, 0x1D, + 0xBD, 0x0E, 0x97, 0xB1, 0x78, 0x0A, 0x3E, 0x27, 0xAD, 0xF6, + 0xC1, 0x5F, 0x69, 0x94, 0x7C, 0x03, 0xCF, 0xB2, 0x5E, 0x1A, + 0x07, 0xD3, 0xFA, 0xF2, 0x8B, 0x75, 0x92, 0x70, 0xFE, 0xFE, + 0x9A, 0xDF, 0x81, 0x0F, 0x34, 0x5D, 0x45, 0xBC, 0xB8, 0xFD, + 0x8F, 0xCF, 0x5D, 0x84, 0x10, 0xEE, 0x9A, 0x7F, 0x57, 0x19, + 0xF5, 0x17, 0xDC, 0x7D, 0x73, 0x0B, 0xAC, 0x6B, 0x35, 0x15, + 0x8B, 0x24, 0xCB, 0x72, 0xC0, 0xD7, 0x2E, 0xAE, 0xAA, 0xDB, + 0xCB, 0x9F, 0x67, 0x86, 0x14, 0xBB, 0xE4, 0x90, 0x15, 0x7C, + 0x95, 0x44, 0xA5, 0x38, 0x6D, 0x13, 0x02, 0x91, 0x77, 0x84, + 0x35, 0x43, 0x5D, 0x03, 0x1C, 0x01, 0x0B, 0x5A, 0x4E, 0x2B, + 0x59, 0xF0, 0xBB, 0xB1, 0xB7, 0x61, 0x1B, 0x6C, 0xFC, 0xA1, + 0xEA, 0xBD, 0x1C, 0x9A, 0xE4, 0x0C, 0x7E, 0x97, 0x3F, 0x71, + 0xC6, 0xA7, 0x94, 0x1D, 0x82, 0x12, 0xEC, 0x26, 0x43, 0x6E, + 0xF6, 0x24, 0x09, 0xA0, 0x03, 0x1D, 0x12, 0xFF, 0xA8, 0x95, + 0x60, 0x47, 0x4A, 0xB0, 0x72, 0x55, 0xC3, 0x68, 0xD2, 0xF6, + 0xBC, 0x5B, 0x47, 0x46, 0x51, 0xB2, 0xC9, 0x2A, 0x28, 0x6A, + 0xC9, 0xD1, 0x1B, 0x35, 0x16, 0x5A, 0x26, 0x6F, 0xB7, 0xBB, + 0xF7, 0x35, 0x73, 0x2B, 0x02, 0x82, 0x01, 0x00, 0x56, 0xBA, + 0xD8, 0x02, 0xD7, 0x4B, 0x30, 0x5E, 0x1B, 0x1E, 0x2F, 0xF3, + 0x0D, 0xBC, 0xF1, 0x05, 0x6A, 0x68, 0x4A, 0xE1, 0xEA, 0xB3, + 0xDE, 0x61, 0x8C, 0x89, 0x44, 0xBA, 0x63, 0x5E, 0xDF, 0x05, + 0x24, 0x32, 0x71, 0x65, 0x1A, 0x36, 0x2F, 0xBC, 0x07, 0x75, + 0xA3, 0xCE, 0x9E, 0x52, 0x92, 0x95, 0x4D, 0x3F, 0xC9, 0x06, + 0xBC, 0xA1, 0x14, 0x33, 0x37, 0x95, 0xAB, 0x9A, 0xEB, 0x04, + 0xF6, 0x15, 0xC3, 0x9B, 0x10, 0x56, 0x53, 0xA2, 0x28, 0xF2, + 0x68, 0xDA, 0x7D, 0x97, 0x52, 0x63, 0xAC, 0x9B, 0x56, 0xA9, + 0xAB, 0x2E, 0x1E, 0x9E, 0x01, 0x70, 0xFF, 0x2B, 0x6D, 0x0C, + 0x4B, 0xA6, 0xC3, 0x3A, 0xB3, 0xD1, 0xA7, 0x4B, 0x5E, 0x49, + 0x2E, 0x95, 0xD6, 0x6A, 0xAE, 0x58, 0x13, 0x66, 0x8F, 0x2F, + 0x93, 0xE4, 0x6E, 0x8B, 0xFA, 0x94, 0x30, 0x3E, 0xEC, 0x96, + 0xAB, 0x46, 0x20, 0x3E, 0xC5, 0x30, 0xB4, 0xEB, 0x41, 0x00, + 0x39, 0x60, 0x1D, 0xE1, 0x20, 0xCE, 0x31, 0x70, 0x17, 0x39, + 0xCB, 0x76, 0x56, 0x6C, 0x55, 0x7B, 0x90, 0x20, 0xBC, 0x39, + 0xB2, 0x5B, 0xD1, 0x28, 0x6F, 0x0C, 0x4F, 0x45, 0x6B, 0x82, + 0xC4, 0x57, 0x23, 0x0C, 0x3F, 0x3F, 0x2D, 0x83, 0xB3, 0x3D, + 0x8E, 0xF9, 0x1A, 0xDA, 0x77, 0x54, 0x2E, 0xFE, 0x16, 0x2E, + 0xBA, 0x99, 0xDD, 0xCA, 0xB3, 0xD1, 0xD8, 0xBB, 0x87, 0xE1, + 0xD0, 0xA9, 0xD4, 0xE6, 0x8F, 0xE8, 0x00, 0x3E, 0x49, 0x8A, + 0xDD, 0xA6, 0x32, 0x91, 0x00, 0x31, 0x31, 0x21, 0x98, 0x18, + 0x94, 0xC9, 0x2D, 0x27, 0x05, 0xB7, 0x9B, 0x09, 0x2E, 0xBB, + 0x5D, 0xBF, 0x67, 0xE8, 0x0E, 0xD1, 0x44, 0x75, 0x80, 0x1D, + 0x0A, 0x21, 0x8F, 0x95, 0x76, 0xB0, 0xFC, 0x19, 0x3C, 0xFF, + 0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1, 0x4E, 0xFE, 0x4D, 0x2B, + 0x4B, 0x18, 0xE6, 0xCE }; static const int sizeof_client_key_der_4096 = sizeof(client_key_der_4096); @@ -3205,9 +3211,9 @@ static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096); static const unsigned char client_cert_der_4096[] = { 0x30, 0x82, 0x07, 0x1D, 0x30, 0x82, 0x05, 0x05, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x2F, 0x36, 0x54, 0x05, 0x64, - 0x52, 0xDD, 0x0E, 0x75, 0x75, 0x33, 0x7C, 0xB2, 0xCE, 0x9F, - 0x5C, 0x48, 0x9B, 0xAB, 0x0E, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x12, 0x66, 0xC3, 0xA2, 0x08, + 0x5C, 0xF7, 0xD0, 0x6E, 0xE9, 0xA8, 0x82, 0xA2, 0xAB, 0x9C, + 0x0F, 0x76, 0x9E, 0x96, 0xF4, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, @@ -3225,10 +3231,10 @@ static const unsigned char client_cert_der_4096[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, @@ -3323,9 +3329,9 @@ static const unsigned char client_cert_der_4096[] = 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, - 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x2F, 0x36, - 0x54, 0x05, 0x64, 0x52, 0xDD, 0x0E, 0x75, 0x75, 0x33, 0x7C, - 0xB2, 0xCE, 0x9F, 0x5C, 0x48, 0x9B, 0xAB, 0x0E, 0x30, 0x0C, + 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x12, 0x66, + 0xC3, 0xA2, 0x08, 0x5C, 0xF7, 0xD0, 0x6E, 0xE9, 0xA8, 0x82, + 0xA2, 0xAB, 0x9C, 0x0F, 0x76, 0x9E, 0x96, 0xF4, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, @@ -3335,58 +3341,58 @@ static const unsigned char client_cert_der_4096[] = 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x02, 0x01, 0x00, 0xC2, 0x72, 0x38, 0x27, 0xF0, 0x5C, 0x45, - 0x04, 0x4B, 0x09, 0x0E, 0x5D, 0x98, 0x6E, 0x38, 0x6A, 0xBC, - 0xFB, 0xA8, 0x85, 0x4F, 0xF2, 0x04, 0x38, 0x63, 0x4F, 0x86, - 0x4F, 0x3C, 0xF5, 0xFD, 0xF8, 0xCD, 0x89, 0x09, 0x76, 0x72, - 0x47, 0x97, 0xDF, 0xF8, 0x17, 0x6A, 0x81, 0x3A, 0xB2, 0xB4, - 0xFC, 0xAC, 0xE9, 0xFC, 0xE2, 0x47, 0x9B, 0x07, 0x6D, 0x9C, - 0x53, 0xED, 0xD8, 0x64, 0xBC, 0x6C, 0x4D, 0xA9, 0xBD, 0x3E, - 0x5E, 0xCD, 0x61, 0xBC, 0x8E, 0x82, 0x20, 0xB2, 0x50, 0xBC, - 0x9E, 0x72, 0xE6, 0x9F, 0x40, 0xFF, 0x6C, 0x4B, 0x38, 0xF8, - 0x4B, 0x82, 0x0F, 0x7E, 0x49, 0xCD, 0x45, 0x5C, 0xCD, 0x44, - 0xDE, 0x47, 0x25, 0xB3, 0x57, 0xD0, 0x1A, 0x0D, 0x8D, 0x4D, - 0xC7, 0xEA, 0x23, 0xFA, 0x03, 0xE8, 0x86, 0xD8, 0x37, 0x89, - 0x84, 0x2E, 0xE8, 0x53, 0x7A, 0x77, 0xBE, 0x94, 0xEC, 0x70, - 0xE7, 0xC4, 0x7B, 0x8F, 0x6F, 0x28, 0x67, 0x33, 0x89, 0xEC, - 0xC9, 0xDF, 0x98, 0x6D, 0x4A, 0xD9, 0xC6, 0x7B, 0xD3, 0xB5, - 0x82, 0xD0, 0x8A, 0xCE, 0x8F, 0x06, 0xBF, 0xA2, 0xF7, 0xDE, - 0x4A, 0x45, 0x22, 0x6F, 0xFF, 0x41, 0x6F, 0x08, 0xF5, 0xC3, - 0x65, 0x25, 0x27, 0xFB, 0x43, 0x3E, 0xCC, 0x25, 0x0A, 0xD3, - 0x3D, 0xD2, 0x34, 0x9F, 0x89, 0x6B, 0xE2, 0x97, 0x9C, 0x42, - 0xD9, 0x3E, 0x64, 0x03, 0x45, 0x5F, 0x07, 0x95, 0xED, 0x1A, - 0x70, 0x6A, 0xBE, 0x3E, 0x7F, 0x7F, 0x16, 0xBE, 0x47, 0xA6, - 0x6D, 0x3B, 0x0D, 0x27, 0xB3, 0x89, 0xB1, 0xF1, 0xF6, 0xCE, - 0x99, 0x71, 0x18, 0xB6, 0xC0, 0xC5, 0x9E, 0x76, 0x7A, 0x8E, - 0xFB, 0x4A, 0xBE, 0x4F, 0xCD, 0xBC, 0x21, 0xA9, 0x4E, 0x9C, - 0xFC, 0x48, 0x86, 0xFF, 0xE4, 0x63, 0x14, 0x96, 0x3A, 0xEB, - 0xC8, 0x48, 0xAE, 0x27, 0xBD, 0x43, 0x0C, 0x27, 0x85, 0xE1, - 0x25, 0x1A, 0x69, 0x48, 0x6C, 0xE7, 0x11, 0xF8, 0xF3, 0x68, - 0x9D, 0xEE, 0x15, 0x1A, 0xBE, 0xAD, 0x46, 0x33, 0x24, 0x3D, - 0xBE, 0xB8, 0x0E, 0x6E, 0x4D, 0xEF, 0x12, 0xB6, 0xAE, 0x1B, - 0x88, 0xBD, 0x0E, 0xA6, 0xFF, 0x91, 0x08, 0xDC, 0xED, 0xAF, - 0xFA, 0x13, 0x2B, 0xF2, 0xB4, 0x2C, 0xEA, 0x72, 0xC2, 0x85, - 0xD6, 0xEE, 0x64, 0x09, 0xE1, 0x4E, 0x1A, 0x5A, 0xBD, 0xC2, - 0x44, 0xC2, 0x95, 0x82, 0x59, 0x0A, 0xD8, 0x27, 0xBC, 0x48, - 0x4A, 0x8A, 0xA3, 0xC3, 0x77, 0xAC, 0x92, 0xB6, 0x8B, 0x0B, - 0x13, 0xE2, 0x87, 0xEC, 0x21, 0x7E, 0x7E, 0x52, 0x29, 0x51, - 0x5C, 0x59, 0xE1, 0xC8, 0xDB, 0x05, 0xCE, 0x9E, 0xF4, 0x36, - 0xD8, 0x63, 0x42, 0x45, 0x71, 0x9A, 0xEE, 0x0E, 0x24, 0xB0, - 0xBA, 0xA5, 0xA5, 0xAA, 0xC9, 0xEE, 0x9E, 0xA3, 0xE3, 0xE9, - 0x7F, 0xC6, 0x64, 0x6C, 0x9E, 0x65, 0x78, 0x88, 0xF2, 0x61, - 0x6F, 0xD3, 0x3B, 0x9E, 0x0D, 0x16, 0xFA, 0xAD, 0xC2, 0x58, - 0xAC, 0xBC, 0x14, 0xB1, 0xF7, 0x6F, 0xDB, 0xB9, 0x7E, 0x79, - 0x81, 0xF1, 0xF8, 0xE9, 0x41, 0x5B, 0xFE, 0xD9, 0xE2, 0x89, - 0x86, 0x5C, 0x01, 0x03, 0x5D, 0x0C, 0xD9, 0xA9, 0xD6, 0xDF, - 0x4B, 0x26, 0x5C, 0xAE, 0xE6, 0xDF, 0xB5, 0xC9, 0xF0, 0x86, - 0xCA, 0x7B, 0x80, 0xDB, 0x6A, 0x86, 0xFD, 0xA9, 0x00, 0x46, - 0x32, 0x39, 0x5A, 0x72, 0xC4, 0x67, 0x20, 0xDB, 0xD8, 0x7A, - 0x5D, 0x2D, 0x78, 0xB9, 0xA7, 0xDE, 0x7F, 0xF4, 0x7A, 0x5B, - 0x0F, 0x38, 0xB0, 0x9E, 0x1A, 0xAE, 0xC5, 0xCC, 0xFF, 0x61, - 0x5E, 0xEC, 0xF1, 0x0D, 0xF7, 0x0A, 0x22, 0xBB, 0xCB, 0x08, - 0x2B, 0x91, 0x58, 0x77, 0x1F, 0x90, 0x2B, 0xA3, 0x78, 0xBE, - 0xEF, 0x4D, 0xD8, 0x8D, 0xE8, 0xF7, 0x31, 0xF8, 0x92, 0x84, - 0xE5, 0xB2, 0x2A, 0xE8, 0x3A + 0x02, 0x01, 0x00, 0xB0, 0x00, 0x28, 0x7B, 0xC8, 0x3F, 0xAE, + 0x93, 0xF5, 0x16, 0x87, 0x30, 0xD6, 0x07, 0x2B, 0x71, 0x16, + 0x34, 0x1E, 0x5C, 0x48, 0x0F, 0x4A, 0xE7, 0x50, 0x07, 0x9D, + 0xF4, 0x75, 0x5B, 0x90, 0x53, 0x72, 0x87, 0x2A, 0xBB, 0xEF, + 0x04, 0xBC, 0x52, 0xD2, 0xBF, 0xFF, 0x27, 0x58, 0x2F, 0x5C, + 0xAF, 0xBE, 0xF3, 0xF6, 0x00, 0xA2, 0x37, 0x8B, 0xEC, 0x2C, + 0xD7, 0xB7, 0xE7, 0xBB, 0x3B, 0xCA, 0x6F, 0x9D, 0x42, 0xB7, + 0x00, 0xB8, 0xC2, 0xA2, 0x8E, 0x8E, 0xE4, 0x57, 0xFD, 0x83, + 0x4B, 0xB8, 0x47, 0xAA, 0xA1, 0x28, 0xAC, 0xBD, 0xC1, 0x59, + 0x04, 0x90, 0x17, 0x40, 0x40, 0x35, 0x04, 0xC6, 0x40, 0xA9, + 0x21, 0xD3, 0x79, 0x45, 0x0E, 0x22, 0xC8, 0x6F, 0xEC, 0xAE, + 0x58, 0xA5, 0xC2, 0xD8, 0x1B, 0x11, 0x49, 0x94, 0x58, 0xC2, + 0x11, 0x7D, 0xF8, 0x0A, 0xBB, 0x47, 0xFD, 0xAC, 0xCF, 0xF7, + 0x23, 0x05, 0x3F, 0xAB, 0x1D, 0x0E, 0x30, 0xC5, 0x98, 0x29, + 0x13, 0x1A, 0x90, 0x6F, 0xF9, 0x3F, 0xF2, 0xD6, 0xDF, 0x03, + 0xCC, 0xF1, 0x48, 0xE7, 0x71, 0xE6, 0xC4, 0xCE, 0xF3, 0xF9, + 0xBF, 0x07, 0xC9, 0xCF, 0xDD, 0x63, 0x0E, 0xFE, 0xBC, 0x93, + 0x1C, 0x9A, 0x52, 0x7D, 0x63, 0xF9, 0x6D, 0xA5, 0x50, 0xF3, + 0xEF, 0x54, 0xD7, 0xDA, 0x42, 0x74, 0x85, 0xB1, 0xB4, 0x7C, + 0xD5, 0x03, 0xCC, 0xB8, 0xC3, 0xBA, 0x1F, 0xB8, 0x4F, 0x5A, + 0xF9, 0x05, 0xBA, 0x4B, 0x0D, 0x57, 0x8D, 0x05, 0xCF, 0x4F, + 0xB7, 0xC4, 0x64, 0x2E, 0x2C, 0x10, 0xF3, 0xFA, 0x79, 0x0C, + 0x8C, 0x1F, 0xCC, 0x84, 0x33, 0x88, 0xFB, 0x77, 0xB5, 0x6E, + 0x45, 0x35, 0x15, 0xCC, 0x28, 0x80, 0x2B, 0x2D, 0x6B, 0x3F, + 0xD0, 0xA3, 0x10, 0xD1, 0x53, 0xC0, 0xBB, 0x70, 0x43, 0x79, + 0x2F, 0xFF, 0x3F, 0x63, 0x26, 0xC5, 0x60, 0x9B, 0x87, 0xE9, + 0xA2, 0x5B, 0x40, 0x13, 0x41, 0x25, 0xD2, 0x9C, 0x3E, 0x42, + 0x79, 0x00, 0xE1, 0x12, 0x0E, 0xAA, 0x06, 0xE0, 0x65, 0x59, + 0xA1, 0xFA, 0xDB, 0xC4, 0xC2, 0x97, 0xA8, 0x87, 0x35, 0x96, + 0x1C, 0x8E, 0xFF, 0xEB, 0x91, 0xE0, 0x8B, 0xE3, 0x3E, 0xC8, + 0xB2, 0x8C, 0xD3, 0x84, 0x5E, 0x76, 0x80, 0xD7, 0x29, 0x0A, + 0x59, 0xCC, 0x71, 0xD5, 0xE5, 0x65, 0x3C, 0x30, 0x38, 0x6E, + 0xF5, 0x3F, 0x7E, 0x28, 0x0F, 0x3D, 0x15, 0x10, 0x86, 0x30, + 0x39, 0x56, 0x23, 0x13, 0x30, 0xB4, 0x70, 0xF7, 0x7B, 0xC3, + 0x0D, 0x51, 0xAD, 0x18, 0xB1, 0x87, 0xB3, 0x3F, 0x1C, 0x69, + 0xF5, 0xD4, 0x1E, 0x72, 0x66, 0x5E, 0x44, 0xB9, 0x53, 0xBA, + 0x9E, 0xF0, 0xB8, 0x4A, 0xB1, 0x34, 0x50, 0x98, 0xD8, 0xF2, + 0xB9, 0xB2, 0xC5, 0xED, 0x73, 0xC9, 0xEE, 0xDD, 0x33, 0x8C, + 0xCF, 0x72, 0x35, 0xE0, 0x3D, 0x0F, 0x45, 0x2A, 0x89, 0xF9, + 0xA3, 0x76, 0x40, 0x07, 0x0F, 0xF6, 0x48, 0x6C, 0xF1, 0x8C, + 0x30, 0x3A, 0xC2, 0x51, 0x06, 0xC2, 0x51, 0x5E, 0x75, 0x98, + 0x06, 0xE0, 0x1E, 0x29, 0xF7, 0x12, 0x9A, 0x56, 0xA4, 0x38, + 0x83, 0xB1, 0x8B, 0x86, 0xB6, 0xAB, 0x87, 0xAA, 0x3C, 0x39, + 0x9D, 0x4D, 0x0C, 0xE8, 0x78, 0x9F, 0x52, 0x47, 0x66, 0x69, + 0xC8, 0x66, 0x0C, 0xFE, 0xD9, 0x74, 0x1D, 0x78, 0x0B, 0x51, + 0xE4, 0xD9, 0xC8, 0x35, 0x97, 0x95, 0xC7, 0x31, 0x97, 0x13, + 0x49, 0xED, 0xAA, 0x9E, 0x9C, 0xFD, 0x66, 0x04, 0x79, 0xD2, + 0x24, 0x4D, 0x64, 0x8D, 0x3F, 0xCD, 0x94, 0xB0, 0x05, 0x0A, + 0x30, 0x3B, 0x1C, 0x96, 0xE7, 0x79, 0x00, 0x03, 0x47, 0x55, + 0x34, 0x51, 0x1F, 0x46, 0x3A, 0x24, 0x47, 0xE6, 0xDD, 0x78, + 0x89, 0x18, 0x29, 0x32, 0xC5, 0xAD, 0xFB, 0x9C, 0xF7, 0x26, + 0xAC, 0x56, 0x3E, 0xF7, 0x73 }; static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096); @@ -4102,9 +4108,10 @@ static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) - #ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* raw private key without ASN1 syntax from + * ./certs/dilithium/bench_dilithium_level2_key.der */ static const unsigned char bench_dilithium_level2_key[] = { 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, @@ -4369,6 +4376,8 @@ static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_leve #ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* raw public key without ASN1 syntax from + * ./certs/dilithium/bench_dilithium_level2_key.der */ static const unsigned char bench_dilithium_level2_pubkey[] = { 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, @@ -4510,6 +4519,8 @@ static const int sizeof_bench_dilithium_level2_pubkey = #ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* raw private key without ASN1 syntax from + * ./certs/dilithium/bench_dilithium_level3_key.der */ static const unsigned char bench_dilithium_level3_key[] = { 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, @@ -4922,6 +4933,8 @@ static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_leve #ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* raw public key without ASN1 syntax from + * ./certs/dilithium/bench_dilithium_level3_key.der */ static const unsigned char bench_dilithium_level3_pubkey[] = { 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, @@ -5127,6 +5140,8 @@ static const int sizeof_bench_dilithium_level3_pubkey = #ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* raw private key without ASN1 syntax from + * ./certs/dilithium/bench_dilithium_level5_key.der */ static const unsigned char bench_dilithium_level5_key[] = { 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, @@ -5625,6 +5640,8 @@ static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_leve #ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* raw public key without ASN1 syntax from + * ./certs/dilithium/bench_dilithium_level5_key.der */ static const unsigned char bench_dilithium_level5_pubkey[] = { 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, @@ -6076,10 +6093,10 @@ static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256); /* ./certs/client-ecc-cert.der, ECC */ static const unsigned char cliecc_cert_der_256[] = { - 0x30, 0x82, 0x03, 0x5D, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x37, 0x67, 0x2A, 0x05, 0x24, - 0xB5, 0x2B, 0xB6, 0xAE, 0x40, 0x6B, 0xE1, 0x75, 0xE0, 0x97, - 0xCC, 0x1D, 0x12, 0x8B, 0x2A, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x30, 0x82, 0x03, 0x5E, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x75, 0x99, 0xDB, 0x38, 0xED, + 0x32, 0xB1, 0xC2, 0xD1, 0x2C, 0x5E, 0x6F, 0x6F, 0x9D, 0x47, + 0x17, 0x58, 0xDD, 0xEE, 0x26, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, @@ -6095,10 +6112,10 @@ static const unsigned char cliecc_cert_der_256[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x33, 0x30, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, @@ -6144,9 +6161,9 @@ static const unsigned char cliecc_cert_der_256[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x37, 0x67, 0x2A, 0x05, 0x24, - 0xB5, 0x2B, 0xB6, 0xAE, 0x40, 0x6B, 0xE1, 0x75, 0xE0, 0x97, - 0xCC, 0x1D, 0x12, 0x8B, 0x2A, 0x30, 0x0C, 0x06, 0x03, 0x55, + 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x75, 0x99, 0xDB, 0x38, 0xED, + 0x32, 0xB1, 0xC2, 0xD1, 0x2C, 0x5E, 0x6F, 0x6F, 0x9D, 0x47, + 0x17, 0x58, 0xDD, 0xEE, 0x26, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, @@ -6155,14 +6172,14 @@ static const unsigned char cliecc_cert_der_256[] = 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, - 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x7A, - 0x6D, 0xC5, 0xBD, 0x6F, 0x9D, 0x54, 0x4F, 0xC5, 0x4C, 0xD0, - 0x12, 0x8C, 0x31, 0x3B, 0xB6, 0x17, 0x80, 0x9E, 0xC7, 0x34, - 0xF8, 0xC5, 0xDA, 0xFB, 0x61, 0x23, 0x35, 0xE6, 0x93, 0x35, - 0xB4, 0x02, 0x20, 0x1B, 0x6A, 0x86, 0xC4, 0x11, 0xBE, 0x7C, - 0x15, 0xA7, 0x5E, 0xAB, 0x85, 0xEE, 0xB7, 0x8C, 0x20, 0xDC, - 0xEB, 0x17, 0xA3, 0xF2, 0x66, 0x63, 0xAA, 0x6B, 0x67, 0xE0, - 0x62, 0x1F, 0x17, 0x3E, 0xAC + 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x03, + 0x69, 0x31, 0x45, 0x6F, 0x01, 0x88, 0x6B, 0x63, 0xC6, 0x1C, + 0xEB, 0x39, 0xE4, 0x9A, 0xA8, 0xE2, 0xE0, 0x34, 0xAC, 0xAC, + 0xE6, 0xA1, 0xD6, 0xFE, 0xCE, 0x85, 0x98, 0x1E, 0xB0, 0x0D, + 0xA9, 0x02, 0x21, 0x00, 0xA3, 0xDD, 0x84, 0x5D, 0x08, 0x28, + 0x4B, 0x8B, 0x58, 0xFB, 0x0D, 0x33, 0xDB, 0x02, 0xEA, 0xC8, + 0x0C, 0xDA, 0x34, 0x0B, 0x4E, 0x83, 0xA2, 0x10, 0x67, 0x99, + 0x19, 0x1C, 0x93, 0x91, 0xC8, 0xC7 }; static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256); @@ -6224,9 +6241,9 @@ static const int sizeof_ecc_secp_r1_statickey_der_256 = sizeof(ecc_secp_r1_stati static const unsigned char serv_ecc_comp_der_256[] = { 0x30, 0x82, 0x03, 0x77, 0x30, 0x82, 0x03, 0x1D, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x21, 0xD7, 0x53, 0x80, 0x24, - 0x5C, 0xEB, 0xBF, 0xC0, 0xA4, 0x40, 0xF4, 0x42, 0x19, 0x3B, - 0x83, 0xFD, 0x58, 0xC5, 0xA6, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x0C, 0x33, 0x75, 0x68, 0xFF, + 0x2E, 0x13, 0x4A, 0x2A, 0x30, 0x56, 0xB4, 0xA8, 0x79, 0x14, + 0xE2, 0xC4, 0xCA, 0x61, 0x54, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, @@ -6244,10 +6261,10 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, - 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, 0x32, - 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, - 0x38, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, + 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, + 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, + 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, + 0x30, 0x5A, 0x30, 0x81, 0xA0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, @@ -6294,8 +6311,8 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, - 0x21, 0xD7, 0x53, 0x80, 0x24, 0x5C, 0xEB, 0xBF, 0xC0, 0xA4, - 0x40, 0xF4, 0x42, 0x19, 0x3B, 0x83, 0xFD, 0x58, 0xC5, 0xA6, + 0x0C, 0x33, 0x75, 0x68, 0xFF, 0x2E, 0x13, 0x4A, 0x2A, 0x30, + 0x56, 0xB4, 0xA8, 0x79, 0x14, 0xE2, 0xC4, 0xCA, 0x61, 0x54, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, @@ -6305,14 +6322,14 @@ static const unsigned char serv_ecc_comp_der_256[] = 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, - 0x30, 0x45, 0x02, 0x20, 0x57, 0x1A, 0x59, 0xBC, 0xC9, 0x45, - 0x0A, 0x46, 0xE6, 0x16, 0xDA, 0x17, 0xCE, 0xC3, 0x0A, 0x57, - 0x57, 0xF2, 0x3D, 0x15, 0xCD, 0xCA, 0x1B, 0xA7, 0xA8, 0x39, - 0x2E, 0x9D, 0x09, 0xF3, 0x3E, 0xA0, 0x02, 0x21, 0x00, 0xDE, - 0xA3, 0x3A, 0x4D, 0x88, 0x38, 0x2B, 0x3A, 0x84, 0xDE, 0x2F, - 0x0A, 0x81, 0x14, 0x57, 0x7F, 0x7F, 0x2E, 0xD6, 0xA5, 0x4D, - 0x61, 0x10, 0x69, 0xB9, 0xA2, 0xC6, 0x51, 0xCD, 0x80, 0x4A, - 0x63 + 0x30, 0x45, 0x02, 0x20, 0x23, 0xD1, 0xF6, 0x8F, 0xD4, 0x29, + 0x83, 0x27, 0x8F, 0x4A, 0x8E, 0x49, 0x44, 0x49, 0x32, 0x1C, + 0x12, 0xE4, 0xC1, 0x33, 0xB1, 0x97, 0x2B, 0x31, 0xCD, 0x62, + 0x47, 0xCB, 0xB6, 0xD0, 0xEB, 0x4D, 0x02, 0x21, 0x00, 0xE0, + 0x6E, 0xDC, 0x48, 0x70, 0xAA, 0x10, 0xB2, 0x74, 0xD1, 0x88, + 0xDA, 0xF1, 0x3F, 0xD9, 0xD7, 0xE9, 0xE4, 0x88, 0xE5, 0x91, + 0x00, 0x03, 0xC1, 0x0C, 0x1F, 0x54, 0xA0, 0xCA, 0x4D, 0x99, + 0x6A }; static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256); @@ -6337,10 +6354,10 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, - 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, - 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, - 0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, + 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, + 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x9D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, @@ -6388,9 +6405,9 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x33, - 0x44, 0x1A, 0xA8, 0x6C, 0x01, 0xEC, 0xF6, 0x60, 0xF2, 0x70, - 0x51, 0x0A, 0x4C, 0xD1, 0x14, 0xFA, 0xBC, 0xE9, 0x44, 0x30, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x6B, + 0x9B, 0x70, 0xC6, 0xF1, 0xA3, 0x94, 0x65, 0x19, 0xA1, 0x08, + 0x58, 0xEF, 0xA7, 0x8D, 0x2B, 0x7A, 0x83, 0xC1, 0xDA, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, @@ -6400,32 +6417,32 @@ static const unsigned char serv_ecc_rsa_der_256[] = 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0x16, 0xB7, 0xD3, 0x9C, 0x7C, 0x6E, - 0xD2, 0xB7, 0x79, 0xAA, 0x5A, 0x16, 0x0B, 0x1E, 0xDA, 0xD0, - 0xF7, 0xDF, 0x64, 0xC9, 0x3C, 0xB8, 0x41, 0x24, 0x4B, 0x1B, - 0xC2, 0x83, 0x5E, 0xDF, 0xDE, 0xA8, 0x8A, 0x7C, 0xEB, 0x07, - 0x75, 0x20, 0xF6, 0xF3, 0x4C, 0xBD, 0x3F, 0x2E, 0xF0, 0xF0, - 0xDA, 0x4B, 0xC5, 0xD2, 0xC4, 0xF8, 0xDB, 0x34, 0x75, 0xE2, - 0x32, 0xB4, 0x34, 0x92, 0x8A, 0x7F, 0xD7, 0x84, 0xEA, 0xDF, - 0x99, 0xCA, 0x64, 0xE6, 0x7C, 0x68, 0x05, 0x1C, 0x75, 0xDE, - 0x3F, 0x06, 0x65, 0x5D, 0xFC, 0x29, 0xC9, 0x73, 0x0F, 0x4A, - 0xAD, 0xFD, 0xBC, 0x0D, 0x91, 0x37, 0x67, 0x63, 0x55, 0x65, - 0x93, 0x99, 0x56, 0x84, 0x25, 0x1B, 0xF1, 0x50, 0x03, 0x31, - 0x2D, 0x48, 0xAD, 0xA3, 0x38, 0x91, 0x29, 0x88, 0xB8, 0x72, - 0x08, 0x4C, 0x11, 0x36, 0x35, 0x20, 0x13, 0x78, 0x98, 0xD8, - 0x84, 0x30, 0xC5, 0x7B, 0x70, 0x24, 0x45, 0x8C, 0xE1, 0x55, - 0x80, 0x06, 0x5F, 0x19, 0x57, 0x89, 0x58, 0x1C, 0x2A, 0x40, - 0xFB, 0xF3, 0xA6, 0xBF, 0xEA, 0x41, 0x7A, 0x79, 0x2C, 0xAB, - 0xFE, 0xB6, 0x16, 0x5D, 0xD5, 0xFA, 0x32, 0x50, 0x9D, 0x89, - 0xF2, 0xCC, 0x87, 0x7A, 0x57, 0xCF, 0x4D, 0x38, 0xC4, 0xD5, - 0x33, 0x9A, 0x4D, 0x83, 0xC9, 0x00, 0xB8, 0x36, 0x66, 0x14, - 0x76, 0x20, 0xC1, 0x7A, 0xC7, 0xF7, 0x0A, 0x94, 0x69, 0xCE, - 0x0A, 0x0F, 0x81, 0x04, 0x12, 0x5F, 0x71, 0xD0, 0xD1, 0xFF, - 0x08, 0xD0, 0x89, 0x6F, 0xAC, 0x45, 0xD3, 0x06, 0x23, 0xA0, - 0x76, 0x88, 0xAD, 0x5D, 0x9A, 0x7A, 0x8C, 0x1F, 0x61, 0xD4, - 0xD8, 0x21, 0x1D, 0x8E, 0x05, 0x89, 0xD1, 0xD4, 0xD6, 0x86, - 0x5B, 0x4B, 0x43, 0xE6, 0x03, 0x4A, 0x10, 0x48, 0xF4, 0x1B, - 0x9D, 0x3B, 0x76, 0xD8, 0x2C, 0xAD, 0xFA, 0x33, 0xA5, 0x70 + 0x82, 0x01, 0x01, 0x00, 0x38, 0xE8, 0x66, 0xC3, 0x74, 0xE0, + 0x5C, 0x59, 0xA9, 0x12, 0x46, 0xAD, 0x84, 0xE3, 0xB3, 0xFA, + 0x3E, 0x68, 0x90, 0xD0, 0x06, 0xA4, 0x2C, 0xAB, 0xF7, 0xB3, + 0xB9, 0x7C, 0x89, 0x62, 0xFB, 0x88, 0xEB, 0x88, 0x04, 0xD9, + 0x4B, 0xAC, 0x7E, 0x4B, 0x4B, 0x7C, 0x7C, 0x0F, 0xE1, 0xDD, + 0x73, 0xEE, 0x88, 0xB3, 0xE7, 0x1E, 0x00, 0x7B, 0xFE, 0xAA, + 0x24, 0x50, 0xD7, 0x3C, 0xC4, 0x03, 0xF2, 0xBA, 0xFD, 0x81, + 0xCE, 0x7A, 0x0C, 0x1C, 0x48, 0x6A, 0x33, 0xAD, 0xA7, 0xF8, + 0xF7, 0xCA, 0xF7, 0x00, 0x47, 0x5C, 0xFC, 0xF8, 0x05, 0x98, + 0x5F, 0xEC, 0xC3, 0xAA, 0x75, 0x93, 0x03, 0xA1, 0x4E, 0x7A, + 0x37, 0xEC, 0x8B, 0xA9, 0x99, 0xFA, 0x76, 0x85, 0xCB, 0xC3, + 0x99, 0x29, 0x70, 0x1E, 0x9C, 0x41, 0xF1, 0x49, 0xFD, 0xE8, + 0xC0, 0x75, 0x0A, 0xDD, 0xA0, 0xE0, 0xD3, 0x6E, 0x7F, 0x93, + 0x7E, 0x4D, 0x2E, 0xEE, 0xA1, 0xC9, 0xDB, 0xFC, 0x98, 0x86, + 0xBB, 0x67, 0x7D, 0x2F, 0x74, 0x00, 0x10, 0x7C, 0x24, 0x5B, + 0x58, 0xF3, 0x5A, 0xED, 0x96, 0x6E, 0x8F, 0x34, 0xEE, 0x47, + 0x46, 0xBE, 0x3E, 0x96, 0x25, 0x2B, 0x7C, 0x90, 0x5B, 0x65, + 0x24, 0x48, 0x66, 0x5A, 0x79, 0xA6, 0x6A, 0xF5, 0xED, 0x31, + 0xCF, 0x0B, 0x29, 0xC3, 0xF1, 0xAB, 0x91, 0x21, 0x9C, 0x79, + 0x99, 0xC9, 0x5C, 0x4C, 0x2B, 0xAC, 0xF1, 0x21, 0x5C, 0x44, + 0x07, 0x14, 0x45, 0xE5, 0xE0, 0x84, 0xCE, 0xA3, 0x49, 0x59, + 0x8D, 0x94, 0x4A, 0x9D, 0x11, 0x20, 0xC3, 0xD3, 0xFC, 0xCE, + 0x8F, 0x2C, 0x38, 0x5B, 0x38, 0xE7, 0xB2, 0xD0, 0x71, 0x9F, + 0x3F, 0xDE, 0x4E, 0x08, 0x03, 0xF9, 0x11, 0x58, 0x7C, 0x46, + 0x04, 0x0A, 0x73, 0x28, 0x68, 0xB8, 0x17, 0x17, 0x02, 0x45, + 0x9C, 0x65, 0x96, 0x1A, 0xB3, 0x98, 0x4D, 0x3B, 0xFB, 0xC7 }; static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256); @@ -6451,10 +6468,10 @@ static const unsigned char serv_ecc_der_256[] = 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, - 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, - 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, - 0x39, 0x32, 0x38, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, + 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, + 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, + 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, @@ -6494,13 +6511,13 @@ static const unsigned char serv_ecc_der_256[] = 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, - 0x21, 0x00, 0x86, 0xBD, 0x87, 0x16, 0xD2, 0x9C, 0x66, 0xE7, - 0x5E, 0x5C, 0x28, 0x0E, 0x5F, 0xEF, 0x94, 0x61, 0x2F, 0xD4, - 0x21, 0x6D, 0x8E, 0xC3, 0x94, 0x0A, 0x1E, 0xB5, 0x6A, 0x1D, - 0xC6, 0x04, 0x87, 0xC6, 0x02, 0x20, 0x66, 0x46, 0xC4, 0x29, - 0xD9, 0x8E, 0xEB, 0x0B, 0xF7, 0x5B, 0x32, 0x13, 0xEB, 0x0A, - 0xEA, 0x47, 0x99, 0x4B, 0x74, 0x56, 0xBA, 0x21, 0x97, 0xB1, - 0x67, 0x75, 0x5C, 0xF3, 0xF3, 0xC0, 0x88, 0xAA + 0x21, 0x00, 0x8B, 0x82, 0xA5, 0xD2, 0xF6, 0xCA, 0x84, 0xBA, + 0xAD, 0x2D, 0xDE, 0x36, 0xE9, 0x2A, 0x4D, 0xEE, 0x4B, 0x20, + 0x46, 0xBA, 0xAB, 0x4E, 0xD0, 0x10, 0x6E, 0xEB, 0x30, 0xB6, + 0x7E, 0xD8, 0xAF, 0x8C, 0x02, 0x20, 0x06, 0x74, 0x40, 0x6A, + 0xA9, 0x31, 0x54, 0xFE, 0x20, 0x9D, 0xC6, 0x6D, 0x2B, 0xDF, + 0x1D, 0xAA, 0x63, 0xDA, 0xFC, 0x97, 0x50, 0x87, 0x92, 0x69, + 0xEE, 0x63, 0x57, 0xB6, 0xEC, 0xE2, 0xE9, 0xFA }; static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256); @@ -6527,9 +6544,9 @@ static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256); static const unsigned char ca_ecc_cert_der_256[] = { 0x30, 0x82, 0x02, 0x95, 0x30, 0x82, 0x02, 0x3B, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x0F, 0x17, 0x46, 0x70, 0xFD, - 0xC2, 0x70, 0xD1, 0xF9, 0x42, 0x49, 0x9C, 0x1A, 0xC3, 0x5D, - 0xDD, 0x30, 0xC8, 0x5F, 0x85, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x30, 0xB9, 0x30, 0x50, 0xF8, + 0x1A, 0x0D, 0xFF, 0xAD, 0x68, 0xD1, 0x6D, 0xE8, 0xA3, 0x6B, + 0x58, 0x23, 0x33, 0x7A, 0x84, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, @@ -6546,10 +6563,10 @@ static const unsigned char ca_ecc_cert_der_256[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, @@ -6585,14 +6602,14 @@ static const unsigned char ca_ecc_cert_der_256[] = 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, - 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xC8, - 0x64, 0x7F, 0xEE, 0x4B, 0xBE, 0x83, 0x48, 0x13, 0xEA, 0x92, - 0xF8, 0x1A, 0x82, 0x1E, 0x85, 0xB1, 0x5A, 0xA4, 0x1C, 0xE3, - 0xE8, 0xEA, 0x25, 0x44, 0x6F, 0xE7, 0x70, 0xFD, 0xEB, 0xF3, - 0x76, 0x02, 0x20, 0x44, 0x02, 0xA2, 0xEC, 0xC5, 0xA1, 0xAE, - 0xE2, 0xA4, 0x8A, 0xD9, 0x13, 0x95, 0x2B, 0xA6, 0x5B, 0x09, - 0x57, 0x86, 0x61, 0x42, 0x96, 0x97, 0xF0, 0x95, 0x62, 0x0C, - 0x03, 0xE6, 0x53, 0x04, 0x25 + 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0x88, + 0xCC, 0x7F, 0x00, 0xF5, 0xA9, 0x4E, 0xC0, 0x69, 0x6E, 0x36, + 0x39, 0x24, 0x8F, 0x83, 0x45, 0x4D, 0xFA, 0xD0, 0x39, 0x14, + 0xB8, 0xC8, 0x7F, 0x95, 0x51, 0xF2, 0xC5, 0x98, 0xC0, 0xB7, + 0xE2, 0x02, 0x20, 0x2A, 0x93, 0x61, 0xB0, 0x06, 0xDE, 0xEB, + 0xDA, 0xFD, 0xAF, 0x6B, 0x39, 0xBF, 0x88, 0x17, 0xF1, 0xBA, + 0x2A, 0x7D, 0x59, 0xA8, 0xDE, 0xE7, 0x0A, 0x11, 0x83, 0x4F, + 0x92, 0x77, 0x8D, 0x92, 0x3B }; static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256); @@ -6623,9 +6640,9 @@ static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384); static const unsigned char ca_ecc_cert_der_384[] = { 0x30, 0x82, 0x02, 0xD2, 0x30, 0x82, 0x02, 0x58, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x2E, 0xEA, 0xF0, 0x11, 0x40, - 0x1E, 0xAD, 0xFA, 0xA7, 0x85, 0x68, 0x65, 0x7A, 0x25, 0x2B, - 0x13, 0xB7, 0x61, 0xD7, 0x80, 0x30, 0x0A, 0x06, 0x08, 0x2A, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x4E, 0x08, 0x67, 0x9D, 0x29, + 0x61, 0x47, 0x3E, 0x2A, 0x23, 0x82, 0xCD, 0xCF, 0xCB, 0x53, + 0x2A, 0xB8, 0x02, 0x22, 0x57, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, @@ -6642,10 +6659,10 @@ static const unsigned char ca_ecc_cert_der_384[] = 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, - 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x38, 0x5A, 0x17, 0x0D, - 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x38, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, + 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, + 0x38, 0x32, 0x31, 0x32, 0x35, 0x32, 0x39, 0x5A, 0x17, 0x0D, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, + 0x32, 0x39, 0x5A, 0x30, 0x81, 0x97, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, @@ -6684,17 +6701,17 @@ static const unsigned char ca_ecc_cert_der_384[] = 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x03, - 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, 0x00, 0xBD, 0x2E, - 0x67, 0x71, 0x54, 0xBE, 0xB8, 0x5E, 0x29, 0x19, 0xD3, 0x18, - 0xF7, 0xE1, 0xAE, 0x79, 0xF0, 0xCC, 0x09, 0xC3, 0x91, 0xC0, - 0x81, 0xAB, 0xD7, 0xB7, 0x21, 0xF8, 0x4F, 0xDA, 0xBC, 0xAD, - 0x0E, 0xFC, 0x3D, 0x54, 0x32, 0x21, 0x3A, 0x67, 0xC5, 0x26, - 0x35, 0xE9, 0x33, 0xB2, 0x58, 0xD2, 0x02, 0x30, 0x64, 0x2F, - 0xFB, 0x10, 0xD0, 0x65, 0xB5, 0xAC, 0xBB, 0xB3, 0x41, 0x64, - 0x24, 0xEB, 0x0A, 0x6B, 0xAE, 0xA4, 0xED, 0x3E, 0xC8, 0x62, - 0x81, 0x45, 0x97, 0x92, 0xAD, 0x61, 0xEB, 0x69, 0x54, 0xCE, - 0x42, 0x83, 0xBB, 0x68, 0x23, 0x20, 0xF7, 0xB2, 0x5A, 0x55, - 0x0C, 0xD4, 0xE6, 0x13, 0x42, 0x61 + 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x30, 0x1D, 0x3F, 0x92, + 0x02, 0xB2, 0x46, 0x54, 0xEE, 0x9E, 0x0D, 0x90, 0x03, 0x73, + 0x6A, 0xAB, 0x04, 0x5A, 0x41, 0xFE, 0xF4, 0x1B, 0xFD, 0xD6, + 0x99, 0xCC, 0x7A, 0x6C, 0xFD, 0x52, 0xDA, 0x2E, 0x4E, 0x78, + 0xFE, 0xEF, 0x79, 0x74, 0x12, 0x5E, 0x04, 0x9D, 0x2C, 0xE4, + 0xE7, 0x1A, 0x4D, 0xD3, 0x1E, 0x02, 0x31, 0x00, 0xB7, 0x34, + 0xE8, 0x4C, 0x69, 0x70, 0xDB, 0xFD, 0x1A, 0x48, 0xC5, 0xDC, + 0x8E, 0xEF, 0x15, 0xCA, 0x13, 0xEE, 0xF8, 0x4F, 0x27, 0x5F, + 0xD2, 0x3A, 0x6A, 0x06, 0x7D, 0xF3, 0x32, 0xA7, 0x75, 0x97, + 0x27, 0x6D, 0x60, 0xED, 0xA2, 0x9F, 0x9F, 0x7E, 0x66, 0x43, + 0xF9, 0x15, 0x1D, 0x65, 0x5D, 0x49 }; static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384); @@ -6783,9 +6800,9 @@ static const unsigned char server_ed25519_cert[] = 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D, - 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, - 0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, - 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, 0x30, 0x81, + 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, + 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, + 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, @@ -6823,14 +6840,14 @@ static const unsigned char server_ed25519_cert[] = 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, - 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x22, - 0xD7, 0x34, 0xAC, 0x33, 0x65, 0x8B, 0x18, 0xA4, 0x34, 0xF9, - 0x3A, 0xE6, 0xCE, 0xC1, 0x77, 0xA6, 0x3D, 0x2A, 0x2A, 0xEE, - 0x22, 0xAD, 0x6E, 0xFC, 0x36, 0xFC, 0x98, 0x8D, 0x8A, 0xFD, - 0x3F, 0xCB, 0xA9, 0x74, 0x01, 0x25, 0x96, 0x05, 0xE1, 0x39, - 0x13, 0x8B, 0xD9, 0x05, 0x6D, 0xC9, 0xBA, 0x0E, 0x5D, 0x36, - 0xBF, 0x39, 0x03, 0x57, 0x2A, 0x55, 0xFC, 0xE3, 0x53, 0xC3, - 0x1B, 0xE1, 0x0B + 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x04, + 0x19, 0x32, 0xE4, 0x24, 0xE5, 0xDF, 0x5A, 0xA4, 0x19, 0xC4, + 0x31, 0x15, 0x81, 0x05, 0x4C, 0x45, 0x0A, 0x40, 0x4A, 0x5D, + 0x6A, 0x8B, 0x0A, 0x77, 0x02, 0xFE, 0x48, 0x82, 0xD2, 0x83, + 0x8D, 0xDE, 0x42, 0xB8, 0xCF, 0x02, 0xDC, 0x64, 0x2C, 0xBD, + 0x8C, 0x9D, 0x22, 0x16, 0xD8, 0x7A, 0x23, 0x65, 0x5D, 0xB0, + 0x25, 0x92, 0xAC, 0xA8, 0x6C, 0xDE, 0xDF, 0x1D, 0xEB, 0x64, + 0xE4, 0x8A, 0x06 }; static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); @@ -6866,10 +6883,10 @@ static const unsigned char ca_ed25519_cert[] = 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, - 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, - 0x32, 0x31, 0x33, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, - 0x17, 0x0D, 0x32, 0x36, 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, - 0x31, 0x39, 0x32, 0x39, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B, + 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, + 0x32, 0x31, 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, + 0x17, 0x0D, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, + 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0xB4, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, @@ -6903,13 +6920,13 @@ static const unsigned char ca_ed25519_cert[] = 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, - 0x03, 0x41, 0x00, 0xE6, 0x71, 0xA0, 0x59, 0x63, 0xB4, 0x31, - 0x31, 0x1F, 0x75, 0x06, 0xCE, 0xF1, 0x89, 0xF0, 0xE7, 0xA2, - 0xDB, 0xA8, 0xC1, 0xE4, 0xC8, 0x61, 0x38, 0x0C, 0xE6, 0xE9, - 0xE7, 0xB9, 0x9F, 0xCE, 0xE2, 0xF5, 0x49, 0xA3, 0xF5, 0x04, - 0x1E, 0x85, 0xF7, 0x7D, 0x10, 0xFB, 0x1D, 0xEE, 0xB6, 0xDC, - 0x5E, 0x51, 0xF1, 0x82, 0x33, 0xA4, 0xED, 0xE0, 0x0A, 0x65, - 0x09, 0x2B, 0x0E, 0x1E, 0xB2, 0xAF, 0x0B + 0x03, 0x41, 0x00, 0x44, 0xEB, 0x38, 0xC6, 0x27, 0xD4, 0x70, + 0x42, 0x3F, 0x9B, 0xA0, 0xD7, 0x90, 0x96, 0xD6, 0x6E, 0x42, + 0x38, 0x5B, 0x38, 0x38, 0x9F, 0x21, 0xCA, 0xB0, 0xFA, 0x5E, + 0x7C, 0x17, 0xB4, 0x32, 0x5C, 0xB3, 0x08, 0xA2, 0x65, 0x50, + 0xD7, 0x65, 0x6B, 0xF8, 0xA9, 0xEF, 0x0D, 0xD1, 0x54, 0x2D, + 0x4D, 0xB6, 0x0F, 0x42, 0x9E, 0x51, 0xF7, 0xDB, 0xA7, 0xBF, + 0x16, 0x23, 0xC4, 0xBD, 0x7D, 0xC9, 0x03 }; static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); @@ -6917,9 +6934,9 @@ static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); static const unsigned char client_ed25519_cert[] = { 0x30, 0x82, 0x03, 0x9F, 0x30, 0x82, 0x03, 0x51, 0xA0, 0x03, - 0x02, 0x01, 0x02, 0x02, 0x14, 0x31, 0xE6, 0x4A, 0xB1, 0x6B, - 0x4E, 0x2E, 0x77, 0x7B, 0xD6, 0xE3, 0x94, 0x8A, 0xCF, 0x02, - 0xB7, 0x58, 0x5A, 0xFB, 0xAB, 0x30, 0x05, 0x06, 0x03, 0x2B, + 0x02, 0x01, 0x02, 0x02, 0x14, 0x33, 0x8B, 0x57, 0xD5, 0x8E, + 0x84, 0x67, 0x6A, 0xE1, 0xED, 0xF2, 0xB9, 0x11, 0x16, 0x5E, + 0x12, 0xE5, 0x0C, 0x78, 0x8A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, @@ -6939,9 +6956,9 @@ static const unsigned char client_ed25519_cert[] = 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, - 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x31, 0x32, 0x31, 0x33, 0x32, - 0x32, 0x31, 0x39, 0x32, 0x39, 0x5A, 0x17, 0x0D, 0x32, 0x36, - 0x30, 0x39, 0x30, 0x38, 0x32, 0x32, 0x31, 0x39, 0x32, 0x39, + 0x1E, 0x17, 0x0D, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, + 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x37, + 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, 0x32, 0x35, 0x33, 0x30, 0x5A, 0x30, 0x81, 0xB8, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, @@ -6992,9 +7009,9 @@ static const unsigned char client_ed25519_cert[] = 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, - 0x82, 0x14, 0x31, 0xE6, 0x4A, 0xB1, 0x6B, 0x4E, 0x2E, 0x77, - 0x7B, 0xD6, 0xE3, 0x94, 0x8A, 0xCF, 0x02, 0xB7, 0x58, 0x5A, - 0xFB, 0xAB, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x82, 0x14, 0x33, 0x8B, 0x57, 0xD5, 0x8E, 0x84, 0x67, 0x6A, + 0xE1, 0xED, 0xF2, 0xB9, 0x11, 0x16, 0x5E, 0x12, 0xE5, 0x0C, + 0x78, 0x8A, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, @@ -7002,14 +7019,14 @@ static const unsigned char client_ed25519_cert[] = 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x05, 0x06, - 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0x92, 0xAC, 0x52, - 0xCF, 0x34, 0xC2, 0x76, 0x8A, 0x78, 0xF7, 0xEF, 0xDA, 0x3F, - 0x79, 0xE9, 0x66, 0xD1, 0xDE, 0xE1, 0xD7, 0x56, 0xB5, 0x4B, - 0xCF, 0xA7, 0xC2, 0x03, 0xAF, 0xCC, 0x23, 0x11, 0x4B, 0x44, - 0x0C, 0x33, 0xCE, 0x45, 0xE0, 0x33, 0xEB, 0xCC, 0xC9, 0xF8, - 0x38, 0x5B, 0x19, 0x6F, 0x86, 0x4D, 0x97, 0x30, 0xD1, 0x55, - 0x6E, 0xCB, 0x5F, 0x39, 0xC9, 0xA3, 0x22, 0x16, 0x66, 0x5F, - 0x07 + 0x03, 0x2B, 0x65, 0x70, 0x03, 0x41, 0x00, 0xAA, 0xC7, 0xBD, + 0x8E, 0x56, 0x40, 0xAB, 0x7D, 0x9C, 0x55, 0xF0, 0x4D, 0x1D, + 0x97, 0xE9, 0x03, 0x62, 0x11, 0xCA, 0x51, 0xAD, 0x80, 0xCF, + 0x1A, 0x2C, 0x2C, 0x5B, 0x2D, 0x71, 0xFE, 0xDB, 0x1D, 0x4B, + 0xCD, 0x4B, 0x8B, 0x2D, 0x12, 0xF7, 0x01, 0xEE, 0xFB, 0x7D, + 0x2E, 0x21, 0xFC, 0x81, 0xDE, 0x84, 0x59, 0xC8, 0xA5, 0x1E, + 0x92, 0xE3, 0x21, 0x58, 0xD1, 0x3E, 0x8A, 0x71, 0x91, 0x2D, + 0x0E }; static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert); diff --git a/src/wolfssl/crl.h b/src/wolfssl/crl.h index 5e5205e..cdf52f3 100644 --- a/src/wolfssl/crl.h +++ b/src/wolfssl/crl.h @@ -45,7 +45,10 @@ WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert); WOLFSSL_LOCAL int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, int serialSz, byte* serialHash, const byte* extCrlInfo, int extCrlInfoSz, void* issuerName); - +#ifdef HAVE_CRL_UPDATE_CB +WOLFSSL_LOCAL int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, + long sz, int type); +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/error-ssl.h b/src/wolfssl/error-ssl.h index 3130780..2d4d802 100644 --- a/src/wolfssl/error-ssl.h +++ b/src/wolfssl/error-ssl.h @@ -221,9 +221,28 @@ enum wolfSSL_ErrorCodes { HRR_COOKIE_ERROR = -505, /* HRR msg cookie mismatch */ UNSUPPORTED_CERTIFICATE = -506, /* unsupported certificate type */ - WOLFSSL_LAST_E = -506 + /* PEM and EVP errors */ + WOLFSSL_PEM_R_NO_START_LINE_E = -507, + WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E = -508, + WOLFSSL_PEM_R_BAD_PASSWORD_READ_E = -509, + WOLFSSL_PEM_R_BAD_DECRYPT_E = -510, + WOLFSSL_ASN1_R_HEADER_TOO_LONG_E = -511, + + WOLFSSL_EVP_R_BAD_DECRYPT_E = -512, + WOLFSSL_EVP_R_BN_DECODE_ERROR = -513, + WOLFSSL_EVP_R_DECODE_ERROR = -514, + WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR = -515, + + CRYPTO_POLICY_FORBIDDEN = -516, /* operation forbidden by system + * crypto-policy */ + + WOLFSSL_LAST_E = -516 + + /* codes -1000 to -1999 are reserved for wolfCrypt. */ }; +wc_static_assert((int)WC_LAST_E <= (int)WOLFSSL_LAST_E); + /* I/O Callback default errors */ enum IOerrors { WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ diff --git a/src/wolfssl/evp.c b/src/wolfssl/evp.c index 808aa04..c3eb12e 100644 --- a/src/wolfssl/evp.c +++ b/src/wolfssl/evp.c @@ -41,7 +41,6 @@ #include #endif - #include #include #include @@ -53,67 +52,67 @@ static const struct s_ent { const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, NID_md4, "MD4"}, + {WC_HASH_TYPE_MD4, WC_NID_md4, "MD4"}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, NID_md5, "MD5"}, + {WC_HASH_TYPE_MD5, WC_NID_md5, "MD5"}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"}, - {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */ + {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA1"}, + {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */ #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"}, + {WC_HASH_TYPE_SHA224, WC_NID_sha224, "SHA224"}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"}, + {WC_HASH_TYPE_SHA256, WC_NID_sha256, "SHA256"}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"}, + {WC_HASH_TYPE_SHA384, WC_NID_sha384, "SHA384"}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"}, + {WC_HASH_TYPE_SHA512, WC_NID_sha512, "SHA512"}, #endif /* WOLFSSL_SHA512 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - {WC_HASH_TYPE_SHA512_224, NID_sha512_224, "SHA512_224"}, + {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, "SHA512_224"}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - {WC_HASH_TYPE_SHA512_256, NID_sha512_256, "SHA512_256"}, + {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, "SHA512_256"}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, "SHA3_224"}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, "SHA3_256"}, #endif #ifndef WOLFSSL_NOSHA3_384 - {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, "SHA3_384"}, #endif #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, "SHA3_512"}, #endif #ifdef WOLFSSL_SM3 - {WC_HASH_TYPE_SM3, NID_sm3, "SM3"}, + {WC_HASH_TYPE_SM3, WC_NID_sm3, "SM3"}, #endif /* WOLFSSL_SHA512 */ #ifdef HAVE_BLAKE2 - {WC_HASH_TYPE_BLAKE2B, NID_blake2b512, "BLAKE2B512"}, + {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, "BLAKE2B512"}, #endif #ifdef HAVE_BLAKE2S - {WC_HASH_TYPE_BLAKE2S, NID_blake2s256, "BLAKE2S256"}, + {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, "BLAKE2S256"}, #endif #ifdef WOLFSSL_SHAKE128 - {WC_HASH_TYPE_SHAKE128, NID_shake128, "SHAKE128"}, + {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, "SHAKE128"}, #endif #ifdef WOLFSSL_SHAKE256 - {WC_HASH_TYPE_SHAKE256, NID_shake256, "SHAKE256"}, + {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, "SHAKE256"}, #endif {WC_HASH_TYPE_NONE, 0, NULL} }; @@ -158,6 +157,7 @@ static const struct s_ent { (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; #endif @@ -177,6 +177,7 @@ static const struct s_ent { #ifdef WOLFSSL_AES_256 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; @@ -287,21 +288,21 @@ static const struct pkey_type_name_ent { int type; const char *name; } pkey_type_names[] = { - { EVP_PKEY_RSA, "RSA" }, - { EVP_PKEY_EC, "EC" }, - { EVP_PKEY_DH, "DH" }, - { EVP_PKEY_DSA, "DSA" } + { WC_EVP_PKEY_RSA, "RSA" }, + { WC_EVP_PKEY_EC, "EC" }, + { WC_EVP_PKEY_DH, "DH" }, + { WC_EVP_PKEY_DSA, "DSA" } }; static int pkey_type_by_name(const char *name) { unsigned int i; if (name == NULL) - return EVP_PKEY_NONE; + return WC_EVP_PKEY_NONE; for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) { if (XSTRCMP(name, pkey_type_names[i].name) == 0) return pkey_type_names[i].type; } - return EVP_PKEY_NONE; + return WC_EVP_PKEY_NONE; } int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { @@ -311,7 +312,7 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { return WOLFSSL_FAILURE; type = pkey_type_by_name(name); - if (type == EVP_PKEY_NONE) + if (type == WC_EVP_PKEY_NONE) return WOLFSSL_FAILURE; return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; @@ -319,8 +320,8 @@ int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0) -#define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 -#define EVP_PKEY_PRINT_DIGITS_PER_LINE 15 +#define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 +#define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); @@ -346,81 +347,81 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) switch (cipherType(c)) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: return 16; - case AES_192_CBC_TYPE: return 24; - case AES_256_CBC_TYPE: return 32; + case WC_AES_128_CBC_TYPE: return 16; + case WC_AES_192_CBC_TYPE: return 24; + case WC_AES_256_CBC_TYPE: return 32; #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: return 16; - case AES_192_CFB1_TYPE: return 24; - case AES_256_CFB1_TYPE: return 32; - case AES_128_CFB8_TYPE: return 16; - case AES_192_CFB8_TYPE: return 24; - case AES_256_CFB8_TYPE: return 32; - case AES_128_CFB128_TYPE: return 16; - case AES_192_CFB128_TYPE: return 24; - case AES_256_CFB128_TYPE: return 32; + case WC_AES_128_CFB1_TYPE: return 16; + case WC_AES_192_CFB1_TYPE: return 24; + case WC_AES_256_CFB1_TYPE: return 32; + case WC_AES_128_CFB8_TYPE: return 16; + case WC_AES_192_CFB8_TYPE: return 24; + case WC_AES_256_CFB8_TYPE: return 32; + case WC_AES_128_CFB128_TYPE: return 16; + case WC_AES_192_CFB128_TYPE: return 24; + case WC_AES_256_CFB128_TYPE: return 32; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: return 16; - case AES_192_OFB_TYPE: return 24; - case AES_256_OFB_TYPE: return 32; + case WC_AES_128_OFB_TYPE: return 16; + case WC_AES_192_OFB_TYPE: return 24; + case WC_AES_256_OFB_TYPE: return 32; #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) /* Two keys for XTS. */ - case AES_128_XTS_TYPE: return 16 * 2; - case AES_256_XTS_TYPE: return 32 * 2; + case WC_AES_128_XTS_TYPE: return 16 * 2; + case WC_AES_256_XTS_TYPE: return 32 * 2; #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: return 16; - case AES_192_GCM_TYPE: return 24; - case AES_256_GCM_TYPE: return 32; + case WC_AES_128_GCM_TYPE: return 16; + case WC_AES_192_GCM_TYPE: return 24; + case WC_AES_256_GCM_TYPE: return 32; #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: return 16; - case AES_192_CCM_TYPE: return 24; - case AES_256_CCM_TYPE: return 32; + case WC_AES_128_CCM_TYPE: return 16; + case WC_AES_192_CCM_TYPE: return 24; + case WC_AES_256_CCM_TYPE: return 32; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: return 16; - case AES_192_CTR_TYPE: return 24; - case AES_256_CTR_TYPE: return 32; + case WC_AES_128_CTR_TYPE: return 16; + case WC_AES_192_CTR_TYPE: return 24; + case WC_AES_256_CTR_TYPE: return 32; #endif #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: return 16; - case AES_192_ECB_TYPE: return 24; - case AES_256_ECB_TYPE: return 32; + case WC_AES_128_ECB_TYPE: return 16; + case WC_AES_192_ECB_TYPE: return 24; + case WC_AES_256_ECB_TYPE: return 32; #endif #endif /* !NO_AES */ #ifndef NO_DES3 - case DES_CBC_TYPE: return 8; - case DES_EDE3_CBC_TYPE: return 24; - case DES_ECB_TYPE: return 8; - case DES_EDE3_ECB_TYPE: return 24; + case WC_DES_CBC_TYPE: return 8; + case WC_DES_EDE3_CBC_TYPE: return 24; + case WC_DES_ECB_TYPE: return 8; + case WC_DES_EDE3_ECB_TYPE: return 24; #endif #ifndef NO_RC4 - case ARC4_TYPE: return 16; + case WC_ARC4_TYPE: return 16; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: return 32; + case WC_CHACHA20_POLY1305_TYPE: return 32; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ; + case WC_CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: return 16; + case WC_SM4_ECB_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: return 16; + case WC_SM4_CBC_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: return 16; + case WC_SM4_CTR_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: return 16; + case WC_SM4_GCM_TYPE: return 16; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: return 16; + case WC_SM4_CCM_TYPE: return 16; #endif default: return 0; @@ -603,9 +604,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, switch (ctx->cipherType) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: if (ctx->enc) ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -613,16 +614,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); break; #endif #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: if (ctx->enc) ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -630,9 +631,9 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: if (ctx->enc) ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -640,10 +641,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_CFB) - #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: + #if !defined(WOLFSSL_NO_AES_CFB_1_8) + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: if (ctx->enc) ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in, inl * WOLFSSL_BIT_SIZE); @@ -652,19 +653,19 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, inl * WOLFSSL_BIT_SIZE); break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: if (ctx->enc) ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl); else ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl); break; - #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: if (ctx->enc) ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl); else @@ -672,8 +673,8 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: if (ctx->enc) ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl, ctx->iv, (word32)ctx->ivSz); @@ -684,34 +685,34 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, #endif #endif /* !NO_AES */ #ifndef NO_DES3 - case DES_CBC_TYPE: + case WC_DES_CBC_TYPE: if (ctx->enc) ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); else ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); break; - case DES_EDE3_CBC_TYPE: + case WC_DES_EDE3_CBC_TYPE: if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); else ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); break; #if defined(WOLFSSL_DES_ECB) - case DES_ECB_TYPE: + case WC_DES_ECB_TYPE: ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); break; - case DES_EDE3_ECB_TYPE: + case WC_DES_EDE3_ECB_TYPE: ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); break; #endif #endif #ifndef NO_RC4 - case ARC4_TYPE: + case WC_ARC4_TYPE: wc_Arc4Process(&ctx->cipher.arc4, out, in, inl); break; #endif #if defined(WOLFSSL_SM4_ECB) - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: if (ctx->enc) wc_Sm4EcbEncrypt(&ctx->cipher.sm4, out, in, inl); else @@ -719,7 +720,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_SM4_CBC) - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: if (ctx->enc) wc_Sm4CbcEncrypt(&ctx->cipher.sm4, out, in, inl); else @@ -727,7 +728,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_SM4_CTR) - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: wc_Sm4CtrEncrypt(&ctx->cipher.sm4, out, in, inl); break; #endif @@ -783,7 +784,7 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, #if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM) #if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM) - if (ctx->cipherType == SM4_GCM_TYPE) + if (ctx->cipherType == WC_SM4_GCM_TYPE) #endif { int ret = 0; @@ -1059,29 +1060,29 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, switch (ctx->cipherType) { #if !defined(NO_AES) && defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: /* if out == NULL, in/inl contains the additional auth data */ return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */ #if !defined(NO_AES) && defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: /* if out == NULL, in/inl contains the * additional auth data */ return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl); #endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */ #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: /* if out == NULL, in/inl contains the additional auth data */ return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl); #endif /* defined(HAVE_ARIA) */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: if (out == NULL) { if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in, (word32)inl) != 0) { @@ -1106,7 +1107,7 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, } #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: if (wc_Chacha_Process(&ctx->cipher.chacha, out, in, (word32)inl) != 0) { WOLFSSL_MSG("wc_ChaCha_Process failed"); @@ -1116,12 +1117,12 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, return WOLFSSL_SUCCESS; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: /* if out == NULL, in/inl contains the additional auth data */ return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: /* if out == NULL, in/inl contains the * additional auth data */ return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl); @@ -1274,9 +1275,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, switch (ctx->cipherType) { #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: #ifndef WOLFSSL_AESGCM_STREAM if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { @@ -1347,7 +1348,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, } else { /* Clear IV, since IV reuse is not recommended for AES GCM. */ - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); } if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { ret = WOLFSSL_FAILURE; @@ -1358,9 +1359,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) { @@ -1406,7 +1407,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, else { /* Clear IV, since IV reuse is not recommended * for AES CCM. */ - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); } if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { ret = WOLFSSL_FAILURE; @@ -1417,9 +1418,9 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) @@ -1471,7 +1472,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) || * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly, ctx->authTag) != 0) { WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed"); @@ -1484,7 +1485,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, break; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) @@ -1535,7 +1536,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, break; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: if ((ctx->authBuffer && ctx->authBufferLen > 0) || (ctx->authBufferLen == 0)) { if (ctx->enc) @@ -1660,20 +1661,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, */ if (FALSE #ifdef HAVE_AESGCM - || ctx->cipherType == AES_128_GCM_TYPE || - ctx->cipherType == AES_192_GCM_TYPE || - ctx->cipherType == AES_256_GCM_TYPE + || ctx->cipherType == WC_AES_128_GCM_TYPE || + ctx->cipherType == WC_AES_192_GCM_TYPE || + ctx->cipherType == WC_AES_256_GCM_TYPE #endif #ifdef HAVE_AESCCM - || ctx->cipherType == AES_128_CCM_TYPE || - ctx->cipherType == AES_192_CCM_TYPE || - ctx->cipherType == AES_256_CCM_TYPE + || ctx->cipherType == WC_AES_128_CCM_TYPE || + ctx->cipherType == WC_AES_192_CCM_TYPE || + ctx->cipherType == WC_AES_256_CCM_TYPE #endif #ifdef WOLFSSL_SM4_GCM - || ctx->cipherType == SM4_GCM_TYPE + || ctx->cipherType == WC_SM4_GCM_TYPE #endif #ifdef WOLFSSL_SM4_CCM - || ctx->cipherType == SM4_CCM_TYPE + || ctx->cipherType == WC_SM4_CCM_TYPE #endif ) { tmp = ctx->authIvGenEnable; @@ -1688,20 +1689,20 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0)) if (FALSE #ifdef HAVE_AESGCM - || ctx->cipherType == AES_128_GCM_TYPE || - ctx->cipherType == AES_192_GCM_TYPE || - ctx->cipherType == AES_256_GCM_TYPE + || ctx->cipherType == WC_AES_128_GCM_TYPE || + ctx->cipherType == WC_AES_192_GCM_TYPE || + ctx->cipherType == WC_AES_256_GCM_TYPE #endif #ifdef HAVE_AESCCM - || ctx->cipherType == AES_128_CCM_TYPE || - ctx->cipherType == AES_192_CCM_TYPE || - ctx->cipherType == AES_256_CCM_TYPE + || ctx->cipherType == WC_AES_128_CCM_TYPE || + ctx->cipherType == WC_AES_192_CCM_TYPE || + ctx->cipherType == WC_AES_256_CCM_TYPE #endif #ifdef WOLFSSL_SM4_GCM - || ctx->cipherType == SM4_GCM_TYPE + || ctx->cipherType == WC_SM4_GCM_TYPE #endif #ifdef WOLFSSL_SM4_CCM - || ctx->cipherType == SM4_CCM_TYPE + || ctx->cipherType == WC_SM4_CCM_TYPE #endif ) { ctx->authIvGenEnable = (tmp == 1); @@ -1769,75 +1770,75 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: #endif #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: #endif - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: #endif /* !NO_AES */ #ifndef NO_DES3 - case DES_CBC_TYPE: - case DES_ECB_TYPE: - case DES_EDE3_CBC_TYPE: - case DES_EDE3_ECB_TYPE: + case WC_DES_CBC_TYPE: + case WC_DES_ECB_TYPE: + case WC_DES_EDE3_CBC_TYPE: + case WC_DES_EDE3_ECB_TYPE: #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: #endif return ctx->block_size; #endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */ @@ -1851,193 +1852,195 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) if (cipher == NULL) return 0; /* dummy for #ifdef */ #ifndef NO_DES3 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC)) - return DES_CBC_TYPE; + return WC_DES_CBC_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC)) - return DES_EDE3_CBC_TYPE; + return WC_DES_EDE3_CBC_TYPE; #if !defined(NO_DES3) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB)) - return DES_ECB_TYPE; + return WC_DES_ECB_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB)) - return DES_EDE3_ECB_TYPE; + return WC_DES_EDE3_ECB_TYPE; #endif /* NO_DES3 && HAVE_AES_ECB */ #endif #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC)) - return AES_128_CBC_TYPE; + return WC_AES_128_CBC_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC)) - return AES_192_CBC_TYPE; + return WC_AES_192_CBC_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC)) - return AES_256_CBC_TYPE; + return WC_AES_256_CBC_TYPE; #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if defined(HAVE_AESGCM) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM)) - return AES_128_GCM_TYPE; + return WC_AES_128_GCM_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM)) - return AES_192_GCM_TYPE; + return WC_AES_192_GCM_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM)) - return AES_256_GCM_TYPE; + return WC_AES_256_GCM_TYPE; #endif #endif /* HAVE_AESGCM */ #if defined(HAVE_AESCCM) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CCM)) - return AES_128_CCM_TYPE; + return WC_AES_128_CCM_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CCM)) - return AES_192_CCM_TYPE; + return WC_AES_192_CCM_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CCM)) - return AES_256_CCM_TYPE; + return WC_AES_256_CCM_TYPE; #endif #endif /* HAVE_AESCCM */ #if defined(WOLFSSL_AES_COUNTER) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR)) - return AES_128_CTR_TYPE; + return WC_AES_128_CTR_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR)) - return AES_192_CTR_TYPE; + return WC_AES_192_CTR_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR)) - return AES_256_CTR_TYPE; + return WC_AES_256_CTR_TYPE; #endif #endif /* HAVE_AES_CBC */ #if defined(HAVE_AES_ECB) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB)) - return AES_128_ECB_TYPE; + return WC_AES_128_ECB_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB)) - return AES_192_ECB_TYPE; + return WC_AES_192_ECB_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB)) - return AES_256_ECB_TYPE; + return WC_AES_256_ECB_TYPE; #endif #endif /*HAVE_AES_CBC */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS)) - return AES_128_XTS_TYPE; + return WC_AES_128_XTS_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS)) - return AES_256_XTS_TYPE; + return WC_AES_256_XTS_TYPE; #endif #endif /* WOLFSSL_AES_XTS */ #if defined(WOLFSSL_AES_CFB) +#ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1)) - return AES_128_CFB1_TYPE; + return WC_AES_128_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1)) - return AES_192_CFB1_TYPE; + return WC_AES_192_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1)) - return AES_256_CFB1_TYPE; + return WC_AES_256_CFB1_TYPE; #endif #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8)) - return AES_128_CFB8_TYPE; + return WC_AES_128_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8)) - return AES_192_CFB8_TYPE; + return WC_AES_192_CFB8_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8)) - return AES_256_CFB8_TYPE; + return WC_AES_256_CFB8_TYPE; #endif +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128)) - return AES_128_CFB128_TYPE; + return WC_AES_128_CFB128_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128)) - return AES_192_CFB128_TYPE; + return WC_AES_192_CFB128_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128)) - return AES_256_CFB128_TYPE; + return WC_AES_256_CFB128_TYPE; #endif #endif /*HAVE_AES_CBC */ #if defined(WOLFSSL_AES_OFB) #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB)) - return AES_128_OFB_TYPE; + return WC_AES_128_OFB_TYPE; #endif #ifdef WOLFSSL_AES_192 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB)) - return AES_192_OFB_TYPE; + return WC_AES_192_OFB_TYPE; #endif #ifdef WOLFSSL_AES_256 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB)) - return AES_256_OFB_TYPE; + return WC_AES_256_OFB_TYPE; #endif #endif #endif /* !NO_AES */ #if defined(HAVE_ARIA) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM)) - return ARIA_128_GCM_TYPE; + return WC_ARIA_128_GCM_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM)) - return ARIA_192_GCM_TYPE; + return WC_ARIA_192_GCM_TYPE; else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM)) - return ARIA_256_GCM_TYPE; + return WC_ARIA_256_GCM_TYPE; #endif /* HAVE_ARIA */ #ifndef NO_RC4 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4)) - return ARC4_TYPE; + return WC_ARC4_TYPE; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20_POLY1305)) - return CHACHA20_POLY1305_TYPE; + return WC_CHACHA20_POLY1305_TYPE; #endif #ifdef HAVE_CHACHA else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20)) - return CHACHA20_TYPE; + return WC_CHACHA20_TYPE; #endif #ifdef WOLFSSL_SM4_ECB else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_ECB)) - return SM4_ECB_TYPE; + return WC_SM4_ECB_TYPE; #endif #ifdef WOLFSSL_SM4_CBC else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CBC)) - return SM4_CBC_TYPE; + return WC_SM4_CBC_TYPE; #endif #ifdef WOLFSSL_SM4_CTR else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CTR)) - return SM4_CTR_TYPE; + return WC_SM4_CTR_TYPE; #endif #ifdef WOLFSSL_SM4_GCM else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_GCM)) - return SM4_GCM_TYPE; + return WC_SM4_GCM_TYPE; #endif #ifdef WOLFSSL_SM4_CCM else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CCM)) - return SM4_CCM_TYPE; + return WC_SM4_CCM_TYPE; #endif else return 0; @@ -2051,107 +2054,107 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) switch (cipherType(cipher)) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: - return AES_BLOCK_SIZE; + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: + return WC_AES_BLOCK_SIZE; #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: return 1; #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: return 1; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: return 1; #endif #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: - return AES_BLOCK_SIZE; + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: + return WC_AES_BLOCK_SIZE; #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: return 1; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: return 1; #endif #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: return 1; #endif #endif /* NO_AES */ #ifndef NO_RC4 - case ARC4_TYPE: + case WC_ARC4_TYPE: return 1; #endif #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: return 1; #endif #ifndef NO_DES3 - case DES_CBC_TYPE: return 8; - case DES_EDE3_CBC_TYPE: return 8; - case DES_ECB_TYPE: return 8; - case DES_EDE3_ECB_TYPE: return 8; + case WC_DES_CBC_TYPE: return 8; + case WC_DES_EDE3_CBC_TYPE: return 8; + case WC_DES_ECB_TYPE: return 8; + case WC_DES_EDE3_ECB_TYPE: return 8; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: return 1; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: return 1; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: return 1; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: return 1; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: return 1; #endif @@ -2165,107 +2168,107 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) switch (cipherType(cipher)) { #if !defined(NO_AES) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: return WOLFSSL_EVP_CIPH_CBC_MODE; #endif #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: return WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: return WOLFSSL_EVP_CIPH_CCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: return WOLFSSL_EVP_CIPH_CTR_MODE; #endif #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: return WOLFSSL_EVP_CIPH_CFB_MODE; #endif #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: return WOLFSSL_EVP_CIPH_OFB_MODE; #endif #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: return WOLFSSL_EVP_CIPH_XTS_MODE; #endif - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; #endif /* !NO_AES */ #if defined(HAVE_ARIA) - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: return WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #ifndef NO_DES3 - case DES_CBC_TYPE: - case DES_EDE3_CBC_TYPE: + case WC_DES_CBC_TYPE: + case WC_DES_EDE3_CBC_TYPE: return WOLFSSL_EVP_CIPH_CBC_MODE; - case DES_ECB_TYPE: - case DES_EDE3_ECB_TYPE: + case WC_DES_ECB_TYPE: + case WC_DES_EDE3_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; #endif #ifndef NO_RC4 - case ARC4_TYPE: - return EVP_CIPH_STREAM_CIPHER; + case WC_ARC4_TYPE: + return WOLFSSL_EVP_CIPH_STREAM_CIPHER; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: return WOLFSSL_EVP_CIPH_STREAM_CIPHER | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: return WOLFSSL_EVP_CIPH_STREAM_CIPHER; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: return WOLFSSL_EVP_CIPH_CBC_MODE; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: return WOLFSSL_EVP_CIPH_CTR_MODE; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: return WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: return WOLFSSL_EVP_CIPH_CCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; #endif @@ -2374,7 +2377,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX)); ctx->pkey = pkey; #if !defined(NO_RSA) - ctx->padding = RSA_PKCS1_PADDING; + ctx->padding = WC_RSA_PKCS1_PADDING; ctx->md = NULL; #endif #ifdef HAVE_ECC @@ -2416,7 +2419,7 @@ int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding) * returns WOLFSSL_SUCCESS on success. */ int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx, - const EVP_MD* md) + const WOLFSSL_EVP_MD* md) { if (ctx == NULL) return 0; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_signature_md"); @@ -2468,7 +2471,7 @@ int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx) return WOLFSSL_FAILURE; } wolfSSL_EVP_PKEY_free(ctx->peerKey); - ctx->op = EVP_PKEY_OP_DERIVE; + ctx->op = WC_EVP_PKEY_OP_DERIVE; ctx->padding = 0; ctx->nbits = 0; return WOLFSSL_SUCCESS; @@ -2478,7 +2481,7 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY { WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer"); - if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) { + if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE) { return WOLFSSL_FAILURE; } wolfSSL_EVP_PKEY_free(ctx->peerKey); @@ -2513,14 +2516,14 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive"); - if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey - && ctx->pkey->type != EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type - != EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) { + if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey + && ctx->pkey->type != WC_EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type + != WC_EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) { return WOLFSSL_FAILURE; } switch (ctx->pkey->type) { #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: /* Use DH */ if (!ctx->pkey->dh || !ctx->peerKey->dh) { return WOLFSSL_FAILURE; @@ -2553,7 +2556,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ break; #endif #if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: /* Use ECDH */ if (!ctx->pkey->ecc || !ctx->peerKey->ecc) { return WOLFSSL_FAILURE; @@ -2621,7 +2624,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ break; #endif #ifdef HAVE_HKDF - case EVP_PKEY_HKDF: + case WC_EVP_PKEY_HKDF: (void)len; hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd); @@ -2629,7 +2632,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ WOLFSSL_MSG("Invalid hash type for HKDF."); return WOLFSSL_FAILURE; } - if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { + if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, @@ -2638,7 +2641,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_FAILURE; } } - else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { + else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, key) != 0) { @@ -2655,7 +2658,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ *keylen = (size_t)hkdfHashSz; } } - else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { + else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, @@ -2711,7 +2714,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, WOLFSSL_MSG("Bad argument."); ret = WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) { + if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) { WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF."); ret = WOLFSSL_FAILURE; } @@ -2746,7 +2749,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, WOLFSSL_MSG("Bad argument."); ret = WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) { + if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) { WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF."); ret = WOLFSSL_FAILURE; } @@ -2781,7 +2784,7 @@ int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx, WOLFSSL_MSG("Bad argument."); ret = WOLFSSL_FAILURE; } - if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) { + if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) { WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF."); ret = WOLFSSL_FAILURE; } @@ -2831,9 +2834,10 @@ int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode) } if (ret == WOLFSSL_SUCCESS && - mode != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND && - mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY && - mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { + mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND && + mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY && + mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) + { WOLFSSL_MSG("Invalid HKDF mode."); ret = WOLFSSL_FAILURE; } @@ -2881,7 +2885,7 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: if (out == NULL) { if (ctx->pkey->rsa == NULL) { WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL."); @@ -2910,8 +2914,8 @@ int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, } #endif /* NO_RSA */ - case EVP_PKEY_EC: - WOLFSSL_MSG("EVP_PKEY_EC not implemented."); + case WC_EVP_PKEY_EC: + WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented."); FALL_THROUGH; default: break; @@ -2932,10 +2936,10 @@ int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) if (ctx == NULL) return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init"); switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_DECRYPT; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_DECRYPT; return WOLFSSL_SUCCESS; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -2970,8 +2974,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, return 0; } - if (ctx->op != EVP_PKEY_OP_ENCRYPT) { - WOLFSSL_MSG("ctx->op must be set to EVP_PKEY_OP_ENCRYPT. Use " + if (ctx->op != WC_EVP_PKEY_OP_ENCRYPT) { + WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_ENCRYPT. Use " "wolfSSL_EVP_PKEY_encrypt_init."); return WOLFSSL_FAILURE; } @@ -2984,7 +2988,7 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: if (out == NULL) { if (ctx->pkey->rsa == NULL) { WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL."); @@ -3014,8 +3018,8 @@ int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, } #endif /* NO_RSA */ - case EVP_PKEY_EC: - WOLFSSL_MSG("EVP_PKEY_EC not implemented"); + case WC_EVP_PKEY_EC: + WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented"); FALL_THROUGH; default: break; @@ -3037,10 +3041,10 @@ int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init"); switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_ENCRYPT; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_ENCRYPT; return WOLFSSL_SUCCESS; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -3065,22 +3069,22 @@ int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx) switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_SIGN; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_SIGN; ret = WOLFSSL_SUCCESS; break; #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: - ctx->op = EVP_PKEY_OP_SIGN; + case WC_EVP_PKEY_DSA: + ctx->op = WC_EVP_PKEY_OP_SIGN; ret = WOLFSSL_SUCCESS; break; #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: - ctx->op = EVP_PKEY_OP_SIGN; + case WC_EVP_PKEY_EC: + ctx->op = WC_EVP_PKEY_OP_SIGN; ret = WOLFSSL_SUCCESS; break; #endif /* HAVE_ECC */ @@ -3103,7 +3107,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, { WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign"); - if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen) + if (!ctx || ctx->op != WC_EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen) return WOLFSSL_FAILURE; (void)sig; @@ -3113,7 +3117,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { unsigned int usiglen = (unsigned int)*siglen; if (!sig) { int len; @@ -3138,7 +3142,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: { + case WC_EVP_PKEY_DSA: { int bytes; int ret; if (!ctx->pkey->dsa) @@ -3165,7 +3169,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int ret; WOLFSSL_ECDSA_SIG *ecdsaSig; if (!sig) { @@ -3227,20 +3231,20 @@ int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx) switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_VERIFY; + case WC_EVP_PKEY_RSA: + ctx->op = WC_EVP_PKEY_OP_VERIFY; return WOLFSSL_SUCCESS; #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: - ctx->op = EVP_PKEY_OP_VERIFY; + case WC_EVP_PKEY_DSA: + ctx->op = WC_EVP_PKEY_OP_VERIFY; return WOLFSSL_SUCCESS; #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: - ctx->op = EVP_PKEY_OP_VERIFY; + case WC_EVP_PKEY_EC: + ctx->op = WC_EVP_PKEY_OP_VERIFY; return WOLFSSL_SUCCESS; #endif /* HAVE_ECC */ @@ -3264,19 +3268,19 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, { WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify"); - if (!ctx || ctx->op != EVP_PKEY_OP_VERIFY || !ctx->pkey) + if (!ctx || ctx->op != WC_EVP_PKEY_OP_VERIFY || !ctx->pkey) return WOLFSSL_FAILURE; switch (ctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs, (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa, ctx->padding); #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: { + case WC_EVP_PKEY_DSA: { int dsacheck = 0; if (wolfSSL_DSA_do_verify(tbs, (unsigned char *)sig, ctx->pkey->dsa, &dsacheck) != WOLFSSL_SUCCESS || dsacheck != 1) @@ -3286,7 +3290,7 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, #endif /* NO_DSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int ret; WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG( NULL, (const unsigned char **)&sig, (long)siglen); @@ -3334,7 +3338,7 @@ int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx, { WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid"); #ifdef HAVE_ECC - if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) { + if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == WC_EVP_PKEY_EC) { ctx->curveNID = nid; return WOLFSSL_SUCCESS; } @@ -3367,7 +3371,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx, if (ret == WOLFSSL_SUCCESS && *pkey == NULL) { /* Only ECC is supported currently. */ - if (ctx->pkey == NULL || ctx->pkey->type != EVP_PKEY_EC) { + if (ctx->pkey == NULL || ctx->pkey->type != WC_EVP_PKEY_EC) { WOLFSSL_MSG("Key not set or key type not supported."); ret = WOLFSSL_FAILURE; } @@ -3388,7 +3392,7 @@ int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx, #ifdef HAVE_ECC /* For ECC parameter generation we just need to set the group, which * wolfSSL_EC_KEY_new_by_curve_name will do. */ - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: (*pkey)->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID); if ((*pkey)->ecc == NULL) { WOLFSSL_MSG("Failed to create WOLFSSL_EC_KEY."); @@ -3451,9 +3455,9 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, pkey = *ppkey; if (pkey == NULL) { if (ctx->pkey == NULL || - (ctx->pkey->type != EVP_PKEY_EC && - ctx->pkey->type != EVP_PKEY_RSA && - ctx->pkey->type != EVP_PKEY_DH)) { + (ctx->pkey->type != WC_EVP_PKEY_EC && + ctx->pkey->type != WC_EVP_PKEY_RSA && + ctx->pkey->type != WC_EVP_PKEY_DH)) { WOLFSSL_MSG("Key not set or key type not supported"); return WOLFSSL_FAILURE; } @@ -3467,7 +3471,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, switch (pkey->type) { #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT, NULL, NULL); if (pkey->rsa) { @@ -3479,7 +3483,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: /* pkey->ecc may not be NULL, if, for example, it was populated by a * prior call to wolfSSL_EVP_PKEY_paramgen. */ if (pkey->ecc == NULL) { @@ -3494,7 +3498,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, break; #endif #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: pkey->dh = wolfSSL_DH_new(); if (pkey->dh) { pkey->ownDh = 1; @@ -3540,12 +3544,12 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) switch (pkey->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); #endif /* !NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (pkey->dsa == NULL || (!pkey->dsa->exSet && SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS)) @@ -3554,7 +3558,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { WOLFSSL_MSG("No ECC key has been set"); break; @@ -3579,7 +3583,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, return WOLFSSL_FAILURE; } - if (to->type == EVP_PKEY_NONE) { + if (to->type == WC_EVP_PKEY_NONE) { to->type = from->type; } else if (to->type != from->type) { @@ -3589,7 +3593,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, switch(from->type) { #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (from->ecc) { if (!to->ecc) { if ((to->ecc = wolfSSL_EC_KEY_new()) == NULL) { @@ -3609,7 +3613,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, break; #endif #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (from->dsa) { WOLFSSL_BIGNUM* cpy; if (!to->dsa) { @@ -3651,7 +3655,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, break; #endif #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: if (from->dh) { WOLFSSL_BIGNUM* cpy; if (!to->dh) { @@ -3693,7 +3697,7 @@ int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, break; #endif #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: #endif default: WOLFSSL_MSG("Copy parameters not available for this key type"); @@ -3740,13 +3744,13 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) /* get size based on key type */ switch (a->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)); b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)); break; #endif /* !NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (a->ecc == NULL || a->ecc->internal == NULL || b->ecc == NULL || b->ecc->internal == NULL) { return ret; @@ -3885,23 +3889,23 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx) type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey)); switch (type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: - WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented"); + case WC_EVP_PKEY_RSA: + WOLFSSL_MSG("WC_EVP_PKEY_RSA not yet implemented"); return WOLFSSL_FAILURE; #endif #if defined(HAVE_ECC) - case EVP_PKEY_EC: - WOLFSSL_MSG("EVP_PKEY_EC not yet implemented"); + case WC_EVP_PKEY_EC: + WOLFSSL_MSG("WC_EVP_PKEY_EC not yet implemented"); return WOLFSSL_FAILURE; #endif #if !defined(NO_DSA) - case EVP_PKEY_DSA: - WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented"); + case WC_EVP_PKEY_DSA: + WOLFSSL_MSG("WC_EVP_PKEY_DSA not yet implemented"); return WOLFSSL_FAILURE; #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey); if (dh_key != NULL) { ret = DH_param_check(dh_key); @@ -4001,7 +4005,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, switch (pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { int nid; const WOLFSSL_EVP_MD *ctxmd; @@ -4017,7 +4021,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, } #endif /* NO_RSA */ #ifndef NO_DSA - case EVP_PKEY_DSA: { + case WC_EVP_PKEY_DSA: { int bytes; ret = wolfSSL_DSA_do_sign(md, sigret, pkey->dsa); /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */ @@ -4034,7 +4038,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, } #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize, pkey->ecc); if (ecdsaSig == NULL) @@ -4115,7 +4119,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { int nid; const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); if (ctxmd == NULL) break; @@ -4126,7 +4130,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, } #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG( NULL, (const unsigned char **)&sig, (long)siglen); if (ecdsaSig == NULL) @@ -4137,7 +4141,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, return ret; } #endif - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -4162,7 +4166,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e, (void)e; - if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0)) + if (type != WC_EVP_PKEY_HMAC || (key == NULL && keylen != 0)) return NULL; pkey = wolfSSL_EVP_PKEY_new(); @@ -4228,7 +4232,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, XMEMCPY(pkey->pkey.ptr, priv, (size_t)len); } pkey->pkey_sz = (int)len; - pkey->type = pkey->save_type = EVP_PKEY_CMAC; + pkey->type = pkey->save_type = WC_EVP_PKEY_CMAC; pkey->cmacCtx = ctx; } } @@ -4354,7 +4358,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, } } - if (pkey->type == EVP_PKEY_HMAC) { + if (pkey->type == WC_EVP_PKEY_HMAC) { int hashType; int ret; size_t keySz = 0; @@ -4581,7 +4585,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, } } #ifndef NO_RSA - else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) { + else if (ctx->pctx->pkey->type == WC_EVP_PKEY_RSA) { if (sig == NULL) { *siglen = (size_t)wolfSSL_RSA_size(ctx->pctx->pkey->rsa); return WOLFSSL_SUCCESS; @@ -4589,7 +4593,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, } #endif /* !NO_RSA */ #ifdef HAVE_ECC - else if (ctx->pctx->pkey->type == EVP_PKEY_EC) { + else if (ctx->pctx->pkey->type == WC_EVP_PKEY_EC) { if (sig == NULL) { /* SEQ + INT + INT */ *siglen = (size_t)ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx]. @@ -4615,7 +4619,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, /* Sign the digest. */ switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { unsigned int sigSz = (unsigned int)*siglen; int nid; const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); @@ -4633,7 +4637,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int len; WOLFSSL_ECDSA_SIG *ecdsaSig; ecdsaSig = wolfSSL_ECDSA_do_sign(digest, (int)hashLen, @@ -4718,7 +4722,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, /* Verify the signature with the digest. */ switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) - case EVP_PKEY_RSA: { + case WC_EVP_PKEY_RSA: { int nid; const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx); if (md == NULL) @@ -4733,7 +4737,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, #endif /* NO_RSA */ #ifdef HAVE_ECC - case EVP_PKEY_EC: { + case WC_EVP_PKEY_EC: { int ret; WOLFSSL_ECDSA_SIG *ecdsaSig; ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen); @@ -4955,159 +4959,161 @@ static const struct cipher{ #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, + {WC_AES_128_CBC_TYPE, EVP_AES_128_CBC, WC_NID_aes_128_cbc}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc}, + {WC_AES_192_CBC_TYPE, EVP_AES_192_CBC, WC_NID_aes_192_cbc}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc}, + {WC_AES_256_CBC_TYPE, EVP_AES_256_CBC, WC_NID_aes_256_cbc}, #endif #endif #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 - {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1}, + {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1}, + {WC_AES_192_CFB1_TYPE, EVP_AES_192_CFB1, WC_NID_aes_192_cfb1}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1}, + {WC_AES_256_CFB1_TYPE, EVP_AES_256_CFB1, WC_NID_aes_256_cfb1}, #endif #ifdef WOLFSSL_AES_128 - {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8}, + {WC_AES_128_CFB8_TYPE, EVP_AES_128_CFB8, WC_NID_aes_128_cfb8}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8}, + {WC_AES_192_CFB8_TYPE, EVP_AES_192_CFB8, WC_NID_aes_192_cfb8}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8}, + {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8}, #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 - {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128}, + {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128}, + {WC_AES_192_CFB128_TYPE, EVP_AES_192_CFB128, WC_NID_aes_192_cfb128}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128}, - #endif + {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128}, #endif + #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 - {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb}, + {WC_AES_128_OFB_TYPE, EVP_AES_128_OFB, WC_NID_aes_128_ofb}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb}, + {WC_AES_192_OFB_TYPE, EVP_AES_192_OFB, WC_NID_aes_192_ofb}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb}, + {WC_AES_256_OFB_TYPE, EVP_AES_256_OFB, WC_NID_aes_256_ofb}, #endif #endif #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 - {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts}, + {WC_AES_128_XTS_TYPE, EVP_AES_128_XTS, WC_NID_aes_128_xts}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts}, + {WC_AES_256_XTS_TYPE, EVP_AES_256_XTS, WC_NID_aes_256_xts}, #endif #endif #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 - {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm}, + {WC_AES_128_GCM_TYPE, EVP_AES_128_GCM, WC_NID_aes_128_gcm}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm}, + {WC_AES_192_GCM_TYPE, EVP_AES_192_GCM, WC_NID_aes_192_gcm}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm}, + {WC_AES_256_GCM_TYPE, EVP_AES_256_GCM, WC_NID_aes_256_gcm}, #endif #endif #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 - {AES_128_CCM_TYPE, EVP_AES_128_CCM, NID_aes_128_ccm}, + {WC_AES_128_CCM_TYPE, EVP_AES_128_CCM, WC_NID_aes_128_ccm}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CCM_TYPE, EVP_AES_192_CCM, NID_aes_192_ccm}, + {WC_AES_192_CCM_TYPE, EVP_AES_192_CCM, WC_NID_aes_192_ccm}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CCM_TYPE, EVP_AES_256_CCM, NID_aes_256_ccm}, + {WC_AES_256_CCM_TYPE, EVP_AES_256_CCM, WC_NID_aes_256_ccm}, #endif #endif #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 - {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr}, + {WC_AES_128_CTR_TYPE, EVP_AES_128_CTR, WC_NID_aes_128_ctr}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr}, + {WC_AES_192_CTR_TYPE, EVP_AES_192_CTR, WC_NID_aes_192_ctr}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr}, + {WC_AES_256_CTR_TYPE, EVP_AES_256_CTR, WC_NID_aes_256_ctr}, #endif #endif #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 - {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb}, + {WC_AES_128_ECB_TYPE, EVP_AES_128_ECB, WC_NID_aes_128_ecb}, #endif #ifdef WOLFSSL_AES_192 - {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb}, + {WC_AES_192_ECB_TYPE, EVP_AES_192_ECB, WC_NID_aes_192_ecb}, #endif #ifdef WOLFSSL_AES_256 - {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb}, + {WC_AES_256_ECB_TYPE, EVP_AES_256_ECB, WC_NID_aes_256_ecb}, #endif #endif #endif #ifdef HAVE_ARIA - {ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, NID_aria_128_gcm}, - {ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, NID_aria_192_gcm}, - {ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, NID_aria_256_gcm}, + {WC_ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, WC_NID_aria_128_gcm}, + {WC_ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, WC_NID_aria_192_gcm}, + {WC_ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, WC_NID_aria_256_gcm}, #endif #ifndef NO_DES3 - {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc}, - {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb}, + {WC_DES_CBC_TYPE, EVP_DES_CBC, WC_NID_des_cbc}, + {WC_DES_ECB_TYPE, EVP_DES_ECB, WC_NID_des_ecb}, - {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc}, - {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb}, + {WC_DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, WC_NID_des_ede3_cbc}, + {WC_DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, WC_NID_des_ede3_ecb}, #endif #ifndef NO_RC4 - {ARC4_TYPE, EVP_ARC4, NID_undef}, + {WC_ARC4_TYPE, EVP_ARC4, WC_NID_undef}, #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - {CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, NID_chacha20_poly1305}, + {WC_CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, WC_NID_chacha20_poly1305}, #endif #ifdef HAVE_CHACHA - {CHACHA20_TYPE, EVP_CHACHA20, NID_chacha20}, + {WC_CHACHA20_TYPE, EVP_CHACHA20, WC_NID_chacha20}, #endif #ifdef WOLFSSL_SM4_ECB - {SM4_ECB_TYPE, EVP_SM4_ECB, NID_sm4_ecb}, + {WC_SM4_ECB_TYPE, EVP_SM4_ECB, WC_NID_sm4_ecb}, #endif #ifdef WOLFSSL_SM4_CBC - {SM4_CBC_TYPE, EVP_SM4_CBC, NID_sm4_cbc}, + {WC_SM4_CBC_TYPE, EVP_SM4_CBC, WC_NID_sm4_cbc}, #endif #ifdef WOLFSSL_SM4_CTR - {SM4_CTR_TYPE, EVP_SM4_CTR, NID_sm4_ctr}, + {WC_SM4_CTR_TYPE, EVP_SM4_CTR, WC_NID_sm4_ctr}, #endif #ifdef WOLFSSL_SM4_GCM - {SM4_GCM_TYPE, EVP_SM4_GCM, NID_sm4_gcm}, + {WC_SM4_GCM_TYPE, EVP_SM4_GCM, WC_NID_sm4_gcm}, #endif #ifdef WOLFSSL_SM4_CCM - {SM4_CCM_TYPE, EVP_SM4_CCM, NID_sm4_ccm}, + {WC_SM4_CCM_TYPE, EVP_SM4_CCM, WC_NID_sm4_ccm}, #endif { 0, NULL, 0} @@ -5293,128 +5299,128 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - case NID_aes_128_cbc: + case WC_NID_aes_128_cbc: return wolfSSL_EVP_aes_128_cbc(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_cbc: + case WC_NID_aes_192_cbc: return wolfSSL_EVP_aes_192_cbc(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_cbc: + case WC_NID_aes_256_cbc: return wolfSSL_EVP_aes_256_cbc(); #endif #endif #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 - case NID_aes_128_ctr: + case WC_NID_aes_128_ctr: return wolfSSL_EVP_aes_128_ctr(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_ctr: + case WC_NID_aes_192_ctr: return wolfSSL_EVP_aes_192_ctr(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_ctr: + case WC_NID_aes_256_ctr: return wolfSSL_EVP_aes_256_ctr(); #endif #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 - case NID_aes_128_ecb: + case WC_NID_aes_128_ecb: return wolfSSL_EVP_aes_128_ecb(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_ecb: + case WC_NID_aes_192_ecb: return wolfSSL_EVP_aes_192_ecb(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_ecb: + case WC_NID_aes_256_ecb: return wolfSSL_EVP_aes_256_ecb(); #endif #endif /* HAVE_AES_ECB */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 - case NID_aes_128_gcm: + case WC_NID_aes_128_gcm: return wolfSSL_EVP_aes_128_gcm(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_gcm: + case WC_NID_aes_192_gcm: return wolfSSL_EVP_aes_192_gcm(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_gcm: + case WC_NID_aes_256_gcm: return wolfSSL_EVP_aes_256_gcm(); #endif #endif #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 - case NID_aes_128_ccm: + case WC_NID_aes_128_ccm: return wolfSSL_EVP_aes_128_ccm(); #endif #ifdef WOLFSSL_AES_192 - case NID_aes_192_ccm: + case WC_NID_aes_192_ccm: return wolfSSL_EVP_aes_192_ccm(); #endif #ifdef WOLFSSL_AES_256 - case NID_aes_256_ccm: + case WC_NID_aes_256_ccm: return wolfSSL_EVP_aes_256_ccm(); #endif #endif #endif #ifdef HAVE_ARIA - case NID_aria_128_gcm: + case WC_NID_aria_128_gcm: return wolfSSL_EVP_aria_128_gcm(); - case NID_aria_192_gcm: + case WC_NID_aria_192_gcm: return wolfSSL_EVP_aria_192_gcm(); - case NID_aria_256_gcm: + case WC_NID_aria_256_gcm: return wolfSSL_EVP_aria_256_gcm(); #endif #ifndef NO_DES3 - case NID_des_cbc: + case WC_NID_des_cbc: return wolfSSL_EVP_des_cbc(); #ifdef WOLFSSL_DES_ECB - case NID_des_ecb: + case WC_NID_des_ecb: return wolfSSL_EVP_des_ecb(); #endif - case NID_des_ede3_cbc: + case WC_NID_des_ede3_cbc: return wolfSSL_EVP_des_ede3_cbc(); #ifdef WOLFSSL_DES_ECB - case NID_des_ede3_ecb: + case WC_NID_des_ede3_ecb: return wolfSSL_EVP_des_ede3_ecb(); #endif #endif /*NO_DES3*/ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case NID_chacha20_poly1305: + case WC_NID_chacha20_poly1305: return wolfSSL_EVP_chacha20_poly1305(); #endif #ifdef HAVE_CHACHA - case NID_chacha20: + case WC_NID_chacha20: return wolfSSL_EVP_chacha20(); #endif #ifdef WOLFSSL_SM4_ECB - case NID_sm4_ecb: + case WC_NID_sm4_ecb: return wolfSSL_EVP_sm4_ecb(); #endif #ifdef WOLFSSL_SM4_CBC - case NID_sm4_cbc: + case WC_NID_sm4_cbc: return wolfSSL_EVP_sm4_cbc(); #endif #ifdef WOLFSSL_SM4_CTR - case NID_sm4_ctr: + case WC_NID_sm4_ctr: return wolfSSL_EVP_sm4_ctr(); #endif #ifdef WOLFSSL_SM4_GCM - case NID_sm4_gcm: + case WC_NID_sm4_gcm: return wolfSSL_EVP_sm4_gcm(); #endif #ifdef WOLFSSL_SM4_CCM - case NID_sm4_ccm: + case WC_NID_sm4_ccm: return wolfSSL_EVP_sm4_ccm(); #endif @@ -5622,7 +5628,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) { @@ -5670,7 +5676,7 @@ void wolfSSL_EVP_init(void) return EVP_AES_256_CFB8; } #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) @@ -5992,22 +5998,22 @@ void wolfSSL_EVP_init(void) WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_ctrl"); switch(type) { - case EVP_CTRL_INIT: + case WOLFSSL_EVP_CTRL_INIT: wolfSSL_EVP_CIPHER_CTX_init(ctx); if(ctx) ret = WOLFSSL_SUCCESS; break; - case EVP_CTRL_SET_KEY_LENGTH: + case WOLFSSL_EVP_CTRL_SET_KEY_LENGTH: ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); break; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \ (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - case EVP_CTRL_AEAD_SET_IVLEN: + case WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE) { + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) { if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) { break; } @@ -6015,7 +6021,7 @@ void wolfSSL_EVP_init(void) else #endif /* HAVE_CHACHA && HAVE_POLY1305 */ #if defined(WOLFSSL_SM4_GCM) - if (ctx->cipherType == SM4_GCM_TYPE) { + if (ctx->cipherType == WC_SM4_GCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6023,7 +6029,7 @@ void wolfSSL_EVP_init(void) else #endif #if defined(WOLFSSL_SM4_CCM) - if (ctx->cipherType == SM4_CCM_TYPE) { + if (ctx->cipherType == WC_SM4_CCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6031,7 +6037,7 @@ void wolfSSL_EVP_init(void) else #endif { - if (arg <= 0 || arg > AES_BLOCK_SIZE) + if (arg <= 0 || arg > WC_AES_BLOCK_SIZE) break; } ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); @@ -6039,7 +6045,7 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM) || \ (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - case EVP_CTRL_AEAD_SET_IV_FIXED: + case WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; if (arg == -1) { @@ -6098,7 +6104,7 @@ void wolfSSL_EVP_init(void) * EVP_CipherInit between each iteration. The IV is incremented for * each subsequent EVP_Cipher call to prevent IV reuse. */ - case EVP_CTRL_GCM_IV_GEN: + case WOLFSSL_EVP_CTRL_GCM_IV_GEN: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; if (!ctx->authIvGenEnable) { @@ -6134,11 +6140,11 @@ void wolfSSL_EVP_init(void) break; #endif /* (HAVE_AESGCM || WOLFSSL_SM4_GCM) && !_WIN32 && !HAVE_SELFTEST && * !HAVE_FIPS || FIPS_VERSION >= 2)*/ - case EVP_CTRL_AEAD_SET_TAG: + case WOLFSSL_EVP_CTRL_AEAD_SET_TAG: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE) { + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) { if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) { break; } @@ -6152,7 +6158,7 @@ void wolfSSL_EVP_init(void) else #endif /* HAVE_CHACHA && HAVE_POLY1305 */ #if defined(WOLFSSL_SM4_GCM) - if (ctx->cipherType == SM4_GCM_TYPE) { + if (ctx->cipherType == WC_SM4_GCM_TYPE) { if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) { break; } @@ -6165,7 +6171,7 @@ void wolfSSL_EVP_init(void) else #endif #if defined(WOLFSSL_SM4_CCM) - if (ctx->cipherType == SM4_CCM_TYPE) { + if (ctx->cipherType == WC_SM4_CCM_TYPE) { if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) { break; } @@ -6186,12 +6192,12 @@ void wolfSSL_EVP_init(void) ret = WOLFSSL_SUCCESS; break; } - case EVP_CTRL_AEAD_GET_TAG: + case WOLFSSL_EVP_CTRL_AEAD_GET_TAG: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE) { + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) { if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) { break; } @@ -6199,7 +6205,7 @@ void wolfSSL_EVP_init(void) else #endif /* HAVE_CHACHA && HAVE_POLY1305 */ #if defined(WOLFSSL_SM4_GCM) - if (ctx->cipherType == SM4_GCM_TYPE) { + if (ctx->cipherType == WC_SM4_GCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6207,7 +6213,7 @@ void wolfSSL_EVP_init(void) else #endif #if defined(WOLFSSL_SM4_CCM) - if (ctx->cipherType == SM4_CCM_TYPE) { + if (ctx->cipherType == WC_SM4_CCM_TYPE) { if (arg <= 0 || arg > SM4_BLOCK_SIZE) { break; } @@ -6215,7 +6221,7 @@ void wolfSSL_EVP_init(void) else #endif { - if (arg <= 0 || arg > AES_BLOCK_SIZE) + if (arg <= 0 || arg > WC_AES_BLOCK_SIZE) break; } @@ -6252,62 +6258,62 @@ void wolfSSL_EVP_init(void) defined(WOLFSSL_AES_XTS) #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: #endif /* HAVE_AESGCM */ #if defined(HAVE_AESCCM) - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: #endif /* HAVE_AESCCM */ #ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: + case WC_AES_128_CBC_TYPE: + case WC_AES_192_CBC_TYPE: + case WC_AES_256_CBC_TYPE: #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: + case WC_AES_128_CTR_TYPE: + case WC_AES_192_CTR_TYPE: + case WC_AES_256_CTR_TYPE: #endif #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: + case WC_AES_128_ECB_TYPE: + case WC_AES_192_ECB_TYPE: + case WC_AES_256_ECB_TYPE: #endif #ifdef WOLFSSL_AES_CFB - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: #endif #ifdef WOLFSSL_AES_OFB - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: #endif wc_AesFree(&ctx->cipher.aes); ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: wc_AesXtsFree(&ctx->cipher.xts); ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #endif #endif /* AES */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: { int result = wc_AriaFreeCrypt(&ctx->cipher.aria); if (result != 0) { @@ -6324,19 +6330,19 @@ void wolfSSL_EVP_init(void) #ifdef WOLFSSL_SM4 switch (ctx->cipherType) { #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: + case WC_SM4_ECB_TYPE: #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: + case WC_SM4_CBC_TYPE: #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: + case WC_SM4_CTR_TYPE: #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: + case WC_SM4_GCM_TYPE: #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: + case WC_SM4_CCM_TYPE: #endif wc_Sm4Free(&ctx->cipher.sm4); } @@ -6462,7 +6468,7 @@ void wolfSSL_EVP_init(void) /* wc_AesSetKey clear aes.reg if iv == NULL. Keep IV for openSSL compatibility */ if (iv == NULL) - XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); + XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, WC_AES_BLOCK_SIZE); if (direct) { #if defined(WOLFSSL_AES_DIRECT) ret = wc_AesSetKeyDirect(aes, key, len, iv, dir); @@ -6474,7 +6480,7 @@ void wolfSSL_EVP_init(void) ret = wc_AesSetKey(aes, key, len, iv, dir); } if (iv == NULL) - XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); + XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, WC_AES_BLOCK_SIZE); return ret; } #endif /* AES_ANY_SIZE && AES_SET_KEY */ @@ -6492,8 +6498,8 @@ void wolfSSL_EVP_init(void) ctx->authIn = NULL; ctx->authInSz = 0; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->authTagSz = WC_AES_BLOCK_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; } @@ -6505,26 +6511,26 @@ void wolfSSL_EVP_init(void) } #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_GCM_TYPE || + if (ctx->cipherType == WC_AES_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) { WOLFSSL_MSG("EVP_AES_128_GCM"); - ctx->cipherType = AES_128_GCM_TYPE; + ctx->cipherType = WC_AES_128_GCM_TYPE; ctx->keyLen = AES_128_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_GCM_TYPE || + if (ctx->cipherType == WC_AES_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) { WOLFSSL_MSG("EVP_AES_192_GCM"); - ctx->cipherType = AES_192_GCM_TYPE; + ctx->cipherType = WC_AES_192_GCM_TYPE; ctx->keyLen = AES_192_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_GCM_TYPE || + if (ctx->cipherType == WC_AES_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) { WOLFSSL_MSG("EVP_AES_256_GCM"); - ctx->cipherType = AES_256_GCM_TYPE; + ctx->cipherType = WC_AES_256_GCM_TYPE; ctx->keyLen = AES_256_KEY_SIZE; } #endif @@ -6697,8 +6703,8 @@ void wolfSSL_EVP_init(void) ctx->authIn = NULL; ctx->authInSz = 0; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->authTagSz = WC_AES_BLOCK_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; } @@ -6710,26 +6716,26 @@ void wolfSSL_EVP_init(void) } #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CCM_TYPE || + if (ctx->cipherType == WC_AES_128_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))) { WOLFSSL_MSG("EVP_AES_128_CCM"); - ctx->cipherType = AES_128_CCM_TYPE; + ctx->cipherType = WC_AES_128_CCM_TYPE; ctx->keyLen = AES_128_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CCM_TYPE || + if (ctx->cipherType == WC_AES_192_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))) { WOLFSSL_MSG("EVP_AES_192_CCM"); - ctx->cipherType = AES_192_CCM_TYPE; + ctx->cipherType = WC_AES_192_CCM_TYPE; ctx->keyLen = AES_192_KEY_SIZE; } #endif #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CCM_TYPE || + if (ctx->cipherType == WC_AES_256_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))) { WOLFSSL_MSG("EVP_AES_256_CCM"); - ctx->cipherType = AES_256_CCM_TYPE; + ctx->cipherType = WC_AES_256_CCM_TYPE; ctx->keyLen = AES_256_KEY_SIZE; } #endif @@ -6822,20 +6828,20 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->cipherType == ARIA_128_GCM_TYPE || + if (ctx->cipherType == WC_ARIA_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) { WOLFSSL_MSG("EVP_ARIA_128_GCM"); - ctx->cipherType = ARIA_128_GCM_TYPE; + ctx->cipherType = WC_ARIA_128_GCM_TYPE; ctx->keyLen = ARIA_128_KEY_SIZE; - } else if (ctx->cipherType == ARIA_192_GCM_TYPE || + } else if (ctx->cipherType == WC_ARIA_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) { WOLFSSL_MSG("EVP_ARIA_192_GCM"); - ctx->cipherType = ARIA_192_GCM_TYPE; + ctx->cipherType = WC_ARIA_192_GCM_TYPE; ctx->keyLen = ARIA_192_KEY_SIZE; - } else if (ctx->cipherType == ARIA_256_GCM_TYPE || + } else if (ctx->cipherType == WC_ARIA_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) { WOLFSSL_MSG("EVP_ARIA_256_GCM"); - ctx->cipherType = ARIA_256_GCM_TYPE; + ctx->cipherType = WC_ARIA_256_GCM_TYPE; ctx->keyLen = ARIA_256_KEY_SIZE; } else { WOLFSSL_MSG("Unrecognized cipher type"); @@ -6846,8 +6852,8 @@ void wolfSSL_EVP_init(void) ctx->authIn = NULL; ctx->authInSz = 0; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->authTagSz = WC_AES_BLOCK_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; } @@ -6859,13 +6865,13 @@ void wolfSSL_EVP_init(void) } switch(ctx->cipherType) { - case ARIA_128_GCM_TYPE: + case WC_ARIA_128_GCM_TYPE: ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY); break; - case ARIA_192_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY); break; - case ARIA_256_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY); break; default: @@ -6931,15 +6937,15 @@ void wolfSSL_EVP_init(void) #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CBC_TYPE || + if (ctx->cipherType == WC_AES_128_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) { WOLFSSL_MSG("EVP_AES_128_CBC"); - ctx->cipherType = AES_128_CBC_TYPE; + ctx->cipherType = WC_AES_128_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -6961,15 +6967,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CBC_TYPE || + if (ctx->cipherType == WC_AES_192_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) { WOLFSSL_MSG("EVP_AES_192_CBC"); - ctx->cipherType = AES_192_CBC_TYPE; + ctx->cipherType = WC_AES_192_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -6991,15 +6997,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CBC_TYPE || + if (ctx->cipherType == WC_AES_256_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) { WOLFSSL_MSG("EVP_AES_256_CBC"); - ctx->cipherType = AES_256_CBC_TYPE; + ctx->cipherType = WC_AES_256_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7029,15 +7035,15 @@ void wolfSSL_EVP_init(void) || FIPS_VERSION_GE(2,0)) if (FALSE #ifdef WOLFSSL_AES_128 - || ctx->cipherType == AES_128_GCM_TYPE || + || ctx->cipherType == WC_AES_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM)) #endif #ifdef WOLFSSL_AES_192 - || ctx->cipherType == AES_192_GCM_TYPE || + || ctx->cipherType == WC_AES_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM)) #endif #ifdef WOLFSSL_AES_256 - || ctx->cipherType == AES_256_GCM_TYPE || + || ctx->cipherType == WC_AES_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM)) #endif ) { @@ -7053,15 +7059,15 @@ void wolfSSL_EVP_init(void) || FIPS_VERSION_GE(2,0)) if (FALSE #ifdef WOLFSSL_AES_128 - || ctx->cipherType == AES_128_CCM_TYPE || + || ctx->cipherType == WC_AES_128_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM)) #endif #ifdef WOLFSSL_AES_192 - || ctx->cipherType == AES_192_CCM_TYPE || + || ctx->cipherType == WC_AES_192_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM)) #endif #ifdef WOLFSSL_AES_256 - || ctx->cipherType == AES_256_CCM_TYPE || + || ctx->cipherType == WC_AES_256_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM)) #endif ) @@ -7075,15 +7081,15 @@ void wolfSSL_EVP_init(void) * HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CTR_TYPE || + if (ctx->cipherType == WC_AES_128_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) { WOLFSSL_MSG("EVP_AES_128_CTR"); ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; - ctx->cipherType = AES_128_CTR_TYPE; + ctx->cipherType = WC_AES_128_CTR_TYPE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 16; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -7108,15 +7114,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CTR_TYPE || + if (ctx->cipherType == WC_AES_192_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) { WOLFSSL_MSG("EVP_AES_192_CTR"); - ctx->cipherType = AES_192_CTR_TYPE; + ctx->cipherType = WC_AES_192_CTR_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 24; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -7141,15 +7147,15 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CTR_TYPE || + if (ctx->cipherType == WC_AES_256_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) { WOLFSSL_MSG("EVP_AES_256_CTR"); - ctx->cipherType = AES_256_CTR_TYPE; + ctx->cipherType = WC_AES_256_CTR_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 32; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -7176,14 +7182,14 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_ECB #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_ECB_TYPE || + if (ctx->cipherType == WC_AES_128_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) { WOLFSSL_MSG("EVP_AES_128_ECB"); - ctx->cipherType = AES_128_ECB_TYPE; + ctx->cipherType = WC_AES_128_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7200,14 +7206,14 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_ECB_TYPE || + if (ctx->cipherType == WC_AES_192_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) { WOLFSSL_MSG("EVP_AES_192_ECB"); - ctx->cipherType = AES_192_ECB_TYPE; + ctx->cipherType = WC_AES_192_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7224,14 +7230,14 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_ECB_TYPE || + if (ctx->cipherType == WC_AES_256_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) { WOLFSSL_MSG("EVP_AES_256_ECB"); - ctx->cipherType = AES_256_ECB_TYPE; + ctx->cipherType = WC_AES_256_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; + ctx->block_size = WC_AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) { @@ -7249,11 +7255,12 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_ECB */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB1_TYPE || + if (ctx->cipherType == WC_AES_128_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) { WOLFSSL_MSG("EVP_AES_128_CFB1"); - ctx->cipherType = AES_128_CFB1_TYPE; + ctx->cipherType = WC_AES_128_CFB1_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 16; @@ -7279,10 +7286,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB1_TYPE || + if (ctx->cipherType == WC_AES_192_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) { WOLFSSL_MSG("EVP_AES_192_CFB1"); - ctx->cipherType = AES_192_CFB1_TYPE; + ctx->cipherType = WC_AES_192_CFB1_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 24; @@ -7308,10 +7315,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB1_TYPE || + if (ctx->cipherType == WC_AES_256_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) { WOLFSSL_MSG("EVP_AES_256_CFB1"); - ctx->cipherType = AES_256_CFB1_TYPE; + ctx->cipherType = WC_AES_256_CFB1_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 32; @@ -7341,10 +7348,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_256 */ #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB8_TYPE || + if (ctx->cipherType == WC_AES_128_CFB8_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) { WOLFSSL_MSG("EVP_AES_128_CFB8"); - ctx->cipherType = AES_128_CFB8_TYPE; + ctx->cipherType = WC_AES_128_CFB8_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 16; @@ -7370,10 +7377,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB8_TYPE || + if (ctx->cipherType == WC_AES_192_CFB8_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) { WOLFSSL_MSG("EVP_AES_192_CFB8"); - ctx->cipherType = AES_192_CFB8_TYPE; + ctx->cipherType = WC_AES_192_CFB8_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 24; @@ -7399,10 +7406,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB8_TYPE || + if (ctx->cipherType == WC_AES_256_CFB8_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) { WOLFSSL_MSG("EVP_AES_256_CFB8"); - ctx->cipherType = AES_256_CFB8_TYPE; + ctx->cipherType = WC_AES_256_CFB8_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 32; @@ -7431,11 +7438,12 @@ void wolfSSL_EVP_init(void) } } #endif /* WOLFSSL_AES_256 */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB128_TYPE || + if (ctx->cipherType == WC_AES_128_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) { WOLFSSL_MSG("EVP_AES_128_CFB128"); - ctx->cipherType = AES_128_CFB128_TYPE; + ctx->cipherType = WC_AES_128_CFB128_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 16; @@ -7461,10 +7469,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB128_TYPE || + if (ctx->cipherType == WC_AES_192_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) { WOLFSSL_MSG("EVP_AES_192_CFB128"); - ctx->cipherType = AES_192_CFB128_TYPE; + ctx->cipherType = WC_AES_192_CFB128_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 24; @@ -7490,10 +7498,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB128_TYPE || + if (ctx->cipherType == WC_AES_256_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) { WOLFSSL_MSG("EVP_AES_256_CFB128"); - ctx->cipherType = AES_256_CFB128_TYPE; + ctx->cipherType = WC_AES_256_CFB128_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; ctx->keyLen = 32; @@ -7525,10 +7533,10 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_OFB_TYPE || + if (ctx->cipherType == WC_AES_128_OFB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) { WOLFSSL_MSG("EVP_AES_128_OFB"); - ctx->cipherType = AES_128_OFB_TYPE; + ctx->cipherType = WC_AES_128_OFB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; ctx->keyLen = 16; @@ -7554,10 +7562,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_OFB_TYPE || + if (ctx->cipherType == WC_AES_192_OFB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) { WOLFSSL_MSG("EVP_AES_192_OFB"); - ctx->cipherType = AES_192_OFB_TYPE; + ctx->cipherType = WC_AES_192_OFB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; ctx->keyLen = 24; @@ -7583,10 +7591,10 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_OFB_TYPE || + if (ctx->cipherType == WC_AES_256_OFB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) { WOLFSSL_MSG("EVP_AES_256_OFB"); - ctx->cipherType = AES_256_OFB_TYPE; + ctx->cipherType = WC_AES_256_OFB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; ctx->keyLen = 32; @@ -7619,22 +7627,22 @@ void wolfSSL_EVP_init(void) #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_XTS_TYPE || + if (ctx->cipherType == WC_AES_128_XTS_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) { WOLFSSL_MSG("EVP_AES_128_XTS"); - ctx->cipherType = AES_128_XTS_TYPE; + ctx->cipherType = WC_AES_128_XTS_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; ctx->keyLen = 32; ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (iv != NULL) { if (iv != ctx->iv) /* Valgrind error when src == dst */ XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz); } else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7660,22 +7668,22 @@ void wolfSSL_EVP_init(void) } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_XTS_TYPE || + if (ctx->cipherType == WC_AES_256_XTS_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) { WOLFSSL_MSG("EVP_AES_256_XTS"); - ctx->cipherType = AES_256_XTS_TYPE; + ctx->cipherType = WC_AES_256_XTS_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; ctx->keyLen = 64; ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; + ctx->ivSz = WC_AES_BLOCK_SIZE; if (iv != NULL) { if (iv != ctx->iv) /* Valgrind error when src == dst */ XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz); } else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE); if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7704,11 +7712,11 @@ void wolfSSL_EVP_init(void) (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #endif /* NO_AES */ #if defined(HAVE_ARIA) - if (ctx->cipherType == ARIA_128_GCM_TYPE || + if (ctx->cipherType == WC_ARIA_128_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM)) - || ctx->cipherType == ARIA_192_GCM_TYPE || + || ctx->cipherType == WC_ARIA_192_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM)) - || ctx->cipherType == ARIA_256_GCM_TYPE || + || ctx->cipherType == WC_ARIA_256_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM)) ) { if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc) @@ -7721,10 +7729,10 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - if (ctx->cipherType == CHACHA20_POLY1305_TYPE || + if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) { WOLFSSL_MSG("EVP_CHACHA20_POLY1305"); - ctx->cipherType = CHACHA20_POLY1305_TYPE; + ctx->cipherType = WC_CHACHA20_POLY1305_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; ctx->keyLen = CHACHA20_POLY1305_AEAD_KEYSIZE; @@ -7758,10 +7766,10 @@ void wolfSSL_EVP_init(void) } #endif #ifdef HAVE_CHACHA - if (ctx->cipherType == CHACHA20_TYPE || + if (ctx->cipherType == WC_CHACHA20_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20))) { WOLFSSL_MSG("EVP_CHACHA20"); - ctx->cipherType = CHACHA20_TYPE; + ctx->cipherType = WC_CHACHA20_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->keyLen = CHACHA_MAX_KEY_SZ; ctx->block_size = 1; @@ -7791,10 +7799,10 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_ECB - if (ctx->cipherType == SM4_ECB_TYPE || + if (ctx->cipherType == WC_SM4_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_ECB))) { WOLFSSL_MSG("EVP_SM4_ECB"); - ctx->cipherType = SM4_ECB_TYPE; + ctx->cipherType = WC_SM4_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = SM4_KEY_SIZE; @@ -7810,10 +7818,10 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_CBC - if (ctx->cipherType == SM4_CBC_TYPE || + if (ctx->cipherType == WC_SM4_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CBC))) { WOLFSSL_MSG("EVP_SM4_CBC"); - ctx->cipherType = SM4_CBC_TYPE; + ctx->cipherType = WC_SM4_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = SM4_KEY_SIZE; @@ -7836,14 +7844,14 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_CTR - if (ctx->cipherType == SM4_CTR_TYPE || + if (ctx->cipherType == WC_SM4_CTR_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CTR))) { WOLFSSL_MSG("EVP_SM4_CTR"); - ctx->cipherType = SM4_CTR_TYPE; + ctx->cipherType = WC_SM4_CTR_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = SM4_KEY_SIZE; - ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; ctx->ivSz = SM4_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7862,14 +7870,14 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_GCM - if (ctx->cipherType == SM4_GCM_TYPE || + if (ctx->cipherType == WC_SM4_GCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_GCM))) { WOLFSSL_MSG("EVP_SM4_GCM"); - ctx->cipherType = SM4_GCM_TYPE; + ctx->cipherType = WC_SM4_GCM_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; - ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; ctx->keyLen = SM4_KEY_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; @@ -7892,14 +7900,14 @@ void wolfSSL_EVP_init(void) } #endif #ifdef WOLFSSL_SM4_CCM - if (ctx->cipherType == SM4_CCM_TYPE || + if (ctx->cipherType == WC_SM4_CCM_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CCM))) { WOLFSSL_MSG("EVP_SM4_CCM"); - ctx->cipherType = SM4_CCM_TYPE; + ctx->cipherType = WC_SM4_CCM_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE | WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; - ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE; ctx->keyLen = SM4_KEY_SIZE; if (ctx->ivSz == 0) { ctx->ivSz = GCM_NONCE_MID_SZ; @@ -7922,10 +7930,10 @@ void wolfSSL_EVP_init(void) } #endif #ifndef NO_DES3 - if (ctx->cipherType == DES_CBC_TYPE || + if (ctx->cipherType == WC_DES_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) { WOLFSSL_MSG("EVP_DES_CBC"); - ctx->cipherType = DES_CBC_TYPE; + ctx->cipherType = WC_DES_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 8; @@ -7944,10 +7952,10 @@ void wolfSSL_EVP_init(void) wc_Des_SetIV(&ctx->cipher.des, iv); } #ifdef WOLFSSL_DES_ECB - else if (ctx->cipherType == DES_ECB_TYPE || + else if (ctx->cipherType == WC_DES_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) { WOLFSSL_MSG("EVP_DES_ECB"); - ctx->cipherType = DES_ECB_TYPE; + ctx->cipherType = WC_DES_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 8; @@ -7963,11 +7971,11 @@ void wolfSSL_EVP_init(void) } } #endif - else if (ctx->cipherType == DES_EDE3_CBC_TYPE || + else if (ctx->cipherType == WC_DES_EDE3_CBC_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) { WOLFSSL_MSG("EVP_DES_EDE3_CBC"); - ctx->cipherType = DES_EDE3_CBC_TYPE; + ctx->cipherType = WC_DES_EDE3_CBC_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; @@ -7988,11 +7996,11 @@ void wolfSSL_EVP_init(void) return WOLFSSL_FAILURE; } } - else if (ctx->cipherType == DES_EDE3_ECB_TYPE || + else if (ctx->cipherType == WC_DES_EDE3_ECB_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) { WOLFSSL_MSG("EVP_DES_EDE3_ECB"); - ctx->cipherType = DES_EDE3_ECB_TYPE; + ctx->cipherType = WC_DES_EDE3_ECB_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; ctx->keyLen = 24; @@ -8008,10 +8016,10 @@ void wolfSSL_EVP_init(void) } #endif /* NO_DES3 */ #ifndef NO_RC4 - if (ctx->cipherType == ARC4_TYPE || + if (ctx->cipherType == WC_ARC4_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) { WOLFSSL_MSG("ARC4"); - ctx->cipherType = ARC4_TYPE; + ctx->cipherType = WC_ARC4_TYPE; ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE; ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; ctx->block_size = 1; @@ -8021,10 +8029,10 @@ void wolfSSL_EVP_init(void) wc_Arc4SetKey(&ctx->cipher.arc4, key, (word32)ctx->keyLen); } #endif /* NO_RC4 */ - if (ctx->cipherType == NULL_CIPHER_TYPE || + if (ctx->cipherType == WC_NULL_CIPHER_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) { WOLFSSL_MSG("NULL cipher"); - ctx->cipherType = NULL_CIPHER_TYPE; + ctx->cipherType = WC_NULL_CIPHER_TYPE; ctx->keyLen = 0; ctx->block_size = 16; } @@ -8045,120 +8053,120 @@ void wolfSSL_EVP_init(void) WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_nid"); if (ctx == NULL) { WOLFSSL_ERROR_MSG("Bad parameters"); - return NID_undef; + return WC_NID_undef; } switch (ctx->cipherType) { #ifndef NO_AES #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - return NID_aes_128_cbc; - case AES_192_CBC_TYPE : - return NID_aes_192_cbc; - case AES_256_CBC_TYPE : - return NID_aes_256_cbc; + case WC_AES_128_CBC_TYPE : + return WC_NID_aes_128_cbc; + case WC_AES_192_CBC_TYPE : + return WC_NID_aes_192_cbc; + case WC_AES_256_CBC_TYPE : + return WC_NID_aes_256_cbc; #endif #ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - return NID_aes_128_gcm; - case AES_192_GCM_TYPE : - return NID_aes_192_gcm; - case AES_256_GCM_TYPE : - return NID_aes_256_gcm; + case WC_AES_128_GCM_TYPE : + return WC_NID_aes_128_gcm; + case WC_AES_192_GCM_TYPE : + return WC_NID_aes_192_gcm; + case WC_AES_256_GCM_TYPE : + return WC_NID_aes_256_gcm; #endif #ifdef HAVE_AESCCM - case AES_128_CCM_TYPE : - return NID_aes_128_ccm; - case AES_192_CCM_TYPE : - return NID_aes_192_ccm; - case AES_256_CCM_TYPE : - return NID_aes_256_ccm; + case WC_AES_128_CCM_TYPE : + return WC_NID_aes_128_ccm; + case WC_AES_192_CCM_TYPE : + return WC_NID_aes_192_ccm; + case WC_AES_256_CCM_TYPE : + return WC_NID_aes_256_ccm; #endif #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - return NID_aes_128_ecb; - case AES_192_ECB_TYPE : - return NID_aes_192_ecb; - case AES_256_ECB_TYPE : - return NID_aes_256_ecb; + case WC_AES_128_ECB_TYPE : + return WC_NID_aes_128_ecb; + case WC_AES_192_ECB_TYPE : + return WC_NID_aes_192_ecb; + case WC_AES_256_ECB_TYPE : + return WC_NID_aes_256_ecb; #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - return NID_aes_128_ctr; - case AES_192_CTR_TYPE : - return NID_aes_192_ctr; - case AES_256_CTR_TYPE : - return NID_aes_256_ctr; + case WC_AES_128_CTR_TYPE : + return WC_NID_aes_128_ctr; + case WC_AES_192_CTR_TYPE : + return WC_NID_aes_192_ctr; + case WC_AES_256_CTR_TYPE : + return WC_NID_aes_256_ctr; #endif #endif /* NO_AES */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - return NID_aria_128_gcm; - case ARIA_192_GCM_TYPE : - return NID_aria_192_gcm; - case ARIA_256_GCM_TYPE : - return NID_aria_256_gcm; + case WC_ARIA_128_GCM_TYPE : + return WC_NID_aria_128_gcm; + case WC_ARIA_192_GCM_TYPE : + return WC_NID_aria_192_gcm; + case WC_ARIA_256_GCM_TYPE : + return WC_NID_aria_256_gcm; #endif #ifndef NO_DES3 - case DES_CBC_TYPE : - return NID_des_cbc; + case WC_DES_CBC_TYPE : + return WC_NID_des_cbc; - case DES_EDE3_CBC_TYPE : - return NID_des_ede3_cbc; + case WC_DES_EDE3_CBC_TYPE : + return WC_NID_des_ede3_cbc; #endif #ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - return NID_des_ecb; - case DES_EDE3_ECB_TYPE : - return NID_des_ede3_ecb; + case WC_DES_ECB_TYPE : + return WC_NID_des_ecb; + case WC_DES_EDE3_ECB_TYPE : + return WC_NID_des_ede3_ecb; #endif - case ARC4_TYPE : - return NID_rc4; + case WC_ARC4_TYPE : + return WC_NID_rc4; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: - return NID_chacha20_poly1305; + case WC_CHACHA20_POLY1305_TYPE: + return WC_NID_chacha20_poly1305; #endif #ifdef HAVE_CHACHA - case CHACHA20_TYPE: - return NID_chacha20; + case WC_CHACHA20_TYPE: + return WC_NID_chacha20; #endif #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE: - return NID_sm4_ecb; + case WC_SM4_ECB_TYPE: + return WC_NID_sm4_ecb; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE: - return NID_sm4_cbc; + case WC_SM4_CBC_TYPE: + return WC_NID_sm4_cbc; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE: - return NID_sm4_ctr; + case WC_SM4_CTR_TYPE: + return WC_NID_sm4_ctr; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE: - return NID_sm4_gcm; + case WC_SM4_GCM_TYPE: + return WC_NID_sm4_gcm; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE: - return NID_sm4_ccm; + case WC_SM4_CCM_TYPE: + return WC_NID_sm4_ccm; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_ERROR_MSG("Null cipher has no NID"); FALL_THROUGH; default: - return NID_undef; + return WC_NID_undef; } } @@ -8253,17 +8261,17 @@ void wolfSSL_EVP_init(void) static int IsCipherTypeAEAD(unsigned char cipherType) { switch (cipherType) { - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: - case AES_128_CCM_TYPE: - case AES_192_CCM_TYPE: - case AES_256_CCM_TYPE: - case ARIA_128_GCM_TYPE: - case ARIA_192_GCM_TYPE: - case ARIA_256_GCM_TYPE: - case SM4_GCM_TYPE: - case SM4_CCM_TYPE: + case WC_AES_128_GCM_TYPE: + case WC_AES_192_GCM_TYPE: + case WC_AES_256_GCM_TYPE: + case WC_AES_128_CCM_TYPE: + case WC_AES_192_CCM_TYPE: + case WC_AES_256_CCM_TYPE: + case WC_ARIA_128_GCM_TYPE: + case WC_ARIA_192_GCM_TYPE: + case WC_ARIA_256_GCM_TYPE: + case WC_SM4_GCM_TYPE: + case WC_SM4_CCM_TYPE: return 1; default: return 0; @@ -8303,24 +8311,24 @@ void wolfSSL_EVP_init(void) #ifndef NO_AES #ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : + case WC_AES_128_CBC_TYPE : + case WC_AES_192_CBC_TYPE : + case WC_AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); if (ctx->enc) ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); else ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); if (ret == 0) - ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE); + ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE); break; #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: +#if !defined(WOLFSSL_NO_AES_CFB_1_8) + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: WOLFSSL_MSG("AES CFB1"); if (ctx->enc) ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len); @@ -8329,9 +8337,9 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)len; break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: WOLFSSL_MSG("AES CFB8"); if (ctx->enc) ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len); @@ -8340,10 +8348,10 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)len; break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: WOLFSSL_MSG("AES CFB128"); if (ctx->enc) ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len); @@ -8354,9 +8362,9 @@ void wolfSSL_EVP_init(void) break; #endif /* WOLFSSL_AES_CFB */ #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: WOLFSSL_MSG("AES OFB"); if (ctx->enc) ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len); @@ -8367,8 +8375,8 @@ void wolfSSL_EVP_init(void) break; #endif /* WOLFSSL_AES_OFB */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: WOLFSSL_MSG("AES XTS"); if (ctx->enc) ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len, @@ -8383,9 +8391,9 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : + case WC_AES_128_GCM_TYPE : + case WC_AES_192_GCM_TYPE : + case WC_AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); ret = EvpCipherAesGCM(ctx, dst, src, len); break; @@ -8393,31 +8401,31 @@ void wolfSSL_EVP_init(void) * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case AES_128_CCM_TYPE : - case AES_192_CCM_TYPE : - case AES_256_CCM_TYPE : + case WC_AES_128_CCM_TYPE : + case WC_AES_192_CCM_TYPE : + case WC_AES_256_CCM_TYPE : WOLFSSL_MSG("AES CCM"); ret = EvpCipherAesCCM(ctx, dst, src, len); break; #endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) || * HAVE_FIPS_VERSION >= 2 */ #ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : + case WC_AES_128_ECB_TYPE : + case WC_AES_192_ECB_TYPE : + case WC_AES_256_ECB_TYPE : WOLFSSL_MSG("AES ECB"); if (ctx->enc) ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); else ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); if (ret == 0) - ret = (int)((len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE); + ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE); break; #endif #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : + case WC_AES_128_CTR_TYPE : + case WC_AES_192_CTR_TYPE : + case WC_AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); if (ret == 0) @@ -8428,9 +8436,9 @@ void wolfSSL_EVP_init(void) #if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \ || FIPS_VERSION_GE(2,0)) - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : + case WC_ARIA_128_GCM_TYPE : + case WC_ARIA_192_GCM_TYPE : + case WC_ARIA_256_GCM_TYPE : WOLFSSL_MSG("ARIA GCM"); if (ctx->enc) { ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len, @@ -8447,7 +8455,7 @@ void wolfSSL_EVP_init(void) * HAVE_FIPS_VERSION >= 2 */ #ifndef NO_DES3 - case DES_CBC_TYPE : + case WC_DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); if (ctx->enc) wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); @@ -8456,7 +8464,7 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; - case DES_EDE3_CBC_TYPE : + case WC_DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES3 CBC"); if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); @@ -8466,13 +8474,13 @@ void wolfSSL_EVP_init(void) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; #ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : + case WC_DES_ECB_TYPE : WOLFSSL_MSG("DES ECB"); ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; - case DES_EDE3_ECB_TYPE : + case WC_DES_EDE3_ECB_TYPE : WOLFSSL_MSG("DES3 ECB"); ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); if (ret == 0) @@ -8482,7 +8490,7 @@ void wolfSSL_EVP_init(void) #endif /* !NO_DES3 */ #ifndef NO_RC4 - case ARC4_TYPE : + case WC_ARC4_TYPE : WOLFSSL_MSG("ARC4"); wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); if (ret == 0) @@ -8493,7 +8501,7 @@ void wolfSSL_EVP_init(void) /* TODO: Chacha??? */ #ifdef WOLFSSL_SM4_ECB - case SM4_ECB_TYPE : + case WC_SM4_ECB_TYPE : WOLFSSL_MSG("Sm4 ECB"); if (ctx->enc) ret = wc_Sm4EcbEncrypt(&ctx->cipher.sm4, dst, src, len); @@ -8504,7 +8512,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE : + case WC_SM4_CBC_TYPE : WOLFSSL_MSG("Sm4 CBC"); if (ctx->enc) ret = wc_Sm4CbcEncrypt(&ctx->cipher.sm4, dst, src, len); @@ -8515,7 +8523,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE : + case WC_SM4_CTR_TYPE : WOLFSSL_MSG("AES CTR"); ret = wc_Sm4CtrEncrypt(&ctx->cipher.sm4, dst, src, len); if (ret == 0) @@ -8523,7 +8531,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE : + case WC_SM4_GCM_TYPE : WOLFSSL_MSG("SM4 GCM"); /* No destination means only AAD. */ if (src != NULL && dst == NULL) { @@ -8551,7 +8559,7 @@ void wolfSSL_EVP_init(void) break; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE : + case WC_SM4_CCM_TYPE : WOLFSSL_MSG("SM4 CCM"); /* No destination means only AAD. */ if (src != NULL && dst == NULL) { @@ -8592,7 +8600,7 @@ void wolfSSL_EVP_init(void) break; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL CIPHER"); XMEMCPY(dst, src, (size_t)len); ret = (int)len; @@ -8805,7 +8813,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) clearEVPPkeyKeys(pkey); pkey->rsa = key; pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */ - pkey->type = EVP_PKEY_RSA; + pkey->type = WC_EVP_PKEY_RSA; pkey->pkcs8HeaderSz = key->pkcs8HeaderSz; if (key->inSet == 0) { if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { @@ -8851,7 +8859,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) clearEVPPkeyKeys(pkey); pkey->dsa = key; pkey->ownDsa = 0; /* pkey does not own DSA */ - pkey->type = EVP_PKEY_DSA; + pkey->type = WC_EVP_PKEY_DSA; if (key->inSet == 0) { if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetDsaInternal failed"); @@ -8861,7 +8869,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) dsa = (DsaKey*)key->internal; /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; + derMax = 4 * wolfSSL_BN_num_bytes(key->g) + WC_AES_BLOCK_SIZE; derBuf = (byte*)XMALLOC((size_t)derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8929,13 +8937,13 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) return NULL; } - if (key->type == EVP_PKEY_DSA) { + if (key->type == WC_EVP_PKEY_DSA) { if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { + key->pkey_sz) != WOLFSSL_SUCCESS) { /* now try public key */ if (wolfSSL_DSA_LoadDer_ex(local, (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_DSA_free(local); local = NULL; } @@ -8954,7 +8962,7 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) { WOLFSSL_EC_KEY *eckey = NULL; - if (pkey && pkey->type == EVP_PKEY_EC) { + if (pkey && pkey->type == WC_EVP_PKEY_EC) { #ifdef HAVE_ECC eckey = pkey->ecc; #endif @@ -8967,10 +8975,10 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) WOLFSSL_EC_KEY* local = NULL; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); - if (key == NULL || key->type != EVP_PKEY_EC) { + if (key == NULL || key->type != WC_EVP_PKEY_EC) { return NULL; } - if (key->type == EVP_PKEY_EC) { + if (key->type == WC_EVP_PKEY_EC) { if (key->ecc != NULL) { if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) { return NULL; @@ -9035,7 +9043,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) pkey->dh = key; pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */ - pkey->type = EVP_PKEY_DH; + pkey->type = WC_EVP_PKEY_DH; if (key->inSet == 0) { if (SetDhInternal(key) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetDhInternal failed"); @@ -9109,7 +9117,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) return NULL; } - if (key->type == EVP_PKEY_DH) { + if (key->type == WC_EVP_PKEY_DH) { /* if key->dh already exists copy instead of re-importing from DER */ if (key->dh != NULL) { if (wolfSSL_DH_up_ref(key->dh) != WOLFSSL_SUCCESS) { @@ -9126,7 +9134,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) return NULL; } if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { + key->pkey_sz) != WOLFSSL_SUCCESS) { wolfSSL_DH_free(local); WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); local = NULL; @@ -9156,22 +9164,22 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) /* pkey and key checked if NULL in subsequent assign functions */ switch(type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key); break; #endif #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key); break; #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key); break; #endif #ifndef NO_DH - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); break; #endif @@ -9186,7 +9194,7 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) #if defined(HAVE_ECC) /* try and populate public pkey_sz and pkey.ptr */ -static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) +static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) { int derSz = 0; byte* derBuf = NULL; @@ -9295,7 +9303,7 @@ int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) } pkey->ecc = key; pkey->ownEcc = 1; /* pkey needs to call free on key */ - pkey->type = EVP_PKEY_EC; + pkey->type = WC_EVP_PKEY_EC; return ECC_populate_EVP_PKEY(pkey, key); #else (void)pkey; @@ -9310,7 +9318,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) if (ctx) { switch (ctx->cipherType) { - case ARC4_TYPE: + case WC_ARC4_TYPE: WOLFSSL_MSG("returning arc4 state"); return (void*)&ctx->cipher.arc4.x; @@ -9322,7 +9330,7 @@ void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) return NULL; } -int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) +int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) { int ret; @@ -9334,7 +9342,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */ clearEVPPkeyKeys(pkey); /* clear out any previous keys */ - pkey->type = EVP_PKEY_EC; + pkey->type = WC_EVP_PKEY_EC; pkey->ecc = key; pkey->ownEcc = 1; } @@ -9360,22 +9368,22 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) if (type != NULL) { if (XSTRCMP(type, "MD5") == 0) { - ret = NID_md5WithRSAEncryption; + ret = WC_NID_md5WithRSAEncryption; } else if (XSTRCMP(type, "SHA1") == 0) { - ret = NID_sha1WithRSAEncryption; + ret = WC_NID_sha1WithRSAEncryption; } else if (XSTRCMP(type, "SHA224") == 0) { - ret = NID_sha224WithRSAEncryption; + ret = WC_NID_sha224WithRSAEncryption; } else if (XSTRCMP(type, "SHA256") == 0) { - ret = NID_sha256WithRSAEncryption; + ret = WC_NID_sha256WithRSAEncryption; } else if (XSTRCMP(type, "SHA384") == 0) { - ret = NID_sha384WithRSAEncryption; + ret = WC_NID_sha384WithRSAEncryption; } else if (XSTRCMP(type, "SHA512") == 0) { - ret = NID_sha512WithRSAEncryption; + ret = WC_NID_sha512WithRSAEncryption; } } else { @@ -9401,18 +9409,18 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) switch (ctx->cipherType) { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : + case WC_AES_128_CBC_TYPE : + case WC_AES_192_CBC_TYPE : + case WC_AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : + case WC_AES_128_GCM_TYPE : + case WC_AES_192_GCM_TYPE : + case WC_AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9420,9 +9428,9 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return GCM_NONCE_MID_SZ; #endif #ifdef HAVE_AESCCM - case AES_128_CCM_TYPE : - case AES_192_CCM_TYPE : - case AES_256_CCM_TYPE : + case WC_AES_128_CCM_TYPE : + case WC_AES_192_CCM_TYPE : + case WC_AES_256_CCM_TYPE : WOLFSSL_MSG("AES CCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9431,62 +9439,62 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : + case WC_AES_128_CTR_TYPE : + case WC_AES_192_CTR_TYPE : + case WC_AES_256_CTR_TYPE : WOLFSSL_MSG("AES CTR"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifndef NO_DES3 - case DES_CBC_TYPE : + case WC_DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); return DES_BLOCK_SIZE; - case DES_EDE3_CBC_TYPE : + case WC_DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); return DES_BLOCK_SIZE; #endif #ifndef NO_RC4 - case ARC4_TYPE : + case WC_ARC4_TYPE : WOLFSSL_MSG("ARC4"); return 0; #endif #ifdef WOLFSSL_AES_CFB #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: + case WC_AES_128_CFB1_TYPE: + case WC_AES_192_CFB1_TYPE: + case WC_AES_256_CFB1_TYPE: WOLFSSL_MSG("AES CFB1"); - return AES_BLOCK_SIZE; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: + return WC_AES_BLOCK_SIZE; + case WC_AES_128_CFB8_TYPE: + case WC_AES_192_CFB8_TYPE: + case WC_AES_256_CFB8_TYPE: WOLFSSL_MSG("AES CFB8"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: + case WC_AES_128_CFB128_TYPE: + case WC_AES_192_CFB128_TYPE: + case WC_AES_256_CFB128_TYPE: WOLFSSL_MSG("AES CFB128"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_CFB */ #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: + case WC_AES_128_OFB_TYPE: + case WC_AES_192_OFB_TYPE: + case WC_AES_256_OFB_TYPE: WOLFSSL_MSG("AES OFB"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_OFB */ #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: + case WC_AES_128_XTS_TYPE: + case WC_AES_256_XTS_TYPE: WOLFSSL_MSG("AES XTS"); - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #ifdef HAVE_ARIA - case ARIA_128_GCM_TYPE : - case ARIA_192_GCM_TYPE : - case ARIA_256_GCM_TYPE : + case WC_ARIA_128_GCM_TYPE : + case WC_ARIA_192_GCM_TYPE : + case WC_ARIA_256_GCM_TYPE : WOLFSSL_MSG("ARIA GCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9494,27 +9502,27 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return GCM_NONCE_MID_SZ; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - case CHACHA20_POLY1305_TYPE: + case WC_CHACHA20_POLY1305_TYPE: WOLFSSL_MSG("CHACHA20 POLY1305"); return CHACHA20_POLY1305_AEAD_IV_SIZE; #endif /* HAVE_CHACHA HAVE_POLY1305 */ #ifdef HAVE_CHACHA - case CHACHA20_TYPE: + case WC_CHACHA20_TYPE: WOLFSSL_MSG("CHACHA20"); return WOLFSSL_EVP_CHACHA_IV_BYTES; #endif /* HAVE_CHACHA */ #ifdef WOLFSSL_SM4_CBC - case SM4_CBC_TYPE : + case WC_SM4_CBC_TYPE : WOLFSSL_MSG("SM4 CBC"); return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_CTR - case SM4_CTR_TYPE : + case WC_SM4_CTR_TYPE : WOLFSSL_MSG("SM4 CTR"); return SM4_BLOCK_SIZE; #endif #ifdef WOLFSSL_SM4_GCM - case SM4_GCM_TYPE : + case WC_SM4_GCM_TYPE : WOLFSSL_MSG("SM4 GCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9522,7 +9530,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return GCM_NONCE_MID_SZ; #endif #ifdef WOLFSSL_SM4_CCM - case SM4_CCM_TYPE : + case WC_SM4_CCM_TYPE : WOLFSSL_MSG("SM4 CCM"); if (ctx->ivSz != 0) { return ctx->ivSz; @@ -9530,7 +9538,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return CCM_NONCE_MIN_SZ; #endif - case NULL_CIPHER_TYPE : + case WC_NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL"); return 0; @@ -9550,15 +9558,15 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_CBC) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_192 if (XSTRCMP(name, EVP_AES_192_CBC) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_CBC) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ @@ -9595,26 +9603,26 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_CTR) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_192 if (XSTRCMP(name, EVP_AES_192_CTR) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_CTR) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif #endif #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) #ifdef WOLFSSL_AES_128 if (XSTRCMP(name, EVP_AES_128_XTS) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_256 if (XSTRCMP(name, EVP_AES_256_XTS) == 0) - return AES_BLOCK_SIZE; + return WC_AES_BLOCK_SIZE; #endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ @@ -9674,7 +9682,7 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) if (ctx) { switch (ctx->cipherType) { - case ARC4_TYPE: + case WC_ARC4_TYPE: WOLFSSL_MSG("returning arc4 state size"); return sizeof(Arc4); @@ -9688,27 +9696,27 @@ int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) } -/* return of pkey->type which will be EVP_PKEY_RSA for example. +/* return of pkey->type which will be WC_EVP_PKEY_RSA for example. * * type type of EVP_PKEY * - * returns type or if type is not found then NID_undef + * returns type or if type is not found then WC_NID_undef */ int wolfSSL_EVP_PKEY_type(int type) { WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); switch (type) { - case EVP_PKEY_RSA: - return EVP_PKEY_RSA; - case EVP_PKEY_DSA: - return EVP_PKEY_DSA; - case EVP_PKEY_EC: - return EVP_PKEY_EC; - case EVP_PKEY_DH: - return EVP_PKEY_DH; + case WC_EVP_PKEY_RSA: + return WC_EVP_PKEY_RSA; + case WC_EVP_PKEY_DSA: + return WC_EVP_PKEY_DSA; + case WC_EVP_PKEY_EC: + return WC_EVP_PKEY_EC; + case WC_EVP_PKEY_DH: + return WC_EVP_PKEY_DH; default: - return NID_undef; + return WC_NID_undef; } } @@ -9724,7 +9732,7 @@ int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey) int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey) { if (pkey == NULL) - return NID_undef; + return WC_NID_undef; return wolfSSL_EVP_PKEY_type(pkey->type); } @@ -9738,17 +9746,17 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid) } switch (pkey->type) { - case EVP_PKEY_HMAC: + case WC_EVP_PKEY_HMAC: #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: #endif #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: #endif #ifdef HAVE_ECC - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: #endif - *pnid = NID_sha256; + *pnid = WC_NID_sha256; return WOLFSSL_SUCCESS; default: return WOLFSSL_FAILURE; @@ -9800,13 +9808,13 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) } #ifndef NO_RSA -int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) +int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key) { if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; clearEVPPkeyKeys(pkey); - pkey->type = EVP_PKEY_RSA; + pkey->type = WC_EVP_PKEY_RSA; pkey->rsa = key; pkey->ownRsa = 1; @@ -9837,13 +9845,13 @@ int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) #endif /* !NO_RSA */ #ifndef NO_DSA -int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) +int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key) { if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; clearEVPPkeyKeys(pkey); - pkey->type = EVP_PKEY_DSA; + pkey->type = WC_EVP_PKEY_DSA; pkey->dsa = key; pkey->ownDsa = 1; @@ -9852,13 +9860,13 @@ int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) #endif /* !NO_DSA */ #ifndef NO_DH -int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) +int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key) { if (pkey == NULL || key == NULL) return WOLFSSL_FAILURE; clearEVPPkeyKeys(pkey); - pkey->type = EVP_PKEY_DH; + pkey->type = WC_EVP_PKEY_DH; pkey->dh = key; pkey->ownDh = 1; @@ -9974,7 +9982,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) for (ent = md_tbl; ent->name != NULL; ent++) if(XSTRCMP(name, ent->name) == 0) { - return (EVP_MD *)ent->name; + return (WOLFSSL_EVP_MD *)ent->name; } return NULL; } @@ -9983,7 +9991,7 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) * * type - pointer to WOLFSSL_EVP_MD for which to return NID value * - * Returns NID on success, or NID_undef if none exists. + * Returns NID on success, or WC_NID_undef if none exists. */ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) { @@ -9992,7 +10000,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("MD type arg is NULL"); - return NID_undef; + return WC_NID_undef; } for( ent = md_tbl; ent->name != NULL; ent++){ @@ -10000,7 +10008,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return ent->nid; } } - return NID_undef; + return WC_NID_undef; } #ifndef NO_MD4 @@ -10009,7 +10017,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) { WOLFSSL_ENTER("EVP_md4"); - return EVP_get_digestbyname("MD4"); + return wolfSSL_EVP_get_digestbyname("MD4"); } #endif /* !NO_MD4 */ @@ -10020,7 +10028,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { WOLFSSL_ENTER("EVP_md5"); - return EVP_get_digestbyname("MD5"); + return wolfSSL_EVP_get_digestbyname("MD5"); } #endif /* !NO_MD5 */ @@ -10033,7 +10041,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void) { WOLFSSL_ENTER("EVP_blake2b512"); - return EVP_get_digestbyname("BLAKE2b512"); + return wolfSSL_EVP_get_digestbyname("BLAKE2b512"); } #endif @@ -10046,7 +10054,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void) { WOLFSSL_ENTER("EVP_blake2s256"); - return EVP_get_digestbyname("BLAKE2s256"); + return wolfSSL_EVP_get_digestbyname("BLAKE2s256"); } #endif @@ -10072,7 +10080,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { WOLFSSL_ENTER("EVP_sha1"); - return EVP_get_digestbyname("SHA1"); + return wolfSSL_EVP_get_digestbyname("SHA1"); } #endif /* NO_SHA */ @@ -10081,7 +10089,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { WOLFSSL_ENTER("EVP_sha224"); - return EVP_get_digestbyname("SHA224"); + return wolfSSL_EVP_get_digestbyname("SHA224"); } #endif /* WOLFSSL_SHA224 */ @@ -10090,7 +10098,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) { WOLFSSL_ENTER("EVP_sha256"); - return EVP_get_digestbyname("SHA256"); + return wolfSSL_EVP_get_digestbyname("SHA256"); } #ifdef WOLFSSL_SHA384 @@ -10098,7 +10106,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { WOLFSSL_ENTER("EVP_sha384"); - return EVP_get_digestbyname("SHA384"); + return wolfSSL_EVP_get_digestbyname("SHA384"); } #endif /* WOLFSSL_SHA384 */ @@ -10108,7 +10116,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { WOLFSSL_ENTER("EVP_sha512"); - return EVP_get_digestbyname("SHA512"); + return wolfSSL_EVP_get_digestbyname("SHA512"); } #ifndef WOLFSSL_NOSHA512_224 @@ -10116,7 +10124,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void) { WOLFSSL_ENTER("EVP_sha512_224"); - return EVP_get_digestbyname("SHA512_224"); + return wolfSSL_EVP_get_digestbyname("SHA512_224"); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10125,7 +10133,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void) { WOLFSSL_ENTER("EVP_sha512_256"); - return EVP_get_digestbyname("SHA512_256"); + return wolfSSL_EVP_get_digestbyname("SHA512_256"); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10137,7 +10145,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) { WOLFSSL_ENTER("EVP_sha3_224"); - return EVP_get_digestbyname("SHA3_224"); + return wolfSSL_EVP_get_digestbyname("SHA3_224"); } #endif /* WOLFSSL_NOSHA3_224 */ @@ -10146,7 +10154,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) { WOLFSSL_ENTER("EVP_sha3_256"); - return EVP_get_digestbyname("SHA3_256"); + return wolfSSL_EVP_get_digestbyname("SHA3_256"); } #endif /* WOLFSSL_NOSHA3_256 */ @@ -10154,7 +10162,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) { WOLFSSL_ENTER("EVP_sha3_384"); - return EVP_get_digestbyname("SHA3_384"); + return wolfSSL_EVP_get_digestbyname("SHA3_384"); } #endif /* WOLFSSL_NOSHA3_384 */ @@ -10162,7 +10170,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) { WOLFSSL_ENTER("EVP_sha3_512"); - return EVP_get_digestbyname("SHA3_512"); + return wolfSSL_EVP_get_digestbyname("SHA3_512"); } #endif /* WOLFSSL_NOSHA3_512 */ @@ -10170,7 +10178,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void) { WOLFSSL_ENTER("EVP_shake128"); - return EVP_get_digestbyname("SHAKE128"); + return wolfSSL_EVP_get_digestbyname("SHAKE128"); } #endif /* WOLFSSL_SHAKE128 */ @@ -10178,7 +10186,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void) { WOLFSSL_ENTER("EVP_shake256"); - return EVP_get_digestbyname("SHAKE256"); + return wolfSSL_EVP_get_digestbyname("SHAKE256"); } #endif /* WOLFSSL_SHAKE256 */ @@ -10188,7 +10196,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void) { WOLFSSL_ENTER("EVP_sm3"); - return EVP_get_digestbyname("SM3"); + return wolfSSL_EVP_get_digestbyname("SM3"); } #endif /* WOLFSSL_SM3 */ @@ -10223,7 +10231,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const struct s_ent *ent; if (ctx->isHMAC) { - return NID_hmac; + return WC_NID_hmac; } for(ent = md_tbl; ent->name != NULL; ent++) { @@ -10313,7 +10321,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (nm->alias) md->fn(NULL, nm->name, nm->data, md->arg); else - md->fn((const EVP_MD *)nm->data, nm->name, NULL, md->arg); + md->fn((const WOLFSSL_EVP_MD *)nm->data, nm->name, NULL, md->arg); } /* call md_do_all function to do all md algorithm via a callback function @@ -10614,48 +10622,48 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("EVP_DigestUpdate"); - macType = EvpMd2MacType(EVP_MD_CTX_md(ctx)); + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); switch (macType) { case WC_HASH_TYPE_MD4: #ifndef NO_MD4 - wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, + wolfSSL_MD4_Update((WOLFSSL_MD4_CTX*)&ctx->hash, data, (unsigned long)sz); ret = WOLFSSL_SUCCESS; #endif break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, + ret = wolfSSL_MD5_Update((WOLFSSL_MD5_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA_Update((WOLFSSL_SHA_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA224_Update((WOLFSSL_SHA224_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA256_Update((WOLFSSL_SHA256_CTX*)&ctx->hash, data, (unsigned long)sz); #endif /* !NO_SHA256 */ break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA384_Update((WOLFSSL_SHA384_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA512_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif /* WOLFSSL_SHA512 */ break; @@ -10664,7 +10672,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; @@ -10674,7 +10682,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif /* WOLFSSL_SHA512 */ break; @@ -10682,25 +10690,25 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_224_Update((WOLFSSL_SHA3_224_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_256_Update((WOLFSSL_SHA3_256_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_384_Update((WOLFSSL_SHA3_384_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, + ret = wolfSSL_SHA3_512_Update((WOLFSSL_SHA3_512_CTX*)&ctx->hash, data, (unsigned long)sz); #endif break; @@ -10741,48 +10749,48 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) enum wc_HashType macType; WOLFSSL_ENTER("EVP_DigestFinal"); - macType = EvpMd2MacType(EVP_MD_CTX_md(ctx)); + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); switch (macType) { case WC_HASH_TYPE_MD4: #ifndef NO_MD4 - wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); - if (s) *s = MD4_DIGEST_SIZE; + wolfSSL_MD4_Final(md, (WOLFSSL_MD4_CTX*)&ctx->hash); + if (s) *s = WC_MD4_DIGEST_SIZE; ret = WOLFSSL_SUCCESS; #endif break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); + ret = wolfSSL_MD5_Final(md, (WOLFSSL_MD5_CTX*)&ctx->hash); if (s) *s = WC_MD5_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); + ret = wolfSSL_SHA_Final(md, (WOLFSSL_SHA_CTX*)&ctx->hash); if (s) *s = WC_SHA_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); + ret = wolfSSL_SHA224_Final(md, (WOLFSSL_SHA224_CTX*)&ctx->hash); if (s) *s = WC_SHA224_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); + ret = wolfSSL_SHA256_Final(md, (WOLFSSL_SHA256_CTX*)&ctx->hash); if (s) *s = WC_SHA256_DIGEST_SIZE; #endif /* !NO_SHA256 */ break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); + ret = wolfSSL_SHA384_Final(md, (WOLFSSL_SHA384_CTX*)&ctx->hash); if (s) *s = WC_SHA384_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); + ret = wolfSSL_SHA512_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_DIGEST_SIZE; #endif /* WOLFSSL_SHA512 */ break; @@ -10790,7 +10798,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash); + ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_224_DIGEST_SIZE; #endif break; @@ -10799,32 +10807,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) - ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash); + ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_256_DIGEST_SIZE; #endif break; #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash); if (s) *s = WC_SHA3_224_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_256_Final(md, (WOLFSSL_SHA3_256_CTX*)&ctx->hash); if (s) *s = WC_SHA3_256_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_384_Final(md, (WOLFSSL_SHA3_384_CTX*)&ctx->hash); if (s) *s = WC_SHA3_384_DIGEST_SIZE; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); + ret = wolfSSL_SHA3_512_Final(md, (WOLFSSL_SHA3_512_CTX*)&ctx->hash); if (s) *s = WC_SHA3_512_DIGEST_SIZE; #endif break; @@ -10863,7 +10871,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) unsigned int* s) { WOLFSSL_ENTER("EVP_DigestFinal_ex"); - return EVP_DigestFinal(ctx, md, s); + return wolfSSL_EVP_DigestFinal(ctx, md, s); } void wolfSSL_EVP_cleanup(void) @@ -10877,31 +10885,31 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) switch(id) { #ifndef NO_MD5 - case NID_md5: + case WC_NID_md5: return wolfSSL_EVP_md5(); #endif #ifndef NO_SHA - case NID_sha1: + case WC_NID_sha1: return wolfSSL_EVP_sha1(); #endif #ifdef WOLFSSL_SHA224 - case NID_sha224: + case WC_NID_sha224: return wolfSSL_EVP_sha224(); #endif #ifndef NO_SHA256 - case NID_sha256: + case WC_NID_sha256: return wolfSSL_EVP_sha256(); #endif #ifdef WOLFSSL_SHA384 - case NID_sha384: + case WC_NID_sha384: return wolfSSL_EVP_sha384(); #endif #ifdef WOLFSSL_SHA512 - case NID_sha512: + case WC_NID_sha512: return wolfSSL_EVP_sha512(); #endif #ifdef WOLFSSL_SM3 - case NID_sm3: + case WC_NID_sm3: return wolfSSL_EVP_sm3(); #endif default: @@ -10931,7 +10939,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) #endif #ifndef NO_MD4 if (XSTRCMP(type, "MD4") == 0) { - return MD4_BLOCK_SIZE; + return WC_MD4_BLOCK_SIZE; } else #endif #ifndef NO_MD5 @@ -11006,7 +11014,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) #endif #ifndef NO_MD4 if (XSTRCMP(type, "MD4") == 0) { - return MD4_DIGEST_SIZE; + return WC_MD4_DIGEST_SIZE; } else #endif #ifndef NO_MD5 @@ -11147,7 +11155,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) switch(key->type) { #ifndef NO_RSA - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: if (key->rsa != NULL && key->ownRsa == 1) { wolfSSL_RSA_free(key->rsa); key->rsa = NULL; @@ -11156,7 +11164,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #endif /* NO_RSA */ #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: if (key->ecc != NULL && key->ownEcc == 1) { wolfSSL_EC_KEY_free(key->ecc); key->ecc = NULL; @@ -11165,7 +11173,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #endif /* HAVE_ECC && OPENSSL_EXTRA */ #ifndef NO_DSA - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: if (key->dsa != NULL && key->ownDsa == 1) { wolfSSL_DSA_free(key->dsa); key->dsa = NULL; @@ -11175,7 +11183,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #if !defined(NO_DH) && (defined(WOLFSSL_QT) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: if (key->dh != NULL && key->ownDh == 1) { wolfSSL_DH_free(key->dh); key->dh = NULL; @@ -11184,7 +11192,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #endif /* ! NO_DH ... */ #ifdef HAVE_HKDF - case EVP_PKEY_HKDF: + case WC_EVP_PKEY_HKDF: XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); key->hkdfSalt = NULL; XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); @@ -11199,7 +11207,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_AES_DIRECT) - case EVP_PKEY_CMAC: + case WC_EVP_PKEY_CMAC: if (key->cmacCtx != NULL) { wolfSSL_CMAC_CTX_free(key->cmacCtx); key->cmacCtx = NULL; @@ -11230,8 +11238,8 @@ static int Indent(WOLFSSL_BIO* out, int indents) if (out == NULL) { return 0; } - if (indents > EVP_PKEY_PRINT_INDENT_MAX) { - indents = EVP_PKEY_PRINT_INDENT_MAX; + if (indents > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indents = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } for (i = 0; i < indents; i++) { if (wolfSSL_BIO_write(out, &space, 1) < 0) { @@ -11259,7 +11267,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, #ifdef WOLFSSL_SMALL_STACK byte* buff = NULL; #else - byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; + byte buff[WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; #endif /* WOLFSSL_SMALL_STACK */ int ret = WOLFSSL_SUCCESS; word32 in = 0; @@ -11276,14 +11284,14 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } data = input; #ifdef WOLFSSL_SMALL_STACK - buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + buff = (byte*)XMALLOC(WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (!buff) { return WOLFSSL_FAILURE; @@ -11294,9 +11302,9 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, idx = 0; for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in += - EVP_PKEY_PRINT_DIGITS_PER_LINE ) { + WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) { Indent(out, indent); - for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) && + for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) && (in + i < (word32)inlen); i++) { if (ret == WOLFSSL_SUCCESS) { @@ -11325,7 +11333,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, ret = wolfSSL_BIO_write(out, "\n", 1) > 0; } if (ret == WOLFSSL_SUCCESS) { - XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX); + XMEMSET(buff, 0, WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX); idx = 0; } } @@ -11347,7 +11355,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte buff[8] = { 0 }; int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -11383,8 +11391,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } do { @@ -11501,7 +11509,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte* pub = NULL; word32 pubSz = 0; @@ -11563,8 +11571,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - else if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + else if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } if (res == WOLFSSL_SUCCESS) { @@ -11697,7 +11705,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte buff[8] = { 0 }; @@ -11733,8 +11741,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } do { @@ -11916,7 +11924,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, - int indent, int bitlen, ASN1_PCTX* pctx) + int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { byte buff[8] = { 0 }; @@ -11957,8 +11965,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } do { @@ -12147,7 +12155,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, * Can handle RSA, ECC, DSA and DH public keys. */ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, - const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx) + const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx) { int res; #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \ @@ -12165,13 +12173,13 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, if (indent < 0) { indent = 0; } - if (indent > EVP_PKEY_PRINT_INDENT_MAX) { - indent = EVP_PKEY_PRINT_INDENT_MAX; + if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) { + indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX; } #endif switch (pkey->type) { - case EVP_PKEY_RSA: + case WC_EVP_PKEY_RSA: #if !defined(NO_RSA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; @@ -12187,7 +12195,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, #endif break; - case EVP_PKEY_EC: + case WC_EVP_PKEY_EC: #if defined(HAVE_ECC) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; @@ -12203,7 +12211,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, #endif break; - case EVP_PKEY_DSA: + case WC_EVP_PKEY_DSA: #if !defined(NO_DSA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; @@ -12219,7 +12227,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, #endif break; - case EVP_PKEY_DH: + case WC_EVP_PKEY_DH: #if defined(WOLFSSL_DH_EXTRA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; diff --git a/src/wolfssl/internal.h b/src/wolfssl/internal.h index c62ef35..37a381a 100644 --- a/src/wolfssl/internal.h +++ b/src/wolfssl/internal.h @@ -973,6 +973,25 @@ #define NO_AESGCM_AEAD #endif +#if defined(BUILD_TLS_RSA_WITH_AES_128_CCM_8) || \ + defined(BUILD_TLS_RSA_WITH_AES_256_CCM_8) || \ + defined(BUILD_TLS_PSK_WITH_AES_128_CCM_8) || \ + defined(BUILD_TLS_PSK_WITH_AES_128_CCM) || \ + defined(BUILD_TLS_PSK_WITH_AES_256_CCM_8) || \ + defined(BUILD_TLS_PSK_WITH_AES_256_CCM) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CCM) || \ + defined(BUILD_TLS_DHE_PSK_WITH_AES_256_CCM) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8) || \ + defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8) || \ + defined(BUILD_TLS_AES_128_CCM_SHA256) || \ + defined(BUILD_TLS_AES_128_CCM_8_SHA256) + #define BUILD_AESCCM +#else + /* No AES-CCM cipher suites available with build */ + #define NO_AESCCM_AEAD +#endif + #if defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256) || \ defined(BUILD_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384) #define BUILD_ARIA @@ -1002,7 +1021,8 @@ #endif #if defined(NO_AES) || !defined(HAVE_AES_DECRYPT) - #define AES_BLOCK_SIZE 16 + #undef WC_AES_BLOCK_SIZE + #define WC_AES_BLOCK_SIZE 16 #undef BUILD_AES #else #undef BUILD_AES @@ -1338,24 +1358,6 @@ enum { #define MAX_EARLY_DATA_SZ 4096 #endif -#ifndef NO_RSA - #ifndef WOLFSSL_MAX_RSA_BITS - #ifdef USE_FAST_MATH - /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ - #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) - #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) - /* SP implementation supports numbers of SP_INT_BITS bits. */ - #define WOLFSSL_MAX_RSA_BITS (((SP_INT_BITS + 7) / 8) * 8) - #else - /* Integer maths is dynamic but we only go up to 4096 bits. */ - #define WOLFSSL_MAX_RSA_BITS 4096 - #endif - #endif - #if (WOLFSSL_MAX_RSA_BITS % 8) - #error RSA maximum bit size must be multiple of 8 - #endif -#endif - #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) /* MySQL wants to be able to use 8192-bit numbers. */ @@ -1383,9 +1385,9 @@ enum { #error "MySQL needs FP_MAX_BITS at least at 16384" #endif - #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \ - WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS - #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS" + #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \ + WC_MAX_RSA_BITS > ENCRYPT_BASE_BITS + #error "FP_MAX_BITS too small for WC_MAX_RSA_BITS" #endif #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */ @@ -1411,9 +1413,9 @@ enum { #error "MySQL needs SP_INT_BITS at least at 8192" #endif - #if !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) && \ - WOLFSSL_MAX_RSA_BITS > SP_INT_BITS - #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS" + #if !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) && \ + WC_MAX_RSA_BITS > SP_INT_BITS + #error "SP_INT_BITS too small for WC_MAX_RSA_BITS" #endif #else /* Integer/heap maths - support 4096-bit. */ @@ -1754,7 +1756,7 @@ enum Misc { #endif #endif - MAX_IV_SZ = AES_BLOCK_SIZE, + MAX_IV_SZ = WC_AES_BLOCK_SIZE, AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */ AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */ @@ -1811,6 +1813,13 @@ enum Misc { MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ + RSA_PSS_RSAE_SHA256_MINOR = 0x04, + RSA_PSS_RSAE_SHA384_MINOR = 0x05, + RSA_PSS_RSAE_SHA512_MINOR = 0x06, + RSA_PSS_PSS_SHA256_MINOR = 0x09, + RSA_PSS_PSS_SHA384_MINOR = 0x0A, + RSA_PSS_PSS_SHA512_MINOR = 0x0B, + ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */ @@ -1836,21 +1845,6 @@ enum Misc { MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ -#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - MAX_CERT_VERIFY_SZ = 6000, /* For Dilithium */ -#elif defined(WOLFSSL_CERT_EXT) - MAX_CERT_VERIFY_SZ = 2048, /* For larger extensions */ -#elif !defined(NO_RSA) && defined(WOLFSSL_MAX_RSA_BITS) - MAX_CERT_VERIFY_SZ = WOLFSSL_MAX_RSA_BITS / 8, /* max RSA bytes */ -#elif defined(HAVE_ECC) - MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */ -#elif defined(HAVE_ED448) - MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */ -#elif defined(HAVE_ED25519) - MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */ -#else - MAX_CERT_VERIFY_SZ = 1024, /* max default */ -#endif CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */ MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */ @@ -1865,6 +1859,12 @@ enum Misc { #ifndef MAX_WOLFSSL_FILE_SIZE MAX_WOLFSSL_FILE_SIZE = 1024UL * 1024UL * 4, /* 4 mb file size alloc limit */ #endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + MAX_WOLFSSL_CRYPTO_POLICY_SIZE = 1024UL, /* Crypto-policy file is one line. + * It should not be large. */ + MIN_WOLFSSL_SEC_LEVEL = 0, + MAX_WOLFSSL_SEC_LEVEL = 5, +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */ @@ -2422,16 +2422,16 @@ typedef struct CipherSuite { /* use wolfSSL_API visibility to be able to test in tests/api.c */ WOLFSSL_API void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have, - int tls1_2, int keySz, - word16* len); + int tls1_2, int keySz, word16* len); WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl); WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, word16 havePSK, word16 haveDH, word16 haveECDSAsig, word16 haveECC, word16 haveStaticRSA, word16 haveStaticECC, - word16 haveFalconSig, word16 haveDilithiumSig, - word16 haveAnon, word16 haveNull, int side); + word16 haveAnon, word16 haveNull, + word16 haveAES128, word16 haveSHA1, + word16 haveRC4, int side); typedef struct TLSX TLSX; WOLFSSL_LOCAL int MatchSuite_ex(const WOLFSSL* ssl, Suites* peerSuites, @@ -2701,6 +2701,9 @@ struct WOLFSSL_CERT_MANAGER { #ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; #endif +#ifdef HAVE_CRL_UPDATE_CB + CbUpdateCRL cbUpdateCRL; /* notify thru cb that crl has updated */ +#endif }; WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, @@ -2768,7 +2771,16 @@ struct WOLFSSL_SOCKADDR { }; typedef struct WOLFSSL_DTLS_CTX { +#ifdef WOLFSSL_RW_THREADED + /* Protect peer access after the handshake */ + wolfSSL_RwLock peerLock; +#endif WOLFSSL_SOCKADDR peer; +#ifdef WOLFSSL_DTLS_CID + WOLFSSL_SOCKADDR pendingPeer; /* When using CID's, we don't want to update + * the peer's address until we successfully + * de-protect the record. */ +#endif int rfd; int wfd; byte userSet:1; @@ -2776,6 +2788,9 @@ typedef struct WOLFSSL_DTLS_CTX { * connected (connect() and bind() both called). * This means that sendto and recvfrom do not need to * specify and store the peer address. */ +#ifdef WOLFSSL_DTLS_CID + byte processingPendingRecord:1; +#endif } WOLFSSL_DTLS_CTX; @@ -2797,6 +2812,7 @@ typedef struct WOLFSSL_DTLS_PEERSEQ { #endif } WOLFSSL_DTLS_PEERSEQ; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) struct WOLFSSL_BIO { WOLFSSL_BUF_MEM* mem_buf; WOLFSSL_BIO_METHOD* method; @@ -2857,6 +2873,7 @@ struct WOLFSSL_BIO { wolfSSL_Ref ref; #endif }; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); @@ -3572,7 +3589,7 @@ typedef struct KeyShareEntry { word32 keyLen; /* Key size (bytes) */ byte* pubKey; /* Public key */ word32 pubKeyLen; /* Public key length */ -#if !defined(NO_DH) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) +#if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER) byte* privKey; /* Private key - DH and PQ KEMs only */ word32 privKeyLen;/* Only for PQ KEMs. */ #endif @@ -3720,6 +3737,7 @@ WOLFSSL_LOCAL int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl); WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input, word16 inputSize); +WOLFSSL_LOCAL int Dtls13UnifiedHeaderCIDPresent(byte flags); #endif /* WOLFSSL_DTLS_CID */ WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl); WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl); @@ -3757,7 +3775,7 @@ struct WOLFSSL_CTX { #ifdef SINGLE_THREADED WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */ #endif - wolfSSL_Ref ref; + wolfSSL_RefWithMutex ref; int err; /* error code in case of mutex not created */ #ifndef NO_DH buffer serverDH_P; @@ -4185,6 +4203,9 @@ struct WOLFSSL_CTX { byte *sigSpec; word16 sigSpecSz; #endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + int secLevel; /* The security level of system-wide crypto policy. */ +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ }; WOLFSSL_LOCAL @@ -4381,7 +4402,7 @@ typedef struct Ciphers { byte* nonce; #endif #ifdef HAVE_CAMELLIA - Camellia* cam; + wc_Camellia* cam; #endif #ifdef HAVE_CHACHA ChaCha* chacha; @@ -5060,6 +5081,7 @@ struct Options { #if defined(HAVE_DANE) word16 useDANE:1; #endif /* HAVE_DANE */ + word16 disableRead:1; #ifdef WOLFSSL_DTLS byte haveMcast; /* using multicast ? */ #endif @@ -5204,6 +5226,8 @@ typedef enum { STACK_TYPE_X509_REQ_ATTR = 18, } WOLF_STACK_TYPE; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + struct WOLFSSL_STACK { unsigned long num; /* number of nodes in stack * (safety measure for freeing and shortcut for count) */ @@ -5239,6 +5263,8 @@ struct WOLFSSL_STACK { WOLF_STACK_TYPE type; /* Identifies type of stack. */ }; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + struct WOLFSSL_X509_NAME { char *name; int dynamicName; @@ -5329,7 +5355,7 @@ struct WOLFSSL_X509 { byte* rawCRLInfo; byte* CRLInfo; byte* authInfo; -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_ASN_CA_ISSUER byte* authInfoCaIssuer; int authInfoCaIssuerSz; #endif @@ -5760,7 +5786,8 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA const Suites* clSuites; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher * suites */ #endif @@ -6261,7 +6288,19 @@ struct WOLFSSL { byte *peerSigSpec; /* This pointer always owns the memory. */ word16 peerSigSpecSz; #endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + int secLevel; /* The security level of system-wide crypto policy. */ +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ +}; + +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) +#define WOLFSSL_SECLEVEL_STR "@SECLEVEL=" +struct SystemCryptoPolicy { + int enabled; + int secLevel; + char str[MAX_WOLFSSL_CRYPTO_POLICY_SIZE + 1]; /* + 1 for null term */ }; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ /* * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error @@ -6271,8 +6310,8 @@ struct WOLFSSL { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE) #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \ (err) = wolfSSL_ERR_peek_last_error(); \ - if (ERR_GET_LIB(err) == ERR_LIB_PEM && \ - ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { \ + if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM && \ + wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) { \ wc_RemoveErrorNode(-1); \ } #else @@ -6308,7 +6347,10 @@ WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); WOLFSSL_LOCAL int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); WOLFSSL_LOCAL int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap); -WOLFSSL_API void SSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ +WOLFSSL_API void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ +#ifndef OPENSSL_COEXIST +#define SSL_ResourceFree wolfSSL_ResourceFree +#endif #ifndef NO_CERTS @@ -6535,8 +6577,10 @@ static WC_INLINE int wolfSSL_curve_is_disabled(const WOLFSSL* ssl, } #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifndef NO_CERTS #ifndef NO_RSA @@ -6706,6 +6750,10 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13); #endif /* !defined(NO_WOLFSSL_SERVER) */ +#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO) + WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen, + SOCKADDR_S *b, XSOCKLENT bLen); +#endif #endif /* WOLFSSL_DTLS */ #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) @@ -6818,6 +6866,7 @@ WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); /* Set*Internal and Set*External functions */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); @@ -6833,6 +6882,7 @@ typedef enum elem_set { WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm ); WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK)) WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, @@ -7013,11 +7063,7 @@ WOLFSSL_LOCAL int GetX509Error(int e); #endif #endif -#if defined(HAVE_EX_DATA) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_LIGHTY)) || defined(HAVE_EX_DATA) || \ - defined(WOLFSSL_WPAS_SMALL) +#ifdef HAVE_EX_DATA_CRYPTO typedef struct CRYPTO_EX_cb_ctx { long ctx_l; void *ctx_ptr; @@ -7026,6 +7072,7 @@ typedef struct CRYPTO_EX_cb_ctx { WOLFSSL_CRYPTO_EX_dup* dup_func; struct CRYPTO_EX_cb_ctx* next; } CRYPTO_EX_cb_ctx; + /* use wolfSSL_API visibility to be able to clear in tests/api.c */ WOLFSSL_API extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session; WOLFSSL_API void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx); @@ -7038,19 +7085,19 @@ WOLFSSL_LOCAL int crypto_ex_cb_dup_data(const WOLFSSL_CRYPTO_EX_DATA *in, WOLFSSL_LOCAL int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, WOLFSSL_CRYPTO_EX_free* free_func); -#endif +#endif /* HAVE_EX_DATA_CRYPTO */ WOLFSSL_LOCAL WC_RNG* wolfssl_get_global_rng(void); WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void); #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) -WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, +WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz); #endif #endif -#if !defined(NO_RSA) +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) WOLFSSL_LOCAL int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, void* heap); #endif @@ -7116,11 +7163,13 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, int addHdr); #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz); WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, word32* keySz); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/openssl/aes.h b/src/wolfssl/openssl/aes.h index 2991ff0..25110c8 100644 --- a/src/wolfssl/openssl/aes.h +++ b/src/wolfssl/openssl/aes.h @@ -53,27 +53,37 @@ typedef struct WOLFSSL_AES_KEY { ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1]; } WOLFSSL_AES_KEY; -typedef WOLFSSL_AES_KEY AES_KEY; WOLFSSL_API int wolfSSL_AES_set_encrypt_key( - const unsigned char *key, const int bits, AES_KEY *aes); + const unsigned char *key, const int bits, WOLFSSL_AES_KEY *aes); WOLFSSL_API int wolfSSL_AES_set_decrypt_key( - const unsigned char *key, const int bits, AES_KEY *aes); + const unsigned char *key, const int bits, WOLFSSL_AES_KEY *aes); WOLFSSL_API void wolfSSL_AES_cbc_encrypt( - const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, + const unsigned char *in, unsigned char* out, size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, const int enc); WOLFSSL_API void wolfSSL_AES_ecb_encrypt( - const unsigned char *in, unsigned char* out, AES_KEY *key, const int enc); + const unsigned char *in, unsigned char* out, WOLFSSL_AES_KEY *key, const int enc); WOLFSSL_API void wolfSSL_AES_cfb128_encrypt( - const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, + const unsigned char *in, unsigned char* out, size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc); WOLFSSL_API int wolfSSL_AES_wrap_key( - AES_KEY *key, const unsigned char *iv, unsigned char *out, + WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen); WOLFSSL_API int wolfSSL_AES_unwrap_key( - AES_KEY *key, const unsigned char *iv, unsigned char *out, + WOLFSSL_AES_KEY *key, const unsigned char *iv, unsigned char *out, const unsigned char *in, unsigned int inlen); +#ifdef WOLFSSL_AES_DIRECT +WOLFSSL_API void wolfSSL_AES_encrypt( + const unsigned char* input, unsigned char* output, WOLFSSL_AES_KEY *key); +WOLFSSL_API void wolfSSL_AES_decrypt( + const unsigned char* input, unsigned char* output, WOLFSSL_AES_KEY *key); +#endif /* WOLFSSL_AES_DIRECT */ + +#ifndef OPENSSL_COEXIST + +typedef WOLFSSL_AES_KEY AES_KEY; + #define AES_cbc_encrypt wolfSSL_AES_cbc_encrypt #define AES_ecb_encrypt wolfSSL_AES_ecb_encrypt #define AES_cfb128_encrypt wolfSSL_AES_cfb128_encrypt @@ -83,11 +93,6 @@ WOLFSSL_API int wolfSSL_AES_unwrap_key( #define AES_unwrap_key wolfSSL_AES_unwrap_key #ifdef WOLFSSL_AES_DIRECT -WOLFSSL_API void wolfSSL_AES_encrypt( - const unsigned char* input, unsigned char* output, AES_KEY *key); -WOLFSSL_API void wolfSSL_AES_decrypt( - const unsigned char* input, unsigned char* output, AES_KEY *key); - #define AES_encrypt wolfSSL_AES_encrypt #define AES_decrypt wolfSSL_AES_decrypt #endif /* WOLFSSL_AES_DIRECT */ @@ -99,6 +104,8 @@ WOLFSSL_API void wolfSSL_AES_decrypt( #define AES_DECRYPT AES_DECRYPTION #endif +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/asn1.h b/src/wolfssl/openssl/asn1.h index 5fbb726..5b4f25a 100644 --- a/src/wolfssl/openssl/asn1.h +++ b/src/wolfssl/openssl/asn1.h @@ -26,6 +26,8 @@ #include +#ifndef OPENSSL_COEXIST + #define ASN1_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_STRING_type_new wolfSSL_ASN1_STRING_type_new #define ASN1_STRING_type wolfSSL_ASN1_STRING_type @@ -37,33 +39,28 @@ #define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT #define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT -#define V_ASN1_INTEGER 0x02 -#define V_ASN1_NEG 0x100 -#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) -#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +#define V_ASN1_INTEGER WOLFSSL_V_ASN1_INTEGER +#define V_ASN1_NEG WOLFSSL_V_ASN1_NEG +#define V_ASN1_NEG_INTEGER WOLFSSL_V_ASN1_NEG_INTEGER +#define V_ASN1_NEG_ENUMERATED WOLFSSL_V_ASN1_NEG_ENUMERATED /* Type for ASN1_print_ex */ -# define ASN1_STRFLGS_ESC_2253 1 -# define ASN1_STRFLGS_ESC_CTRL 2 -# define ASN1_STRFLGS_ESC_MSB 4 -# define ASN1_STRFLGS_ESC_QUOTE 8 -# define ASN1_STRFLGS_UTF8_CONVERT 0x10 -# define ASN1_STRFLGS_IGNORE_TYPE 0x20 -# define ASN1_STRFLGS_SHOW_TYPE 0x40 -# define ASN1_STRFLGS_DUMP_ALL 0x80 -# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 -# define ASN1_STRFLGS_DUMP_DER 0x200 -# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB | \ - ASN1_STRFLGS_UTF8_CONVERT | \ - ASN1_STRFLGS_DUMP_UNKNOWN | \ - ASN1_STRFLGS_DUMP_DER) - -#define MBSTRING_UTF8 0x1000 -#define MBSTRING_ASC 0x1001 -#define MBSTRING_BMP 0x1002 -#define MBSTRING_UNIV 0x1004 +#define ASN1_STRFLGS_ESC_2253 WOLFSSL_ASN1_STRFLGS_ESC_2253 +#define ASN1_STRFLGS_ESC_CTRL WOLFSSL_ASN1_STRFLGS_ESC_CTRL +#define ASN1_STRFLGS_ESC_MSB WOLFSSL_ASN1_STRFLGS_ESC_MSB +#define ASN1_STRFLGS_ESC_QUOTE WOLFSSL_ASN1_STRFLGS_ESC_QUOTE +#define ASN1_STRFLGS_UTF8_CONVERT WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT +#define ASN1_STRFLGS_IGNORE_TYPE WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE +#define ASN1_STRFLGS_SHOW_TYPE WOLFSSL_ASN1_STRFLGS_SHOW_TYPE +#define ASN1_STRFLGS_DUMP_ALL WOLFSSL_ASN1_STRFLGS_DUMP_ALL +#define ASN1_STRFLGS_DUMP_UNKNOWN WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN +#define ASN1_STRFLGS_DUMP_DER WOLFSSL_ASN1_STRFLGS_DUMP_DER +#define ASN1_STRFLGS_RFC2253 WOLFSSL_ASN1_STRFLGS_RFC2253 + +#define MBSTRING_UTF8 WOLFSSL_MBSTRING_UTF8 +#define MBSTRING_ASC WOLFSSL_MBSTRING_ASC +#define MBSTRING_BMP WOLFSSL_MBSTRING_BMP +#define MBSTRING_UNIV WOLFSSL_MBSTRING_UNIV #define ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print #define ASN1_TIME_check wolfSSL_ASN1_TIME_check @@ -71,42 +68,42 @@ #define ASN1_TIME_compare wolfSSL_ASN1_TIME_compare #define ASN1_TIME_set wolfSSL_ASN1_TIME_set -#define V_ASN1_EOC 0 -#define V_ASN1_BOOLEAN 1 -#define V_ASN1_OCTET_STRING 4 -#define V_ASN1_NULL 5 -#define V_ASN1_OBJECT 6 -#define V_ASN1_UTF8STRING 12 -#define V_ASN1_SEQUENCE 16 -#define V_ASN1_SET 17 -#define V_ASN1_PRINTABLESTRING 19 -#define V_ASN1_T61STRING 20 -#define V_ASN1_IA5STRING 22 -#define V_ASN1_UTCTIME 23 -#define V_ASN1_GENERALIZEDTIME 24 -#define V_ASN1_UNIVERSALSTRING 28 -#define V_ASN1_BMPSTRING 30 - - -#define V_ASN1_CONSTRUCTED 0x20 - -#define ASN1_STRING_FLAG_BITS_LEFT 0x008 -#define ASN1_STRING_FLAG_NDEF 0x010 -#define ASN1_STRING_FLAG_CONT 0x020 -#define ASN1_STRING_FLAG_MSTRING 0x040 -#define ASN1_STRING_FLAG_EMBED 0x080 +#define V_ASN1_EOC WOLFSSL_V_ASN1_EOC +#define V_ASN1_BOOLEAN WOLFSSL_V_ASN1_BOOLEAN +#define V_ASN1_OCTET_STRING WOLFSSL_V_ASN1_OCTET_STRING +#define V_ASN1_NULL WOLFSSL_V_ASN1_NULL +#define V_ASN1_OBJECT WOLFSSL_V_ASN1_OBJECT +#define V_ASN1_UTF8STRING WOLFSSL_V_ASN1_UTF8STRING +#define V_ASN1_SEQUENCE WOLFSSL_V_ASN1_SEQUENCE +#define V_ASN1_SET WOLFSSL_V_ASN1_SET +#define V_ASN1_PRINTABLESTRING WOLFSSL_V_ASN1_PRINTABLESTRING +#define V_ASN1_T61STRING WOLFSSL_V_ASN1_T61STRING +#define V_ASN1_IA5STRING WOLFSSL_V_ASN1_IA5STRING +#define V_ASN1_UTCTIME WOLFSSL_V_ASN1_UTCTIME +#define V_ASN1_GENERALIZEDTIME WOLFSSL_V_ASN1_GENERALIZEDTIME +#define V_ASN1_UNIVERSALSTRING WOLFSSL_V_ASN1_UNIVERSALSTRING +#define V_ASN1_BMPSTRING WOLFSSL_V_ASN1_BMPSTRING + +#define V_ASN1_CONSTRUCTED WOLFSSL_V_ASN1_CONSTRUCTED + +#define ASN1_STRING_FLAG_BITS_LEFT WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT +#define ASN1_STRING_FLAG_NDEF WOLFSSL_ASN1_STRING_FLAG_NDEF +#define ASN1_STRING_FLAG_CONT WOLFSSL_ASN1_STRING_FLAG_CONT +#define ASN1_STRING_FLAG_MSTRING WOLFSSL_ASN1_STRING_FLAG_MSTRING +#define ASN1_STRING_FLAG_EMBED WOLFSSL_ASN1_STRING_FLAG_EMBED /* X.509 PKI size limits from RFC2459 (appendix A) */ /* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */ -#define ub_name CTC_NAME_SIZE /* 32768 */ -#define ub_common_name CTC_NAME_SIZE /* 64 */ -#define ub_locality_name CTC_NAME_SIZE /* 128 */ -#define ub_state_name CTC_NAME_SIZE /* 128 */ -#define ub_organization_name CTC_NAME_SIZE /* 64 */ -#define ub_organization_unit_name CTC_NAME_SIZE /* 64 */ -#define ub_title CTC_NAME_SIZE /* 64 */ -#define ub_email_address CTC_NAME_SIZE /* 128 */ - +#define ub_name WOLFSSL_ub_name +#define ub_common_name WOLFSSL_ub_common_name +#define ub_locality_name WOLFSSL_ub_locality_name +#define ub_state_name WOLFSSL_ub_state_name +#define ub_organization_name WOLFSSL_ub_organization_name +#define ub_organization_unit_name WOLFSSL_ub_organization_unit_name +#define ub_title WOLFSSL_ub_title +#define ub_email_address WOLFSSL_ub_email_address + +#endif /* !OPENSSL_COEXIST */ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai); diff --git a/src/wolfssl/openssl/bio.h b/src/wolfssl/openssl/bio.h index 198ca4e..cf6571b 100644 --- a/src/wolfssl/openssl/bio.h +++ b/src/wolfssl/openssl/bio.h @@ -33,11 +33,57 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* helper to set specific retry/read flags */ +#define wolfSSL_BIO_set_retry_read(bio)\ + wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ) +#define wolfSSL_BIO_set_retry_write(bio)\ + wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE) + +/* BIO CTRL */ +#define WOLFSSL_BIO_CTRL_RESET 1 +#define WOLFSSL_BIO_CTRL_EOF 2 +#define WOLFSSL_BIO_CTRL_INFO 3 +#define WOLFSSL_BIO_CTRL_SET 4 +#define WOLFSSL_BIO_CTRL_GET 5 +#define WOLFSSL_BIO_CTRL_PUSH 6 +#define WOLFSSL_BIO_CTRL_POP 7 +#define WOLFSSL_BIO_CTRL_GET_CLOSE 8 +#define WOLFSSL_BIO_CTRL_SET_CLOSE 9 +#define WOLFSSL_BIO_CTRL_PENDING 10 +#define WOLFSSL_BIO_CTRL_FLUSH 11 +#define WOLFSSL_BIO_CTRL_DUP 12 +#define WOLFSSL_BIO_CTRL_WPENDING 13 + +#define WOLFSSL_BIO_C_SET_FILE_PTR 106 +#define WOLFSSL_BIO_C_GET_FILE_PTR 107 +#define WOLFSSL_BIO_C_SET_FILENAME 108 +#define WOLFSSL_BIO_C_SET_BUF_MEM 114 +#define WOLFSSL_BIO_C_GET_BUF_MEM_PTR 115 +#define WOLFSSL_BIO_C_FILE_SEEK 128 +#define WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN 130 +#define WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE 136 +#define WOLFSSL_BIO_C_MAKE_WOLFSSL_BIO_PAIR 138 + +#define WOLFSSL_BIO_CTRL_DGRAM_CONNECT 31 +#define WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED 32 +#define WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU 40 +#define WOLFSSL_BIO_CTRL_DGRAM_SET_PEER 44 + +#define WOLFSSL_BIO_FP_TEXT 0x00 +#define WOLFSSL_BIO_NOCLOSE 0x00 +#define WOLFSSL_BIO_CLOSE 0x01 + +#define WOLFSSL_BIO_FP_WRITE 0x04 + +#ifndef OPENSSL_COEXIST + #define BIO_FLAGS_BASE64_NO_NL WOLFSSL_BIO_FLAG_BASE64_NO_NL #define BIO_FLAGS_READ WOLFSSL_BIO_FLAG_READ #define BIO_FLAGS_WRITE WOLFSSL_BIO_FLAG_WRITE #define BIO_FLAGS_IO_SPECIAL WOLFSSL_BIO_FLAG_IO_SPECIAL #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY +/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */ +#define BIO_FLAGS_MEM_RDONLY WOLFSSL_BIO_FLAG_MEM_RDONLY #define BIO_new_fp wolfSSL_BIO_new_fp #if defined(OPENSSL_ALL) \ @@ -124,10 +170,8 @@ #define BIO_get_ex_data wolfSSL_BIO_get_ex_data /* helper to set specific retry/read flags */ -#define BIO_set_retry_read(bio)\ - wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ) -#define BIO_set_retry_write(bio)\ - wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_WRITE) +#define BIO_set_retry_read(bio) wolfSSL_BIO_set_retry_read(bio) +#define BIO_set_retry_write(bio) wolfSSL_BIO_set_retry_write(bio) #define BIO_clear_retry_flags wolfSSL_BIO_clear_retry_flags @@ -145,43 +189,42 @@ #define BIO_snprintf XSNPRINTF /* BIO CTRL */ -#define BIO_CTRL_RESET 1 -#define BIO_CTRL_EOF 2 -#define BIO_CTRL_INFO 3 -#define BIO_CTRL_SET 4 -#define BIO_CTRL_GET 5 -#define BIO_CTRL_PUSH 6 -#define BIO_CTRL_POP 7 -#define BIO_CTRL_GET_CLOSE 8 -#define BIO_CTRL_SET_CLOSE 9 -#define BIO_CTRL_PENDING 10 -#define BIO_CTRL_FLUSH 11 -#define BIO_CTRL_DUP 12 -#define BIO_CTRL_WPENDING 13 - -#define BIO_C_SET_FILE_PTR 106 -#define BIO_C_GET_FILE_PTR 107 -#define BIO_C_SET_FILENAME 108 -#define BIO_C_SET_BUF_MEM 114 -#define BIO_C_GET_BUF_MEM_PTR 115 -#define BIO_C_FILE_SEEK 128 -#define BIO_C_SET_BUF_MEM_EOF_RETURN 130 -#define BIO_C_SET_WRITE_BUF_SIZE 136 -#define BIO_C_MAKE_BIO_PAIR 138 - -#define BIO_CTRL_DGRAM_CONNECT 31 -#define BIO_CTRL_DGRAM_SET_CONNECTED 32 -#define BIO_CTRL_DGRAM_QUERY_MTU 40 -#define BIO_CTRL_DGRAM_SET_PEER 44 - -#define BIO_FP_TEXT 0x00 -#define BIO_NOCLOSE 0x00 -#define BIO_CLOSE 0x01 - -#define BIO_FP_WRITE 0x04 - -/* You shouldn't free up or change the data if BIO_FLAGS_MEM_RDONLY is set */ -#define BIO_FLAGS_MEM_RDONLY 0x200 +#define BIO_CTRL_RESET WOLFSSL_BIO_CTRL_RESET +#define BIO_CTRL_EOF WOLFSSL_BIO_CTRL_EOF +#define BIO_CTRL_INFO WOLFSSL_BIO_CTRL_INFO +#define BIO_CTRL_SET WOLFSSL_BIO_CTRL_SET +#define BIO_CTRL_GET WOLFSSL_BIO_CTRL_GET +#define BIO_CTRL_PUSH WOLFSSL_BIO_CTRL_PUSH +#define BIO_CTRL_POP WOLFSSL_BIO_CTRL_POP +#define BIO_CTRL_GET_CLOSE WOLFSSL_BIO_CTRL_GET_CLOSE +#define BIO_CTRL_SET_CLOSE WOLFSSL_BIO_CTRL_SET_CLOSE +#define BIO_CTRL_PENDING WOLFSSL_BIO_CTRL_PENDING +#define BIO_CTRL_FLUSH WOLFSSL_BIO_CTRL_FLUSH +#define BIO_CTRL_DUP WOLFSSL_BIO_CTRL_DUP +#define BIO_CTRL_WPENDING WOLFSSL_BIO_CTRL_WPENDING + +#define BIO_C_SET_FILE_PTR WOLFSSL_BIO_C_SET_FILE_PTR +#define BIO_C_GET_FILE_PTR WOLFSSL_BIO_C_GET_FILE_PTR +#define BIO_C_SET_FILENAME WOLFSSL_BIO_C_SET_FILENAME +#define BIO_C_SET_BUF_MEM WOLFSSL_BIO_C_SET_BUF_MEM +#define BIO_C_GET_BUF_MEM_PTR WOLFSSL_BIO_C_GET_BUF_MEM_PTR +#define BIO_C_FILE_SEEK WOLFSSL_BIO_C_FILE_SEEK +#define BIO_C_SET_BUF_MEM_EOF_RETURN WOLFSSL_BIO_C_SET_BUF_MEM_EOF_RETURN +#define BIO_C_SET_WRITE_BUF_SIZE WOLFSSL_BIO_C_SET_WRITE_BUF_SIZE +#define BIO_C_MAKE_BIO_PAIR WOLFSSL_BIO_C_MAKE_BIO_PAIR + +#define BIO_CTRL_DGRAM_CONNECT WOLFSSL_BIO_CTRL_DGRAM_CONNECT +#define BIO_CTRL_DGRAM_SET_CONNECTED WOLFSSL_BIO_CTRL_DGRAM_SET_CONNECTED +#define BIO_CTRL_DGRAM_QUERY_MTU WOLFSSL_BIO_CTRL_DGRAM_QUERY_MTU +#define BIO_CTRL_DGRAM_SET_PEER WOLFSSL_BIO_CTRL_DGRAM_SET_PEER + +#define BIO_FP_TEXT WOLFSSL_BIO_FP_TEXT +#define BIO_NOCLOSE WOLFSSL_BIO_NOCLOSE +#define BIO_CLOSE WOLFSSL_BIO_CLOSE + +#define BIO_FP_WRITE WOLFSSL_BIO_FP_WRITE + +#endif /* !OPENSSL_COEXIST */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ diff --git a/src/wolfssl/openssl/bn.h b/src/wolfssl/openssl/bn.h index a3afd61..ed8ae43 100644 --- a/src/wolfssl/openssl/bn.h +++ b/src/wolfssl/openssl/bn.h @@ -185,7 +185,7 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse( WOLFSSL_BN_CTX *ctx); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #define BN_RAND_TOP_ANY WOLFSSL_BN_RAND_TOP_ANY #define BN_RAND_TOP_ONE WOLFSSL_BN_RAND_TOP_ONE @@ -290,7 +290,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_prime_checks 0 -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #ifdef __cplusplus diff --git a/src/wolfssl/openssl/buffer.h b/src/wolfssl/openssl/buffer.h index c9f2790..c4195cf 100644 --- a/src/wolfssl/openssl/buffer.h +++ b/src/wolfssl/openssl/buffer.h @@ -38,6 +38,7 @@ WOLFSSL_API int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len, WOLFSSL_API int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len); WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf); +#ifndef OPENSSL_COEXIST #define BUF_MEM_new wolfSSL_BUF_MEM_new #define BUF_MEM_grow wolfSSL_BUF_MEM_grow @@ -47,6 +48,8 @@ WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf); #define BUF_strlcpy wc_strlcpy #define BUF_strlcat wc_strlcat +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/cmac.h b/src/wolfssl/openssl/cmac.h index dd08497..120fd1d 100644 --- a/src/wolfssl/openssl/cmac.h +++ b/src/wolfssl/openssl/cmac.h @@ -34,8 +34,6 @@ typedef struct WOLFSSL_CMAC_CTX { WOLFSSL_EVP_CIPHER_CTX* cctx; } WOLFSSL_CMAC_CTX; -typedef WOLFSSL_CMAC_CTX CMAC_CTX; - WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void); WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx); WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx( @@ -48,6 +46,10 @@ WOLFSSL_API int wolfSSL_CMAC_Update( WOLFSSL_API int wolfSSL_CMAC_Final( WOLFSSL_CMAC_CTX* ctx, unsigned char* out, size_t* len); +#ifndef OPENSSL_COEXIST + +typedef WOLFSSL_CMAC_CTX CMAC_CTX; + #define CMAC_CTX_new wolfSSL_CMAC_CTX_new #define CMAC_CTX_free wolfSSL_CMAC_CTX_free #define CMAC_CTX_get0_cipher_ctx wolfSSL_CMAC_CTX_get0_cipher_ctx @@ -55,6 +57,8 @@ WOLFSSL_API int wolfSSL_CMAC_Final( #define CMAC_Update wolfSSL_CMAC_Update #define CMAC_Final wolfSSL_CMAC_Final +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/compat_types.h b/src/wolfssl/openssl/compat_types.h index 61cc80a..00bfde1 100644 --- a/src/wolfssl/openssl/compat_types.h +++ b/src/wolfssl/openssl/compat_types.h @@ -52,7 +52,7 @@ typedef struct WOLFSSL_ASN1_PCTX WOLFSSL_ASN1_PCTX; typedef struct WOLFSSL_BIO WOLFSSL_BIO; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) typedef WOLFSSL_EVP_MD EVP_MD; typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; typedef WOLFSSL_EVP_CIPHER EVP_CIPHER; @@ -63,7 +63,7 @@ typedef WOLFSSL_EVP_PKEY PKCS8_PRIV_KEY_INFO; typedef WOLFSSL_ENGINE ENGINE; typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ typedef unsigned long (*wolf_sk_hash_cb) (const void *v); diff --git a/src/wolfssl/openssl/conf.h b/src/wolfssl/openssl/conf.h index 4e9115f..411a3e0 100644 --- a/src/wolfssl/openssl/conf.h +++ b/src/wolfssl/openssl/conf.h @@ -45,8 +45,10 @@ typedef struct WOLFSSL_CONF { WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data; } WOLFSSL_CONF; +#ifndef OPENSSL_COEXIST typedef WOLFSSL_CONF CONF; typedef WOLFSSL_CONF_VALUE CONF_VALUE; +#endif #ifdef OPENSSL_EXTRA @@ -58,7 +60,7 @@ WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val); WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth); WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf, const char *group, const char *name); -WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group, +WOLFSSL_API int wolfSSL_NCONF_get_number(const WOLFSSL_CONF *conf, const char *group, const char *name, long *result); WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section( const WOLFSSL_CONF *conf, const char *section); @@ -80,6 +82,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf_nid(WOLFSSL_CONF* c WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, const char *sName, const char *value); +#ifndef OPENSSL_COEXIST #define sk_CONF_VALUE_new wolfSSL_sk_CONF_VALUE_new #define sk_CONF_VALUE_free wolfSSL_sk_CONF_VALUE_free #define sk_CONF_VALUE_pop_free(a,b) wolfSSL_sk_CONF_VALUE_free(a) @@ -103,6 +106,7 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_nconf(WOLFSSL_CONF *conf, #define X509V3_EXT_nconf_nid wolfSSL_X509V3_EXT_nconf_nid #define X509V3_EXT_nconf wolfSSL_X509V3_EXT_nconf #define X509V3_conf_free wolfSSL_X509V3_conf_free +#endif /* !OPENSSL_COEXIST */ #endif /* OPENSSL_EXTRA */ diff --git a/src/wolfssl/openssl/crypto.h b/src/wolfssl/openssl/crypto.h index e436e93..33a279a 100644 --- a/src/wolfssl/openssl/crypto.h +++ b/src/wolfssl/openssl/crypto.h @@ -29,14 +29,20 @@ typedef struct WOLFSSL_INIT_SETTINGS { char* appname; } WOLFSSL_INIT_SETTINGS; -typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; +#ifndef OPENSSL_COEXIST +#define OPENSSL_INIT_SETTINGS WOLFSSL_INIT_SETTINGS +#endif typedef struct WOLFSSL_CRYPTO_THREADID { int dummy; } WOLFSSL_CRYPTO_THREADID; +#ifndef OPENSSL_COEXIST typedef struct crypto_threadid_st CRYPTO_THREADID; +#endif +#ifndef OPENSSL_COEXIST typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +#endif #ifdef HAVE_EX_DATA typedef WOLFSSL_CRYPTO_EX_new CRYPTO_new_func; @@ -68,10 +74,13 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); WOLFSSL_API int wolfSSL_OPENSSL_hexchar2int(unsigned char c); WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len); -WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings); +WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const WOLFSSL_INIT_SETTINGS *settings); #endif /* class index for wolfSSL_CRYPTO_get_ex_new_index */ + +#ifndef OPENSSL_COEXIST + #define CRYPTO_EX_INDEX_SSL WOLF_CRYPTO_EX_INDEX_SSL #define CRYPTO_EX_INDEX_SSL_CTX WOLF_CRYPTO_EX_INDEX_SSL_CTX #define CRYPTO_EX_INDEX_SSL_SESSION WOLF_CRYPTO_EX_INDEX_SSL_SESSION @@ -153,6 +162,8 @@ WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETT #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */ +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/des.h b/src/wolfssl/openssl/des.h index 0f385a6..6db0df7 100644 --- a/src/wolfssl/openssl/des.h +++ b/src/wolfssl/openssl/des.h @@ -49,8 +49,8 @@ typedef unsigned int WOLFSSL_DES_LONG; enum { - DES_ENCRYPT = 1, - DES_DECRYPT = 0 + WC_DES_ENCRYPT = 1, + WC_DES_DECRYPT = 0 }; @@ -87,6 +87,13 @@ WOLFSSL_API void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_API int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes); +#ifndef OPENSSL_COEXIST + +enum { + DES_ENCRYPT = WC_DES_ENCRYPT, + DES_DECRYPT = WC_DES_DECRYPT +}; + typedef WOLFSSL_DES_cblock DES_cblock; typedef WOLFSSL_const_DES_cblock const_DES_cblock; typedef WOLFSSL_DES_key_schedule DES_key_schedule; @@ -106,6 +113,8 @@ typedef WOLFSSL_DES_LONG DES_LONG; #define DES_cbc_cksum wolfSSL_DES_cbc_cksum #define DES_check_key_parity wolfSSL_DES_check_key_parity +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/dh.h b/src/wolfssl/openssl/dh.h index 7ea0f62..60fe59f 100644 --- a/src/wolfssl/openssl/dh.h +++ b/src/wolfssl/openssl/dh.h @@ -79,7 +79,7 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) typedef WOLFSSL_DH DH; @@ -135,7 +135,7 @@ typedef WOLFSSL_DH DH; #define DH_GENERATOR_2 2 #define DH_GENERATOR_5 5 -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/openssl/dsa.h b/src/wolfssl/openssl/dsa.h index 6acb59e..1d24ceb 100644 --- a/src/wolfssl/openssl/dsa.h +++ b/src/wolfssl/openssl/dsa.h @@ -118,13 +118,15 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams( #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define WOLFSSL_DSA_LOAD_PRIVATE 1 +#define WOLFSSL_DSA_LOAD_PUBLIC 2 + +#ifndef OPENSSL_COEXIST + typedef WOLFSSL_DSA DSA; #define OPENSSL_DSA_MAX_MODULUS_BITS 3072 -#define WOLFSSL_DSA_LOAD_PRIVATE 1 -#define WOLFSSL_DSA_LOAD_PUBLIC 2 - #define DSA_new wolfSSL_DSA_new #define DSA_free wolfSSL_DSA_free #define DSA_print_fp wolfSSL_DSA_print_fp @@ -151,6 +153,8 @@ typedef WOLFSSL_DSA DSA; #define DSA_SIG WOLFSSL_DSA_SIG +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus diff --git a/src/wolfssl/openssl/ec.h b/src/wolfssl/openssl/ec.h index bd81894..4067cff 100644 --- a/src/wolfssl/openssl/ec.h +++ b/src/wolfssl/openssl/ec.h @@ -36,59 +36,114 @@ extern "C" { #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + /* Map OpenSSL NID value */ enum { - POINT_CONVERSION_COMPRESSED = 2, - POINT_CONVERSION_UNCOMPRESSED = 4, + WC_POINT_CONVERSION_COMPRESSED = 2, + WC_POINT_CONVERSION_UNCOMPRESSED = 4, #ifdef HAVE_ECC /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by calling NIDToEccEnum() in ssl.c */ - NID_X9_62_prime192v1 = 409, - NID_X9_62_prime192v2 = 410, - NID_X9_62_prime192v3 = 411, - NID_X9_62_prime239v1 = 412, - NID_X9_62_prime239v2 = 413, - NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */ - NID_X9_62_prime256v1 = 415, - NID_secp112r1 = 704, - NID_secp112r2 = 705, - NID_secp128r1 = 706, - NID_secp128r2 = 707, - NID_secp160r1 = 709, - NID_secp160r2 = 710, - NID_secp224r1 = 713, - NID_secp384r1 = 715, - NID_secp521r1 = 716, - NID_secp160k1 = 708, - NID_secp192k1 = 711, - NID_secp224k1 = 712, - NID_secp256k1 = 714, - NID_brainpoolP160r1 = 921, - NID_brainpoolP192r1 = 923, - NID_brainpoolP224r1 = 925, - NID_brainpoolP256r1 = 927, - NID_brainpoolP320r1 = 929, - NID_brainpoolP384r1 = 931, - NID_brainpoolP512r1 = 933, + WC_NID_X9_62_prime192v1 = 409, + WC_NID_X9_62_prime192v2 = 410, + WC_NID_X9_62_prime192v3 = 411, + WC_NID_X9_62_prime239v1 = 412, + WC_NID_X9_62_prime239v2 = 413, + WC_NID_X9_62_prime239v3 = 418, /* Previous value conflicted with AES128CBCb */ + WC_NID_X9_62_prime256v1 = 415, + WC_NID_secp112r1 = 704, + WC_NID_secp112r2 = 705, + WC_NID_secp128r1 = 706, + WC_NID_secp128r2 = 707, + WC_NID_secp160r1 = 709, + WC_NID_secp160r2 = 710, + WC_NID_secp224r1 = 713, + WC_NID_secp384r1 = 715, + WC_NID_secp521r1 = 716, + WC_NID_secp160k1 = 708, + WC_NID_secp192k1 = 711, + WC_NID_secp224k1 = 712, + WC_NID_secp256k1 = 714, + WC_NID_brainpoolP160r1 = 921, + WC_NID_brainpoolP192r1 = 923, + WC_NID_brainpoolP224r1 = 925, + WC_NID_brainpoolP256r1 = 927, + WC_NID_brainpoolP320r1 = 929, + WC_NID_brainpoolP384r1 = 931, + WC_NID_brainpoolP512r1 = 933, #endif #ifdef HAVE_ED448 - NID_ED448 = ED448k, + WC_NID_ED448 = ED448k, #endif #ifdef HAVE_CURVE448 - NID_X448 = X448k, + WC_NID_X448 = X448k, #endif #ifdef HAVE_ED25519 - NID_ED25519 = ED25519k, + WC_NID_ED25519 = ED25519k, #endif #ifdef HAVE_CURVE25519 - NID_X25519 = X25519k, + WC_NID_X25519 = X25519k, #endif - OPENSSL_EC_EXPLICIT_CURVE = 0x000, - OPENSSL_EC_NAMED_CURVE = 0x001, + WOLFSSL_EC_EXPLICIT_CURVE = 0x000, + WOLFSSL_EC_NAMED_CURVE = 0x001 }; + +#ifndef OPENSSL_COEXIST + +#define POINT_CONVERSION_COMPRESSED WC_POINT_CONVERSION_COMPRESSED +#define POINT_CONVERSION_UNCOMPRESSED WC_POINT_CONVERSION_UNCOMPRESSED + +#ifdef HAVE_ECC +#define NID_X9_62_prime192v1 WC_NID_X9_62_prime192v1 +#define NID_X9_62_prime192v2 WC_NID_X9_62_prime192v2 +#define NID_X9_62_prime192v3 WC_NID_X9_62_prime192v3 +#define NID_X9_62_prime239v1 WC_NID_X9_62_prime239v1 +#define NID_X9_62_prime239v2 WC_NID_X9_62_prime239v2 +#define NID_X9_62_prime239v3 WC_NID_X9_62_prime239v3 +#define NID_X9_62_prime256v1 WC_NID_X9_62_prime256v1 +#define NID_secp112r1 WC_NID_secp112r1 +#define NID_secp112r2 WC_NID_secp112r2 +#define NID_secp128r1 WC_NID_secp128r1 +#define NID_secp128r2 WC_NID_secp128r2 +#define NID_secp160r1 WC_NID_secp160r1 +#define NID_secp160r2 WC_NID_secp160r2 +#define NID_secp224r1 WC_NID_secp224r1 +#define NID_secp384r1 WC_NID_secp384r1 +#define NID_secp521r1 WC_NID_secp521r1 +#define NID_secp160k1 WC_NID_secp160k1 +#define NID_secp192k1 WC_NID_secp192k1 +#define NID_secp224k1 WC_NID_secp224k1 +#define NID_secp256k1 WC_NID_secp256k1 +#define NID_brainpoolP160r1 WC_NID_brainpoolP160r1 +#define NID_brainpoolP192r1 WC_NID_brainpoolP192r1 +#define NID_brainpoolP224r1 WC_NID_brainpoolP224r1 +#define NID_brainpoolP256r1 WC_NID_brainpoolP256r1 +#define NID_brainpoolP320r1 WC_NID_brainpoolP320r1 +#define NID_brainpoolP384r1 WC_NID_brainpoolP384r1 +#define NID_brainpoolP512r1 WC_NID_brainpoolP512r1 +#endif + +#ifdef HAVE_ED448 +#define NID_ED448 WC_NID_ED448 +#endif +#ifdef HAVE_CURVE448 +#define NID_X448 WC_NID_X448 +#endif +#ifdef HAVE_ED25519 +#define NID_ED25519 WC_NID_ED25519 +#endif +#ifdef HAVE_CURVE25519 +#define NID_X25519 WC_NID_X25519 +#endif + +#define OPENSSL_EC_EXPLICIT_CURVE WOLFSSL_EC_EXPLICIT_CURVE +#define OPENSSL_EC_NAMED_CURVE WOLFSSL_EC_NAMED_CURVE + +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifndef WOLFSSL_EC_TYPE_DEFINED /* guard on redeclaration */ @@ -130,8 +185,8 @@ struct WOLFSSL_EC_KEY { word16 pkcs8HeaderSz; /* option bits */ - byte inSet:1; /* internal set from external ? */ - byte exSet:1; /* external set from internal ? */ + WC_BITFIELD inSet:1; /* internal set from external ? */ + WC_BITFIELD exSet:1; /* external set from internal ? */ wolfSSL_Ref ref; /* Reference count information. */ }; @@ -144,7 +199,10 @@ struct WOLFSSL_EC_BUILTIN_CURVE { #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 #define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 -typedef int point_conversion_form_t; +typedef int wc_point_conversion_form_t; +#ifndef OPENSSL_COEXIST +#define point_conversion_form_t wc_point_conversion_form_t +#endif typedef struct WOLFSSL_EC_KEY_METHOD { /* Not implemented */ @@ -189,7 +247,7 @@ int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *in, unsigned char **out); WOLFSSL_API void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, int form); WOLFSSL_API -point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key); +wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p, @@ -347,7 +405,7 @@ WOLFSSL_API const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method( WOLFSSL_API int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_KEY_METHOD *meth); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) typedef WOLFSSL_EC_KEY EC_KEY; typedef WOLFSSL_EC_GROUP EC_GROUP; @@ -393,7 +451,11 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits #define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of #ifndef NO_WOLFSSL_STUB -#define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING +#ifdef WOLF_NO_VARIADIC_MACROS + #define EC_GROUP_set_point_conversion_form() WC_DO_NOTHING +#else + #define EC_GROUP_set_point_conversion_form(...) WC_DO_NOTHING +#endif #endif #define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type @@ -451,7 +513,7 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_KEY_get_method wolfSSL_EC_KEY_get_method #define EC_KEY_set_method wolfSSL_EC_KEY_set_method -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/openssl/ecdsa.h b/src/wolfssl/openssl/ecdsa.h index 704f56d..f9ba1ec 100644 --- a/src/wolfssl/openssl/ecdsa.h +++ b/src/wolfssl/openssl/ecdsa.h @@ -37,7 +37,9 @@ typedef struct WOLFSSL_ECDSA_SIG WOLFSSL_ECDSA_SIG; #define WOLFSSL_ECDSA_TYPE_DEFINED #endif +#ifndef OPENSSL_COEXIST typedef WOLFSSL_ECDSA_SIG ECDSA_SIG; +#endif struct WOLFSSL_ECDSA_SIG { WOLFSSL_BIGNUM *r; @@ -64,6 +66,8 @@ WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig, WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp); +#ifndef OPENSSL_COEXIST + #define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free #define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new #define ECDSA_SIG_get0 wolfSSL_ECDSA_SIG_get0 @@ -73,6 +77,8 @@ WOLFSSL_API int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, #define d2i_ECDSA_SIG wolfSSL_d2i_ECDSA_SIG #define i2d_ECDSA_SIG wolfSSL_i2d_ECDSA_SIG +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/err.h b/src/wolfssl/openssl/err.h index 2af6407..708498a 100644 --- a/src/wolfssl/openssl/err.h +++ b/src/wolfssl/openssl/err.h @@ -25,6 +25,26 @@ #include #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +#define wolfSSL_RSAerr(f,r) wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__) +#define wolfSSL_SSLerr(f,r) wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__) +#define wolfSSL_ECerr(f,r) wolfSSL_ERR_put_error(0,(f),(r),__FILE__,__LINE__) + +#define WOLFSSL_ERR_TXT_MALLOCED 1 + +/* SSL function codes */ +#define WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23 0 +#define WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 1 +#define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2 +#define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY 3 +#define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT 4 + +/* reasons */ +#define WOLFSSL_ERR_R_SYS_LIB 1 +#define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE 2 + +#ifndef OPENSSL_COEXIST + /* err.h for openssl */ #define ERR_load_ERR_strings wolfSSL_ERR_load_ERR_strings #define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings @@ -40,24 +60,25 @@ #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE WC_KEY_SIZE_E #define EC_R_BUFFER_TOO_SMALL BUFFER_E -#define ERR_TXT_MALLOCED 1 +#define ERR_TXT_MALLOCED WOLFSSL_ERR_TXT_MALLOCED /* SSL function codes */ -#define RSA_F_RSA_PADDING_ADD_SSLV23 0 -#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 1 -#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2 -#define SSL_F_SSL_USE_PRIVATEKEY 3 -#define EC_F_EC_GFP_SIMPLE_POINT2OCT 4 +#define RSA_F_RSA_PADDING_ADD_SSLV23 WOLFSSL_RSA_F_RSA_PADDING_ADD_SSLV23 +#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT WOLFSSL_RSA_F_RSA_OSSL_PRIVATE_ENCRYPT +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE +#define SSL_F_SSL_USE_PRIVATEKEY WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY +#define EC_F_EC_GFP_SIMPLE_POINT2OCT WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT /* reasons */ -#define ERR_R_SYS_LIB 1 -#define PKCS12_R_MAC_VERIFY_FAILURE 2 +#define ERR_R_SYS_LIB WOLFSSL_ERR_R_SYS_LIB +#define PKCS12_R_MAC_VERIFY_FAILURE WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE -#define RSAerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) -#define SSLerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) -#define ECerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__) +#define RSAerr(f,r) wolfSSL_RSAerr(f,r) +#define SSLerr(f,r) wolfSSL_SSLerr(f,r) +#define ECerr(f,r) wolfSSL_ECerr(f,r) + +#endif /* !OPENSSL_COEXIST */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* WOLFSSL_OPENSSL_ERR_ */ - diff --git a/src/wolfssl/openssl/evp.h b/src/wolfssl/openssl/evp.h index fbfea20..02b5c8b 100644 --- a/src/wolfssl/openssl/evp.h +++ b/src/wolfssl/openssl/evp.h @@ -270,205 +270,413 @@ typedef union { #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#define NID_aes_128_cbc 419 -#define NID_aes_192_cbc 423 -#define NID_aes_256_cbc 427 -#define NID_aes_128_ccm 896 -#define NID_aes_192_ccm 899 -#define NID_aes_256_ccm 902 -#define NID_aes_128_gcm 895 -#define NID_aes_192_gcm 898 -#define NID_aes_256_gcm 901 -#define NID_aes_128_ctr 904 -#define NID_aes_192_ctr 905 -#define NID_aes_256_ctr 906 -#define NID_aes_128_ecb 418 -#define NID_aes_192_ecb 422 -#define NID_aes_256_ecb 426 -#define NID_des_cbc 31 -#define NID_des_ecb 29 -#define NID_des_ede3_cbc 44 -#define NID_des_ede3_ecb 33 -#define NID_aes_128_cfb1 650 -#define NID_aes_192_cfb1 651 -#define NID_aes_256_cfb1 652 -#define NID_aes_128_cfb8 653 -#define NID_aes_192_cfb8 654 -#define NID_aes_256_cfb8 655 -#define NID_aes_128_cfb128 421 -#define NID_aes_192_cfb128 425 -#define NID_aes_256_cfb128 429 -#define NID_aes_128_ofb 420 -#define NID_aes_192_ofb 424 -#define NID_aes_256_ofb 428 -#define NID_aes_128_xts 913 -#define NID_aes_256_xts 914 -#define NID_camellia_128_cbc 751 -#define NID_camellia_256_cbc 753 -#define NID_chacha20_poly1305 1018 -#define NID_chacha20 1019 -#define NID_sm4_ecb 1133 -#define NID_sm4_cbc 1134 -#define NID_sm4_ctr 1139 -#define NID_sm4_gcm 1248 -#define NID_sm4_ccm 1249 -#define NID_md5WithRSA 104 -#define NID_md2WithRSAEncryption 9 -#define NID_md5WithRSAEncryption 99 -#define NID_dsaWithSHA1 113 -#define NID_dsaWithSHA1_2 70 -#define NID_sha1WithRSA 115 -#define NID_sha1WithRSAEncryption 65 -#define NID_sha224WithRSAEncryption 671 -#define NID_sha256WithRSAEncryption 668 -#define NID_sha384WithRSAEncryption 669 -#define NID_sha512WithRSAEncryption 670 -#define NID_RSA_SHA3_224 1116 -#define NID_RSA_SHA3_256 1117 -#define NID_RSA_SHA3_384 1118 -#define NID_RSA_SHA3_512 1119 -#define NID_rsassaPss 912 -#define NID_ecdsa_with_SHA1 416 -#define NID_ecdsa_with_SHA224 793 -#define NID_ecdsa_with_SHA256 794 -#define NID_ecdsa_with_SHA384 795 -#define NID_ecdsa_with_SHA512 796 -#define NID_ecdsa_with_SHA3_224 1112 -#define NID_ecdsa_with_SHA3_256 1113 -#define NID_ecdsa_with_SHA3_384 1114 -#define NID_ecdsa_with_SHA3_512 1115 -#define NID_dsa_with_SHA224 802 -#define NID_dsa_with_SHA256 803 -#define NID_sha3_224 1096 -#define NID_sha3_256 1097 -#define NID_sha3_384 1098 -#define NID_sha3_512 1099 -#define NID_blake2b512 1056 -#define NID_blake2s256 1057 -#define NID_shake128 1100 -#define NID_shake256 1101 -#define NID_sha1 64 -#define NID_sha224 675 -#define NID_sm3 1143 -#define NID_md2 77 -#define NID_md4 257 -#define NID_md5 40 -#define NID_hmac 855 -#define NID_hmacWithSHA1 163 -#define NID_hmacWithSHA224 798 -#define NID_hmacWithSHA256 799 -#define NID_hmacWithSHA384 800 -#define NID_hmacWithSHA512 801 -#define NID_hkdf 1036 -#define NID_cmac 894 -#define NID_dhKeyAgreement 28 -#define NID_ffdhe2048 1126 -#define NID_ffdhe3072 1127 -#define NID_ffdhe4096 1128 -#define NID_rc4 5 -#define NID_bf_cbc 91 -#define NID_bf_ecb 92 -#define NID_bf_cfb64 93 -#define NID_bf_ofb64 94 -#define NID_cast5_cbc 108 -#define NID_cast5_ecb 109 -#define NID_cast5_cfb64 110 -#define NID_cast5_ofb64 111 +/* note, this WC_NID_undef definition duplicates the definition in + * wolfcrypt/asn.h, which is gated out when -DNO_ASN. + */ +#define WC_NID_undef 0 + +#define WC_NID_aes_128_cbc 419 +#define WC_NID_aes_192_cbc 423 +#define WC_NID_aes_256_cbc 427 +#define WC_NID_aes_128_ccm 896 +#define WC_NID_aes_192_ccm 899 +#define WC_NID_aes_256_ccm 902 +#define WC_NID_aes_128_gcm 895 +#define WC_NID_aes_192_gcm 898 +#define WC_NID_aes_256_gcm 901 +#define WC_NID_aes_128_ctr 904 +#define WC_NID_aes_192_ctr 905 +#define WC_NID_aes_256_ctr 906 +#define WC_NID_aes_128_ecb 418 +#define WC_NID_aes_192_ecb 422 +#define WC_NID_aes_256_ecb 426 +#define WC_NID_des_cbc 31 +#define WC_NID_des_ecb 29 +#define WC_NID_des_ede3_cbc 44 +#define WC_NID_des_ede3_ecb 33 +#define WC_NID_aes_128_cfb1 650 +#define WC_NID_aes_192_cfb1 651 +#define WC_NID_aes_256_cfb1 652 +#define WC_NID_aes_128_cfb8 653 +#define WC_NID_aes_192_cfb8 654 +#define WC_NID_aes_256_cfb8 655 +#define WC_NID_aes_128_cfb128 421 +#define WC_NID_aes_192_cfb128 425 +#define WC_NID_aes_256_cfb128 429 +#define WC_NID_aes_128_ofb 420 +#define WC_NID_aes_192_ofb 424 +#define WC_NID_aes_256_ofb 428 +#define WC_NID_aes_128_xts 913 +#define WC_NID_aes_256_xts 914 +#define WC_NID_camellia_128_cbc 751 +#define WC_NID_camellia_256_cbc 753 +#define WC_NID_chacha20_poly1305 1018 +#define WC_NID_chacha20 1019 +#define WC_NID_sm4_ecb 1133 +#define WC_NID_sm4_cbc 1134 +#define WC_NID_sm4_ctr 1139 +#define WC_NID_sm4_gcm 1248 +#define WC_NID_sm4_ccm 1249 +#define WC_NID_md5WithRSA 104 +#define WC_NID_md2WithRSAEncryption 9 +#define WC_NID_md5WithRSAEncryption 99 +#define WC_NID_dsaWithSHA1 113 +#define WC_NID_dsaWithSHA1_2 70 +#define WC_NID_sha1WithRSA 115 +#define WC_NID_sha1WithRSAEncryption 65 +#define WC_NID_sha224WithRSAEncryption 671 +#define WC_NID_sha256WithRSAEncryption 668 +#define WC_NID_sha384WithRSAEncryption 669 +#define WC_NID_sha512WithRSAEncryption 670 +#define WC_NID_RSA_SHA3_224 1116 +#define WC_NID_RSA_SHA3_256 1117 +#define WC_NID_RSA_SHA3_384 1118 +#define WC_NID_RSA_SHA3_512 1119 +#define WC_NID_rsassaPss 912 +#define WC_NID_ecdsa_with_SHA1 416 +#define WC_NID_ecdsa_with_SHA224 793 +#define WC_NID_ecdsa_with_SHA256 794 +#define WC_NID_ecdsa_with_SHA384 795 +#define WC_NID_ecdsa_with_SHA512 796 +#define WC_NID_ecdsa_with_SHA3_224 1112 +#define WC_NID_ecdsa_with_SHA3_256 1113 +#define WC_NID_ecdsa_with_SHA3_384 1114 +#define WC_NID_ecdsa_with_SHA3_512 1115 +#define WC_NID_dsa_with_SHA224 802 +#define WC_NID_dsa_with_SHA256 803 +#define WC_NID_sha3_224 1096 +#define WC_NID_sha3_256 1097 +#define WC_NID_sha3_384 1098 +#define WC_NID_sha3_512 1099 +#define WC_NID_blake2b512 1056 +#define WC_NID_blake2s256 1057 +#define WC_NID_shake128 1100 +#define WC_NID_shake256 1101 +#define WC_NID_sha1 64 +#define WC_NID_sha224 675 +#define WC_NID_sm3 1143 +#define WC_NID_md2 77 +#define WC_NID_md4 257 +#define WC_NID_md5 40 +#define WC_NID_hmac 855 +#define WC_NID_hmacWithSHA1 163 +#define WC_NID_hmacWithSHA224 798 +#define WC_NID_hmacWithSHA256 799 +#define WC_NID_hmacWithSHA384 800 +#define WC_NID_hmacWithSHA512 801 +#define WC_NID_hkdf 1036 +#define WC_NID_cmac 894 +#define WC_NID_dhKeyAgreement 28 +#define WC_NID_ffdhe2048 1126 +#define WC_NID_ffdhe3072 1127 +#define WC_NID_ffdhe4096 1128 +#define WC_NID_rc4 5 +#define WC_NID_bf_cbc 91 +#define WC_NID_bf_ecb 92 +#define WC_NID_bf_cfb64 93 +#define WC_NID_bf_ofb64 94 +#define WC_NID_cast5_cbc 108 +#define WC_NID_cast5_ecb 109 +#define WC_NID_cast5_cfb64 110 +#define WC_NID_cast5_ofb64 111 /* key exchange */ -#define NID_kx_rsa 1037 -#define NID_kx_ecdhe 1038 -#define NID_kx_dhe 1039 -#define NID_kx_ecdhe_psk 1040 -#define NID_kx_dhe_psk 1041 -#define NID_kx_rsa_psk 1042 -#define NID_kx_psk 1043 -#define NID_kx_srp 1044 -#define NID_kx_gost 1045 -#define NID_kx_any 1063 +#define WC_NID_kx_rsa 1037 +#define WC_NID_kx_ecdhe 1038 +#define WC_NID_kx_dhe 1039 +#define WC_NID_kx_ecdhe_psk 1040 +#define WC_NID_kx_dhe_psk 1041 +#define WC_NID_kx_rsa_psk 1042 +#define WC_NID_kx_psk 1043 +#define WC_NID_kx_srp 1044 +#define WC_NID_kx_gost 1045 +#define WC_NID_kx_any 1063 /* server authentication */ -#define NID_auth_rsa 1046 -#define NID_auth_ecdsa 1047 -#define NID_auth_psk 1048 -#define NID_auth_dss 1049 -#define NID_auth_srp 1052 -#define NID_auth_null 1054 -#define NID_auth_any 1055 +#define WC_NID_auth_rsa 1046 +#define WC_NID_auth_ecdsa 1047 +#define WC_NID_auth_psk 1048 +#define WC_NID_auth_dss 1049 +#define WC_NID_auth_srp 1052 +#define WC_NID_auth_null 1054 +#define WC_NID_auth_any 1055 /* Curve */ -#define NID_aria_128_gcm 1123 -#define NID_aria_192_gcm 1124 -#define NID_aria_256_gcm 1125 -#define NID_sm2 1172 - -#define NID_X9_62_id_ecPublicKey EVP_PKEY_EC -#define NID_rsaEncryption EVP_PKEY_RSA -#define NID_rsa EVP_PKEY_RSA -#define NID_dsa EVP_PKEY_DSA +#define WC_NID_aria_128_gcm 1123 +#define WC_NID_aria_192_gcm 1124 +#define WC_NID_aria_256_gcm 1125 +#define WC_NID_sm2 1172 -#define EVP_PKEY_OP_SIGN (1 << 3) -#define EVP_PKEY_OP_VERIFY (1 << 5) -#define EVP_PKEY_OP_ENCRYPT (1 << 6) -#define EVP_PKEY_OP_DECRYPT (1 << 7) -#define EVP_PKEY_OP_DERIVE (1 << 8) - -#define EVP_PKEY_PRINT_INDENT_MAX 128 +#define WC_NID_X9_62_id_ecPublicKey WC_EVP_PKEY_EC +#define WC_NID_rsaEncryption WC_EVP_PKEY_RSA +#define WC_NID_rsa WC_EVP_PKEY_RSA +#define WC_NID_dsa WC_EVP_PKEY_DSA enum { - AES_128_CBC_TYPE = 1, - AES_192_CBC_TYPE = 2, - AES_256_CBC_TYPE = 3, - AES_128_CTR_TYPE = 4, - AES_192_CTR_TYPE = 5, - AES_256_CTR_TYPE = 6, - AES_128_ECB_TYPE = 7, - AES_192_ECB_TYPE = 8, - AES_256_ECB_TYPE = 9, - DES_CBC_TYPE = 10, - DES_ECB_TYPE = 11, - DES_EDE3_CBC_TYPE = 12, - DES_EDE3_ECB_TYPE = 13, - ARC4_TYPE = 14, - NULL_CIPHER_TYPE = 15, - EVP_PKEY_RSA = 16, - EVP_PKEY_DSA = 17, - EVP_PKEY_EC = 18, - AES_128_GCM_TYPE = 21, - AES_192_GCM_TYPE = 22, - AES_256_GCM_TYPE = 23, - EVP_PKEY_DH = NID_dhKeyAgreement, - EVP_PKEY_HMAC = NID_hmac, - EVP_PKEY_CMAC = NID_cmac, - EVP_PKEY_HKDF = NID_hkdf, - EVP_PKEY_FALCON = 300, /* Randomly picked value. */ - EVP_PKEY_DILITHIUM = 301, /* Randomly picked value. */ - AES_128_CFB1_TYPE = 24, - AES_192_CFB1_TYPE = 25, - AES_256_CFB1_TYPE = 26, - AES_128_CFB8_TYPE = 27, - AES_192_CFB8_TYPE = 28, - AES_256_CFB8_TYPE = 29, - AES_128_CFB128_TYPE = 30, - AES_192_CFB128_TYPE = 31, - AES_256_CFB128_TYPE = 32, - AES_128_OFB_TYPE = 33, - AES_192_OFB_TYPE = 34, - AES_256_OFB_TYPE = 35, - AES_128_XTS_TYPE = 36, - AES_256_XTS_TYPE = 37, - CHACHA20_POLY1305_TYPE = 38, - CHACHA20_TYPE = 39, - AES_128_CCM_TYPE = 40, - AES_192_CCM_TYPE = 41, - AES_256_CCM_TYPE = 42, - SM4_ECB_TYPE = 43, - SM4_CBC_TYPE = 44, - SM4_CTR_TYPE = 45, - SM4_GCM_TYPE = 46, - SM4_CCM_TYPE = 47, - ARIA_128_GCM_TYPE = 48, - ARIA_192_GCM_TYPE = 49, - ARIA_256_GCM_TYPE = 50 + WC_EVP_PKEY_NONE = WC_NID_undef, + WC_AES_128_CBC_TYPE = 1, + WC_AES_192_CBC_TYPE = 2, + WC_AES_256_CBC_TYPE = 3, + WC_AES_128_CTR_TYPE = 4, + WC_AES_192_CTR_TYPE = 5, + WC_AES_256_CTR_TYPE = 6, + WC_AES_128_ECB_TYPE = 7, + WC_AES_192_ECB_TYPE = 8, + WC_AES_256_ECB_TYPE = 9, + WC_DES_CBC_TYPE = 10, + WC_DES_ECB_TYPE = 11, + WC_DES_EDE3_CBC_TYPE = 12, + WC_DES_EDE3_ECB_TYPE = 13, + WC_ARC4_TYPE = 14, + WC_NULL_CIPHER_TYPE = 15, + WC_EVP_PKEY_RSA = 16, + WC_EVP_PKEY_DSA = 17, + WC_EVP_PKEY_EC = 18, + WC_AES_128_GCM_TYPE = 21, + WC_AES_192_GCM_TYPE = 22, + WC_AES_256_GCM_TYPE = 23, + WC_EVP_PKEY_DH = WC_NID_dhKeyAgreement, + WC_EVP_PKEY_HMAC = WC_NID_hmac, + WC_EVP_PKEY_CMAC = WC_NID_cmac, + WC_EVP_PKEY_HKDF = WC_NID_hkdf, + WC_EVP_PKEY_FALCON = 300, /* Randomly picked value. */ + WC_EVP_PKEY_DILITHIUM = 301, /* Randomly picked value. */ + WC_AES_128_CFB1_TYPE = 24, + WC_AES_192_CFB1_TYPE = 25, + WC_AES_256_CFB1_TYPE = 26, + WC_AES_128_CFB8_TYPE = 27, + WC_AES_192_CFB8_TYPE = 28, + WC_AES_256_CFB8_TYPE = 29, + WC_AES_128_CFB128_TYPE = 30, + WC_AES_192_CFB128_TYPE = 31, + WC_AES_256_CFB128_TYPE = 32, + WC_AES_128_OFB_TYPE = 33, + WC_AES_192_OFB_TYPE = 34, + WC_AES_256_OFB_TYPE = 35, + WC_AES_128_XTS_TYPE = 36, + WC_AES_256_XTS_TYPE = 37, + WC_CHACHA20_POLY1305_TYPE = 38, + WC_CHACHA20_TYPE = 39, + WC_AES_128_CCM_TYPE = 40, + WC_AES_192_CCM_TYPE = 41, + WC_AES_256_CCM_TYPE = 42, + WC_SM4_ECB_TYPE = 43, + WC_SM4_CBC_TYPE = 44, + WC_SM4_CTR_TYPE = 45, + WC_SM4_GCM_TYPE = 46, + WC_SM4_CCM_TYPE = 47, + WC_ARIA_128_GCM_TYPE = 48, + WC_ARIA_192_GCM_TYPE = 49, + WC_ARIA_256_GCM_TYPE = 50 }; +#define WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX 128 + +#define WC_EVP_PKEY_OP_SIGN (1 << 3) +#define WC_EVP_PKEY_OP_VERIFY (1 << 5) +#define WC_EVP_PKEY_OP_ENCRYPT (1 << 6) +#define WC_EVP_PKEY_OP_DECRYPT (1 << 7) +#define WC_EVP_PKEY_OP_DERIVE (1 << 8) + +#ifndef OPENSSL_COEXIST + +#define EVP_PKEY_NONE WC_EVP_PKEY_NONE +#define AES_128_CBC_TYPE WC_AES_128_CBC_TYPE +#define AES_192_CBC_TYPE WC_AES_192_CBC_TYPE +#define AES_256_CBC_TYPE WC_AES_256_CBC_TYPE +#define AES_128_CTR_TYPE WC_AES_128_CTR_TYPE +#define AES_192_CTR_TYPE WC_AES_192_CTR_TYPE +#define AES_256_CTR_TYPE WC_AES_256_CTR_TYPE +#define AES_128_ECB_TYPE WC_AES_128_ECB_TYPE +#define AES_192_ECB_TYPE WC_AES_192_ECB_TYPE +#define AES_256_ECB_TYPE WC_AES_256_ECB_TYPE +#define DES_CBC_TYPE WC_DES_CBC_TYPE +#define DES_ECB_TYPE WC_DES_ECB_TYPE +#define DES_EDE3_CBC_TYPE WC_DES_EDE3_CBC_TYPE +#define DES_EDE3_ECB_TYPE WC_DES_EDE3_ECB_TYPE +#define ARC4_TYPE WC_ARC4_TYPE +#define NULL_CIPHER_TYPE WC_NULL_CIPHER_TYPE +#define EVP_PKEY_RSA WC_EVP_PKEY_RSA +#define EVP_PKEY_DSA WC_EVP_PKEY_DSA +#define EVP_PKEY_EC WC_EVP_PKEY_EC +#define AES_128_GCM_TYPE WC_AES_128_GCM_TYPE +#define AES_192_GCM_TYPE WC_AES_192_GCM_TYPE +#define AES_256_GCM_TYPE WC_AES_256_GCM_TYPE +#define EVP_PKEY_DH WC_EVP_PKEY_DH +#define EVP_PKEY_HMAC WC_EVP_PKEY_HMAC +#define EVP_PKEY_CMAC WC_EVP_PKEY_CMAC +#define EVP_PKEY_HKDF WC_EVP_PKEY_HKDF +#define EVP_PKEY_FALCON WC_EVP_PKEY_FALCON +#define EVP_PKEY_DILITHIUM WC_EVP_PKEY_DILITHIUM +#define AES_128_CFB1_TYPE WC_AES_128_CFB1_TYPE +#define AES_192_CFB1_TYPE WC_AES_192_CFB1_TYPE +#define AES_256_CFB1_TYPE WC_AES_256_CFB1_TYPE +#define AES_128_CFB8_TYPE WC_AES_128_CFB8_TYPE +#define AES_192_CFB8_TYPE WC_AES_192_CFB8_TYPE +#define AES_256_CFB8_TYPE WC_AES_256_CFB8_TYPE +#define AES_128_CFB128_TYPE WC_AES_128_CFB128_TYPE +#define AES_192_CFB128_TYPE WC_AES_192_CFB128_TYPE +#define AES_256_CFB128_TYPE WC_AES_256_CFB128_TYPE +#define AES_128_OFB_TYPE WC_AES_128_OFB_TYPE +#define AES_192_OFB_TYPE WC_AES_192_OFB_TYPE +#define AES_256_OFB_TYPE WC_AES_256_OFB_TYPE +#define AES_128_XTS_TYPE WC_AES_128_XTS_TYPE +#define AES_256_XTS_TYPE WC_AES_256_XTS_TYPE +#define CHACHA20_POLY1305_TYPE WC_CHACHA20_POLY1305_TYPE +#define CHACHA20_TYPE WC_CHACHA20_TYPE +#define AES_128_CCM_TYPE WC_AES_128_CCM_TYPE +#define AES_192_CCM_TYPE WC_AES_192_CCM_TYPE +#define AES_256_CCM_TYPE WC_AES_256_CCM_TYPE +#define SM4_ECB_TYPE WC_SM4_ECB_TYPE +#define SM4_CBC_TYPE WC_SM4_CBC_TYPE +#define SM4_CTR_TYPE WC_SM4_CTR_TYPE +#define SM4_GCM_TYPE WC_SM4_GCM_TYPE +#define SM4_CCM_TYPE WC_SM4_CCM_TYPE +#define ARIA_128_GCM_TYPE WC_ARIA_128_GCM_TYPE +#define ARIA_192_GCM_TYPE WC_ARIA_192_GCM_TYPE +#define ARIA_256_GCM_TYPE WC_ARIA_256_GCM_TYPE + +#define NID_aes_128_cbc WC_NID_aes_128_cbc +#define NID_aes_192_cbc WC_NID_aes_192_cbc +#define NID_aes_256_cbc WC_NID_aes_256_cbc +#define NID_aes_128_ccm WC_NID_aes_128_ccm +#define NID_aes_192_ccm WC_NID_aes_192_ccm +#define NID_aes_256_ccm WC_NID_aes_256_ccm +#define NID_aes_128_gcm WC_NID_aes_128_gcm +#define NID_aes_192_gcm WC_NID_aes_192_gcm +#define NID_aes_256_gcm WC_NID_aes_256_gcm +#define NID_aes_128_ctr WC_NID_aes_128_ctr +#define NID_aes_192_ctr WC_NID_aes_192_ctr +#define NID_aes_256_ctr WC_NID_aes_256_ctr +#define NID_aes_128_ecb WC_NID_aes_128_ecb +#define NID_aes_192_ecb WC_NID_aes_192_ecb +#define NID_aes_256_ecb WC_NID_aes_256_ecb +#define NID_des_cbc WC_NID_des_cbc +#define NID_des_ecb WC_NID_des_ecb +#define NID_des_ede3_cbc WC_NID_des_ede3_cbc +#define NID_des_ede3_ecb WC_NID_des_ede3_ecb +#define NID_aes_128_cfb1 WC_NID_aes_128_cfb1 +#define NID_aes_192_cfb1 WC_NID_aes_192_cfb1 +#define NID_aes_256_cfb1 WC_NID_aes_256_cfb1 +#define NID_aes_128_cfb8 WC_NID_aes_128_cfb8 +#define NID_aes_192_cfb8 WC_NID_aes_192_cfb8 +#define NID_aes_256_cfb8 WC_NID_aes_256_cfb8 +#define NID_aes_128_cfb128 WC_NID_aes_128_cfb128 +#define NID_aes_192_cfb128 WC_NID_aes_192_cfb128 +#define NID_aes_256_cfb128 WC_NID_aes_256_cfb128 +#define NID_aes_128_ofb WC_NID_aes_128_ofb +#define NID_aes_192_ofb WC_NID_aes_192_ofb +#define NID_aes_256_ofb WC_NID_aes_256_ofb +#define NID_aes_128_xts WC_NID_aes_128_xts +#define NID_aes_256_xts WC_NID_aes_256_xts +#define NID_camellia_128_cbc WC_NID_camellia_128_cbc +#define NID_camellia_256_cbc WC_NID_camellia_256_cbc +#define NID_chacha20_poly1305 WC_NID_chacha20_poly1305 +#define NID_chacha20 WC_NID_chacha20 +#define NID_sm4_ecb WC_NID_sm4_ecb +#define NID_sm4_cbc WC_NID_sm4_cbc +#define NID_sm4_ctr WC_NID_sm4_ctr +#define NID_sm4_gcm WC_NID_sm4_gcm +#define NID_sm4_ccm WC_NID_sm4_ccm +#define NID_md5WithRSA WC_NID_md5WithRSA +#define NID_md2WithRSAEncryption WC_NID_md2WithRSAEncryption +#define NID_md5WithRSAEncryption WC_NID_md5WithRSAEncryption +#define NID_dsaWithSHA1 WC_NID_dsaWithSHA1 +#define NID_dsaWithSHA1_2 WC_NID_dsaWithSHA1_2 +#define NID_sha1WithRSA WC_NID_sha1WithRSA +#define NID_sha1WithRSAEncryption WC_NID_sha1WithRSAEncryption +#define NID_sha224WithRSAEncryption WC_NID_sha224WithRSAEncryption +#define NID_sha256WithRSAEncryption WC_NID_sha256WithRSAEncryption +#define NID_sha384WithRSAEncryption WC_NID_sha384WithRSAEncryption +#define NID_sha512WithRSAEncryption WC_NID_sha512WithRSAEncryption +#define NID_RSA_SHA3_224 WC_NID_RSA_SHA3_224 +#define NID_RSA_SHA3_256 WC_NID_RSA_SHA3_256 +#define NID_RSA_SHA3_384 WC_NID_RSA_SHA3_384 +#define NID_RSA_SHA3_512 WC_NID_RSA_SHA3_512 +#define NID_rsassaPss WC_NID_rsassaPss +#define NID_ecdsa_with_SHA1 WC_NID_ecdsa_with_SHA1 +#define NID_ecdsa_with_SHA224 WC_NID_ecdsa_with_SHA224 +#define NID_ecdsa_with_SHA256 WC_NID_ecdsa_with_SHA256 +#define NID_ecdsa_with_SHA384 WC_NID_ecdsa_with_SHA384 +#define NID_ecdsa_with_SHA512 WC_NID_ecdsa_with_SHA512 +#define NID_ecdsa_with_SHA3_224 WC_NID_ecdsa_with_SHA3_224 +#define NID_ecdsa_with_SHA3_256 WC_NID_ecdsa_with_SHA3_256 +#define NID_ecdsa_with_SHA3_384 WC_NID_ecdsa_with_SHA3_384 +#define NID_ecdsa_with_SHA3_512 WC_NID_ecdsa_with_SHA3_512 +#define NID_dsa_with_SHA224 WC_NID_dsa_with_SHA224 +#define NID_dsa_with_SHA256 WC_NID_dsa_with_SHA256 +#define NID_sha3_224 WC_NID_sha3_224 +#define NID_sha3_256 WC_NID_sha3_256 +#define NID_sha3_384 WC_NID_sha3_384 +#define NID_sha3_512 WC_NID_sha3_512 +#define NID_blake2b512 WC_NID_blake2b512 +#define NID_blake2s256 WC_NID_blake2s256 +#define NID_shake128 WC_NID_shake128 +#define NID_shake256 WC_NID_shake256 +#define NID_sha1 WC_NID_sha1 +#define NID_sha224 WC_NID_sha224 +#define NID_sm3 WC_NID_sm3 +#define NID_md2 WC_NID_md2 +#define NID_md4 WC_NID_md4 +#define NID_md5 WC_NID_md5 +#define NID_hmac WC_NID_hmac +#define NID_hmacWithSHA1 WC_NID_hmacWithSHA1 +#define NID_hmacWithSHA224 WC_NID_hmacWithSHA224 +#define NID_hmacWithSHA256 WC_NID_hmacWithSHA256 +#define NID_hmacWithSHA384 WC_NID_hmacWithSHA384 +#define NID_hmacWithSHA512 WC_NID_hmacWithSHA512 +#define NID_hkdf WC_NID_hkdf +#define NID_cmac WC_NID_cmac +#define NID_dhKeyAgreement WC_NID_dhKeyAgreement +#define NID_ffdhe2048 WC_NID_ffdhe2048 +#define NID_ffdhe3072 WC_NID_ffdhe3072 +#define NID_ffdhe4096 WC_NID_ffdhe4096 +#define NID_rc4 WC_NID_rc4 +#define NID_bf_cbc WC_NID_bf_cbc +#define NID_bf_ecb WC_NID_bf_ecb +#define NID_bf_cfb64 WC_NID_bf_cfb64 +#define NID_bf_ofb64 WC_NID_bf_ofb64 +#define NID_cast5_cbc WC_NID_cast5_cbc +#define NID_cast5_ecb WC_NID_cast5_ecb +#define NID_cast5_cfb64 WC_NID_cast5_cfb64 +#define NID_cast5_ofb64 WC_NID_cast5_ofb64 +/* key exchange */ +#define NID_kx_rsa WC_NID_kx_rsa +#define NID_kx_ecdhe WC_NID_kx_ecdhe +#define NID_kx_dhe WC_NID_kx_dhe +#define NID_kx_ecdhe_psk WC_NID_kx_ecdhe_psk +#define NID_kx_dhe_psk WC_NID_kx_dhe_psk +#define NID_kx_rsa_psk WC_NID_kx_rsa_psk +#define NID_kx_psk WC_NID_kx_psk +#define NID_kx_srp WC_NID_kx_srp +#define NID_kx_gost WC_NID_kx_gost +#define NID_kx_any WC_NID_kx_any +/* server authentication */ +#define NID_auth_rsa WC_NID_auth_rsa +#define NID_auth_ecdsa WC_NID_auth_ecdsa +#define NID_auth_psk WC_NID_auth_psk +#define NID_auth_dss WC_NID_auth_dss +#define NID_auth_srp WC_NID_auth_srp +#define NID_auth_null WC_NID_auth_null +#define NID_auth_any WC_NID_auth_any +/* Curve */ +#define NID_aria_128_gcm WC_NID_aria_128_gcm +#define NID_aria_192_gcm WC_NID_aria_192_gcm +#define NID_aria_256_gcm WC_NID_aria_256_gcm +#define NID_sm2 WC_NID_sm2 + +#define NID_X9_62_id_ecPublicKey WC_NID_X9_62_id_ecPublicKey +#define NID_rsaEncryption WC_NID_rsaEncryption +#define NID_rsa WC_NID_rsa +#define NID_dsa WC_NID_dsa + +#define EVP_PKEY_OP_SIGN WC_EVP_PKEY_OP_SIGN +#define EVP_PKEY_OP_VERIFY WC_EVP_PKEY_OP_VERIFY +#define EVP_PKEY_OP_ENCRYPT WC_EVP_PKEY_OP_ENCRYPT +#define EVP_PKEY_OP_DECRYPT WC_EVP_PKEY_OP_DECRYPT +#define EVP_PKEY_OP_DERIVE WC_EVP_PKEY_OP_DERIVE + +#define EVP_PKEY_PRINT_INDENT_MAX WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX + +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -481,7 +689,7 @@ struct WOLFSSL_EVP_CIPHER_CTX { unsigned char cipherType; #if !defined(NO_AES) /* working iv pointer into cipher */ - ALIGN16 unsigned char iv[AES_BLOCK_SIZE]; + ALIGN16 unsigned char iv[WC_AES_BLOCK_SIZE]; #elif defined(WOLFSSL_SM4) ALIGN16 unsigned char iv[SM4_BLOCK_SIZE]; #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) @@ -514,7 +722,7 @@ struct WOLFSSL_EVP_CIPHER_CTX { defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \ (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) - ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; + ALIGN16 unsigned char authTag[WC_AES_BLOCK_SIZE]; #elif defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) ALIGN16 unsigned char authTag[SM4_BLOCK_SIZE]; #else @@ -524,8 +732,8 @@ struct WOLFSSL_EVP_CIPHER_CTX { #endif #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - byte authIvGenEnable:1; - byte authIncIv:1; + WC_BITFIELD authIvGenEnable:1; + WC_BITFIELD authIncIv:1; #endif #endif }; @@ -918,6 +1126,29 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type, WOLFSSL_ENGINE *impl); +#define WOLFSSL_EVP_CTRL_INIT 0x0 +#define WOLFSSL_EVP_CTRL_SET_KEY_LENGTH 0x1 +#define WOLFSSL_EVP_CTRL_SET_RC2_KEY_BITS 0x3 /* needed for qt compilation */ + +#define WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN 0x9 +#define WOLFSSL_EVP_CTRL_AEAD_GET_TAG 0x10 +#define WOLFSSL_EVP_CTRL_AEAD_SET_TAG 0x11 +#define WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +#define WOLFSSL_EVP_CTRL_GCM_IV_GEN 0x13 +#define WOLFSSL_EVP_CTRL_GCM_SET_IVLEN WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN +#define WOLFSSL_EVP_CTRL_GCM_GET_TAG WOLFSSL_EVP_CTRL_AEAD_GET_TAG +#define WOLFSSL_EVP_CTRL_GCM_SET_TAG WOLFSSL_EVP_CTRL_AEAD_SET_TAG +#define WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED +#define WOLFSSL_EVP_CTRL_CCM_SET_IVLEN WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN +#define WOLFSSL_EVP_CTRL_CCM_GET_TAG WOLFSSL_EVP_CTRL_AEAD_GET_TAG +#define WOLFSSL_EVP_CTRL_CCM_SET_TAG WOLFSSL_EVP_CTRL_AEAD_SET_TAG +#define WOLFSSL_EVP_CTRL_CCM_SET_L 0x14 +#define WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN 0x15 + +#define WOLFSSL_NO_PADDING_BLOCK_SIZE 1 + +#ifndef OPENSSL_COEXIST + #define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER #define EVP_CIPH_VARIABLE_LENGTH WOLFSSL_EVP_CIPH_VARIABLE_LENGTH #define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE @@ -1022,7 +1253,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_MD_block_size wolfSSL_EVP_MD_block_size #define EVP_MD_type wolfSSL_EVP_MD_type #ifndef NO_WOLFSSL_STUB -#define EVP_MD_CTX_set_flags(...) WC_DO_NOTHING +#define EVP_MD_CTX_set_flags(ctx, flags) WC_DO_NOTHING #endif #define EVP_Digest wolfSSL_EVP_Digest @@ -1179,7 +1410,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf #define OPENSSL_add_all_algorithms_conf OpenSSL_add_all_algorithms_conf -#define NO_PADDING_BLOCK_SIZE 1 +#define NO_PADDING_BLOCK_SIZE WOLFSSL_NO_PADDING_BLOCK_SIZE #define PKCS5_PBKDF2_HMAC_SHA1 wolfSSL_PKCS5_PBKDF2_HMAC_SHA1 #define PKCS5_PBKDF2_HMAC wolfSSL_PKCS5_PBKDF2_HMAC @@ -1190,20 +1421,20 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_CTRL_SET_KEY_LENGTH 0x1 #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 /* needed for qt compilation */ -#define EVP_CTRL_AEAD_SET_IVLEN 0x9 -#define EVP_CTRL_AEAD_GET_TAG 0x10 -#define EVP_CTRL_AEAD_SET_TAG 0x11 -#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 -#define EVP_CTRL_GCM_IV_GEN 0x13 -#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN -#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG -#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG -#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED -#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN -#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG -#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG -#define EVP_CTRL_CCM_SET_L 0x14 -#define EVP_CTRL_CCM_SET_MSGLEN 0x15 +#define EVP_CTRL_AEAD_SET_IVLEN WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_AEAD_GET_TAG WOLFSSL_EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_AEAD_SET_TAG WOLFSSL_EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_AEAD_SET_IV_FIXED WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED +#define EVP_CTRL_GCM_IV_GEN WOLFSSL_EVP_CTRL_GCM_IV_GEN +#define EVP_CTRL_GCM_SET_IVLEN WOLFSSL_EVP_CTRL_GCM_SET_IVLEN +#define EVP_CTRL_GCM_GET_TAG WOLFSSL_EVP_CTRL_GCM_GET_TAG +#define EVP_CTRL_GCM_SET_TAG WOLFSSL_EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_GCM_SET_IV_FIXED WOLFSSL_EVP_CTRL_GCM_SET_IV_FIXED +#define EVP_CTRL_CCM_SET_IVLEN WOLFSSL_EVP_CTRL_CCM_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG WOLFSSL_EVP_CTRL_CCM_GET_TAG +#define EVP_CTRL_CCM_SET_TAG WOLFSSL_EVP_CTRL_CCM_SET_TAG +#define EVP_CTRL_CCM_SET_L WOLFSSL_EVP_CTRL_CCM_SET_L +#define EVP_CTRL_CCM_SET_MSGLEN WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN #define EVP_PKEY_print_public wolfSSL_EVP_PKEY_print_public #define EVP_PKEY_print_private(arg1, arg2, arg3, arg4) WC_DO_NOTHING @@ -1230,13 +1461,11 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #endif -#define EVP_R_BAD_DECRYPT (-MIN_CODE_E + 100 + 1) -#define EVP_R_BN_DECODE_ERROR (-MIN_CODE_E + 100 + 2) -#define EVP_R_DECODE_ERROR (-MIN_CODE_E + 100 + 3) -#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4) +#define EVP_R_BAD_DECRYPT (-WOLFSSL_EVP_R_BAD_DECRYPT_E) +#define EVP_R_BN_DECODE_ERROR (-WOLFSSL_EVP_R_BN_DECODE_ERROR) +#define EVP_R_DECODE_ERROR (-WOLFSSL_EVP_R_DECODE_ERROR) +#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR) -#define EVP_PKEY_NONE NID_undef -#define EVP_PKEY_DH 28 #define EVP_CIPHER_mode WOLFSSL_EVP_CIPHER_mode /* WOLFSSL_EVP_CIPHER is just the string name of the cipher */ #define EVP_CIPHER_name(x) x @@ -1278,6 +1507,8 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus diff --git a/src/wolfssl/openssl/hmac.h b/src/wolfssl/openssl/hmac.h index 71a473b..1a2c304 100644 --- a/src/wolfssl/openssl/hmac.h +++ b/src/wolfssl/openssl/hmac.h @@ -67,6 +67,8 @@ WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx); WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx); +#ifndef OPENSSL_COEXIST + typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; #define HMAC wolfSSL_HMAC @@ -85,6 +87,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; #define HMAC_size wolfSSL_HMAC_size #define HMAC_CTX_get_md wolfSSL_HMAC_CTX_get_md +#endif /* !OPENSSL_COEXIST */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/openssl/kdf.h b/src/wolfssl/openssl/kdf.h index 08d8327..295c99f 100644 --- a/src/wolfssl/openssl/kdf.h +++ b/src/wolfssl/openssl/kdf.h @@ -26,9 +26,17 @@ extern "C" { #endif -#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 -#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 -#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 +#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +#define WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + +#ifndef OPENSSL_COEXIST + +#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND +#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY +#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY + +#endif /* !OPENSSL_COEXIST */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/openssl/md4.h b/src/wolfssl/openssl/md4.h index d478e96..9181e8d 100644 --- a/src/wolfssl/openssl/md4.h +++ b/src/wolfssl/openssl/md4.h @@ -46,6 +46,7 @@ WOLFSSL_API void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data, unsigned long len); WOLFSSL_API void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4); +#ifndef OPENSSL_COEXIST typedef WOLFSSL_MD4_CTX MD4_CTX; @@ -53,6 +54,8 @@ typedef WOLFSSL_MD4_CTX MD4_CTX; #define MD4_Update wolfSSL_MD4_Update #define MD4_Final wolfSSL_MD4_Final +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/md5.h b/src/wolfssl/openssl/md5.h index 62533a9..452b6a4 100644 --- a/src/wolfssl/openssl/md5.h +++ b/src/wolfssl/openssl/md5.h @@ -58,6 +58,8 @@ WOLFSSL_API int wolfSSL_MD5_Transform(WOLFSSL_MD5_CTX* md5, const unsigned char* WOLFSSL_API unsigned char *wolfSSL_MD5(const unsigned char* data, size_t len, unsigned char* hash); +#ifndef OPENSSL_COEXIST + typedef WOLFSSL_MD5_CTX MD5_CTX; #define MD5_Init wolfSSL_MD5_Init @@ -95,6 +97,8 @@ typedef WOLFSSL_MD5_CTX MD5_CTX; #define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE #endif +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/obj_mac.h b/src/wolfssl/openssl/obj_mac.h index b083f04..b4d4013 100644 --- a/src/wolfssl/openssl/obj_mac.h +++ b/src/wolfssl/openssl/obj_mac.h @@ -27,20 +27,39 @@ extern "C" { #endif -#define NID_sect163k1 721 -#define NID_sect163r1 722 -#define NID_sect163r2 723 -#define NID_sect193r1 724 -#define NID_sect193r2 725 -#define NID_sect233k1 726 -#define NID_sect233r1 727 -#define NID_sect239k1 728 -#define NID_sect283k1 729 -#define NID_sect283r1 730 -#define NID_sect409k1 731 -#define NID_sect409r1 732 -#define NID_sect571k1 733 -#define NID_sect571r1 734 +#define WC_NID_sect163k1 721 +#define WC_NID_sect163r1 722 +#define WC_NID_sect163r2 723 +#define WC_NID_sect193r1 724 +#define WC_NID_sect193r2 725 +#define WC_NID_sect233k1 726 +#define WC_NID_sect233r1 727 +#define WC_NID_sect239k1 728 +#define WC_NID_sect283k1 729 +#define WC_NID_sect283r1 730 +#define WC_NID_sect409k1 731 +#define WC_NID_sect409r1 732 +#define WC_NID_sect571k1 733 +#define WC_NID_sect571r1 734 + +#ifndef OPENSSL_COEXIST + +#define NID_sect163k1 WC_NID_sect163k1 +#define NID_sect163r1 WC_NID_sect163r1 +#define NID_sect163r2 WC_NID_sect163r2 +#define NID_sect193r1 WC_NID_sect193r1 +#define NID_sect193r2 WC_NID_sect193r2 +#define NID_sect233k1 WC_NID_sect233k1 +#define NID_sect233r1 WC_NID_sect233r1 +#define NID_sect239k1 WC_NID_sect239k1 +#define NID_sect283k1 WC_NID_sect283k1 +#define NID_sect283r1 WC_NID_sect283r1 +#define NID_sect409k1 WC_NID_sect409k1 +#define NID_sect409r1 WC_NID_sect409r1 +#define NID_sect571k1 WC_NID_sect571k1 +#define NID_sect571r1 WC_NID_sect571r1 + +#endif /* !OPENSSL_COEXIST */ /* the definition is for Qt Unit test */ #define SN_jurisdictionCountryName "jurisdictionC" diff --git a/src/wolfssl/openssl/objects.h b/src/wolfssl/openssl/objects.h index 08640fb..1b6ce80 100644 --- a/src/wolfssl/openssl/objects.h +++ b/src/wolfssl/openssl/objects.h @@ -35,6 +35,11 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define WC_NID_ad_OCSP 178 +#define WC_NID_ad_ca_issuers 179 + +#ifndef OPENSSL_COEXIST + #define OBJ_NAME_TYPE_UNDEF WOLFSSL_OBJ_NAME_TYPE_UNDEF #define OBJ_NAME_TYPE_MD_METH WOLFSSL_OBJ_NAME_TYPE_MD_METH #define OBJ_NAME_TYPE_CIPHER_METH WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH @@ -64,9 +69,10 @@ /* not required for wolfSSL */ #define OPENSSL_load_builtin_modules() WC_DO_NOTHING +#define NID_ad_OCSP WC_NID_ad_OCSP +#define NID_ad_ca_issuers WC_NID_ad_ca_issuers -#define NID_ad_OCSP 178 -#define NID_ad_ca_issuers 179 +#endif /* !OPENSSL_COEXIST */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ diff --git a/src/wolfssl/openssl/ocsp.h b/src/wolfssl/openssl/ocsp.h index 28eb159..a6bae66 100644 --- a/src/wolfssl/openssl/ocsp.h +++ b/src/wolfssl/openssl/ocsp.h @@ -27,6 +27,8 @@ #ifdef HAVE_OCSP #include +#ifndef OPENSSL_COEXIST + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef OcspRequest OCSP_REQUEST; @@ -98,6 +100,8 @@ typedef WOLFSSL_OCSP_REQ_CTX OCSP_REQ_CTX; #define OCSP_REQ_CTX_nbio wolfSSL_OCSP_REQ_CTX_nbio #define OCSP_sendreq_nbio wolfSSL_OCSP_sendreq_nbio +#endif /* !OPENSSL_COEXIST */ + #endif /* HAVE_OCSP */ #endif /* WOLFSSL_OCSP_H_ */ diff --git a/src/wolfssl/openssl/pem.h b/src/wolfssl/openssl/pem.h index 8ecc02c..3666ab5 100644 --- a/src/wolfssl/openssl/pem.h +++ b/src/wolfssl/openssl/pem.h @@ -183,8 +183,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, void* pass); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API -PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, - PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg); +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + WOLFSSL_PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg); #endif WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, @@ -233,6 +233,8 @@ WOLFSSL_API int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #endif /* NO_FILESYSTEM */ +#ifndef OPENSSL_COEXIST + #define PEM_BUFSIZE WOLF_PEM_BUFSIZE #define PEM_read wolfSSL_PEM_read @@ -278,7 +280,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY #define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters #ifndef NO_WOLFSSL_STUB -#define PEM_write_bio_ECPKParameters(...) 0 +#define PEM_write_bio_ECPKParameters(out, x) 0 #endif /* EVP_KEY */ #define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey @@ -289,6 +291,8 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO #define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/pkcs12.h b/src/wolfssl/openssl/pkcs12.h index d82954d..7da2b98 100644 --- a/src/wolfssl/openssl/pkcs12.h +++ b/src/wolfssl/openssl/pkcs12.h @@ -28,9 +28,15 @@ #ifndef WOLFSSL_PKCS12_COMPAT_H_ #define WOLFSSL_PKCS12_COMPAT_H_ -#define NID_pbe_WithSHA1AndDES_CBC 2 -#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3 -#define NID_pbe_WithSHA1And128BitRC4 1 +#define WC_NID_pbe_WithSHA1AndDES_CBC 2 +#define WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC 3 +#define WC_NID_pbe_WithSHA1And128BitRC4 1 + +#ifndef OPENSSL_COEXIST + +#define NID_pbe_WithSHA1AndDES_CBC WC_NID_pbe_WithSHA1AndDES_CBC +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC WC_NID_pbe_WithSHA1And3_Key_TripleDES_CBC +#define NID_pbe_WithSHA1And128BitRC4 WC_NID_pbe_WithSHA1And128BitRC4 #define PKCS12_DEFAULT_ITER WC_PKCS12_ITT_DEFAULT @@ -46,5 +52,6 @@ #define PKCS12_create wolfSSL_PKCS12_create #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add -#endif /* WOLFSSL_PKCS12_COMPAT_H_ */ +#endif /* !OPENSSL_COEXIST */ +#endif /* WOLFSSL_PKCS12_COMPAT_H_ */ diff --git a/src/wolfssl/openssl/rand.h b/src/wolfssl/openssl/rand.h index c88cd12..71d6810 100644 --- a/src/wolfssl/openssl/rand.h +++ b/src/wolfssl/openssl/rand.h @@ -21,9 +21,18 @@ /* rand.h for openSSL */ +#ifndef WOLFSSL_RAND_COMPAT_H_ +#define WOLFSSL_RAND_COMPAT_H_ + #include #include +#ifndef OPENSSL_COEXIST + typedef WOLFSSL_RAND_METHOD RAND_METHOD; #define RAND_set_rand_method wolfSSL_RAND_set_rand_method + +#endif /* !OPENSSL_COEXIST */ + +#endif /* WOLFSSL_RAND_COMPAT_H_ */ diff --git a/src/wolfssl/openssl/rc4.h b/src/wolfssl/openssl/rc4.h index cef9330..fb51128 100644 --- a/src/wolfssl/openssl/rc4.h +++ b/src/wolfssl/openssl/rc4.h @@ -41,16 +41,21 @@ typedef struct WOLFSSL_RC4_KEY { /* big enough for Arc4 from wolfssl/wolfcrypt/arc4.h */ void* holder[(272 + WC_ASYNC_DEV_SIZE) / sizeof(void*)]; } WOLFSSL_RC4_KEY; -typedef WOLFSSL_RC4_KEY RC4_KEY; WOLFSSL_API void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len, const unsigned char* data); WOLFSSL_API void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len, const unsigned char* in, unsigned char* out); +#ifndef OPENSSL_COEXIST + +typedef WOLFSSL_RC4_KEY RC4_KEY; + #define RC4 wolfSSL_RC4 #define RC4_set_key wolfSSL_RC4_set_key +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/rsa.h b/src/wolfssl/openssl/rsa.h index 9311283..c414fdf 100644 --- a/src/wolfssl/openssl/rsa.h +++ b/src/wolfssl/openssl/rsa.h @@ -36,11 +36,19 @@ #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + +/* Padding types */ +#define WC_RSA_PKCS1_PADDING 0 +#define WC_RSA_PKCS1_OAEP_PADDING 1 +#define WC_RSA_PKCS1_PSS_PADDING 2 + +#ifndef OPENSSL_COEXIST + /* Padding types */ -#define RSA_PKCS1_PADDING 0 -#define RSA_PKCS1_OAEP_PADDING 1 -#define RSA_PKCS1_PSS_PADDING 2 -#define RSA_NO_PADDING 3 +#define RSA_PKCS1_PADDING WC_RSA_PKCS1_PADDING +#define RSA_PKCS1_OAEP_PADDING WC_RSA_PKCS1_OAEP_PADDING +#define RSA_PKCS1_PSS_PADDING WC_RSA_PKCS1_PSS_PADDING +#define RSA_NO_PADDING WC_RSA_NO_PAD /* Emulate OpenSSL flags */ #define RSA_METHOD_FLAG_NO_CHECK (1 << 1) @@ -62,13 +70,15 @@ #define RSA_PSS_SALTLEN_MAX (-3) #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST */ + typedef struct WOLFSSL_RSA_METHOD { /* Flags of RSA key implementation. */ int flags; /* Name of RSA key implementation. */ char *name; /* RSA method dynamically allocated. */ - word16 dynamic:1; + WC_BITFIELD dynamic:1; } WOLFSSL_RSA_METHOD; #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ @@ -96,16 +106,16 @@ typedef struct WOLFSSL_RSA { int flags; /* Flags of implementation. */ /* bits */ - byte inSet:1; /* Internal set from external. */ - byte exSet:1; /* External set from internal. */ - byte ownRng:1; /* Rng needs to be free'd. */ + WC_BITFIELD inSet:1; /* Internal set from external. */ + WC_BITFIELD exSet:1; /* External set from internal. */ + WC_BITFIELD ownRng:1; /* Rng needs to be free'd. */ } WOLFSSL_RSA; #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) typedef WOLFSSL_RSA RSA; typedef WOLFSSL_RSA_METHOD RSA_METHOD; -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void); @@ -191,12 +201,15 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L +#ifndef OPENSSL_COEXIST + +#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE + #define RSA_new wolfSSL_RSA_new #define RSA_free wolfSSL_RSA_free @@ -247,6 +260,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE #define OPENSSL_RSA_MAX_PUBEXP_BITS RSA_MAX_SIZE +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus diff --git a/src/wolfssl/openssl/sha.h b/src/wolfssl/openssl/sha.h index f9bc1a5..34a1962 100644 --- a/src/wolfssl/openssl/sha.h +++ b/src/wolfssl/openssl/sha.h @@ -74,7 +74,7 @@ WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input, WOLFSSL_API int wolfSSL_SHA1_Final(byte* output, WOLFSSL_SHA_CTX* sha); WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char *data); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) enum { SHA_DIGEST_LENGTH = 20 }; @@ -99,7 +99,7 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #define SHA1_Final wolfSSL_SHA1_Final #define SHA1_Transform wolfSSL_SHA1_Transform -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #endif /* !NO_SHA */ @@ -125,7 +125,7 @@ WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha); WOLFSSL_API int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input, unsigned long sz); WOLFSSL_API int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) enum { SHA224_DIGEST_LENGTH = 28 }; @@ -142,7 +142,7 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX; * because of SHA224 enum in FIPS build. */ #define SHA224 wolfSSL_SHA224 #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 @@ -168,7 +168,7 @@ WOLFSSL_API int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input WOLFSSL_API int wolfSSL_SHA256_Final(byte* output, WOLFSSL_SHA256_CTX* sha); WOLFSSL_API int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, const unsigned char *data); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) enum { SHA256_DIGEST_LENGTH = 32 }; @@ -196,7 +196,7 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256 wolfSSL_SHA256 #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 @@ -215,7 +215,7 @@ WOLFSSL_API int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha); WOLFSSL_API int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input, unsigned long sz); WOLFSSL_API int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) enum { SHA384_DIGEST_LENGTH = 48 }; @@ -230,7 +230,7 @@ typedef WOLFSSL_SHA384_CTX SHA384_CTX; * build. */ #define SHA384 wolfSSL_SHA384 #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #endif /* WOLFSSL_SHA384 */ @@ -252,7 +252,7 @@ WOLFSSL_API int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, WOLFSSL_API int wolfSSL_SHA512_Final(byte* output, WOLFSSL_SHA512_CTX* sha); WOLFSSL_API int wolfSSL_SHA512_Transform(WOLFSSL_SHA512_CTX* sha512, const unsigned char* data); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) enum { SHA512_DIGEST_LENGTH = 64 }; @@ -268,7 +268,7 @@ typedef WOLFSSL_SHA512_CTX SHA512_CTX; * build. */ #define SHA512 wolfSSL_SHA512 #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #if !defined(WOLFSSL_NOSHA512_224) typedef struct WOLFSSL_SHA512_CTX WOLFSSL_SHA512_224_CTX; @@ -282,7 +282,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Final(byte* output, WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512, const unsigned char* data); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #define SHA512_224_Init wolfSSL_SHA512_224_Init #define SHA512_224_Update wolfSSL_SHA512_224_Update #define SHA512_224_Final wolfSSL_SHA512_224_Final @@ -291,7 +291,7 @@ WOLFSSL_API int wolfSSL_SHA512_224_Transform(WOLFSSL_SHA512_CTX* sha512, #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #define SHA512_224 wolfSSL_SHA512_224 #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #endif /* !WOLFSSL_NOSHA512_224 */ #if !defined(WOLFSSL_NOSHA512_256) @@ -305,7 +305,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Final(byte* output, WOLFSSL_SHA512_256_CTX* s WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512, const unsigned char* data); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #define SHA512_256_Init wolfSSL_SHA512_256_Init #define SHA512_256_Update wolfSSL_SHA512_256_Update #define SHA512_256_Final wolfSSL_SHA512_256_Final @@ -314,7 +314,7 @@ WOLFSSL_API int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512, #if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #define SHA512_256 wolfSSL_SHA512_256 #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #endif /* !WOLFSSL_NOSHA512_256 */ diff --git a/src/wolfssl/openssl/srp.h b/src/wolfssl/openssl/srp.h index 097cf51..d0e6123 100644 --- a/src/wolfssl/openssl/srp.h +++ b/src/wolfssl/openssl/srp.h @@ -24,6 +24,10 @@ #include +#ifndef OPENSSL_COEXIST + #define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS +#endif /* !OPENSSL_COEXIST */ + #endif /* WOLFSSL_SRP_H_ */ diff --git a/src/wolfssl/openssl/ssl.h b/src/wolfssl/openssl/ssl.h index f6d29f0..959d1e6 100644 --- a/src/wolfssl/openssl/ssl.h +++ b/src/wolfssl/openssl/ssl.h @@ -31,6 +31,8 @@ #include +#include + /* wolfssl_openssl compatibility layer */ #ifndef OPENSSL_EXTRA_SSL_GUARD #define OPENSSL_EXTRA_SSL_GUARD @@ -75,6 +77,61 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifndef WOLFCRYPT_ONLY + +#define WOLFSSL_ERR_LIB_SYS 2 +#define WOLFSSL_ERR_LIB_RSA 4 +#define WOLFSSL_ERR_LIB_PEM 9 +#define WOLFSSL_ERR_LIB_X509 10 +#define WOLFSSL_ERR_LIB_EVP 11 +#define WOLFSSL_ERR_LIB_ASN1 12 +#define WOLFSSL_ERR_LIB_DIGEST 13 +#define WOLFSSL_ERR_LIB_CIPHER 14 +#define WOLFSSL_ERR_LIB_USER 15 +#define WOLFSSL_ERR_LIB_EC 16 +#define WOLFSSL_ERR_LIB_SSL 20 +#define WOLFSSL_ERR_LIB_PKCS12 35 + +#endif + +#ifndef WOLFCRYPT_ONLY +#define WOLFSSL_PEMerr(func, reason) wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_PEM, \ + (func), (reason), __FILE__, __LINE__) +#else +#define WOLFSSL_PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ + NULL, __LINE__, __FILE__, NULL) +#endif +#ifndef WOLFCRYPT_ONLY +#define WOLFSSL_EVPerr(func, reason) wolfSSL_ERR_put_error(WOLFSSL_ERR_LIB_EVP, \ + (func), (reason), __FILE__, __LINE__) +#else +#define WOLFSSL_EVPerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ + NULL, __LINE__, __FILE__, NULL) +#endif + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#define WOLFSSL_AD_UNRECOGNIZED_NAME unrecognized_name + +#define WOLFSSL_TLSEXT_STATUSTYPE_ocsp 1 + +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_WPAS_SMALL) + +#define WOLFSSL_NPN_UNSUPPORTED 0 +#define WOLFSSL_NPN_NEGOTIATED 1 +#define WOLFSSL_NPN_NO_OVERLAP 2 + +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || \ + WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA || \ + HAVE_LIGHTY || HAVE_STUNNEL || \ + WOLFSSL_WPAS_SMALL */ + +#if !defined(OPENSSL_COEXIST) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + typedef WOLFSSL SSL; typedef WOLFSSL_SESSION SSL_SESSION; typedef WOLFSSL_METHOD SSL_METHOD; @@ -159,11 +216,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define CRYPTO_set_mem_functions wolfSSL_CRYPTO_set_mem_functions -/* depreciated */ +/* deprecated */ #define CRYPTO_thread_id wolfSSL_thread_id #define CRYPTO_set_id_callback wolfSSL_set_id_callback -#define CRYPTO_LOCK 0x01 +/* compat CRYPTO_LOCK is defined in wolfssl/ssl.h */ #define CRYPTO_UNLOCK 0x02 #define CRYPTO_READ 0x04 #define CRYPTO_WRITE 0x08 @@ -400,7 +457,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_SESSION_get_max_early_data wolfSSL_SESSION_get_max_early_data #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - #define SSL_MODE_RELEASE_BUFFERS 0x00000010U + /* compat SSL_MODE_RELEASE_BUFFERS is defined in wolfssl/ssl.h */ #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ @@ -509,11 +566,12 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_set1_notBefore wolfSSL_X509_set1_notBefore #define X509_set_serialNumber wolfSSL_X509_set_serialNumber #define X509_set_version wolfSSL_X509_set_version -#define X509_REQ_set_version wolfSSL_X509_set_version +#define X509_REQ_set_version wolfSSL_X509_REQ_set_version +#define X509_REQ_get_version wolfSSL_X509_REQ_get_version #define X509_sign wolfSSL_X509_sign #define X509_sign_ctx wolfSSL_X509_sign_ctx #define X509_print wolfSSL_X509_print -#define X509_REQ_print wolfSSL_X509_print +#define X509_REQ_print wolfSSL_X509_REQ_print #define X509_print_ex wolfSSL_X509_print_ex #define X509_print_fp wolfSSL_X509_print_fp #define X509_CRL_print wolfSSL_X509_CRL_print @@ -746,6 +804,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_CRL_get_version wolfSSL_X509_CRL_version #define X509_load_crl_file wolfSSL_X509_load_crl_file +#define X509_ACERT_new wolfSSL_X509_ACERT_new #define X509_ACERT_free wolfSSL_X509_ACERT_free #define X509_ACERT_get_version wolfSSL_X509_ACERT_get_version #define X509_ACERT_get_signature_nid wolfSSL_X509_ACERT_get_signature_nid @@ -781,7 +840,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date -#define X509_check_purpose(...) 0 +#define X509_check_purpose(x, id, ca) 0 #define OCSP_parse_url wolfSSL_OCSP_parse_url @@ -926,7 +985,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y)) #define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT #ifndef NO_WOLFSSL_STUB -#define ASN1_STRING_set_default_mask_asc(...) 1 +#define ASN1_STRING_set_default_mask_asc(p) 1 #endif #define ASN1_GENERALSTRING WOLFSSL_ASN1_STRING @@ -960,7 +1019,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_IA5STRING_free wolfSSL_ASN1_STRING_free #define ASN1_IA5STRING_set wolfSSL_ASN1_STRING_set -#define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING +#define ASN1_PRINTABLE_type(s, max) V_ASN1_PRINTABLESTRING #define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr @@ -1089,20 +1148,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ERR_lib_error_string wolfSSL_ERR_lib_error_string #define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings -#ifndef WOLFCRYPT_ONLY -#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM, \ - (func), (reason), __FILE__, __LINE__) -#else -#define PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ - NULL, __LINE__, __FILE__, NULL) -#endif -#ifndef WOLFCRYPT_ONLY -#define EVPerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_EVP, \ - (func), (reason), __FILE__, __LINE__) -#else -#define EVPerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ - NULL, __LINE__, __FILE__, NULL) -#endif +#define PEMerr(func, reason) WOLFSSL_PEMerr(func, reason) +#define EVPerr(func, reason) WOLFSSL_EVPerr(func, reason) #define SSLv23_server_method wolfSSLv23_server_method #define SSL_CTX_set_options wolfSSL_CTX_set_options @@ -1280,7 +1327,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_CTX_set_dh_auto wolfSSL_CTX_set_dh_auto #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh -#define TLSEXT_STATUSTYPE_ocsp 1 +#define TLSEXT_STATUSTYPE_ocsp WOLFSSL_TLSEXT_STATUSTYPE_ocsp #define TLSEXT_max_fragment_length_DISABLED WOLFSSL_MFL_DISABLED #define TLSEXT_max_fragment_length_512 WOLFSSL_MFL_2_9 @@ -1420,14 +1467,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL3_AD_BAD_CERTIFICATE bad_certificate #define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE -#define SSL_AD_UNRECOGNIZED_NAME unrecognized_name +#define SSL_AD_UNRECOGNIZED_NAME WOLFSSL_AD_UNRECOGNIZED_NAME #define SSL_AD_NO_RENEGOTIATION no_renegotiation #define SSL_AD_INTERNAL_ERROR 80 #define SSL_AD_NO_APPLICATION_PROTOCOL no_application_protocol #define SSL_AD_MISSING_EXTENSION missing_extension -#define ASN1_STRFLGS_ESC_MSB 4 - #define SSL_MAX_MASTER_KEY_LENGTH WOLFSSL_MAX_MASTER_KEY_LENGTH #define SSL_alert_desc_string_long wolfSSL_alert_desc_string_long @@ -1525,7 +1570,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define PSK_MAX_IDENTITY_LEN 128 #define SSL_CTX_clear_options wolfSSL_CTX_clear_options -#define SSL_CTX_add_server_custom_ext(...) 0 +#define SSL_CTX_add_server_custom_ext(ctx, ext_type, add_cb, free_cb, add_arg, parse_cb, parse_arg) 0 #define SSL_get0_verified_chain wolfSSL_get0_verified_chain #define X509_chain_up_ref wolfSSL_X509_chain_up_ref @@ -1533,8 +1578,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ #ifndef NO_WOLFSSL_STUB -#define b2i_PrivateKey_bio(...) NULL -#define b2i_PVK_bio(...) NULL +#define b2i_PrivateKey_bio(in) NULL +#define b2i_PVK_bio(in, cb, u) NULL #endif #define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb @@ -1557,42 +1602,41 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define PEM_F_PEM_DEF_CALLBACK 100 -/* Avoid wolfSSL error code range */ -#define PEM_R_NO_START_LINE (-MIN_CODE_E + 1) -#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2) -#define PEM_R_BAD_PASSWORD_READ (-MIN_CODE_E + 3) -#define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4) -#define ASN1_R_HEADER_TOO_LONG (-MIN_CODE_E + 5) - -#define ERR_LIB_SYS 2 -#define ERR_LIB_RSA 4 -#define ERR_LIB_PEM 9 -#define ERR_LIB_X509 10 -#define ERR_LIB_EVP 11 -#define ERR_LIB_ASN1 12 -#define ERR_LIB_DIGEST 13 -#define ERR_LIB_CIPHER 14 -#define ERR_LIB_USER 15 -#define ERR_LIB_EC 16 -#define ERR_LIB_SSL 20 -#define ERR_LIB_PKCS12 35 +#include + +#define PEM_R_NO_START_LINE (-WOLFSSL_PEM_R_NO_START_LINE_E) +#define PEM_R_PROBLEMS_GETTING_PASSWORD (-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E) +#define PEM_R_BAD_PASSWORD_READ (-WOLFSSL_PEM_R_BAD_PASSWORD_READ_E) +#define PEM_R_BAD_DECRYPT (-WOLFSSL_PEM_R_BAD_DECRYPT_E) +#define ASN1_R_HEADER_TOO_LONG (-WOLFSSL_ASN1_R_HEADER_TOO_LONG_E) + +#define ERR_LIB_SYS WOLFSSL_ERR_LIB_SYS +#define ERR_LIB_RSA WOLFSSL_ERR_LIB_RSA +#define ERR_LIB_PEM WOLFSSL_ERR_LIB_PEM +#define ERR_LIB_X509 WOLFSSL_ERR_LIB_X509 +#define ERR_LIB_EVP WOLFSSL_ERR_LIB_EVP +#define ERR_LIB_ASN1 WOLFSSL_ERR_LIB_ASN1 +#define ERR_LIB_DIGEST WOLFSSL_ERR_LIB_DIGEST +#define ERR_LIB_CIPHER WOLFSSL_ERR_LIB_CIPHER +#define ERR_LIB_USER WOLFSSL_ERR_LIB_USER +#define ERR_LIB_EC WOLFSSL_ERR_LIB_EC +#define ERR_LIB_SSL WOLFSSL_ERR_LIB_SSL +#define ERR_LIB_PKCS12 WOLFSSL_ERR_LIB_PKCS12 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_WPAS_SMALL) -#include - #define OPENSSL_STRING WOLFSSL_STRING #define OPENSSL_CSTRING WOLFSSL_STRING #define TLSEXT_TYPE_application_layer_protocol_negotiation \ TLSXT_APPLICATION_LAYER_PROTOCOL -#define OPENSSL_NPN_UNSUPPORTED 0 -#define OPENSSL_NPN_NEGOTIATED 1 -#define OPENSSL_NPN_NO_OVERLAP 2 +#define OPENSSL_NPN_UNSUPPORTED WOLFSSL_NPN_UNSUPPORTED +#define OPENSSL_NPN_NEGOTIATED WOLFSSL_NPN_NEGOTIATED +#define OPENSSL_NPN_NO_OVERLAP WOLFSSL_NPN_NO_OVERLAP /* Nginx checks these to see if the error was a handshake error. */ #define SSL_R_BAD_CHANGE_CIPHER_SPEC LENGTH_ERROR @@ -1689,7 +1733,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define ERR_NUM_ERRORS 16 #define SN_pkcs9_emailAddress "Email" #define LN_pkcs9_emailAddress "emailAddress" -#define NID_pkcs9_emailAddress 48 +#define NID_pkcs9_emailAddress WC_NID_pkcs9_emailAddress #define OBJ_pkcs9_emailAddress 1L,2L,840L,113539L,1L,9L,1L #define LN_basic_constraints "X509v3 Basic Constraints" @@ -1745,8 +1789,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define X509_OBJECT_retrieve_by_subject wolfSSL_X509_OBJECT_retrieve_by_subject #ifndef NO_WOLFSSL_STUB -#define OBJ_create_objects(...) WC_DO_NOTHING -#define sk_SSL_COMP_free(...) WC_DO_NOTHING +#define OBJ_create_objects(in) WC_DO_NOTHING +#define sk_SSL_COMP_free(sk) WC_DO_NOTHING #endif #define ASN1_OBJECT_new wolfSSL_ASN1_OBJECT_new @@ -1766,7 +1810,7 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; #define SSL_CONF_cmd wolfSSL_CONF_cmd #define SSL_CONF_cmd_value_type wolfSSL_CONF_cmd_value_type -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #ifdef WOLFSSL_QUIC @@ -1781,11 +1825,19 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; * SSL_CIPHER_get_id(cipher) * used by QUIC implementations, such as HAProxy */ -#define TLS1_3_CK_AES_128_GCM_SHA256 0x1301 -#define TLS1_3_CK_AES_256_GCM_SHA384 0x1302 -#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303 -#define TLS1_3_CK_AES_128_CCM_SHA256 0x1304 -#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x1305 +#define WOLF_TLS1_3_CK_AES_128_GCM_SHA256 0x1301 +#define WOLF_TLS1_3_CK_AES_256_GCM_SHA384 0x1302 +#define WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x1303 +#define WOLF_TLS1_3_CK_AES_128_CCM_SHA256 0x1304 +#define WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256 0x1305 + +#ifndef OPENSSL_COEXIST + +#define TLS1_3_CK_AES_128_GCM_SHA256 WOLF_TLS1_3_CK_AES_128_GCM_SHA256 +#define TLS1_3_CK_AES_256_GCM_SHA384 WOLF_TLS1_3_CK_AES_256_GCM_SHA384 +#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 WOLF_TLS1_3_CK_CHACHA20_POLY1305_SHA256 +#define TLS1_3_CK_AES_128_CCM_SHA256 WOLF_TLS1_3_CK_AES_128_CCM_SHA256 +#define TLS1_3_CK_AES_128_CCM_8_SHA256 WOLF_TLS1_3_CK_AES_128_CCM_8_SHA256 #define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION QUIC_TP_MISSING_E #define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED QUIC_WRONG_ENC_LEVEL @@ -1827,6 +1879,8 @@ typedef WOLFSSL_ENCRYPTION_LEVEL OSSL_ENCRYPTION_LEVEL; int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); */ +#endif /* !OPENSSL_COEXIST */ + #endif /* WOLFSSL_QUIC */ diff --git a/src/wolfssl/openssl/tls1.h b/src/wolfssl/openssl/tls1.h index 933ed5d..1f8895c 100644 --- a/src/wolfssl/openssl/tls1.h +++ b/src/wolfssl/openssl/tls1.h @@ -45,10 +45,20 @@ #ifdef WOLFSSL_QUIC /* from rfc9001 */ +#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters_draft \ + TLSXT_KEY_QUIC_TP_PARAMS_DRAFT +#define WOLFSSL_TLSEXT_TYPE_quic_transport_parameters \ + TLSXT_KEY_QUIC_TP_PARAMS + +#ifndef OPENSSL_COEXIST + #define TLSEXT_TYPE_quic_transport_parameters_draft \ TLSXT_KEY_QUIC_TP_PARAMS_DRAFT #define TLSEXT_TYPE_quic_transport_parameters \ TLSXT_KEY_QUIC_TP_PARAMS -#endif + +#endif /* !OPENSSL_COEXIST */ + +#endif /* WOLFSSL_QUIC */ #endif /* WOLFSSL_OPENSSL_TLS1_H_ */ diff --git a/src/wolfssl/openssl/x509.h b/src/wolfssl/openssl/x509.h index eb03578..f2bfb1b 100644 --- a/src/wolfssl/openssl/x509.h +++ b/src/wolfssl/openssl/x509.h @@ -33,167 +33,192 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define WOLFSSL_X509_FLAG_COMPAT (0UL) +#define WOLFSSL_X509_FLAG_NO_HEADER (1UL << 0) +#define WOLFSSL_X509_FLAG_NO_VERSION (1UL << 1) +#define WOLFSSL_X509_FLAG_NO_SERIAL (1UL << 2) +#define WOLFSSL_X509_FLAG_NO_SIGNAME (1UL << 3) +#define WOLFSSL_X509_FLAG_NO_ISSUER (1UL << 4) +#define WOLFSSL_X509_FLAG_NO_VALIDITY (1UL << 5) +#define WOLFSSL_X509_FLAG_NO_SUBJECT (1UL << 6) +#define WOLFSSL_X509_FLAG_NO_PUBKEY (1UL << 7) +#define WOLFSSL_X509_FLAG_NO_EXTENSIONS (1UL << 8) +#define WOLFSSL_X509_FLAG_NO_SIGDUMP (1UL << 9) +#define WOLFSSL_X509_FLAG_NO_AUX (1UL << 10) +#define WOLFSSL_X509_FLAG_NO_ATTRIBUTES (1UL << 11) +#define WOLFSSL_X509_FLAG_NO_IDS (1UL << 12) + +#define WOLFSSL_XN_FLAG_FN_SN 0 +#define WOLFSSL_XN_FLAG_COMPAT 0 +#define WOLFSSL_XN_FLAG_RFC2253 1 +#define WOLFSSL_XN_FLAG_SEP_COMMA_PLUS (1 << 16) +#define WOLFSSL_XN_FLAG_SEP_CPLUS_SPC (2 << 16) +#define WOLFSSL_XN_FLAG_SEP_SPLUS_SPC (3 << 16) +#define WOLFSSL_XN_FLAG_SEP_MULTILINE (4 << 16) +#define WOLFSSL_XN_FLAG_SEP_MASK (0xF << 16) +#define WOLFSSL_XN_FLAG_DN_REV (1 << 20) +#define WOLFSSL_XN_FLAG_FN_LN (1 << 21) +#define WOLFSSL_XN_FLAG_FN_OID (2 << 21) +#define WOLFSSL_XN_FLAG_FN_NONE (3 << 21) +#define WOLFSSL_XN_FLAG_FN_MASK (3 << 21) +#define WOLFSSL_XN_FLAG_SPC_EQ (1 << 23) +#define WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) +#define WOLFSSL_XN_FLAG_FN_ALIGN (1 << 25) + +#define WOLFSSL_XN_FLAG_MULTILINE 0xFFFF +#define WOLFSSL_XN_FLAG_ONELINE (WOLFSSL_XN_FLAG_SEP_CPLUS_SPC | WOLFSSL_XN_FLAG_SPC_EQ | WOLFSSL_XN_FLAG_FN_SN) + +#define WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED 12 +#define WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL 3 + +#ifndef OPENSSL_COEXIST + /* wolfSSL_X509_print_ex flags */ -#define X509_FLAG_COMPAT (0UL) -#define X509_FLAG_NO_HEADER (1UL << 0) -#define X509_FLAG_NO_VERSION (1UL << 1) -#define X509_FLAG_NO_SERIAL (1UL << 2) -#define X509_FLAG_NO_SIGNAME (1UL << 3) -#define X509_FLAG_NO_ISSUER (1UL << 4) -#define X509_FLAG_NO_VALIDITY (1UL << 5) -#define X509_FLAG_NO_SUBJECT (1UL << 6) -#define X509_FLAG_NO_PUBKEY (1UL << 7) -#define X509_FLAG_NO_EXTENSIONS (1UL << 8) -#define X509_FLAG_NO_SIGDUMP (1UL << 9) -#define X509_FLAG_NO_AUX (1UL << 10) -#define X509_FLAG_NO_ATTRIBUTES (1UL << 11) -#define X509_FLAG_NO_IDS (1UL << 12) - -#define XN_FLAG_FN_SN 0 -#define XN_FLAG_COMPAT 0 -#define XN_FLAG_RFC2253 1 -#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) -#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) -#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) -#define XN_FLAG_SEP_MULTILINE (4 << 16) -#define XN_FLAG_SEP_MASK (0xF << 16) -#define XN_FLAG_DN_REV (1 << 20) -#define XN_FLAG_FN_LN (1 << 21) -#define XN_FLAG_FN_OID (2 << 21) -#define XN_FLAG_FN_NONE (3 << 21) -#define XN_FLAG_FN_MASK (3 << 21) -#define XN_FLAG_SPC_EQ (1 << 23) -#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) -#define XN_FLAG_FN_ALIGN (1 << 25) - -#define XN_FLAG_MULTILINE 0xFFFF -#define XN_FLAG_ONELINE (XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN) +#define X509_FLAG_COMPAT WOLFSSL_X509_FLAG_COMPAT +#define X509_FLAG_NO_HEADER WOLFSSL_X509_FLAG_NO_HEADER +#define X509_FLAG_NO_VERSION WOLFSSL_X509_FLAG_NO_VERSION +#define X509_FLAG_NO_SERIAL WOLFSSL_X509_FLAG_NO_SERIAL +#define X509_FLAG_NO_SIGNAME WOLFSSL_X509_FLAG_NO_SIGNAME +#define X509_FLAG_NO_ISSUER WOLFSSL_X509_FLAG_NO_ISSUER +#define X509_FLAG_NO_VALIDITY WOLFSSL_X509_FLAG_NO_VALIDITY +#define X509_FLAG_NO_SUBJECT WOLFSSL_X509_FLAG_NO_SUBJECT +#define X509_FLAG_NO_PUBKEY WOLFSSL_X509_FLAG_NO_PUBKEY +#define X509_FLAG_NO_EXTENSIONS WOLFSSL_X509_FLAG_NO_EXTENSIONS +#define X509_FLAG_NO_SIGDUMP WOLFSSL_X509_FLAG_NO_SIGDUMP +#define X509_FLAG_NO_AUX WOLFSSL_X509_FLAG_NO_AUX +#define X509_FLAG_NO_ATTRIBUTES WOLFSSL_X509_FLAG_NO_ATTRIBUTES +#define X509_FLAG_NO_IDS WOLFSSL_X509_FLAG_NO_IDS + +#define XN_FLAG_FN_SN WOLFSSL_XN_FLAG_FN_SN +#define XN_FLAG_COMPAT WOLFSSL_XN_FLAG_COMPAT +#define XN_FLAG_RFC2253 WOLFSSL_XN_FLAG_RFC2253 +#define XN_FLAG_SEP_COMMA_PLUS WOLFSSL_XN_FLAG_SEP_COMMA_PLUS +#define XN_FLAG_SEP_CPLUS_SPC WOLFSSL_XN_FLAG_SEP_CPLUS_SPC +#define XN_FLAG_SEP_SPLUS_SPC WOLFSSL_XN_FLAG_SEP_SPLUS_SPC +#define XN_FLAG_SEP_MULTILINE WOLFSSL_XN_FLAG_SEP_MULTILINE +#define XN_FLAG_SEP_MASK WOLFSSL_XN_FLAG_SEP_MASK +#define XN_FLAG_DN_REV WOLFSSL_XN_FLAG_DN_REV +#define XN_FLAG_FN_LN WOLFSSL_XN_FLAG_FN_LN +#define XN_FLAG_FN_OID WOLFSSL_XN_FLAG_FN_OID +#define XN_FLAG_FN_NONE WOLFSSL_XN_FLAG_FN_NONE +#define XN_FLAG_FN_MASK WOLFSSL_XN_FLAG_FN_MASK +#define XN_FLAG_SPC_EQ WOLFSSL_XN_FLAG_SPC_EQ +#define XN_FLAG_DUMP_UNKNOWN_FIELDS WOLFSSL_XN_FLAG_DUMP_UNKNOWN_FIELDS +#define XN_FLAG_FN_ALIGN WOLFSSL_XN_FLAG_FN_ALIGN + +#define XN_FLAG_MULTILINE WOLFSSL_XN_FLAG_MULTILINE +#define XN_FLAG_ONELINE WOLFSSL_XN_FLAG_ONELINE + +#define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL +#define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED /* - * All of these aren't actually used in wolfSSL. Some are included to - * satisfy OpenSSL compatibility consumers to prevent compilation errors. - * The list was taken from - * https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h.in - * One requirement for HAProxy is that the values should be literal constants. + * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to + * satisfy OpenSSL compatibility compilation errors. + * For HAProxy the values should be literal constants. */ -#define X509_V_OK 0 -#define X509_V_ERR_UNSPECIFIED 1 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -#define X509_V_ERR_UNABLE_TO_GET_CRL 3 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 -#define X509_V_ERR_CERT_HAS_EXPIRED 10 -#define X509_V_ERR_CRL_NOT_YET_VALID 11 -#define X509_V_ERR_CRL_HAS_EXPIRED 12 -#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -#define X509_V_ERR_OUT_OF_MEM 17 -#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -#define X509_V_ERR_CERT_REVOKED 23 -#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 -#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -#define X509_V_ERR_INVALID_PURPOSE 26 -#define X509_V_ERR_CERT_UNTRUSTED 27 -#define X509_V_ERR_CERT_REJECTED 28 - -/* These are 'informational' when looking for issuer cert */ -#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -#define X509_V_ERR_AKID_SKID_MISMATCH 30 -#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -#define X509_V_ERR_INVALID_NON_CA 37 -#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -#define X509_V_ERR_INVALID_EXTENSION 41 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -#define X509_V_ERR_NO_EXPLICIT_POLICY 43 -#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -#define X509_V_ERR_UNNESTED_RESOURCE 46 -#define X509_V_ERR_PERMITTED_VIOLATION 47 -#define X509_V_ERR_EXCLUDED_VIOLATION 48 -#define X509_V_ERR_SUBTREE_MINMAX 49 -/* The application is not happy */ -#define X509_V_ERR_APPLICATION_VERIFICATION 50 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 -/* Another issuer check debug option */ -#define X509_V_ERR_PATH_LOOP 55 -/* Suite B mode algorithm violation */ -#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 +#define X509_V_ERR_UNNESTED_RESOURCE 46 +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_APPLICATION_VERIFICATION 50 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +#define X509_V_ERR_PATH_LOOP 55 +#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 +#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 +#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 +#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 -/* Host, email and IP check errors */ -#define X509_V_ERR_HOSTNAME_MISMATCH 62 -#define X509_V_ERR_EMAIL_MISMATCH 63 -#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 -/* DANE TLSA errors */ -#define X509_V_ERR_DANE_NO_MATCH 65 -/* security level errors */ -#define X509_V_ERR_EE_KEY_TOO_SMALL 66 -#define X509_V_ERR_CA_KEY_TOO_SMALL 67 -#define X509_V_ERR_CA_MD_TOO_WEAK 68 -/* Caller error */ -#define X509_V_ERR_INVALID_CALL 69 -/* Issuer lookup error */ -#define X509_V_ERR_STORE_LOOKUP 70 -/* Certificate transparency */ -#define X509_V_ERR_NO_VALID_SCTS 71 - -#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 -/* OCSP status errors */ -#define X509_V_ERR_OCSP_VERIFY_NEEDED 73 -#define X509_V_ERR_OCSP_VERIFY_FAILED 74 -#define X509_V_ERR_OCSP_CERT_UNKNOWN 75 - -#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 -#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 - -/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */ -#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 -#define X509_V_ERR_INVALID_CA 79 -#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 -#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 -#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 -#define X509_V_ERR_ISSUER_NAME_EMPTY 83 -#define X509_V_ERR_SUBJECT_NAME_EMPTY 84 -#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 -#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 -#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 -#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 -#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 -#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 -#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 -#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 -#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 -#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 -#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +#define X509_V_ERR_DANE_NO_MATCH 65 +#define X509_V_ERR_EE_KEY_TOO_SMALL 66 +#define X509_V_ERR_CA_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_MD_TOO_WEAK 68 +#define X509_V_ERR_INVALID_CALL 69 +#define X509_V_ERR_STORE_LOOKUP 70 +#define X509_V_ERR_NO_VALID_SCTS 71 +#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +#define X509_V_ERR_OCSP_VERIFY_NEEDED 73 +#define X509_V_ERR_OCSP_VERIFY_FAILED 74 +#define X509_V_ERR_OCSP_CERT_UNKNOWN 75 +#define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76 +#define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77 +#define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78 +#define X509_V_ERR_INVALID_CA 79 +#define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80 +#define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81 +#define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82 +#define X509_V_ERR_ISSUER_NAME_EMPTY 83 +#define X509_V_ERR_SUBJECT_NAME_EMPTY 84 +#define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85 +#define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86 +#define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87 +#define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88 +#define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89 +#define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90 +#define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 +#define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 +#define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 +#define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical #define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object #define X509_EXTENSION_set_data wolfSSL_X509_EXTENSION_set_data +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* WOLFSSL_OPENSSL_509_H_ */ diff --git a/src/wolfssl/openssl/x509v3.h b/src/wolfssl/openssl/x509v3.h index 401f8e8..a84077d 100644 --- a/src/wolfssl/openssl/x509v3.h +++ b/src/wolfssl/openssl/x509v3.h @@ -36,91 +36,68 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#define EXFLAG_KUSAGE 0x2 -#define EXFLAG_XKUSAGE 0x4 - -#define KU_DIGITAL_SIGNATURE KEYUSE_DIGITAL_SIG -#define KU_NON_REPUDIATION KEYUSE_CONTENT_COMMIT -#define KU_KEY_ENCIPHERMENT KEYUSE_KEY_ENCIPHER -#define KU_DATA_ENCIPHERMENT KEYUSE_DATA_ENCIPHER -#define KU_KEY_AGREEMENT KEYUSE_KEY_AGREE -#define KU_KEY_CERT_SIGN KEYUSE_KEY_CERT_SIGN -#define KU_CRL_SIGN KEYUSE_CRL_SIGN -#define KU_ENCIPHER_ONLY KEYUSE_ENCIPHER_ONLY -#define KU_DECIPHER_ONLY KEYUSE_DECIPHER_ONLY - -#define XKU_SSL_SERVER 0x1 -#define XKU_SSL_CLIENT 0x2 -#define XKU_SMIME 0x4 -#define XKU_CODE_SIGN 0x8 -#define XKU_SGC 0x10 -#define XKU_OCSP_SIGN 0x20 -#define XKU_TIMESTAMP 0x40 -#define XKU_DVCS 0x80 -#define XKU_ANYEKU 0x100 - -#define X509_PURPOSE_SSL_CLIENT 0 -#define X509_PURPOSE_SSL_SERVER 1 - -#define NS_SSL_CLIENT WC_NS_SSL_CLIENT -#define NS_SSL_SERVER WC_NS_SSL_SERVER - -/* Forward reference */ +#define WOLFSSL_EXFLAG_KUSAGE 0x2 +#define WOLFSSL_EXFLAG_XKUSAGE 0x4 + +#define WOLFSSL_XKU_SSL_SERVER 0x1 +#define WOLFSSL_XKU_SSL_CLIENT 0x2 +#define WOLFSSL_XKU_SMIME 0x4 +#define WOLFSSL_XKU_CODE_SIGN 0x8 +#define WOLFSSL_XKU_SGC 0x10 +#define WOLFSSL_XKU_OCSP_SIGN 0x20 +#define WOLFSSL_XKU_TIMESTAMP 0x40 +#define WOLFSSL_XKU_DVCS 0x80 +#define WOLFSSL_XKU_ANYEKU 0x100 + +#define WOLFSSL_X509_PURPOSE_SSL_CLIENT 0 +#define WOLFSSL_X509_PURPOSE_SSL_SERVER 1 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x0090801fL -typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); +typedef void *(*WOLFSSL_X509V3_EXT_D2I)(void *, const unsigned char **, long); #else -typedef void *(*X509V3_EXT_D2I)(void *, unsigned char **, long); +typedef void *(*WOLFSSL_X509V3_EXT_D2I)(void *, unsigned char **, long); #endif -typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) ( +typedef int (*WOLFSSL_X509V3_EXT_I2D) (void *, unsigned char **); +typedef WOLF_STACK_OF(CONF_VALUE) *(*WOLFSSL_X509V3_EXT_I2V) ( struct WOLFSSL_v3_ext_method *method, - void *ext, STACK_OF(CONF_VALUE) *extlist); -typedef char *(*X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext); -typedef int (*X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method, - void *ext, BIO *out, int indent); -typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD; + void *ext, WOLF_STACK_OF(CONF_VALUE) *extlist); +typedef char *(*WOLFSSL_X509V3_EXT_I2S)(struct WOLFSSL_v3_ext_method *method, void *ext); +typedef int (*WOLFSSL_X509V3_EXT_I2R) (struct WOLFSSL_v3_ext_method *method, + void *ext, WOLFSSL_BIO *out, int indent); +typedef struct WOLFSSL_v3_ext_method WOLFSSL_X509V3_EXT_METHOD; struct WOLFSSL_v3_ext_method { int ext_nid; int ext_flags; void *usr_data; - X509V3_EXT_D2I d2i; - X509V3_EXT_I2D i2d; - X509V3_EXT_I2V i2v; - X509V3_EXT_I2S i2s; - X509V3_EXT_I2R i2r; + WOLFSSL_X509V3_EXT_D2I d2i; + WOLFSSL_X509V3_EXT_I2D i2d; + WOLFSSL_X509V3_EXT_I2V i2v; + WOLFSSL_X509V3_EXT_I2S i2s; + WOLFSSL_X509V3_EXT_I2R i2r; }; struct WOLFSSL_X509_EXTENSION { WOLFSSL_ASN1_OBJECT *obj; WOLFSSL_ASN1_BOOLEAN crit; - ASN1_OCTET_STRING value; /* DER format of extension */ + WOLFSSL_ASN1_STRING value; /* DER format of extension */ WOLFSSL_v3_ext_method ext_method; WOLFSSL_STACK* ext_sk; /* For extension specific data */ }; #define WOLFSSL_ASN1_BOOLEAN int -#define GEN_OTHERNAME 0 -#define GEN_EMAIL 1 -#define GEN_DNS 2 -#define GEN_X400 3 -#define GEN_DIRNAME 4 -#define GEN_EDIPARTY 5 -#define GEN_URI 6 -#define GEN_IPADD 7 -#define GEN_RID 8 -#define GEN_IA5 9 - -#define GENERAL_NAME WOLFSSL_GENERAL_NAME - -#define X509V3_CTX WOLFSSL_X509V3_CTX -#define CTX_TEST 0x1 +#define WOLFSSL_GEN_OTHERNAME 0 +#define WOLFSSL_GEN_EMAIL 1 +#define WOLFSSL_GEN_DNS 2 +#define WOLFSSL_GEN_X400 3 +#define WOLFSSL_GEN_DIRNAME 4 +#define WOLFSSL_GEN_EDIPARTY 5 +#define WOLFSSL_GEN_URI 6 +#define WOLFSSL_GEN_IPADD 7 +#define WOLFSSL_GEN_RID 8 +#define WOLFSSL_GEN_IA5 9 -typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; -typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; -typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS; WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void); @@ -157,6 +134,67 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); +#ifndef OPENSSL_COEXIST + +#define EXFLAG_KUSAGE WOLFSSL_EXFLAG_KUSAGE +#define EXFLAG_XKUSAGE WOLFSSL_EXFLAG_XKUSAGE + +#define KU_DIGITAL_SIGNATURE KEYUSE_DIGITAL_SIG +#define KU_NON_REPUDIATION KEYUSE_CONTENT_COMMIT +#define KU_KEY_ENCIPHERMENT KEYUSE_KEY_ENCIPHER +#define KU_DATA_ENCIPHERMENT KEYUSE_DATA_ENCIPHER +#define KU_KEY_AGREEMENT KEYUSE_KEY_AGREE +#define KU_KEY_CERT_SIGN KEYUSE_KEY_CERT_SIGN +#define KU_CRL_SIGN KEYUSE_CRL_SIGN +#define KU_ENCIPHER_ONLY KEYUSE_ENCIPHER_ONLY +#define KU_DECIPHER_ONLY KEYUSE_DECIPHER_ONLY + +#define XKU_SSL_SERVER WOLFSSL_XKU_SSL_SERVER +#define XKU_SSL_CLIENT WOLFSSL_XKU_SSL_CLIENT +#define XKU_SMIME WOLFSSL_XKU_SMIME +#define XKU_CODE_SIGN WOLFSSL_XKU_CODE_SIGN +#define XKU_SGC WOLFSSL_XKU_SGC +#define XKU_OCSP_SIGN WOLFSSL_XKU_OCSP_SIGN +#define XKU_TIMESTAMP WOLFSSL_XKU_TIMESTAMP +#define XKU_DVCS WOLFSSL_XKU_DVCS +#define XKU_ANYEKU WOLFSSL_XKU_ANYEKU + +#define X509_PURPOSE_SSL_CLIENT WOLFSSL_X509_PURPOSE_SSL_CLIENT +#define X509_PURPOSE_SSL_SERVER WOLFSSL_X509_PURPOSE_SSL_SERVER + +#define NS_SSL_CLIENT WC_NS_SSL_CLIENT +#define NS_SSL_SERVER WC_NS_SSL_SERVER + +/* Forward reference */ + +#define X509V3_EXT_D2I WOLFSSL_X509V3_EXT_D2I +#define X509V3_EXT_I2D WOLFSSL_X509V3_EXT_I2D +#define X509V3_EXT_I2V WOLFSSL_X509V3_EXT_I2V +#define X509V3_EXT_I2S WOLFSSL_X509V3_EXT_I2S +#define X509V3_EXT_I2R WOLFSSL_X509V3_EXT_I2R +typedef struct WOLFSSL_v3_ext_method X509V3_EXT_METHOD; + +#define GEN_OTHERNAME WOLFSSL_GEN_OTHERNAME +#define GEN_EMAIL WOLFSSL_GEN_EMAIL +#define GEN_DNS WOLFSSL_GEN_DNS +#define GEN_X400 WOLFSSL_GEN_X400 +#define GEN_DIRNAME WOLFSSL_GEN_DIRNAME +#define GEN_EDIPARTY WOLFSSL_GEN_EDIPARTY +#define GEN_URI WOLFSSL_GEN_URI +#define GEN_IPADD WOLFSSL_GEN_IPADD +#define GEN_RID WOLFSSL_GEN_RID +#define GEN_IA5 WOLFSSL_GEN_IA5 + +#define GENERAL_NAME WOLFSSL_GENERAL_NAME + +#define X509V3_CTX WOLFSSL_X509V3_CTX + +#define CTX_TEST 0x1 + +typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; +typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; +typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; + #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free #define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((x)) @@ -166,7 +204,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i #define X509V3_EXT_add_nconf wolfSSL_X509V3_EXT_add_nconf #ifndef NO_WOLFSSL_STUB -#define X509V3_parse_list(...) NULL +#define X509V3_parse_list(line) NULL #endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING #define a2i_IPADDRESS wolfSSL_a2i_IPADDRESS @@ -174,13 +212,15 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid #define X509V3_set_ctx wolfSSL_X509V3_set_ctx #ifndef NO_WOLFSSL_STUB -#define X509V3_set_nconf(...) WC_DO_NOTHING -#define X509V3_EXT_cleanup(...) WC_DO_NOTHING +#define X509V3_set_nconf(ctx, conf) WC_DO_NOTHING +#define X509V3_EXT_cleanup() WC_DO_NOTHING #endif #define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) #define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb #define X509v3_get_ext_count wolfSSL_sk_num +#endif /* !OPENSSL_COEXIST */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus diff --git a/src/wolfssl/ssl.h b/src/wolfssl/ssl.h index 4bbdf65..8b7ebed 100644 --- a/src/wolfssl/ssl.h +++ b/src/wolfssl/ssl.h @@ -39,8 +39,16 @@ #include #include +#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \ + defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING)) || \ + defined(WC_ASN_UNKNOWN_EXT_CB) +#include "wolfssl/wolfcrypt/asn.h" +#endif + /* For the types */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #include +#endif #ifdef HAVE_WOLF_EVENT #include @@ -76,8 +84,26 @@ #endif #endif +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + #include + #ifndef WOLFCRYPT_ONLY + #include + #endif + #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + #include + #endif +#endif + #ifdef OPENSSL_COEXIST - /* mode to allow wolfSSL and OpenSSL to exist together */ + /* mode to allow wolfSSL and OpenSSL to coexist without symbol conflicts */ + + #ifndef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + #endif + #ifndef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + #endif + #ifdef TEST_OPENSSL_COEXIST /* ./configure --enable-opensslcoexist \ @@ -91,23 +117,81 @@ #include #include #include + + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + FIPS_VERSION3_GE(5,2,0)) + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(7,0,0) + /* clear conflicting name */ + #undef RSA_PKCS1_PADDING_SIZE + #endif + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */ + #endif #elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) - #include #include - #ifndef WOLFCRYPT_ONLY - #include - #endif - #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) - #include - #endif /* We need the old SSL names */ - #ifdef NO_OLD_SSL_NAMES + #if defined(NO_OLD_SSL_NAMES) && !defined(OPENSSL_COEXIST) #undef NO_OLD_SSL_NAMES #endif - #ifdef NO_OLD_WC_NAMES + #if defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_COEXIST) #undef NO_OLD_WC_NAMES #endif #endif @@ -136,14 +220,14 @@ typedef struct WOLFSSL_STACK WOLFSSL_LHASH; #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x); #endif -#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED -#define WOLFSSL_WOLFSSL_TYPE_DEFINED +#ifndef WOLFSSL_TYPE_DEFINED +#define WOLFSSL_TYPE_DEFINED typedef struct WOLFSSL WOLFSSL; #endif typedef struct WOLFSSL_SESSION WOLFSSL_SESSION; typedef struct WOLFSSL_METHOD WOLFSSL_METHOD; -#ifndef WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED -#define WOLFSSL_WOLFSSL_CTX_TYPE_DEFINED +#ifndef WOLFSSL_CTX_TYPE_DEFINED +#define WOLFSSL_CTX_TYPE_DEFINED typedef struct WOLFSSL_CTX WOLFSSL_CTX; #endif @@ -172,10 +256,9 @@ typedef struct WOLFSSL_BY_DIR WOLFSSL_BY_DIR; #include - -#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */ -typedef struct WOLFSSL_RSA WOLFSSL_RSA; -#define WOLFSSL_RSA_TYPE_DEFINED +/* The WOLFSSL_RSA type is required in all build configurations. */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#include #endif #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ @@ -213,7 +296,9 @@ typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; +#ifndef OPENSSL_COEXIST typedef struct WOLFSSL_ASN1_OTHERNAME OTHERNAME; +#endif typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; typedef struct WOLFSSL_OBJ_NAME WOLFSSL_OBJ_NAME; @@ -237,12 +322,75 @@ typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT; typedef struct WOLFSSL_CONF_CTX WOLFSSL_CONF_CTX; -typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *, WOLFSSL_X509_CRL **, WOLFSSL_X509 *); typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *, WOLFSSL_X509_CRL *); +#define WOLFSSL_V_ASN1_INTEGER 0x02 +#define WOLFSSL_V_ASN1_NEG 0x100 +#define WOLFSSL_V_ASN1_NEG_INTEGER (2 | WOLFSSL_V_ASN1_NEG) +#define WOLFSSL_V_ASN1_NEG_ENUMERATED (10 | WOLFSSL_V_ASN1_NEG) + +/* Type for ASN1_print_ex */ +#define WOLFSSL_ASN1_STRFLGS_ESC_2253 1 +#define WOLFSSL_ASN1_STRFLGS_ESC_CTRL 2 +#define WOLFSSL_ASN1_STRFLGS_ESC_MSB 4 +#define WOLFSSL_ASN1_STRFLGS_ESC_QUOTE 8 +#define WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT 0x10 +#define WOLFSSL_ASN1_STRFLGS_IGNORE_TYPE 0x20 +#define WOLFSSL_ASN1_STRFLGS_SHOW_TYPE 0x40 +#define WOLFSSL_ASN1_STRFLGS_DUMP_ALL 0x80 +#define WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN 0x100 +#define WOLFSSL_ASN1_STRFLGS_DUMP_DER 0x200 +#define WOLFSSL_ASN1_STRFLGS_RFC2253 (WOLFSSL_ASN1_STRFLGS_ESC_2253 | \ + WOLFSSL_ASN1_STRFLGS_ESC_CTRL | \ + WOLFSSL_ASN1_STRFLGS_ESC_MSB | \ + WOLFSSL_ASN1_STRFLGS_UTF8_CONVERT | \ + WOLFSSL_ASN1_STRFLGS_DUMP_UNKNOWN | \ + WOLFSSL_ASN1_STRFLGS_DUMP_DER) + +#define WOLFSSL_MBSTRING_UTF8 0x1000 +#define WOLFSSL_MBSTRING_ASC 0x1001 +#define WOLFSSL_MBSTRING_BMP 0x1002 +#define WOLFSSL_MBSTRING_UNIV 0x1004 + +#define WOLFSSL_V_ASN1_EOC 0 +#define WOLFSSL_V_ASN1_BOOLEAN 1 +#define WOLFSSL_V_ASN1_OCTET_STRING 4 +#define WOLFSSL_V_ASN1_NULL 5 +#define WOLFSSL_V_ASN1_OBJECT 6 +#define WOLFSSL_V_ASN1_UTF8STRING 12 +#define WOLFSSL_V_ASN1_SEQUENCE 16 +#define WOLFSSL_V_ASN1_SET 17 +#define WOLFSSL_V_ASN1_PRINTABLESTRING 19 +#define WOLFSSL_V_ASN1_T61STRING 20 +#define WOLFSSL_V_ASN1_IA5STRING 22 +#define WOLFSSL_V_ASN1_UTCTIME 23 +#define WOLFSSL_V_ASN1_GENERALIZEDTIME 24 +#define WOLFSSL_V_ASN1_UNIVERSALSTRING 28 +#define WOLFSSL_V_ASN1_BMPSTRING 30 + + +#define WOLFSSL_V_ASN1_CONSTRUCTED 0x20 + +#define WOLFSSL_ASN1_STRING_FLAG_BITS_LEFT 0x008 +#define WOLFSSL_ASN1_STRING_FLAG_NDEF 0x010 +#define WOLFSSL_ASN1_STRING_FLAG_CONT 0x020 +#define WOLFSSL_ASN1_STRING_FLAG_MSTRING 0x040 +#define WOLFSSL_ASN1_STRING_FLAG_EMBED 0x080 + +/* X.509 PKI size limits from RFC2459 (appendix A) */ +/* internally our limit is CTC_NAME_SIZE (64) - overridden with WC_CTC_NAME_SIZE */ +#define WOLFSSL_ub_name CTC_NAME_SIZE /* 32768 */ +#define WOLFSSL_ub_common_name CTC_NAME_SIZE /* 64 */ +#define WOLFSSL_ub_locality_name CTC_NAME_SIZE /* 128 */ +#define WOLFSSL_ub_state_name CTC_NAME_SIZE /* 128 */ +#define WOLFSSL_ub_organization_name CTC_NAME_SIZE /* 64 */ +#define WOLFSSL_ub_organization_unit_name CTC_NAME_SIZE /* 64 */ +#define WOLFSSL_ub_title CTC_NAME_SIZE /* 64 */ +#define WOLFSSL_ub_email_address CTC_NAME_SIZE /* 128 */ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL) struct WOLFSSL_OBJ_NAME { @@ -404,7 +552,7 @@ struct WOLFSSL_EVP_PKEY { union { char* ptr; /* der format of key */ } pkey; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifndef NO_RSA WOLFSSL_RSA* rsa; #endif @@ -438,12 +586,82 @@ struct WOLFSSL_EVP_PKEY { word16 pkcs8HeaderSz; /* option bits */ - byte ownDh:1; /* if struct owns DH and should free it */ - byte ownEcc:1; /* if struct owns ECC and should free it */ - byte ownDsa:1; /* if struct owns DSA and should free it */ - byte ownRsa:1; /* if struct owns RSA and should free it */ + WC_BITFIELD ownDh:1; /* if struct owns DH and should free it */ + WC_BITFIELD ownEcc:1; /* if struct owns ECC and should free it */ + WC_BITFIELD ownDsa:1; /* if struct owns DSA and should free it */ + WC_BITFIELD ownRsa:1; /* if struct owns RSA and should free it */ +}; + + +#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 +#define WOLFSSL_NO_WILDCARDS 0x2 +#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 +#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 +/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */ +#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40 + + +typedef struct WOLFSSL_BUFFER_INFO { + unsigned char* buffer; + unsigned int length; +} WOLFSSL_BUFFER_INFO; + +typedef struct WOLFSSL_BUF_MEM { + char* data; /* dereferenced */ + size_t length; /* current length */ + size_t max; /* maximum length */ +} WOLFSSL_BUF_MEM; + + +typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); +typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); + +struct WOLFSSL_X509_STORE_CTX { +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ + WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ + #if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA) + WOLFSSL_X509* current_issuer; /* asio dereference */ + #endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_STACK* chain; + #ifdef OPENSSL_EXTRA + WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ + #endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + + char* domain; /* subject CN domain name */ +#ifdef HAVE_EX_DATA + WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */ +#endif +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA) + int depth; /* used in X509_STORE_CTX_*_depth */ +#endif + void* userCtx; /* user ctx */ + int error; /* current error */ + int error_depth; /* index of cert depth for this error */ + int discardSessionCerts; /* so verify callback can flag for discard */ + int totalCerts; /* number of peer cert buffers */ + WOLFSSL_BUFFER_INFO* certs; /* peer certs */ + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ + void* heap; + int flags; + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */ + WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified + * on store ctx init */ + WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override + * set with + * X509_STORE_CTX_trusted_stack */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ }; + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + struct WOLFSSL_X509_PKEY { WOLFSSL_EVP_PKEY* dec_pkey; /* dereferenced by Apache */ void* heap; @@ -460,7 +678,7 @@ struct WOLFSSL_X509_INFO { int num; }; -#define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */ +#define WOLFSSL_EVP_PKEY_DEFAULT WC_EVP_PKEY_RSA /* default key type */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #define wolfSSL_SSL_MODE_RELEASE_BUFFERS 0x00000010U @@ -496,7 +714,8 @@ enum BIO_FLAGS { WOLFSSL_BIO_FLAG_READ = 0x02, WOLFSSL_BIO_FLAG_WRITE = 0x04, WOLFSSL_BIO_FLAG_IO_SPECIAL = 0x08, - WOLFSSL_BIO_FLAG_RETRY = 0x10 + WOLFSSL_BIO_FLAG_RETRY = 0x10, + WOLFSSL_BIO_FLAG_MEM_RDONLY = 0x200 }; enum BIO_CB_OPS { @@ -509,12 +728,6 @@ enum BIO_CB_OPS { WOLFSSL_BIO_CB_RETURN = 0x80 }; -typedef struct WOLFSSL_BUF_MEM { - char* data; /* dereferenced */ - size_t length; /* current length */ - size_t max; /* maximum length */ -} WOLFSSL_BUF_MEM; - /* custom method with user set callbacks */ typedef int (*wolfSSL_BIO_meth_write_cb)(WOLFSSL_BIO*, const char*, int); typedef int (*wolfSSL_BIO_meth_read_cb)(WOLFSSL_BIO *, char *, int); @@ -606,13 +819,6 @@ struct WOLFSSL_X509_STORE { word32 numAdded; /* Number of objs in objs that are in certs sk */ }; -#define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 -#define WOLFSSL_NO_WILDCARDS 0x2 -#define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 -#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 -/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */ -#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40 - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 @@ -640,16 +846,6 @@ struct WOLFSSL_X509_VERIFY_PARAM { }; #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -typedef struct WOLFSSL_ALERT { - int code; - int level; -} WOLFSSL_ALERT; - -typedef struct WOLFSSL_ALERT_HISTORY { - WOLFSSL_ALERT last_rx; - WOLFSSL_ALERT last_tx; -} WOLFSSL_ALERT_HISTORY; - typedef struct WOLFSSL_X509_REVOKED { WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ } WOLFSSL_X509_REVOKED; @@ -671,46 +867,6 @@ typedef struct WOLFSSL_X509_OBJECT { #define WOLFSSL_ASN1_BOOLEAN int -typedef struct WOLFSSL_BUFFER_INFO { - unsigned char* buffer; - unsigned int length; -} WOLFSSL_BUFFER_INFO; - -struct WOLFSSL_X509_STORE_CTX { - WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ - WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ -#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA) - WOLFSSL_X509* current_issuer; /* asio dereference */ -#endif - WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ - WOLFSSL_STACK* chain; -#ifdef OPENSSL_EXTRA - WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ -#endif - char* domain; /* subject CN domain name */ -#ifdef HAVE_EX_DATA - WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */ -#endif -#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA) - int depth; /* used in X509_STORE_CTX_*_depth */ -#endif - void* userCtx; /* user ctx */ - int error; /* current error */ - int error_depth; /* index of cert depth for this error */ - int discardSessionCerts; /* so verify callback can flag for discard */ - int totalCerts; /* number of peer cert buffers */ - WOLFSSL_BUFFER_INFO* certs; /* peer certs */ - WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ - void* heap; - int flags; - WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */ - WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified - * on store ctx init */ - WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override - * set with - * X509_STORE_CTX_trusted_stack*/ -}; - typedef char* WOLFSSL_STRING; typedef struct WOLFSSL_RAND_METHOD { @@ -732,6 +888,20 @@ typedef struct WOLFSSL_RAND_METHOD { int (*status)(void); } WOLFSSL_RAND_METHOD; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + + +typedef struct WOLFSSL_ALERT { + int code; + int level; +} WOLFSSL_ALERT; + +typedef struct WOLFSSL_ALERT_HISTORY { + WOLFSSL_ALERT last_rx; + WOLFSSL_ALERT last_tx; +} WOLFSSL_ALERT_HISTORY; + + /* Valid Alert types from page 16/17 * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c */ @@ -789,7 +959,7 @@ enum AlertLevel { enum SNICbReturn { warning_return = alert_warning, fatal_return = alert_fatal, - noack_return, + noack_return }; /* WS_RETURN_CODE macro @@ -1189,6 +1359,7 @@ WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_get_fd(const WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_get_wfd(const WOLFSSL* ssl); /* please see note at top of README if you get an error from connect */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_write( @@ -1196,6 +1367,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_write( WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL* ssl, void* data, int sz); WOLFSSL_API int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz); WOLFSSL_API int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req); WOLFSSL_API int wolfSSL_mutual_auth(WOLFSSL* ssl, int req); @@ -1266,7 +1438,6 @@ WOLFSSL_API void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode); WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode); WOLFSSL_ABI WOLFSSL_API int wolfSSL_get_error(WOLFSSL* ssl, int ret); -WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h); WOLFSSL_ABI WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t); @@ -1308,15 +1479,38 @@ WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); #endif /* SESSION_INDEX */ -#if defined(SESSION_CERTS) -WOLFSSL_API - WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session); -WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session); -#endif /* SESSION_INDEX && SESSION_CERTS */ -typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); -typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int); +#ifdef OPENSSL_EXTRA +/* compatibility callback for TLS state */ +typedef void (CallbackInfoState)(const WOLFSSL* ssl, int state, int err); +#endif + + +/* ----- EX DATA BEGIN ----- */ +WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data); + +#ifdef HAVE_EX_DATA +WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void); +WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data( + const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx); +WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data( + WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data); + +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup( + WOLFSSL_CRYPTO_EX_DATA* ex_data, + int idx, + void *data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine); +WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup( + WOLFSSL* ssl, + int idx, + void* data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine); +#endif +#ifdef HAVE_EX_DATA_CRYPTO /* class index for wolfSSL_CRYPTO_get_ex_new_index */ #define WOLF_CRYPTO_EX_INDEX_SSL 0 #define WOLF_CRYPTO_EX_INDEX_SSL_CTX 1 @@ -1336,8 +1530,6 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int); #define WOLF_CRYPTO_EX_INDEX_DRBG 15 #define WOLF_CRYPTO_EX_INDEX__COUNT 16 -#ifdef HAVE_EX_DATA - /* Helper macro to log that input arguments should not be used */ #define WOLFSSL_CRYPTO_EX_DATA_IGNORE_PARAMS(a1, a2, a3, a4, a5) \ (void)(a1); \ @@ -1352,12 +1544,60 @@ typedef void (CallbackInfoState)(const WOLFSSL* ssl, int, int); } \ } while(0) -WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg, - WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b, - WOLFSSL_CRYPTO_EX_free* c); +WOLFSSL_API int wolfSSL_get_ex_new_index( + long argValue, void* arg, + WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b, + WOLFSSL_CRYPTO_EX_free* c); +WOLFSSL_API int wolfSSL_CTX_get_ex_new_index( + long idx, void* arg, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); +WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index( + int class_index, long argl, void *argp, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); +WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr, + WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); +#endif /* HAVE_EX_DATA_CRYPTO */ +#endif /* HAVE_EX_DATA */ +/* Exposed EX data API's, guarded internally by HAVE_EX_DATA */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); +WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, + void *data); +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup( + WOLFSSL_X509 *x509, + int idx, + void *data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine); #endif +#ifdef HAVE_EX_DATA_CRYPTO +WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); +#endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#ifdef OPENSSL_EXTRA +WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx); +WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data); +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup( + WOLFSSL_CTX* ctx, + int idx, + void* data, + wolfSSL_ex_data_cleanup_routine_t cleanup_routine); +#endif +#endif /* OPENSSL_EXTRA */ +/* ----- EX DATA END ----- */ + WOLFSSL_ABI WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback verify_callback); @@ -1495,8 +1735,16 @@ WOLFSSL_API int wolfSSL_dtls(WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_dtls_create_peer(int port, char* ip); WOLFSSL_API int wolfSSL_dtls_free_peer(void* addr); -WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); -WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); +WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, + unsigned int peerSz); +WOLFSSL_API int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, + unsigned int peerSz); +WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, + unsigned int* peerSz); +WOLFSSL_API int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, + unsigned int* peerSz); + +WOLFSSL_API byte wolfSSL_is_stateful(WOLFSSL* ssl); #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx); @@ -1576,7 +1824,9 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long e); WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e); WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e); -/* extras */ +/* -------- EXTRAS BEGIN -------- */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); @@ -1588,16 +1838,11 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx); -#if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \ - defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING)) -#include "wolfssl/wolfcrypt/asn.h" -#endif - #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push( WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk, WOLFSSL_ACCESS_DESCRIPTION* a); -#endif /* defined(OPENSSL_ALL) || OPENSSL_EXTRA || defined(WOLFSSL_QT) */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_QT */ typedef WOLF_STACK_OF(WOLFSSL_GENERAL_NAME) WOLFSSL_GENERAL_NAMES; typedef WOLF_STACK_OF(WOLFSSL_DIST_POINT) WOLFSSL_DIST_POINTS; @@ -1692,61 +1937,7 @@ WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); -WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data); -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup( - WOLFSSL* ssl, - int idx, - void* data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine); -#endif -WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd); -WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd); -WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt); -WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, - unsigned int len); -WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl); -WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_session_reused(WOLFSSL* ssl); -#ifdef OPENSSL_EXTRA -/* using unsigned char instead of uint8_t here to avoid stdint include */ -WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length( - WOLFSSL_SESSION* session); -#endif -WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap); -WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); -WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, - WOLFSSL_SESSION* session); -WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, - const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_is_init_finished(const WOLFSSL* ssl); -WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); -WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl); -WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len); -WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); -WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session); -WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL* ssl); -WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); -WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session); - -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap); -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x); #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); @@ -1972,22 +2163,15 @@ WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psi const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); -WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, - char* in, int sz); WOLFSSL_API unsigned long wolfSSL_X509_NAME_hash(WOLFSSL_X509_NAME* name); #if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz); #endif -WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( - WOLFSSL_X509* cert); WOLFSSL_API unsigned long wolfSSL_X509_issuer_name_hash(const WOLFSSL_X509* x509); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( - WOLFSSL_X509* cert); WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid); WOLFSSL_API int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit); -WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509); WOLFSSL_API unsigned int wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509); WOLFSSL_API unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509); @@ -2050,11 +2234,6 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst, const WOLFSSL_ASN1_STRING* src); WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API const char* wolfSSL_X509_verify_cert_error_string(long err); -WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509); -WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, unsigned char* buf, int* bufSz); -WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509, unsigned char* buf, - int* bufSz); -WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup,const char* dir,long type); WOLFSSL_API int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, const char* file, @@ -2088,11 +2267,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CT int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param( WOLFSSL_X509_STORE_CTX *ctx); -WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); -WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap); WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)*); -WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk); @@ -2237,10 +2413,10 @@ WOLFSSL_API int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl, const byte** suites, word16* suiteSz, const byte** hashSigAlgo, word16* hashSigAlgoSz); typedef struct WOLFSSL_CIPHERSUITE_INFO { - byte rsaAuth:1; - byte eccAuth:1; - byte eccStatic:1; - byte psk:1; + WC_BITFIELD rsaAuth:1; + WC_BITFIELD eccAuth:1; + WC_BITFIELD eccStatic:1; + WC_BITFIELD psk:1; } WOLFSSL_CIPHERSUITE_INFO; WOLFSSL_API WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, byte second); @@ -2283,14 +2459,6 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error( WOLFSSL_X509_STORE_CTX* ctx, int er); void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth); -WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx); - -WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, - void* userdata); -WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, - wc_pem_password_cb* cb); -WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx); -WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); WOLFSSL_API void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, void (*f)(const WOLFSSL* ssl, int type, int val)); @@ -2349,13 +2517,7 @@ WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength); WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl); -WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); -WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); WOLFSSL_API long wolfSSL_clear_options(WOLFSSL *s, long op); -WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); -WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); -WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); -WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s); WOLFSSL_API long wolfSSL_set_tmp_dh(WOLFSSL *s, WOLFSSL_DH *dh); WOLFSSL_API long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type); @@ -2374,6 +2536,186 @@ WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); +WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + + /* Errors used in wolfSSL. utilize the values from the defines in + * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix. + */ +enum { + WOLFSSL_X509_V_OK = 0, + WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE = 7, + WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID = 9, + WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED = 10, + WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13, + WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14, + WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18, + WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20, + WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21, + WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG = 22, + WOLFSSL_X509_V_ERR_CERT_REVOKED = 23, + WOLFSSL_X509_V_ERR_INVALID_CA = 24, + WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED = 25, + WOLFSSL_X509_V_ERR_CERT_REJECTED = 28, + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, + +#ifdef HAVE_OCSP + /* OCSP Flags */ + WOLFSSL_OCSP_NOCERTS = 1, + WOLFSSL_OCSP_NOINTERN = 2, + WOLFSSL_OCSP_NOSIGS = 4, + WOLFSSL_OCSP_NOCHAIN = 8, + WOLFSSL_OCSP_NOVERIFY = 16, + WOLFSSL_OCSP_NOEXPLICIT = 32, + WOLFSSL_OCSP_NOCASIGN = 64, + WOLFSSL_OCSP_NODELEGATED = 128, + WOLFSSL_OCSP_NOCHECKS = 256, + WOLFSSL_OCSP_TRUSTOTHER = 512, + WOLFSSL_OCSP_RESPID_KEY = 1024, + WOLFSSL_OCSP_NOTIME = 2048, +#endif + + WOLFSSL_ST_CONNECT = 0x1000, + WOLFSSL_ST_ACCEPT = 0x2000, + WOLFSSL_ST_MASK = 0x0FFF, + + WOLFSSL_CB_LOOP = 0x01, + WOLFSSL_CB_EXIT = 0x02, + WOLFSSL_CB_READ = 0x04, + WOLFSSL_CB_WRITE = 0x08, + WOLFSSL_CB_HANDSHAKE_START = 0x10, + WOLFSSL_CB_HANDSHAKE_DONE = 0x20, + WOLFSSL_CB_ALERT = 0x4000, + WOLFSSL_CB_READ_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_READ), + WOLFSSL_CB_WRITE_ALERT = (WOLFSSL_CB_ALERT | WOLFSSL_CB_WRITE), + WOLFSSL_CB_ACCEPT_LOOP = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_LOOP), + WOLFSSL_CB_ACCEPT_EXIT = (WOLFSSL_ST_ACCEPT | WOLFSSL_CB_EXIT), + WOLFSSL_CB_CONNECT_LOOP = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_LOOP), + WOLFSSL_CB_CONNECT_EXIT = (WOLFSSL_ST_CONNECT | WOLFSSL_CB_EXIT), + WOLFSSL_CB_MODE_READ = 1, + WOLFSSL_CB_MODE_WRITE = 2, + + WOLFSSL_MODE_ENABLE_PARTIAL_WRITE = 2, + WOLFSSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE} + * to the user. This is set by default with + * OPENWOLFSSL_COMPATIBLE_DEFAULTS. The macro + * WOLFWOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to + * limit the possibility of an infinite retry loop + */ + WOLFSSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ + + WOLFSSL_CRYPTO_LOCK = 1, + WOLFSSL_CRYPTO_NUM_LOCKS = 10 +}; + +#define WOLFSSL_NOTHING 1 +#define WOLFSSL_WRITING 2 +#define WOLFSSL_READING 3 +#define WOLFSSL_MAX_SSL_SESSION_ID_LENGTH 32 /* = ID_LEN */ + +#ifndef OPENSSL_COEXIST + +/* for compatibility these must be macros */ + +#define SSL_OP_MICROSOFT_SESS_ID_BUG WOLFSSL_OP_MICROSOFT_SESS_ID_BUG +#define SSL_OP_NETSCAPE_CHALLENGE_BUG WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER +#define SSL_OP_MSIE_SSLV2_RSA_PADDING WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG +#define SSL_OP_TLS_D5_BUG WOLFSSL_OP_TLS_D5_BUG +#define SSL_OP_TLS_BLOCK_PADDING_BUG WOLFSSL_OP_TLS_BLOCK_PADDING_BUG +#define SSL_OP_TLS_ROLLBACK_BUG WOLFSSL_OP_TLS_ROLLBACK_BUG +#define SSL_OP_EPHEMERAL_RSA WOLFSSL_OP_EPHEMERAL_RSA +#define SSL_OP_PKCS1_CHECK_1 WOLFSSL_OP_PKCS1_CHECK_1 +#define SSL_OP_PKCS1_CHECK_2 WOLFSSL_OP_PKCS1_CHECK_2 +#define SSL_OP_NETSCAPE_CA_DN_BUG WOLFSSL_OP_NETSCAPE_CA_DN_BUG +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS +#define SSL_OP_NO_QUERY_MTU WOLFSSL_OP_NO_QUERY_MTU +#define SSL_OP_COOKIE_EXCHANGE WOLFSSL_OP_COOKIE_EXCHANGE +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \ + WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +#define SSL_OP_ALL WOLFSSL_OP_ALL + +#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 +#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 +#define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1 +#define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1 +#define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2 +#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION + +/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */ +#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) +#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3 +#endif + +#ifdef HAVE_SESSION_TICKET +#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET +#endif + +#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) + + +#define SSL_NOTHING WOLFSSL_NOTHING +#define SSL_WRITING WOLFSSL_WRITING +#define SSL_READING WOLFSSL_READING +#define SSL_MAX_SSL_SESSION_ID_LENGTH WOLFSSL_MAX_SSL_SESSION_ID_LENGTH + +#ifdef HAVE_OCSP + /* OCSP Flags */ +#define OCSP_NOCERTS WOLFSSL_OCSP_NOCERTS +#define OCSP_NOINTERN WOLFSSL_OCSP_NOINTERN +#define OCSP_NOSIGS WOLFSSL_OCSP_NOSIGS +#define OCSP_NOCHAIN WOLFSSL_OCSP_NOCHAIN +#define OCSP_NOVERIFY WOLFSSL_OCSP_NOVERIFY +#define OCSP_NOEXPLICIT WOLFSSL_OCSP_NOEXPLICIT +#define OCSP_NOCASIGN WOLFSSL_OCSP_NOCASIGN +#define OCSP_NODELEGATED WOLFSSL_OCSP_NODELEGATED +#define OCSP_NOCHECKS WOLFSSL_OCSP_NOCHECKS +#define OCSP_TRUSTOTHER WOLFSSL_OCSP_TRUSTOTHER +#define OCSP_RESPID_KEY WOLFSSL_OCSP_RESPID_KEY +#define OCSP_NOTIME WOLFSSL_OCSP_NOTIME +#endif + +#define SSL_ST_CONNECT WOLFSSL_ST_CONNECT +#define SSL_ST_ACCEPT WOLFSSL_ST_ACCEPT +#define SSL_ST_MASK WOLFSSL_ST_MASK + +#define SSL_CB_LOOP WOLFSSL_CB_LOOP +#define SSL_CB_EXIT WOLFSSL_CB_EXIT +#define SSL_CB_READ WOLFSSL_CB_READ +#define SSL_CB_WRITE WOLFSSL_CB_WRITE +#define SSL_CB_HANDSHAKE_START WOLFSSL_CB_HANDSHAKE_START +#define SSL_CB_HANDSHAKE_DONE WOLFSSL_CB_HANDSHAKE_DONE +#define SSL_CB_ALERT WOLFSSL_CB_ALERT +#define SSL_CB_READ_ALERT WOLFSSL_CB_READ_ALERT +#define SSL_CB_WRITE_ALERT WOLFSSL_CB_WRITE_ALERT +#define SSL_CB_ACCEPT_LOOP WOLFSSL_CB_ACCEPT_LOOP +#define SSL_CB_ACCEPT_EXIT WOLFSSL_CB_ACCEPT_EXIT +#define SSL_CB_CONNECT_LOOP WOLFSSL_CB_CONNECT_LOOP +#define SSL_CB_CONNECT_EXIT WOLFSSL_CB_CONNECT_EXIT +#define SSL_CB_MODE_READ WOLFSSL_CB_MODE_READ +#define SSL_CB_MODE_WRITE WOLFSSL_CB_MODE_WRITE + +#define SSL_MODE_ENABLE_PARTIAL_WRITE WOLFSSL_MODE_ENABLE_PARTIAL_WRITE +#define SSL_MODE_AUTO_RETRY WOLFSSL_MODE_AUTO_RETRY +#define SSL_MODE_RELEASE_BUFFERS WOLFSSL_MODE_RELEASE_BUFFERS + +#define CRYPTO_LOCK WOLFSSL_CRYPTO_LOCK +#define CRYPTO_NUM_LOCKS WOLFSSL_CRYPTO_NUM_LOCKS + +#endif /* !OPENSSL_COEXIST */ + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */ +/* -------- EXTRAS END -------- */ + + #define WOLFSSL_DEFAULT_CIPHER_LIST "" /* default all */ /* These are bit-masks */ @@ -2383,7 +2725,7 @@ enum { WOLFSSL_OCSP_CHECKALL = 4, WOLFSSL_CRL_CHECKALL = 1, - WOLFSSL_CRL_CHECK = 2, + WOLFSSL_CRL_CHECK = 2 }; /* Separated out from other enums because of size */ @@ -2430,132 +2772,75 @@ enum { | WOLFSSL_OP_TLS_D5_BUG | WOLFSSL_OP_TLS_BLOCK_PADDING_BUG | WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS - | WOLFSSL_OP_TLS_ROLLBACK_BUG), + | WOLFSSL_OP_TLS_ROLLBACK_BUG) }; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) -/* for compatibility these must be macros */ - -#define SSL_OP_MICROSOFT_SESS_ID_BUG WOLFSSL_OP_MICROSOFT_SESS_ID_BUG -#define SSL_OP_NETSCAPE_CHALLENGE_BUG WOLFSSL_OP_NETSCAPE_CHALLENGE_BUG -#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG WOLFSSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG -#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER WOLFSSL_OP_MICROSOFT_BIG_SSLV3_BUFFER -#define SSL_OP_MSIE_SSLV2_RSA_PADDING WOLFSSL_OP_MSIE_SSLV2_RSA_PADDING -#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG WOLFSSL_OP_SSLEAY_080_CLIENT_DH_BUG -#define SSL_OP_TLS_D5_BUG WOLFSSL_OP_TLS_D5_BUG -#define SSL_OP_TLS_BLOCK_PADDING_BUG WOLFSSL_OP_TLS_BLOCK_PADDING_BUG -#define SSL_OP_TLS_ROLLBACK_BUG WOLFSSL_OP_TLS_ROLLBACK_BUG -#define SSL_OP_EPHEMERAL_RSA WOLFSSL_OP_EPHEMERAL_RSA -#define SSL_OP_PKCS1_CHECK_1 WOLFSSL_OP_PKCS1_CHECK_1 -#define SSL_OP_PKCS1_CHECK_2 WOLFSSL_OP_PKCS1_CHECK_2 -#define SSL_OP_NETSCAPE_CA_DN_BUG WOLFSSL_OP_NETSCAPE_CA_DN_BUG -#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG WOLFSSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG -#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS WOLFSSL_OP_DONT_INSERT_EMPTY_FRAGMENTS -#define SSL_OP_NO_QUERY_MTU WOLFSSL_OP_NO_QUERY_MTU -#define SSL_OP_COOKIE_EXCHANGE WOLFSSL_OP_COOKIE_EXCHANGE -#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION \ - WOLFSSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION -#define SSL_OP_ALL WOLFSSL_OP_ALL - -#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 -#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 -#define SSL_OP_NO_TLSv1 WOLFSSL_OP_NO_TLSv1 -#define SSL_OP_NO_TLSv1_1 WOLFSSL_OP_NO_TLSv1_1 -#define SSL_OP_NO_TLSv1_2 WOLFSSL_OP_NO_TLSv1_2 -#define SSL_OP_NO_COMPRESSION WOLFSSL_OP_NO_COMPRESSION - -/* apache uses SSL_OP_NO_TLSv1_3 to determine if TLS 1.3 is enabled */ -#if !(!defined(WOLFSSL_TLS13) && defined(WOLFSSL_APACHE_HTTPD)) -#define SSL_OP_NO_TLSv1_3 WOLFSSL_OP_NO_TLSv1_3 -#endif +WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, + void* userdata); +WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, + wc_pem_password_cb* cb); +WOLFSSL_API wc_pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX* ctx); +WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx); -#ifdef HAVE_SESSION_TICKET -#define SSL_OP_NO_TICKET WOLFSSL_OP_NO_TICKET +WOLFSSL_API int wolfSSL_SSL_renegotiate_pending(WOLFSSL *s); +WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s); +WOLFSSL_API long wolfSSL_num_renegotiations(WOLFSSL* s); +WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s); +WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h); +WOLFSSL_API int wolfSSL_get_shutdown(const WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd); +WOLFSSL_API int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd); +WOLFSSL_API void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt); +WOLFSSL_API int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, + unsigned int len); +WOLFSSL_API void wolfSSL_set_connect_state(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_set_accept_state(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_session_reused(WOLFSSL* ssl); +#ifdef OPENSSL_EXTRA +/* using unsigned char instead of uint8_t here to avoid stdint include */ +WOLFSSL_API unsigned char wolfSSL_SESSION_get_max_fragment_length( + WOLFSSL_SESSION* session); #endif +WOLFSSL_API int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session); -#define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | \ - SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3) - - -#define SSL_NOTHING 1 -#define SSL_WRITING 2 -#define SSL_READING 3 -#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 /* = ID_LEN */ +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new(void); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_SESSION_new_ex(void* heap); +WOLFSSL_API void wolfSSL_SESSION_free(WOLFSSL_SESSION* session); +WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, + WOLFSSL_SESSION* session); +WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, + const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_is_init_finished(const WOLFSSL* ssl); -enum { -#ifdef HAVE_OCSP - /* OCSP Flags */ - OCSP_NOCERTS = 1, - OCSP_NOINTERN = 2, - OCSP_NOSIGS = 4, - OCSP_NOCHAIN = 8, - OCSP_NOVERIFY = 16, - OCSP_NOEXPLICIT = 32, - OCSP_NOCASIGN = 64, - OCSP_NODELEGATED = 128, - OCSP_NOCHECKS = 256, - OCSP_TRUSTOTHER = 512, - OCSP_RESPID_KEY = 1024, - OCSP_NOTIME = 2048, -#endif - - SSL_ST_CONNECT = 0x1000, - SSL_ST_ACCEPT = 0x2000, - SSL_ST_MASK = 0x0FFF, - - SSL_CB_LOOP = 0x01, - SSL_CB_EXIT = 0x02, - SSL_CB_READ = 0x04, - SSL_CB_WRITE = 0x08, - SSL_CB_HANDSHAKE_START = 0x10, - SSL_CB_HANDSHAKE_DONE = 0x20, - SSL_CB_ALERT = 0x4000, - SSL_CB_READ_ALERT = (SSL_CB_ALERT | SSL_CB_READ), - SSL_CB_WRITE_ALERT = (SSL_CB_ALERT | SSL_CB_WRITE), - SSL_CB_ACCEPT_LOOP = (SSL_ST_ACCEPT | SSL_CB_LOOP), - SSL_CB_ACCEPT_EXIT = (SSL_ST_ACCEPT | SSL_CB_EXIT), - SSL_CB_CONNECT_LOOP = (SSL_ST_CONNECT | SSL_CB_LOOP), - SSL_CB_CONNECT_EXIT = (SSL_ST_CONNECT | SSL_CB_EXIT), - SSL_CB_MODE_READ = 1, - SSL_CB_MODE_WRITE = 2, - - SSL_MODE_ENABLE_PARTIAL_WRITE = 2, - SSL_MODE_AUTO_RETRY = 3, /* wolfSSL default is to return WANT_{READ|WRITE} - * to the user. This is set by default with - * OPENSSL_COMPATIBLE_DEFAULTS. The macro - * WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS is used to - * limit the possibility of an infinite retry loop - */ - SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ - /* Errors used in wolfSSL. utilize the values from the defines in - * wolfssl/openssl/x509.h, but without the WOLFSSL_ prefix. - */ - WOLFSSL_X509_V_OK = 0, - WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE = 7, - WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID = 9, - WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED = 10, - WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13, - WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14, - WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18, - WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20, - WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21, - WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG = 22, - WOLFSSL_X509_V_ERR_CERT_REVOKED = 23, - WOLFSSL_X509_V_ERR_INVALID_CA = 24, - WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED = 25, - WOLFSSL_X509_V_ERR_CERT_REJECTED = 28, - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, +WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); +WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl); +WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len); +WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_auth_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_cipher_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_digest_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_get_kx_nid(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API int wolfSSL_CIPHER_is_aead(const WOLFSSL_CIPHER* cipher); +WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); +WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(const WOLFSSL_SESSION* session); +WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL* ssl); +WOLFSSL_API void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); +WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session); - CRYPTO_LOCK = 1, - CRYPTO_NUM_LOCKS = 10, +WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void); +WOLFSSL_API WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap); +WOLFSSL_API void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx); - ASN1_STRFLGS_ESC_MSB = 4 -}; -#endif +WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); +WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); -/* extras end */ +WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, + char* in, int sz); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) /* wolfSSL extension, provide last error from SSL_get_error @@ -2572,8 +2857,6 @@ WOLFSSL_API void wolfSSL_ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u); #endif #endif -WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); - #ifndef NO_OLD_SSL_NAMES #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE @@ -2633,16 +2916,20 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); enum { /* ssl Constants */ WOLFSSL_ERROR_NONE = 0, /* for most functions */ WOLFSSL_FAILURE = 0, /* for some functions */ + WOLFSSL_SUCCESS = 1, #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ (defined(BUILDING_WOLFSSL) || \ defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) #define WOLFSSL_FAILURE WC_ERR_TRACE(WOLFSSL_FAILURE) #define CONST_NUM_ERR_WOLFSSL_FAILURE 0 + /* include CONST_NUM_ERR_ variants of the success codes, so that they + * can be harmlessly wrapped in WC_NO_ERR_TRACE(). + */ + #define CONST_NUM_ERR_WOLFSSL_ERROR_NONE 0 + #define CONST_NUM_ERR_WOLFSSL_SUCCESS 1 #endif - WOLFSSL_SUCCESS = 1, - /* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown and * wolfSSL_SendUserCanceled when the other end * of the connection has yet to send its close notify alert as part of the @@ -2776,8 +3063,11 @@ enum { /* ssl Constants */ /* extra begins */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) enum { /* ERR Constants */ - ERR_TXT_STRING = 1 + WOLFSSL_ERR_TXT_STRING = 1 }; +#ifndef OPENSSL_COEXIST +#define ERR_TXT_STRING WOLFSSL_ERR_TXT_STRING +#endif #endif #ifdef OPENSSL_EXTRA /* bio misc */ @@ -2808,7 +3098,6 @@ WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt); #if !defined(NO_CHECK_PRIVATE_KEY) WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx); #endif -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx); WOLFSSL_API void wolfSSL_ERR_free_strings(void); WOLFSSL_API void wolfSSL_ERR_remove_state(unsigned long id); @@ -2836,16 +3125,21 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFS WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl); #endif -#ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl); -#endif WOLFSSL_API int wolfSSL_want_read(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_want_write(WOLFSSL* ssl); + +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_want(WOLFSSL* ssl); + +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx); + #include /* var_arg */ WOLFSSL_API int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args); WOLFSSL_API int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...); + + WOLFSSL_API int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char* buf, int length); WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a); @@ -2857,41 +3151,20 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_ const WOLFSSL_ASN1_TIME* to); WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, const WOLFSSL_ASN1_TIME *b); -#ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str); -#endif +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk); WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i); - -#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) - -WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, - int idx); -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data_with_cleanup( - WOLFSSL_CRYPTO_EX_DATA* ex_data, - int idx, - void *data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine); -#endif -WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, - void *data); #endif + /* stunnel 4.28 needs */ -WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx); -WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data); -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -WOLFSSL_API int wolfSSL_CTX_set_ex_data_with_cleanup( - WOLFSSL_CTX* ctx, - int idx, - void* data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine); -#endif WOLFSSL_API void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, WOLFSSL_SESSION*(*f)(WOLFSSL* ssl, const unsigned char*, int, int*)); WOLFSSL_API void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx, @@ -2908,13 +3181,21 @@ WOLFSSL_API unsigned long wolfSSL_SESSION_get_ticket_lifetime_hint( const WOLFSSL_SESSION* sess); WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* session); WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* session); -#ifdef HAVE_EX_DATA -WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, - WOLFSSL_CRYPTO_EX_new* new_func, - WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func); + + +#ifdef SESSION_CERTS +#ifdef OPENSSL_EXTRA +WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl); #endif +WOLFSSL_API + WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session); +WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session); + +WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, + unsigned char* buf, int inLen, int* outLen); +#endif /* SESSION_CERTS */ + /* extra ends */ @@ -2925,15 +3206,30 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, date check and signature check */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) -WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl); -#endif /* need to call once to load library (session cache) */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) +#ifndef NO_FILESYSTEM +WOLFSSL_API int wolfSSL_crypto_policy_enable(const char * policy); +#endif /* ! NO_FILESYSTEM */ +WOLFSSL_API int wolfSSL_crypto_policy_enable_buffer(const char * buf); +WOLFSSL_API void wolfSSL_crypto_policy_disable(void); +WOLFSSL_API int wolfSSL_crypto_policy_is_enabled(void); +WOLFSSL_API const char * wolfSSL_crypto_policy_get_ciphers(void); +WOLFSSL_API int wolfSSL_crypto_policy_get_level(void); +WOLFSSL_LOCAL int wolfSSL_crypto_policy_init_ctx(WOLFSSL_CTX * ctx, + WOLFSSL_METHOD * method); +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ +/* compat functions. */ +WOLFSSL_API int wolfSSL_get_security_level(const WOLFSSL * ssl); +#ifndef NO_WOLFSSL_STUB +WOLFSSL_API void wolfSSL_set_security_level(WOLFSSL * ssl, int level); +#endif /* !NO_WOLFSSL_STUB */ + /* which library version do we have */ WOLFSSL_API const char* wolfSSL_lib_version(void); #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L @@ -2969,13 +3265,49 @@ WOLFSSL_API int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx); WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx); /* index cert in X509 */ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx); + + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(KEEP_PEER_CERT) || defined(KEEP_OUR_CERT) || defined(SESSION_CERTS) + +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new_ex(void* heap); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509* x); + +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( + WOLFSSL_X509* cert); +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( + WOLFSSL_X509* cert); + +WOLFSSL_API int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509); +WOLFSSL_API int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, + unsigned char* buf, int* bufSz); +WOLFSSL_API int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509, + unsigned char* buf, int* bufSz); +WOLFSSL_API int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509); + +#ifndef NO_FILESYSTEM +WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* + wolfSSL_X509_load_certificate_file(const char* fname, int format); +#endif +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( + const unsigned char* buf, int sz, int format); +#endif + /* free X509 */ #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509* x509); +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || \ + KEEP_OUR_CERT || SESSION_CERTS */ + + /* get index cert in PEM */ -WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, - unsigned char* buf, int inLen, int* outLen); + WOLFSSL_ABI WOLFSSL_API const unsigned char* wolfSSL_get_sessionID( const WOLFSSL_SESSION* s); WOLFSSL_API int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,unsigned char* in,int* inOutSz); @@ -3008,12 +3340,12 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req, WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, - WOLFSSL_X509_CRL **crl); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE file, WOLFSSL_X509_CRL **crl); #endif #if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, + WOLFSSL_X509_CRL **crl); WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl); WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl); WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid( @@ -3071,6 +3403,7 @@ WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( const unsigned char* buf, int sz, int format); #endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ +#ifdef OPENSSL_EXTRA WOLFSSL_API const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const WOLFSSL_X509_REVOKED *rev); @@ -3083,14 +3416,6 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif -WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_load_certificate_file(const char* fname, int format); -#endif -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( - const unsigned char* buf, int sz, int format); -#ifdef WOLFSSL_CERT_REQ -WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( - const unsigned char* buf, int sz, int format); #endif #ifdef WOLFSSL_SEP @@ -3102,19 +3427,25 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509, unsigned char* in, int* inOutSz); #endif +#endif /* OPENSSL_EXTRA */ + /* connect enough to get peer cert */ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); - +#ifdef OPENSSL_EXTRA /* PKCS12 compatibility */ -WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, - WC_PKCS12** pkcs12); -WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12); +WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12** pkcs12); #endif + +#ifdef HAVE_PKCS12 +WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, + WC_PKCS12** pkcs12); +WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12); + WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); @@ -3124,8 +3455,8 @@ WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, int keyNID, int certNID, int itt, int macItt, int keytype); -WOLFSSL_API void wolfSSL_PKCS12_PBE_add(void); - +#endif /* HAVE_PKCS12 */ +#endif /* OPENSSL_EXTRA */ #ifndef NO_DH @@ -3242,6 +3573,12 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len, const unsigned char* in, long sz, int format); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, long sz); +#if defined(WOLF_CRYPTO_CB) + WOLFSSL_API int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx, + const char *label, int devId); + WOLFSSL_API int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx, + const unsigned char *id, int idLen, int devId); +#endif #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_API int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, long sz, int format); @@ -3362,6 +3699,22 @@ typedef void (*CbOCSPRespFree)(void*,unsigned char*); typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz); #endif +#ifdef HAVE_CRL_UPDATE_CB +typedef struct CrlInfo { + byte *issuerHash; + word32 issuerHashLen; + byte *lastDate; + word32 lastDateMaxLen; + byte lastDateFormat; + byte *nextDate; + word32 nextDateMaxLen; + byte nextDateFormat; + sword32 crlNumber; +} CrlInfo; + +typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* cnew); +#endif + /* User Atomic Record Layer CallBacks */ typedef int (*CallbackMacEncrypt)(WOLFSSL* ssl, unsigned char* macOut, const unsigned char* macIn, unsigned int macInSz, int macContent, @@ -3442,7 +3795,7 @@ enum { WOLFSSL_BLOCK_TYPE = 2, WOLFSSL_STREAM_TYPE = 3, WOLFSSL_AEAD_TYPE = 4, - WOLFSSL_TLS_HMAC_INNER_SZ = 13, /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ + WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ }; /* for GetBulkCipher and internal use @@ -3807,8 +4160,10 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options); WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm); +#ifndef NO_WOLFSSL_CM_VERIFY WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc); +#endif WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path, int type, int monitor); WOLFSSL_API int wolfSSL_CertManagerLoadCRLFile(WOLFSSL_CERT_MANAGER* cm, @@ -3824,6 +4179,12 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, CbCrlIO cb); #endif +#ifdef HAVE_CRL_UPDATE_CB + WOLFSSL_API int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info, + const byte* buff, long sz, int type); + WOLFSSL_API int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, + CbUpdateCRL cb); +#endif #if defined(HAVE_OCSP) WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse( WOLFSSL_CERT_MANAGER* cm, unsigned char *response, int responseSz, @@ -3932,7 +4293,7 @@ WOLFSSL_API void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl); /* SNI types */ enum { - WOLFSSL_SNI_HOST_NAME = 0, + WOLFSSL_SNI_HOST_NAME = 0 }; WOLFSSL_ABI WOLFSSL_API int wolfSSL_UseSNI(WOLFSSL* ssl, unsigned char type, @@ -3952,7 +4313,7 @@ enum { WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02, /* Abort the handshake if the client didn't send a SNI request. */ - WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04, + WOLFSSL_SNI_ABORT_ON_ABSENCE = 0x04 }; WOLFSSL_API void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, unsigned char type, @@ -4003,7 +4364,7 @@ enum { WOLFSSL_ALPN_NO_MATCH = 0, WOLFSSL_ALPN_MATCH = 1, WOLFSSL_ALPN_CONTINUE_ON_MISMATCH = 2, - WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4, + WOLFSSL_ALPN_FAILED_ON_MISMATCH = 4 }; enum { @@ -4045,7 +4406,7 @@ enum { WOLFSSL_MFL_2_13 = 5, /* 8192 bytes *//* wolfSSL ONLY!!! */ WOLFSSL_MFL_2_8 = 6, /* 256 bytes *//* wolfSSL ONLY!!! */ WOLFSSL_MFL_MIN = WOLFSSL_MFL_2_9, - WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8, + WOLFSSL_MFL_MAX = WOLFSSL_MFL_2_8 }; #ifndef NO_WOLFSSL_CLIENT @@ -4177,36 +4538,46 @@ enum { * algorithms have LEVEL2 and LEVEL4 because none of these submissions * included them. */ -#ifndef WOLFSSL_ML_KEM +#ifdef WOLFSSL_KYBER_ORIGINAL WOLFSSL_PQC_MIN = 570, WOLFSSL_PQC_SIMPLE_MIN = 570, WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */ WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ +#ifdef WOLFSSL_NO_ML_KEM WOLFSSL_PQC_SIMPLE_MAX = 573, +#endif WOLFSSL_PQC_HYBRID_MIN = 12090, WOLFSSL_P256_KYBER_LEVEL1 = 12090, WOLFSSL_P384_KYBER_LEVEL3 = 12092, WOLFSSL_P521_KYBER_LEVEL5 = 12093, +#ifdef WOLFSSL_NO_ML_KEM WOLFSSL_PQC_HYBRID_MAX = 12093, WOLFSSL_PQC_MAX = 12093, -#else +#endif +#endif +#ifndef WOLFSSL_NO_ML_KEM +#ifndef WOLFSSL_KYBER_ORIGINAL WOLFSSL_PQC_MIN = 583, WOLFSSL_PQC_SIMPLE_MIN = 583, - WOLFSSL_KYBER_LEVEL1 = 583, /* ML-KEM 512 */ - WOLFSSL_KYBER_LEVEL3 = 584, /* ML-KEM 768 */ - WOLFSSL_KYBER_LEVEL5 = 585, /* ML-KEM 1024 */ +#endif + WOLFSSL_ML_KEM_512 = 583, /* ML-KEM 512 */ + WOLFSSL_ML_KEM_768 = 584, /* ML-KEM 768 */ + WOLFSSL_ML_KEM_1024 = 585, /* ML-KEM 1024 */ WOLFSSL_PQC_SIMPLE_MAX = 585, +#ifndef WOLFSSL_KYBER_ORIGINAL WOLFSSL_PQC_HYBRID_MIN = 12103, - WOLFSSL_P256_KYBER_LEVEL1 = 12103, - WOLFSSL_P384_KYBER_LEVEL3 = 12104, - WOLFSSL_P521_KYBER_LEVEL5 = 12105, +#endif + WOLFSSL_P256_ML_KEM_512 = 12103, + WOLFSSL_P384_ML_KEM_768 = 12104, + WOLFSSL_P521_ML_KEM_1024 = 12105, WOLFSSL_PQC_HYBRID_MAX = 12105, WOLFSSL_PQC_MAX = 12105, -#endif /* WOLFSSL_ML_KEM */ +#endif /* !WOLFSSL_NO_ML_KEM */ #endif /* HAVE_PQC */ + WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H) }; enum { @@ -4215,6 +4586,7 @@ enum { WOLFSSL_EC_PF_X962_COMP_PRIME = 1, WOLFSSL_EC_PF_X962_COMP_CHAR2 = 2, #endif + WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H) }; #ifdef HAVE_SUPPORTED_CURVES @@ -4365,6 +4737,7 @@ WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx); #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) +WOLFSSL_API int wolfDTLS_accept_stateless(WOLFSSL* ssl); /* notify user we parsed a verified ClientHello is done. This only has an effect * on the server end. */ typedef int (*ClientHelloGoodCb)(WOLFSSL* ssl, void*); @@ -4525,15 +4898,19 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); +#ifndef wolfSSL_X509_NAME_add_entry_by_NID WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set); +#endif WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry( WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); +#ifndef wolfSSL_X509_NAME_new_ex WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap); +#endif WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name); WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); @@ -4698,7 +5075,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX #ifndef NO_FILESYSTEM WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read( XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, - pem_password_cb* cb, void* u); + wc_pem_password_cb* cb, void* u); #endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio( WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk, @@ -4734,9 +5111,6 @@ struct WOLFSSL_CONF_CTX { WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)|| \ - defined(OPENSSL_EXTRA_X509_SMALL) - #if defined(OPENSSL_EXTRA) \ || defined(OPENSSL_ALL) \ || defined(HAVE_LIGHTY) \ @@ -4747,7 +5121,9 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); +#ifndef wolfSSL_X509_NAME_free WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); +#endif WOLFSSL_API int wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); @@ -4756,7 +5132,6 @@ WOLFSSL_API int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); /* These are to be merged shortly */ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); -WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); @@ -4773,9 +5148,9 @@ WOLFSSL_API long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c); WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp); #endif -#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ - -#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || HAVE_LIGHTY || \ + WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || \ + WOLFSSL_HAPROXY */ #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) @@ -4815,6 +5190,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); +WOLFSSL_API long wolfSSL_X509_REQ_get_version(const WOLFSSL_X509 *req); +WOLFSSL_API int wolfSSL_X509_REQ_set_version(WOLFSSL_X509 *x, long version); WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md); WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req, @@ -4861,8 +5238,6 @@ WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions( WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); -WOLFSSL_API void wolfSSL_CRYPTO_cleanup_all_ex_data(void); - WOLFSSL_API int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn); @@ -5007,12 +5382,6 @@ WOLFSSL_API int wolfSSL_SESSION_set_ex_data_with_cleanup( #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) -#ifdef HAVE_EX_DATA -WOLFSSL_API int wolfSSL_SESSION_get_ex_new_index(long ctx_l,void* ctx_ptr, - WOLFSSL_CRYPTO_EX_new* new_func, WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func); -#endif - WOLFSSL_API const unsigned char* wolfSSL_SESSION_get_id( const WOLFSSL_SESSION* sess, unsigned int* idLen); @@ -5093,13 +5462,10 @@ WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names); #endif -#if defined(OPENSSL_ALL) || \ - defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) WOLFSSL_API int wolfSSL_get_verify_mode(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_get_verify_mode(const WOLFSSL_CTX* ctx); - #endif #ifdef WOLFSSL_JNI @@ -5179,34 +5545,16 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \ - || defined(WOLFSSL_WPAS_SMALL) -WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); -WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, - void *data); -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -WOLFSSL_API int wolfSSL_X509_set_ex_data_with_cleanup( - WOLFSSL_X509 *x509, - int idx, - void *data, - wolfSSL_ex_data_cleanup_routine_t cleanup_routine); +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) +WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx); +WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl); #endif -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(HAVE_SECRET_CALLBACK) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); -#ifdef HAVE_EX_DATA -WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, - WOLFSSL_CRYPTO_EX_new* new_func, - WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func); -#endif WOLFSSL_API int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *data, const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len); - -WOLFSSL_API long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx); -WOLFSSL_API long wolfSSL_get_timeout(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh); WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s); @@ -5214,11 +5562,11 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s); WOLFSSL_API int wolfSSL_SSL_do_handshake(WOLFSSL *s); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(word64 opts, - const OPENSSL_INIT_SETTINGS *settings); -WOLFSSL_API OPENSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void); -WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS* init); + const WOLFSSL_INIT_SETTINGS *settings); +WOLFSSL_API WOLFSSL_INIT_SETTINGS* wolfSSL_OPENSSL_INIT_new(void); +WOLFSSL_API void wolfSSL_OPENSSL_INIT_free(WOLFSSL_INIT_SETTINGS* init); WOLFSSL_API int wolfSSL_OPENSSL_INIT_set_config_appname( - OPENSSL_INIT_SETTINGS* init, char* appname); + WOLFSSL_INIT_SETTINGS* init, char* appname); #endif #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L WOLFSSL_API int wolfSSL_SSL_in_init(const WOLFSSL* ssl); @@ -5372,8 +5720,14 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a long length); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); -WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); -WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +WOLFSSL_API void WOLFSSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); +#ifndef OPENSSL_COEXIST +#define SSL_CTX_set_tmp_dh_callback WOLFSSL_CTX_set_tmp_dh_callback +#endif +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(void); +#ifndef OPENSSL_COEXIST +#define SSL_COMP_get_compression_methods WOLFSSL_COMP_get_compression_methods +#endif WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); @@ -5383,7 +5737,10 @@ WOLFSSL_API void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk); WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st); WOLFSSL_API int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i); -WOLFSSL_API void ERR_load_SSL_strings(void); +WOLFSSL_API void wolfSSL_ERR_load_SSL_strings(void); +#ifndef OPENSSL_COEXIST +#define ERR_load_SSL_strings wolfSSL_ERR_load_SSL_strings +#endif WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); @@ -5406,7 +5763,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, wc_pem_password_cb* cb, void* ctx); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, - PKCS8_PRIV_KEY_INFO* keyInfo); + WOLFSSL_PKCS8_PRIV_KEY_INFO* keyInfo); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey( XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, @@ -5455,7 +5812,7 @@ WOLFSSL_API int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, enum { WOLFSSL_CERT_TYPE_UNKNOWN = -1, WOLFSSL_CERT_TYPE_X509 = 0, - WOLFSSL_CERT_TYPE_RPK = 2, + WOLFSSL_CERT_TYPE_RPK = 2 }; #define MAX_CLIENT_CERT_TYPE_CNT 2 #define MAX_SERVER_CERT_TYPE_CNT 2 @@ -5479,7 +5836,6 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx); #endif WOLFSSL_API void wolfSSL_CTX_set_security_level(WOLFSSL_CTX* ctx, int level); WOLFSSL_API int wolfSSL_CTX_get_security_level(const WOLFSSL_CTX* ctx); - WOLFSSL_API int wolfSSL_SESSION_is_resumable(const WOLFSSL_SESSION *s); WOLFSSL_API void wolfSSL_CRYPTO_free(void *str, const char *file, int line); @@ -5506,12 +5862,6 @@ WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx); WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value); WOLFSSL_API int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd); #endif /* OPENSSL_EXTRA */ -#if defined(HAVE_EX_DATA) || defined(WOLFSSL_WPAS_SMALL) -WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - WOLFSSL_CRYPTO_EX_new* new_func, - WOLFSSL_CRYPTO_EX_dup* dup_func, - WOLFSSL_CRYPTO_EX_free* free_func); -#endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ #if defined(WOLFSSL_DTLS_CID) WOLFSSL_API int wolfSSL_dtls_cid_use(WOLFSSL* ssl); @@ -5522,11 +5872,15 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_rx_size(WOLFSSL* ssl, unsigned int* size); WOLFSSL_API int wolfSSL_dtls_cid_get_rx(WOLFSSL* ssl, unsigned char* buffer, unsigned int bufferSz); +WOLFSSL_API int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid); WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size); WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, unsigned int bufferSz); +WOLFSSL_API int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid); WOLFSSL_API int wolfSSL_dtls_cid_max_size(void); +WOLFSSL_API const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg, + unsigned int msgSz, unsigned int cidSz); #endif /* defined(WOLFSSL_DTLS_CID) */ #ifdef WOLFSSL_DTLS_CH_FRAG diff --git a/src/wolfssl/test.h b/src/wolfssl/test.h index bbe7d0f..478a905 100644 --- a/src/wolfssl/test.h +++ b/src/wolfssl/test.h @@ -29,6 +29,12 @@ #define wolfSSL_TEST_H #include + +#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ +#if defined(OPENSSL_EXTRA) && defined(OPENSSL_COEXIST) + #error "Example apps built with OPENSSL_EXTRA can't also be built with OPENSSL_COEXIST." +#endif + #include #ifdef FUSION_RTOS @@ -1952,7 +1958,11 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl, key[i] = (unsigned char) b; } +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384"; +#else *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; +#endif ret = 32; /* length of key in octets or 0 for error */ @@ -1991,7 +2001,11 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, key[i] = (unsigned char) b; } +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + *ciphersuite = userCipher ? userCipher : "TLS13-AES256-GCM-SHA384"; +#else *ciphersuite = userCipher ? userCipher : "TLS13-AES128-GCM-SHA256"; +#endif ret = 32; /* length of key in octets or 0 for error */ @@ -2005,16 +2019,13 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl, } #endif -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) -static unsigned char local_psk[32]; -#endif +#ifdef OPENSSL_EXTRA static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md, const unsigned char **id, size_t* idlen, WOLFSSL_SESSION **sess) { -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) + static unsigned char local_psk[32]; int i; WOLFSSL_SESSION* lsess; char buf[256]; @@ -2077,6 +2088,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, return 0; #endif } +#endif /* OPENSSL_EXTRA */ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl, const char* hint, char* identity, unsigned int id_max_len, @@ -2397,7 +2409,7 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) enum { VERIFY_OVERRIDE_ERROR, VERIFY_FORCE_FAIL, - VERIFY_USE_PREVERFIY, + VERIFY_USE_PREVERIFY, VERIFY_OVERRIDE_DATE_ERR, }; static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR; @@ -2563,7 +2575,7 @@ static WC_INLINE void CRL_CallBack(const char* url) #endif #ifndef NO_DH -#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSS_SP_MATH_ALL) +#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) /* dh2048 p */ static const unsigned char test_dh_p[] = { @@ -4685,7 +4697,7 @@ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl, mac); #elif defined(HAVE_AESGCM) ret = wc_AesGcmEncrypt(&tickCtx->aes, ticket, ticket, inLen, - iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE, + iv, GCM_NONCE_MID_SZ, mac, WC_AES_BLOCK_SIZE, tickCtx->aad, aadSz); #endif } @@ -4699,7 +4711,7 @@ static WC_INLINE int myTicketEncCb(WOLFSSL* ssl, ticket); #elif defined(HAVE_AESGCM) ret = wc_AesGcmDecrypt(&tickCtx->aes, ticket, ticket, inLen, - iv, GCM_NONCE_MID_SZ, mac, AES_BLOCK_SIZE, + iv, GCM_NONCE_MID_SZ, mac, WC_AES_BLOCK_SIZE, tickCtx->aad, aadSz); #endif } diff --git a/src/wolfssl/version.h b/src/wolfssl/version.h index b494238..d7a1985 100644 --- a/src/wolfssl/version.h +++ b/src/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.4" -#define LIBWOLFSSL_VERSION_HEX 0x05007004 +#define LIBWOLFSSL_VERSION_STRING "5.7.6" +#define LIBWOLFSSL_VERSION_HEX 0x05007006 #ifdef __cplusplus } diff --git a/src/wolfssl/wolfcrypt/aes.h b/src/wolfssl/wolfcrypt/aes.h index eaa0c47..d1b71e5 100644 --- a/src/wolfssl/wolfcrypt/aes.h +++ b/src/wolfssl/wolfcrypt/aes.h @@ -61,7 +61,7 @@ typedef struct Gcm { #endif WOLFSSL_LOCAL void GenerateM0(Gcm* gcm); -#ifdef WOLFSSL_ARMASM +#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) WOLFSSL_LOCAL void GMULT(byte* X, byte* Y); #endif WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, @@ -188,7 +188,18 @@ enum { AES_ENCRYPTION_AND_DECRYPTION = 2, #endif - AES_BLOCK_SIZE = 16, + WC_AES_BLOCK_SIZE = 16, +#ifdef OPENSSL_COEXIST + /* allow OPENSSL_COEXIST applications to detect absence of AES_BLOCK_SIZE + * and presence of WC_AES_BLOCK_SIZE. + * + * if WC_NO_COMPAT_AES_BLOCK_SIZE is defined, WC_AES_BLOCK_SIZE is + * available, otherwise AES_BLOCK_SIZE is available. + */ + #define WC_NO_COMPAT_AES_BLOCK_SIZE +#else + #define AES_BLOCK_SIZE WC_AES_BLOCK_SIZE +#endif KEYWRAP_BLOCK_SIZE = 8, @@ -227,9 +238,9 @@ enum { #endif /* Number of bits to a block. */ - #define AES_BLOCK_BITS (AES_BLOCK_SIZE * 8) + #define AES_BLOCK_BITS (WC_AES_BLOCK_SIZE * 8) /* Number of bytes of input that can be processed in one call. */ - #define BS_BLOCK_SIZE (AES_BLOCK_SIZE * BS_WORD_SIZE) + #define BS_BLOCK_SIZE (WC_AES_BLOCK_SIZE * BS_WORD_SIZE) /* Number of words in a block. */ #define BS_BLOCK_WORDS (AES_BLOCK_BITS / BS_WORD_SIZE) @@ -258,7 +269,7 @@ struct Aes { ALIGN16 word32 key[60]; #ifdef WC_AES_BITSLICED /* Extra key schedule space required for bit-slicing technique. */ - ALIGN16 bs_word bs_key[15 * AES_BLOCK_SIZE * BS_WORD_SIZE]; + ALIGN16 bs_word bs_key[15 * WC_AES_BLOCK_SIZE * BS_WORD_SIZE]; #endif word32 rounds; #ifdef WC_C_DYNAMIC_FALLBACK @@ -266,8 +277,8 @@ struct Aes { #endif int keylen; - ALIGN16 word32 reg[AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ - ALIGN16 word32 tmp[AES_BLOCK_SIZE / sizeof(word32)]; /* same */ + ALIGN16 word32 reg[WC_AES_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + ALIGN16 word32 tmp[WC_AES_BLOCK_SIZE / sizeof(word32)]; /* same */ #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) word32 invokeCtr[2]; @@ -293,6 +304,13 @@ struct Aes { #ifdef WOLFSSL_AESNI byte use_aesni; #endif /* WOLFSSL_AESNI */ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + byte use_aes_hw_crypto; +#ifdef HAVE_AESGCM + byte use_pmull_hw_crypto; +#endif +#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ #ifdef WOLF_CRYPTO_CB int devId; void* devCtx; @@ -379,7 +397,7 @@ struct Aes { void* heap; /* memory hint to use */ #ifdef WOLFSSL_AESGCM_STREAM #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_AESNI) - ALIGN16 byte streamData[5 * AES_BLOCK_SIZE]; + ALIGN16 byte streamData[5 * WC_AES_BLOCK_SIZE]; #else byte* streamData; word32 streamData_sz; @@ -408,8 +426,8 @@ struct Aes { #ifdef WOLFSSL_AES_XTS #if FIPS_VERSION3_GE(6,0,0) /* SP800-38E - Restrict data unit to 2^20 blocks per key. A block is - * AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to - * protect up to 1,048,576 blocks of AES_BLOCK_SIZE (16,777,216 bytes) + * WC_AES_BLOCK_SIZE or 16-bytes (128-bits). So each key may only be used to + * protect up to 1,048,576 blocks of WC_AES_BLOCK_SIZE (16,777,216 bytes) */ #define FIPS_AES_XTS_MAX_BYTES_PER_TWEAK 16777216 #endif @@ -423,7 +441,7 @@ struct Aes { #ifdef WOLFSSL_AESXTS_STREAM struct XtsAesStreamData { - byte tweak_block[AES_BLOCK_SIZE]; + byte tweak_block[WC_AES_BLOCK_SIZE]; word32 bytes_crypted_with_this_tweak; }; #endif @@ -768,10 +786,10 @@ struct AesEax { Cmac nonceCmac; Cmac aadCmac; Cmac ciphertextCmac; - byte nonceCmacFinal[AES_BLOCK_SIZE]; - byte aadCmacFinal[AES_BLOCK_SIZE]; - byte ciphertextCmacFinal[AES_BLOCK_SIZE]; - byte prefixBuf[AES_BLOCK_SIZE]; + byte nonceCmacFinal[WC_AES_BLOCK_SIZE]; + byte aadCmacFinal[WC_AES_BLOCK_SIZE]; + byte ciphertextCmacFinal[WC_AES_BLOCK_SIZE]; + byte prefixBuf[WC_AES_BLOCK_SIZE]; }; #endif /* !defined(WOLF_CRYPT_CMAC_H) */ @@ -821,6 +839,59 @@ WOLFSSL_API int wc_AesEaxFree(AesEax* eax); #endif /* WOLFSSL_AES_EAX */ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +/* GHASH one block of data. + * + * XOR block into tag and GMULT with H. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK(aes, block) \ + do { \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ + GMULT_AARCH64(AES_TAG(aes), aes->gcm.H); \ + } \ + while (0) + +WOLFSSL_LOCAL int AES_set_key_AARCH64(const unsigned char *userKey, + const int keylen, Aes* aes, int dir); +WOLFSSL_LOCAL void AES_encrypt_AARCH64(const byte* inBlock, byte* outBlock, + byte* key, int nr); +WOLFSSL_LOCAL void AES_decrypt_AARCH64(const byte* inBlock, byte* outBlock, + byte* key, int nr); +WOLFSSL_LOCAL void AES_CBC_encrypt_AARCH64(const byte* in, byte* out, word32 sz, + byte* reg, byte* key, int rounds); +WOLFSSL_LOCAL void AES_CBC_decrypt_AARCH64(const byte* in, byte* out, word32 sz, + byte* reg, byte* key, int rounds); +WOLFSSL_LOCAL void AES_CTR_encrypt_AARCH64(Aes* aes, byte* out, const byte* in, + word32 sz); +WOLFSSL_LOCAL void GMULT_AARCH64(byte* X, byte* Y); +#ifdef WOLFSSL_AESGCM_STREAM +WOLFSSL_LOCAL void GHASH_UPDATE_AARCH64(Aes* aes, const byte* a, word32 aSz, + const byte* c, word32 cSz); +WOLFSSL_LOCAL void AES_GCM_init_AARCH64(Aes* aes, const byte* iv, word32 ivSz); +WOLFSSL_LOCAL void AES_GCM_crypt_update_AARCH64(Aes* aes, byte* out, + const byte* in, word32 sz); +WOLFSSL_LOCAL void AES_GCM_final_AARCH64(Aes* aes, byte* authTag, + word32 authTagSz); +#endif +WOLFSSL_LOCAL void AES_GCM_set_key_AARCH64(Aes* aes, byte* iv); +WOLFSSL_LOCAL void AES_GCM_encrypt_AARCH64(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +WOLFSSL_LOCAL int AES_GCM_decrypt_AARCH64(Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, const byte* authTag, + word32 authTagSz, const byte* authIn, word32 authInSz); + +#ifdef WOLFSSL_AES_XTS +WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(XtsAes* xaes, byte* out, + const byte* in, word32 sz, const byte* i); +WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(XtsAes* xaes, byte* out, + const byte* in, word32 sz, const byte* i); +#endif /* WOLFSSL_AES_XTS */ +#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/wolfcrypt/asn.h b/src/wolfssl/wolfcrypt/asn.h index 11803d6..12a6023 100644 --- a/src/wolfssl/wolfcrypt/asn.h +++ b/src/wolfssl/wolfcrypt/asn.h @@ -36,8 +36,7 @@ that can be serialized and deserialized in a cross-platform way. #include -#ifndef NO_ASN - +#if !defined(NO_ASN) || !defined(NO_PWDBASED) #if !defined(NO_ASN_TIME) && defined(NO_TIME_H) #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */ @@ -71,6 +70,8 @@ that can be serialized and deserialized in a cross-platform way. extern "C" { #endif +#ifndef NO_ASN + #ifndef EXTERNAL_SERIAL_SIZE #define EXTERNAL_SERIAL_SIZE 32 #endif @@ -728,6 +729,7 @@ enum DN_Tags { /* pilot attribute types * OID values of 0.9.2342.19200300.100.1.* */ ASN_FAVOURITE_DRINK = 0x13, /* favouriteDrink */ + ASN_RFC822_MAILBOX = 0x14, /* rfc822Mailbox */ ASN_DOMAIN_COMPONENT = 0x19 /* DC */ }; @@ -744,7 +746,7 @@ typedef struct WOLFSSL_ObjectInfo { } WOLFSSL_ObjectInfo; extern const size_t wolfssl_object_info_sz; extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; -#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ /* DN Tag Strings */ #define WOLFSSL_COMMON_NAME "/CN=" @@ -779,6 +781,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_USER_ID "/UID=" #define WOLFSSL_DOMAIN_COMPONENT "/DC=" +#define WOLFSSL_RFC822_MAILBOX "/rfc822Mailbox=" #define WOLFSSL_FAVOURITE_DRINK "/favouriteDrink=" #define WOLFSSL_CONTENT_TYPE "/contentType=" @@ -809,79 +812,198 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WOLFSSL_MAX_NAME_CONSTRAINTS 128 #endif +#define WC_NID_undef 0 + +/* Setup for WC_MAX_RSA_BITS needs to be here, rather than rsa.h, because + * FIPS headers don't have it. And it needs to be here, rather than internal.h, + * so that setup occurs even in cryptonly builds. + */ +#ifndef NO_RSA + #ifndef WC_MAX_RSA_BITS + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define WC_MAX_RSA_BITS (FP_MAX_BITS / 2) + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define WC_MAX_RSA_BITS (((SP_INT_BITS + 7) / 8) * 8) + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define WC_MAX_RSA_BITS 4096 + #endif + #endif + #if (WC_MAX_RSA_BITS % 8) + #error RSA maximum bit size must be multiple of 8 + #endif +#endif + +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) + #define WC_MAX_CERT_VERIFY_SZ 6000 /* For Dilithium */ +#elif defined(WOLFSSL_CERT_EXT) + #define WC_MAX_CERT_VERIFY_SZ 2048 /* For larger extensions */ +#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS) + #define WC_MAX_CERT_VERIFY_SZ (WC_MAX_RSA_BITS / 8) /* max RSA bytes */ +#elif defined(HAVE_ECC) + #define WC_MAX_CERT_VERIFY_SZ ECC_MAX_SIG_SIZE /* max ECC */ +#elif defined(HAVE_ED448) + #define WC_MAX_CERT_VERIFY_SZ ED448_SIG_SIZE /* max Ed448 */ +#elif defined(HAVE_ED25519) + #define WC_MAX_CERT_VERIFY_SZ ED25519_SIG_SIZE /* max Ed25519 */ +#else + #define WC_MAX_CERT_VERIFY_SZ 1024 /* max default */ +#endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + /* NIDs */ -#define NID_undef 0 -#define NID_netscape_cert_type NID_undef -#define NID_des 66 -#define NID_des3 67 -#define NID_sha256 672 -#define NID_sha384 673 -#define NID_sha512 674 -#define NID_sha512_224 1094 -#define NID_sha512_256 1095 -#define NID_pkcs7_signed 22 -#define NID_pkcs7_enveloped 23 -#define NID_pkcs7_signedAndEnveloped 24 -#define NID_pkcs9_unstructuredName 49 -#define NID_pkcs9_contentType 50 /* 1.2.840.113549.1.9.3 */ -#define NID_pkcs9_challengePassword 54 -#define NID_hw_name_oid 73 -#define NID_id_pkix_OCSP_basic 74 -#define NID_any_policy 75 -#define NID_anyExtendedKeyUsage 76 -#define NID_givenName 100 /* 2.5.4.42 */ -#define NID_initials 101 /* 2.5.4.43 */ -#define NID_title 106 -#define NID_description 107 -#define NID_basic_constraints 133 -#define NID_key_usage 129 /* 2.5.29.15 */ -#define NID_ext_key_usage 151 /* 2.5.29.37 */ -#define NID_subject_key_identifier 128 -#define NID_authority_key_identifier 149 -#define NID_private_key_usage_period 130 /* 2.5.29.16 */ -#define NID_subject_alt_name 131 -#define NID_issuer_alt_name 132 -#define NID_info_access 69 -#define NID_sinfo_access 79 /* id-pe 11 */ -#define NID_name_constraints 144 /* 2.5.29.30 */ -#define NID_crl_distribution_points 145 /* 2.5.29.31 */ -#define NID_certificate_policies 146 -#define NID_policy_mappings 147 -#define NID_policy_constraints 150 -#define NID_inhibit_any_policy 168 /* 2.5.29.54 */ -#define NID_tlsfeature 1020 /* id-pe 24 */ -#define NID_buildingName 1494 - -#define NID_dnQualifier 174 /* 2.5.4.46 */ -#define NID_commonName 14 /* CN Changed to not conflict +#define WC_NID_netscape_cert_type WC_NID_undef +#define WC_NID_des 66 +#define WC_NID_des3 67 +#define WC_NID_sha256 672 +#define WC_NID_sha384 673 +#define WC_NID_sha512 674 +#define WC_NID_sha512_224 1094 +#define WC_NID_sha512_256 1095 +#define WC_NID_pkcs7_signed 22 +#define WC_NID_pkcs7_enveloped 23 +#define WC_NID_pkcs7_signedAndEnveloped 24 +#define WC_NID_pkcs9_emailAddress 48 +#define WC_NID_pkcs9_unstructuredName 49 +#define WC_NID_pkcs9_contentType 50 /* 1.2.840.113549.1.9.3 */ +#define WC_NID_pkcs9_challengePassword 54 +#define WC_NID_hw_name_oid 73 +#define WC_NID_id_pkix_OCSP_basic 74 +#define WC_NID_any_policy 75 +#define WC_NID_anyExtendedKeyUsage 76 +#define WC_NID_givenName 100 /* 2.5.4.42 */ +#define WC_NID_initials 101 /* 2.5.4.43 */ +#define WC_NID_title 106 +#define WC_NID_description 107 +#define WC_NID_basic_constraints 133 +#define WC_NID_key_usage 129 /* 2.5.29.15 */ +#define WC_NID_ext_key_usage 151 /* 2.5.29.37 */ +#define WC_NID_subject_key_identifier 128 +#define WC_NID_authority_key_identifier 149 +#define WC_NID_private_key_usage_period 130 /* 2.5.29.16 */ +#define WC_NID_subject_alt_name 131 +#define WC_NID_issuer_alt_name 132 +#define WC_NID_info_access 69 +#define WC_NID_sinfo_access 79 /* id-pe 11 */ +#define WC_NID_name_constraints 144 /* 2.5.29.30 */ +#define WC_NID_crl_distribution_points 145 /* 2.5.29.31 */ +#define WC_NID_certificate_policies 146 +#define WC_NID_policy_mappings 147 +#define WC_NID_policy_constraints 150 +#define WC_NID_inhibit_any_policy 168 /* 2.5.29.54 */ +#define WC_NID_tlsfeature 1020 /* id-pe 24 */ +#define WC_NID_buildingName 1494 + +#define WC_NID_dnQualifier 174 /* 2.5.4.46 */ +#define WC_NID_commonName 14 /* CN Changed to not conflict * with PBE_SHA1_DES3 */ -#define NID_name 173 /* N , OID = 2.5.4.41 */ -#define NID_surname 0x04 /* SN */ -#define NID_serialNumber 0x05 /* serialNumber */ -#define NID_countryName 0x06 /* C */ -#define NID_localityName 0x07 /* L */ -#define NID_stateOrProvinceName 0x08 /* ST */ -#define NID_streetAddress ASN_STREET_ADDR /* street */ -#define NID_organizationName 0x0a /* O */ -#define NID_organizationalUnitName 0x0b /* OU */ -#define NID_jurisdictionCountryName 0xc -#define NID_jurisdictionStateOrProvinceName 0xd -#define NID_businessCategory ASN_BUS_CAT -#define NID_domainComponent ASN_DOMAIN_COMPONENT -#define NID_postalCode ASN_POSTAL_CODE /* postalCode */ -#define NID_favouriteDrink 462 -#define NID_userId 458 -#define NID_emailAddress 0x30 /* emailAddress */ -#define NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */ -#define NID_ms_upn 265 /* 1.3.6.1.4.1.311.20.2.3 */ - -#define NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ -#endif /* OPENSSL_EXTRA */ - -#define NID_id_GostR3410_2001 811 -#define NID_id_GostR3410_2012_256 979 -#define NID_id_GostR3410_2012_512 980 +#define WC_NID_name 173 /* N , OID = 2.5.4.41 */ +#define WC_NID_surname 0x04 /* SN */ +#define WC_NID_serialNumber 0x05 /* serialNumber */ +#define WC_NID_countryName 0x06 /* C */ +#define WC_NID_localityName 0x07 /* L */ +#define WC_NID_stateOrProvinceName 0x08 /* ST */ +#define WC_NID_streetAddress ASN_STREET_ADDR /* street */ +#define WC_NID_organizationName 0x0a /* O */ +#define WC_NID_organizationalUnitName 0x0b /* OU */ +#define WC_NID_jurisdictionCountryName 0xc +#define WC_NID_jurisdictionStateOrProvinceName 0xd +#define WC_NID_businessCategory ASN_BUS_CAT +#define WC_NID_domainComponent ASN_DOMAIN_COMPONENT +#define WC_NID_postalCode ASN_POSTAL_CODE /* postalCode */ +#define WC_NID_rfc822Mailbox 460 +#define WC_NID_favouriteDrink 462 +#define WC_NID_userId 458 +#define WC_NID_registeredAddress 870 +#define WC_NID_emailAddress 0x30 /* emailAddress */ +#define WC_NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */ +#define WC_NID_ms_upn 265 /* 1.3.6.1.4.1.311.20.2.3 */ + +#define WC_NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ + +#define WC_NID_id_GostR3410_2001 811 +#define WC_NID_id_GostR3410_2012_256 979 +#define WC_NID_id_GostR3410_2012_512 980 + +#ifndef OPENSSL_COEXIST + +#define NID_undef WC_NID_undef +#define NID_netscape_cert_type WC_NID_netscape_cert_type +#define NID_des WC_NID_des +#define NID_des3 WC_NID_des3 +#define NID_sha256 WC_NID_sha256 +#define NID_sha384 WC_NID_sha384 +#define NID_sha512 WC_NID_sha512 +#define NID_sha512_224 WC_NID_sha512_224 +#define NID_sha512_256 WC_NID_sha512_256 +#define NID_pkcs7_signed WC_NID_pkcs7_signed +#define NID_pkcs7_enveloped WC_NID_pkcs7_enveloped +#define NID_pkcs7_signedAndEnveloped WC_NID_pkcs7_signedAndEnveloped +#define NID_pkcs9_unstructuredName WC_NID_pkcs9_unstructuredName +#define NID_pkcs9_contentType WC_NID_pkcs9_contentType +#define NID_pkcs9_challengePassword WC_NID_pkcs9_challengePassword +#define NID_hw_name_oid WC_NID_hw_name_oid +#define NID_id_pkix_OCSP_basic WC_NID_id_pkix_OCSP_basic +#define NID_any_policy WC_NID_any_policy +#define NID_anyExtendedKeyUsage WC_NID_anyExtendedKeyUsage +#define NID_givenName WC_NID_givenName +#define NID_initials WC_NID_initials +#define NID_title WC_NID_title +#define NID_description WC_NID_description +#define NID_basic_constraints WC_NID_basic_constraints +#define NID_key_usage WC_NID_key_usage +#define NID_ext_key_usage WC_NID_ext_key_usage +#define NID_subject_key_identifier WC_NID_subject_key_identifier +#define NID_authority_key_identifier WC_NID_authority_key_identifier +#define NID_private_key_usage_period WC_NID_private_key_usage_period +#define NID_subject_alt_name WC_NID_subject_alt_name +#define NID_issuer_alt_name WC_NID_issuer_alt_name +#define NID_info_access WC_NID_info_access +#define NID_sinfo_access WC_NID_sinfo_access +#define NID_name_constraints WC_NID_name_constraints +#define NID_crl_distribution_points WC_NID_crl_distribution_points +#define NID_certificate_policies WC_NID_certificate_policies +#define NID_policy_mappings WC_NID_policy_mappings +#define NID_policy_constraints WC_NID_policy_constraints +#define NID_inhibit_any_policy WC_NID_inhibit_any_policy +#define NID_tlsfeature WC_NID_tlsfeature +#define NID_buildingName WC_NID_buildingName + +#define NID_dnQualifier WC_NID_dnQualifier +#define NID_commonName WC_NID_commonName +#define NID_name WC_NID_name +#define NID_surname WC_NID_surname +#define NID_serialNumber WC_NID_serialNumber +#define NID_countryName WC_NID_countryName +#define NID_localityName WC_NID_localityName +#define NID_stateOrProvinceName WC_NID_stateOrProvinceName +#define NID_streetAddress WC_NID_streetAddress +#define NID_organizationName WC_NID_organizationName +#define NID_organizationalUnitName WC_NID_organizationalUnitName +#define NID_jurisdictionCountryName WC_NID_jurisdictionCountryName +#define NID_jurisdictionStateOrProvinceName WC_NID_jurisdictionStateOrProvinceName +#define NID_businessCategory WC_NID_businessCategory +#define NID_domainComponent WC_NID_domainComponent +#define NID_postalCode WC_NID_postalCode +#define NID_rfc822Mailbox WC_NID_rfc822Mailbox +#define NID_favouriteDrink WC_NID_favouriteDrink +#define NID_userId WC_NID_userId +#define NID_emailAddress WC_NID_emailAddress +#define NID_id_on_dnsSRV WC_NID_id_on_dnsSRV +#define NID_ms_upn WC_NID_ms_upn + +#define NID_X9_62_prime_field WC_NID_X9_62_prime_field + +#define NID_id_GostR3410_2001 WC_NID_id_GostR3410_2001 +#define NID_id_GostR3410_2012_256 WC_NID_id_GostR3410_2012_256 +#define NID_id_GostR3410_2012_512 WC_NID_id_GostR3410_2012_512 + +#endif /* !OPENSSL_COEXIST */ + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ enum ECC_TYPES { @@ -1502,7 +1624,8 @@ struct SignatureCtx { byte* sigCpy; #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - !defined(NO_DSA) + !defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \ + defined(HAVE_SPHINCS) int verify; #endif union { @@ -1780,12 +1903,14 @@ struct DecodedCert { #endif #endif /* WOLFSSL_SUBJ_INFO_ACC */ -#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || defined(HAVE_SPHINCS) word32 pkCurveOID; /* Public Key's curve OID */ #ifdef WOLFSSL_CUSTOM_CURVES int pkCurveSize; /* Public Key's curve size */ #endif -#endif /* HAVE_ECC */ +#endif /* HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_DILITHIUM || + * HAVE_FALCON || HAVE_SPHINCS */ const byte* beforeDate; int beforeDateLen; const byte* afterDate; @@ -2090,6 +2215,10 @@ struct TrustedPeerCert { #endif /* IGNORE_NAME_CONSTRAINTS */ byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + byte issuerHash[SIGNER_DIGEST_SIZE]; + /* sha hash of issuer name in certificate */ + #endif #ifndef NO_SKID byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; /* sha hash of SKID in certificate */ @@ -2426,7 +2555,8 @@ WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen, int keyType, int withHeader); WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen, - int keyType); + int* keyType); + WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType); @@ -2767,12 +2897,6 @@ WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz, int pubKeyOID, void * heap); #endif /* WOLFSSL_ACERT */ -#ifdef __cplusplus - } /* extern "C" */ -#endif - -#endif /* !NO_ASN */ - #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \ || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \ @@ -2781,7 +2905,8 @@ WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz, || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS)) WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey, - word32* pubKeyLen, int keyType); + word32* pubKeyLen, int* inOutKeyType); + WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey, word32* pubKeyLen, int keyType); @@ -2793,6 +2918,7 @@ WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, int keyType); #endif +#endif /* !NO_ASN */ #if !defined(NO_ASN) || !defined(NO_PWDBASED) @@ -2842,4 +2968,10 @@ enum PKCSTypes { #endif /* !NO_ASN || !NO_PWDBASED */ +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* !NO_ASN || !NO_PWDBASED */ + #endif /* WOLF_CRYPT_ASN_H */ diff --git a/src/wolfssl/wolfcrypt/asn_public.h b/src/wolfssl/wolfcrypt/asn_public.h index b8bbce4..1196c6a 100644 --- a/src/wolfssl/wolfcrypt/asn_public.h +++ b/src/wolfssl/wolfcrypt/asn_public.h @@ -841,12 +841,16 @@ WOLFSSL_API int wc_Curve25519PrivateKeyDecode( const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz); WOLFSSL_API int wc_Curve25519PublicKeyDecode( const byte* input, word32* inOutIdx, curve25519_key* key, word32 inSz); +WOLFSSL_API int wc_Curve25519KeyDecode(const byte *input, word32 *inOutIdx, + curve25519_key *key, word32 inSz); #endif #ifdef HAVE_CURVE25519_KEY_EXPORT WOLFSSL_API int wc_Curve25519PrivateKeyToDer( curve25519_key* key, byte* output, word32 inLen); WOLFSSL_API int wc_Curve25519PublicKeyToDer( curve25519_key* key, byte* output, word32 inLen, int withAlg); +WOLFSSL_API int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, + word32 inLen, int withAlg); #endif #endif /* HAVE_CURVE25519 */ diff --git a/src/wolfssl/wolfcrypt/camellia.h b/src/wolfssl/wolfcrypt/camellia.h index bdba23b..efd187e 100644 --- a/src/wolfssl/wolfcrypt/camellia.h +++ b/src/wolfssl/wolfcrypt/camellia.h @@ -63,34 +63,49 @@ #endif enum { - CAMELLIA_BLOCK_SIZE = 16 + WC_CAMELLIA_BLOCK_SIZE = 16 }; -#define CAMELLIA_TABLE_BYTE_LEN 272 -#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / sizeof(word32)) +#define WC_CAMELLIA_TABLE_BYTE_LEN 272 +#define WC_CAMELLIA_TABLE_WORD_LEN (WC_CAMELLIA_TABLE_BYTE_LEN / sizeof(word32)) -typedef word32 KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; +typedef word32 WC_CAMELLIA_KEY_TABLE_TYPE[WC_CAMELLIA_TABLE_WORD_LEN]; -typedef struct Camellia { +typedef struct wc_Camellia { word32 keySz; - KEY_TABLE_TYPE key; - word32 reg[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ - word32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ -} Camellia; + WC_CAMELLIA_KEY_TABLE_TYPE key; + word32 reg[WC_CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ + word32 tmp[WC_CAMELLIA_BLOCK_SIZE / sizeof(word32)]; /* for CBC mode */ +} wc_Camellia; -WOLFSSL_API int wc_CamelliaSetKey(Camellia* cam, +WOLFSSL_API int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, const byte* iv); -WOLFSSL_API int wc_CamelliaSetIV(Camellia* cam, const byte* iv); -WOLFSSL_API int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, +WOLFSSL_API int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv); +WOLFSSL_API int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in); -WOLFSSL_API int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, +WOLFSSL_API int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in); -WOLFSSL_API int wc_CamelliaCbcEncrypt(Camellia* cam, +WOLFSSL_API int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); -WOLFSSL_API int wc_CamelliaCbcDecrypt(Camellia* cam, +WOLFSSL_API int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); +#ifndef OPENSSL_COEXIST + +enum { + CAMELLIA_BLOCK_SIZE = WC_CAMELLIA_BLOCK_SIZE +}; + +#define CAMELLIA_TABLE_BYTE_LEN WC_CAMELLIA_TABLE_BYTE_LEN +#define CAMELLIA_TABLE_WORD_LEN WC_CAMELLIA_TABLE_WORD_LEN + +typedef word32 KEY_TABLE_TYPE[WC_CAMELLIA_TABLE_WORD_LEN]; + +typedef struct wc_Camellia Camellia; + +#endif /* !OPENSSL_COEXIST */ + #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/wolfcrypt/cmac.h b/src/wolfssl/wolfcrypt/cmac.h index a1c05f9..3dc6d9c 100644 --- a/src/wolfssl/wolfcrypt/cmac.h +++ b/src/wolfssl/wolfcrypt/cmac.h @@ -54,10 +54,10 @@ typedef enum CmacType { struct Cmac { #ifndef NO_AES Aes aes; - byte buffer[AES_BLOCK_SIZE]; /* partially stored block */ - byte digest[AES_BLOCK_SIZE]; /* running digest */ - byte k1[AES_BLOCK_SIZE]; - byte k2[AES_BLOCK_SIZE]; + byte buffer[WC_AES_BLOCK_SIZE]; /* partially stored block */ + byte digest[WC_AES_BLOCK_SIZE]; /* running digest */ + byte k1[WC_AES_BLOCK_SIZE]; + byte k2[WC_AES_BLOCK_SIZE]; #endif word32 bufferSz; word32 totalSz; @@ -86,8 +86,8 @@ struct Cmac { #ifndef NO_AES -#define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE -#define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4) +#define WC_CMAC_TAG_MAX_SZ WC_AES_BLOCK_SIZE +#define WC_CMAC_TAG_MIN_SZ (WC_AES_BLOCK_SIZE/4) #else /* Reasonable defaults */ #define WC_CMAC_TAG_MAX_SZ 16 diff --git a/src/wolfssl/wolfcrypt/cpuid.h b/src/wolfssl/wolfcrypt/cpuid.h index c91b628..b7a5714 100644 --- a/src/wolfssl/wolfcrypt/cpuid.h +++ b/src/wolfssl/wolfcrypt/cpuid.h @@ -38,6 +38,11 @@ #define HAVE_CPUID #define HAVE_CPUID_INTEL #endif +#if (defined(WOLFSSL_AARCH64_BUILD) || (defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM))) && !defined(WOLFSSL_NO_ASM) + #define HAVE_CPUID + #define HAVE_CPUID_AARCH64 +#endif #ifdef HAVE_CPUID_INTEL @@ -63,6 +68,26 @@ #define IS_INTEL_BMI1(f) ((f) & CPUID_BMI1) #define IS_INTEL_SHA(f) ((f) & CPUID_SHA) +#elif defined(HAVE_CPUID_AARCH64) + + #define CPUID_AES 0x0001 + #define CPUID_PMULL 0x0002 + #define CPUID_SHA256 0x0004 + #define CPUID_SHA512 0x0008 + #define CPUID_RDM 0x0010 + #define CPUID_SHA3 0x0020 + #define CPUID_SM3 0x0040 + #define CPUID_SM4 0x0080 + + #define IS_AARCH64_AES(f) ((f) & CPUID_AES) + #define IS_AARCH64_PMULL(f) ((f) & CPUID_PMULL) + #define IS_AARCH64_SHA256(f) ((f) & CPUID_SHA256) + #define IS_AARCH64_SHA512(f) ((f) & CPUID_SHA512) + #define IS_AARCH64_RDM(f) ((f) & CPUID_RDM) + #define IS_AARCH64_SHA3(f) ((f) & CPUID_SHA3) + #define IS_AARCH64_SM3(f) ((f) & CPUID_SM3) + #define IS_AARCH64_SM4(f) ((f) & CPUID_SM4) + #endif #ifdef HAVE_CPUID diff --git a/src/wolfssl/wolfcrypt/cryptocb.h b/src/wolfssl/wolfcrypt/cryptocb.h index 4ec42ec..976332f 100644 --- a/src/wolfssl/wolfcrypt/cryptocb.h +++ b/src/wolfssl/wolfcrypt/cryptocb.h @@ -50,6 +50,9 @@ #ifndef NO_SHA256 #include #endif +#ifdef WOLFSSL_SHA3 + #include +#endif #ifndef NO_HMAC #include #endif @@ -101,12 +104,12 @@ enum wc_CryptoCbCmdType { /* Crypto Information Structure for callbacks */ typedef struct wc_CryptoInfo { int algo_type; /* enum wc_AlgoType */ -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES union { #endif struct { int type; /* enum wc_PkType */ -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES union { #endif #ifndef NO_RSA @@ -276,7 +279,7 @@ typedef struct wc_CryptoInfo { int type; /* enum wc_PqcSignatureType */ } pqc_sig_check; #endif -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; #endif } pk; @@ -284,7 +287,7 @@ typedef struct wc_CryptoInfo { struct { int type; /* enum wc_CipherType */ int enc; -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES union { #endif #ifdef HAVE_AESGCM @@ -372,7 +375,7 @@ typedef struct wc_CryptoInfo { } des3; #endif void* ctx; -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; #endif } cipher; @@ -384,7 +387,7 @@ typedef struct wc_CryptoInfo { const byte* in; word32 inSz; byte* digest; -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES union { #endif #ifndef NO_SHA @@ -406,7 +409,7 @@ typedef struct wc_CryptoInfo { wc_Sha3* sha3; #endif void* ctx; -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; #endif } hash; @@ -445,13 +448,25 @@ typedef struct wc_CryptoInfo { int type; } cmac; #endif +#ifndef NO_CERTS + struct { + const byte *id; + word32 idLen; + const char *label; + word32 labelLen; + byte **certDataOut; + word32 *certSz; + int *certFormatOut; + void *heap; + } cert; +#endif #ifdef WOLF_CRYPTO_CB_CMD struct { /* uses wc_AlgoType=ALGO_NONE */ int type; /* enum wc_CryptoCbCmdType */ void *ctx; } cmd; #endif -#if HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; #endif } wc_CryptoInfo; @@ -654,6 +669,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, void* ctx); #endif +#ifndef NO_CERTS +WOLFSSL_LOCAL int wc_CryptoCb_GetCert(int devId, const char *label, + word32 labelLen, const byte *id, word32 idLen, byte** out, + word32* outSz, int *format, void *heap); +#endif + #endif /* WOLF_CRYPTO_CB */ #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/dilithium.h b/src/wolfssl/wolfcrypt/dilithium.h index 6e9cfb6..c43bc7e 100644 --- a/src/wolfssl/wolfcrypt/dilithium.h +++ b/src/wolfssl/wolfcrypt/dilithium.h @@ -114,37 +114,55 @@ #define DILITHIUM_LEVEL2_PUB_KEY_SIZE 1312 #define DILITHIUM_LEVEL2_PRV_KEY_SIZE \ (DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334 +#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588 #define DILITHIUM_LEVEL3_KEY_SIZE 4032 #define DILITHIUM_LEVEL3_SIG_SIZE 3309 #define DILITHIUM_LEVEL3_PUB_KEY_SIZE 1952 #define DILITHIUM_LEVEL3_PRV_KEY_SIZE \ (DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974 +#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060 + #define DILITHIUM_LEVEL5_KEY_SIZE 4896 #define DILITHIUM_LEVEL5_SIG_SIZE 4627 #define DILITHIUM_LEVEL5_PUB_KEY_SIZE 2592 #define DILITHIUM_LEVEL5_PRV_KEY_SIZE \ (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE) - +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 +#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 #define ML_DSA_LEVEL2_KEY_SIZE 2560 #define ML_DSA_LEVEL2_SIG_SIZE 2420 #define ML_DSA_LEVEL2_PUB_KEY_SIZE 1312 #define ML_DSA_LEVEL2_PRV_KEY_SIZE \ (ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE +#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE #define ML_DSA_LEVEL3_KEY_SIZE 4032 #define ML_DSA_LEVEL3_SIG_SIZE 3309 #define ML_DSA_LEVEL3_PUB_KEY_SIZE 1952 #define ML_DSA_LEVEL3_PRV_KEY_SIZE \ (ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE +#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE #define ML_DSA_LEVEL5_KEY_SIZE 4896 #define ML_DSA_LEVEL5_SIG_SIZE 4627 #define ML_DSA_LEVEL5_PUB_KEY_SIZE 2592 #define ML_DSA_LEVEL5_PRV_KEY_SIZE \ (ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE +#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE @@ -503,18 +521,27 @@ #define DILITHIUM_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key #define DILITHIUM_LEVEL2_PRV_KEY_SIZE \ (DILITHIUM_LEVEL2_PUB_KEY_SIZE+DILITHIUM_LEVEL2_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334 +#define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588 #define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key #define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature #define DILITHIUM_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key #define DILITHIUM_LEVEL3_PRV_KEY_SIZE \ (DILITHIUM_LEVEL3_PUB_KEY_SIZE+DILITHIUM_LEVEL3_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974 +#define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060 #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key #define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature #define DILITHIUM_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key #define DILITHIUM_LEVEL5_PRV_KEY_SIZE \ (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 +#define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 #define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key @@ -522,18 +549,27 @@ #define ML_DSA_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key #define ML_DSA_LEVEL2_PRV_KEY_SIZE \ (ML_DSA_LEVEL2_PUB_KEY_SIZE+ML_DSA_LEVEL2_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE +#define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE #define ML_DSA_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key #define ML_DSA_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature #define ML_DSA_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key #define ML_DSA_LEVEL3_PRV_KEY_SIZE \ (ML_DSA_LEVEL3_PUB_KEY_SIZE+ML_DSA_LEVEL3_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE +#define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE #define ML_DSA_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key #define ML_DSA_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature #define ML_DSA_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key #define ML_DSA_LEVEL5_PRV_KEY_SIZE \ (ML_DSA_LEVEL5_PUB_KEY_SIZE+ML_DSA_LEVEL5_KEY_SIZE) +/* Buffer sizes large enough to store exported DER encoded keys */ +#define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE +#define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE #endif @@ -541,6 +577,10 @@ #define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE #define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE #define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE +#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE + #ifdef WOLF_PRIVATE_KEY_ID #define DILITHIUM_MAX_ID_LEN 32 @@ -854,9 +894,9 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) -int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); -int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); -int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); +WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); +WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); +WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/wolfcrypt/error-crypt.h b/src/wolfssl/wolfcrypt/error-crypt.h index 3f188f7..5668783 100644 --- a/src/wolfssl/wolfcrypt/error-crypt.h +++ b/src/wolfssl/wolfcrypt/error-crypt.h @@ -46,9 +46,15 @@ enum wolfCrypt_ErrorCodes { /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for * reasons of backward compatibility. */ + WC_FAILURE = -1, /* Generic but traceable back compat errcode. + * Note, not reflected in MAX_CODE_E or + * WC_FIRST_E. + */ - MAX_CODE_E = -96, /* errors -97 - -299 */ - WC_FIRST_E = -97, /* errors -97 - -299 */ + MAX_CODE_E = -96, /* WC_FIRST_E + 1, for backward compat. */ + WC_FIRST_E = -97, /* First code used for wolfCrypt */ + + WC_SPAN1_FIRST_E = -97, /* errors -97 - -300 */ MP_MEM = -97, /* MP dynamic memory allocation failed. */ MP_VAL = -98, /* MP value passed is not able to be used. */ @@ -290,13 +296,32 @@ enum wolfCrypt_ErrorCodes { SM4_GCM_AUTH_E = -298, /* SM4-GCM Authentication check failure */ SM4_CCM_AUTH_E = -299, /* SM4-CCM Authentication check failure */ - WC_LAST_E = -299, /* Update this to indicate last error */ - MIN_CODE_E = -300 /* errors -2 - -299 */ + WC_SPAN1_LAST_E = -299, /* Last used code in span 1 */ + WC_SPAN1_MIN_CODE_E = -300, /* Last usable code in span 1 */ + + WC_SPAN2_FIRST_E = -1000, + + DEADLOCK_AVERTED_E = -1000, /* Deadlock averted -- retry the call */ + + WC_SPAN2_LAST_E = -1000, /* Update to indicate last used error code */ + WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ + + WC_LAST_E = -1000, /* the last code used either here or in + * error-ssl.h + */ + + MIN_CODE_E = -1999 /* the last code allocated either here or in + * error-ssl.h + */ /* add new companion error id strings for any new error codes wolfcrypt/src/error.c !!! */ }; +wc_static_assert((int)WC_LAST_E <= (int)WC_SPAN2_LAST_E); +wc_static_assert((int)MIN_CODE_E <= (int)WC_LAST_E); +wc_static_assert((int)MIN_CODE_E <= (int)WC_SPAN2_MIN_CODE_E); + #ifdef NO_ERROR_STRINGS #define wc_GetErrorString(error) "no support for error strings built in" #define wc_ErrorString(err, buf) \ diff --git a/src/wolfssl/wolfcrypt/ge_448.h b/src/wolfssl/wolfcrypt/ge_448.h index bbdb067..a9d4d47 100644 --- a/src/wolfssl/wolfcrypt/ge_448.h +++ b/src/wolfssl/wolfcrypt/ge_448.h @@ -65,6 +65,7 @@ WOLFSSL_LOCAL int ge448_from_bytes_negate_vartime(ge448_p2 *r, const byte *b); WOLFSSL_LOCAL int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a, const ge448_p2 *A, const byte *b); WOLFSSL_LOCAL int ge448_scalarmult_base(ge448_p2* h, const byte* a); +/* Only performs a weak reduce. */ WOLFSSL_LOCAL void sc448_reduce(byte* b); WOLFSSL_LOCAL void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d); WOLFSSL_LOCAL void ge448_to_bytes(byte *s, const ge448_p2 *h); diff --git a/src/wolfssl/wolfcrypt/hash.h b/src/wolfssl/wolfcrypt/hash.h index edbc949..ee001a9 100644 --- a/src/wolfssl/wolfcrypt/hash.h +++ b/src/wolfssl/wolfcrypt/hash.h @@ -119,6 +119,7 @@ typedef union { #ifdef WOLFSSL_SM3 wc_Sm3 sm3; #endif + WOLF_AGG_DUMMY_MEMBER; } wc_Hashes; #ifndef NO_HASH_WRAPPER diff --git a/src/wolfssl/wolfcrypt/hpke.h b/src/wolfssl/wolfcrypt/hpke.h index 6e406ba..3bf61e5 100644 --- a/src/wolfssl/wolfcrypt/hpke.h +++ b/src/wolfssl/wolfcrypt/hpke.h @@ -42,7 +42,7 @@ enum { DHKEM_P384_HKDF_SHA384 = 0x0011, DHKEM_P521_HKDF_SHA512 = 0x0012, DHKEM_X25519_HKDF_SHA256 = 0x0020, - DHKEM_X448_HKDF_SHA512 = 0x0021, + DHKEM_X448_HKDF_SHA512 = 0x0021 }; #define DHKEM_P256_ENC_LEN 65 @@ -55,13 +55,13 @@ enum { enum { HKDF_SHA256 = 0x0001, HKDF_SHA384 = 0x0002, - HKDF_SHA512 = 0x0003, + HKDF_SHA512 = 0x0003 }; /* AEAD enum */ enum { HPKE_AES_128_GCM = 0x0001, - HPKE_AES_256_GCM = 0x0002, + HPKE_AES_256_GCM = 0x0002 }; /* TODO better way of doing this */ diff --git a/src/wolfssl/wolfcrypt/integer.h b/src/wolfssl/wolfcrypt/integer.h index 927a1f6..e98cd35 100644 --- a/src/wolfssl/wolfcrypt/integer.h +++ b/src/wolfssl/wolfcrypt/integer.h @@ -222,8 +222,8 @@ typedef int mp_err; #define WOLF_BIGINT_DEFINED #endif -#define mp_size_t int -#define mp_sign_t int +#define wc_mp_size_t int +#define wc_mp_sign_t int /* the mp_int structure */ typedef struct mp_int { diff --git a/src/wolfssl/wolfcrypt/kyber.h b/src/wolfssl/wolfcrypt/kyber.h index 93b5022..3fb1a23 100644 --- a/src/wolfssl/wolfcrypt/kyber.h +++ b/src/wolfssl/wolfcrypt/kyber.h @@ -153,9 +153,14 @@ enum { /* Types of Kyber keys. */ - KYBER512 = 0, - KYBER768 = 1, - KYBER1024 = 2, + WC_ML_KEM_512 = 0, + WC_ML_KEM_768 = 1, + WC_ML_KEM_1024 = 2, + + KYBER_ORIGINAL = 0x10, + KYBER512 = 0 | KYBER_ORIGINAL, + KYBER768 = 1 | KYBER_ORIGINAL, + KYBER1024 = 2 | KYBER_ORIGINAL, KYBER_LEVEL1 = KYBER512, KYBER_LEVEL3 = KYBER768, @@ -215,30 +220,48 @@ WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, +#if !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_NO_ML_KEM) +#define WOLFSSL_WC_ML_KEM_512 +#endif +#if !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM) +#define WOLFSSL_WC_ML_KEM_768 +#endif +#if !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM) +#define WOLFSSL_WC_ML_KEM_1024 +#endif + +#ifdef WOLFSSL_WC_ML_KEM_512 #define WC_ML_KEM_512_K KYBER512_K #define WC_ML_KEM_512_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE -#define wC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE -#define wC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE +#define WC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE +#define WC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE +#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \ + KYBER512_POLY_VEC_COMPRESSED_SZ +#endif +#ifdef WOLFSSL_WC_ML_KEM_768 #define WC_ML_KEM_768_K KYBER768_K #define WC_ML_KEM_768_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE -#define wC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE -#define wC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE +#define WC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE +#define WC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE +#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \ + KYBER768_POLY_VEC_COMPRESSED_SZ +#endif +#ifdef WOLFSSL_WC_ML_KEM_1024 #define WC_ML_KEM_1024_K KYBER1024_K #define WC_ML_KEM_1024_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE -#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE -#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE +#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE +#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE +#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \ + KYBER1024_POLY_VEC_COMPRESSED_SZ +#endif #define WC_ML_KEM_MAX_K KYBER_MAX_K #define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE KYBER_MAX_PRIVATE_KEY_SIZE #define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE KYBER_MAX_PUBLIC_KEY_SIZE #define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE KYBER_MAX_CIPHER_TEXT_SIZE -#define WC_ML_KEM_512 KYBER512 -#define WC_ML_KEM_768 KYBER768 -#define WC_ML_KEM_1024 KYBER1024 - #define WC_ML_KEM_SYM_SZ KYBER_SYM_SZ #define WC_ML_KEM_SS_SZ KYBER_SS_SZ #define WC_ML_KEM_MAKEKEY_RAND_SZ KYBER_MAKEKEY_RAND_SZ diff --git a/src/wolfssl/wolfcrypt/logging.h b/src/wolfssl/wolfcrypt/logging.h index 7d349fe..a60f70b 100644 --- a/src/wolfssl/wolfcrypt/logging.h +++ b/src/wolfssl/wolfcrypt/logging.h @@ -178,7 +178,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...); #define HAVE_WOLFSSL_MSG_EX #else - #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING + #ifdef WOLF_NO_VARIADIC_MACROS + #define WOLFSSL_MSG_EX() WC_DO_NOTHING + #else + #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING + #endif #endif WOLFSSL_API void WOLFSSL_MSG(const char* msg); #ifdef WOLFSSL_DEBUG_CODEPOINTS @@ -197,7 +201,11 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #define WOLFSSL_MSG_EX(fmt, args...) \ WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args) #else - #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING + #ifdef WOLF_NO_VARIADIC_MACROS + #define WOLFSSL_MSG_EX2() WC_DO_NOTHING + #else + #define WOLFSSL_MSG_EX2(...) WC_DO_NOTHING + #endif #endif #endif WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length); @@ -209,7 +217,14 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #define WOLFSSL_STUB(m) WC_DO_NOTHING #define WOLFSSL_IS_DEBUG_ON() 0 - #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING + #ifdef WOLF_NO_VARIADIC_MACROS + /* note, modern preprocessors will generate errors with this definition. + * "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0" + */ + #define WOLFSSL_MSG_EX() WC_DO_NOTHING + #else + #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING + #endif #define WOLFSSL_MSG(m) WC_DO_NOTHING #define WOLFSSL_BUFFER(b, l) WC_DO_NOTHING @@ -221,8 +236,13 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #ifdef WOLFSSL_HAVE_ERROR_QUEUE WOLFSSL_API void WOLFSSL_ERROR_LINE(int err, const char* func, unsigned int line, const char* file, void* ctx); - #define WOLFSSL_ERROR(x) \ - WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL) + #ifdef WOLF_C89 + #define WOLFSSL_ERROR(x) \ + WOLFSSL_ERROR_LINE((x), __FILE__, __LINE__, __FILE__, NULL) + #else + #define WOLFSSL_ERROR(x) \ + WOLFSSL_ERROR_LINE((x), __func__, __LINE__, __FILE__, NULL) + #endif #else WOLFSSL_API void WOLFSSL_ERROR(int err); #endif /* WOLFSSL_HAVE_ERROR_QUEUE */ diff --git a/src/wolfssl/wolfcrypt/md2.h b/src/wolfssl/wolfcrypt/md2.h index fe92756..73be110 100644 --- a/src/wolfssl/wolfcrypt/md2.h +++ b/src/wolfssl/wolfcrypt/md2.h @@ -37,28 +37,42 @@ /* in bytes */ enum { - MD2 = WC_HASH_TYPE_MD2, - MD2_BLOCK_SIZE = 16, - MD2_DIGEST_SIZE = 16, - MD2_PAD_SIZE = 16, - MD2_X_SIZE = 48 + WC_MD2_BLOCK_SIZE = 16, + WC_MD2_DIGEST_SIZE = 16, + WC_MD2_PAD_SIZE = 16, + WC_MD2_X_SIZE = 48 }; /* Md2 digest */ -typedef struct Md2 { +typedef struct wc_Md2 { word32 count; /* bytes % PAD_SIZE */ - byte X[MD2_X_SIZE]; - byte C[MD2_BLOCK_SIZE]; - byte buffer[MD2_BLOCK_SIZE]; -} Md2; + byte X[WC_MD2_X_SIZE]; + byte C[WC_MD2_BLOCK_SIZE]; + byte buffer[WC_MD2_BLOCK_SIZE]; +} wc_Md2; -WOLFSSL_API void wc_InitMd2(Md2* md2); -WOLFSSL_API void wc_Md2Update(Md2* md2, const byte* data, word32 len); -WOLFSSL_API void wc_Md2Final(Md2* md2, byte* hash); +WOLFSSL_API void wc_InitMd2(wc_Md2* md2); +WOLFSSL_API void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len); +WOLFSSL_API void wc_Md2Final(wc_Md2* md2, byte* hash); WOLFSSL_API int wc_Md2Hash(const byte* data, word32 len, byte* hash); +#ifndef OPENSSL_COEXIST + +enum { + MD2 = WC_HASH_TYPE_MD2, + MD2_BLOCK_SIZE = WC_MD2_BLOCK_SIZE, + MD2_DIGEST_SIZE = WC_MD2_DIGEST_SIZE, + MD2_PAD_SIZE = WC_MD2_PAD_SIZE, + MD2_X_SIZE = WC_MD2_X_SIZE +}; + + +/* Md2 digest */ +typedef struct wc_Md2 Md2; + +#endif /* !OPENSSL_COEXIST */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/wolfcrypt/md4.h b/src/wolfssl/wolfcrypt/md4.h index c4bd266..b253f8d 100644 --- a/src/wolfssl/wolfcrypt/md4.h +++ b/src/wolfssl/wolfcrypt/md4.h @@ -36,26 +36,36 @@ /* in bytes */ enum { - MD4 = WC_HASH_TYPE_MD4, - MD4_BLOCK_SIZE = 64, - MD4_DIGEST_SIZE = 16, - MD4_PAD_SIZE = 56 + WC_MD4_BLOCK_SIZE = 64, + WC_MD4_DIGEST_SIZE = 16, + WC_MD4_PAD_SIZE = 56 }; - /* MD4 digest */ -typedef struct Md4 { +typedef struct wc_Md4 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ - word32 digest[MD4_DIGEST_SIZE / sizeof(word32)]; - word32 buffer[MD4_BLOCK_SIZE / sizeof(word32)]; -} Md4; + word32 digest[WC_MD4_DIGEST_SIZE / sizeof(word32)]; + word32 buffer[WC_MD4_BLOCK_SIZE / sizeof(word32)]; +} wc_Md4; + +WOLFSSL_API void wc_InitMd4(wc_Md4* md4); +WOLFSSL_API void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len); +WOLFSSL_API void wc_Md4Final(wc_Md4* md4, byte* hash); + +#ifndef OPENSSL_COEXIST + +enum { + MD4 = WC_HASH_TYPE_MD4, + MD4_BLOCK_SIZE = WC_MD4_BLOCK_SIZE, + MD4_DIGEST_SIZE = WC_MD4_DIGEST_SIZE, + MD4_PAD_SIZE = WC_MD4_PAD_SIZE +}; +typedef struct wc_Md4 Md4; -WOLFSSL_API void wc_InitMd4(Md4* md4); -WOLFSSL_API void wc_Md4Update(Md4* md4, const byte* data, word32 len); -WOLFSSL_API void wc_Md4Final(Md4* md4, byte* hash); +#endif /* !OPENSSL_COEXIST */ #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/md5.h b/src/wolfssl/wolfcrypt/md5.h index c19f6c1..59d1f8d 100644 --- a/src/wolfssl/wolfcrypt/md5.h +++ b/src/wolfssl/wolfcrypt/md5.h @@ -65,7 +65,7 @@ enum { #ifdef WOLFSSL_MICROCHIP_PIC32MZ #include #endif -#ifdef STM32_HASH +#if defined(STM32_HASH) && !defined(STM32_NOMD5) #include #endif #ifdef WOLFSSL_ASYNC_CRYPT @@ -80,7 +80,7 @@ enum { /* MD5 digest */ typedef struct wc_Md5 { -#ifdef STM32_HASH +#if defined(STM32_HASH) && !defined(STM32_NOMD5) STM32_HASH_Context stmCtx; #else word32 buffLen; /* in bytes */ diff --git a/src/wolfssl/wolfcrypt/mem_track.h b/src/wolfssl/wolfcrypt/mem_track.h index b45bf23..a69d1f0 100644 --- a/src/wolfssl/wolfcrypt/mem_track.h +++ b/src/wolfssl/wolfcrypt/mem_track.h @@ -157,9 +157,9 @@ static WC_INLINE void* TrackMalloc(size_t sz) return NULL; #ifdef FREERTOS - mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz); + mt = (memoryTrack*)pvPortMalloc(sizeof(memoryTrack) + sz); /* native heap */ #else - mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); + mt = (memoryTrack*)malloc(sizeof(memoryTrack) + sz); /* native heap */ #endif if (mt == NULL) return NULL; @@ -300,9 +300,9 @@ static WC_INLINE void TrackFree(void* ptr) (void)sz; #ifdef FREERTOS - vPortFree(mt); + vPortFree(mt); /* native heap */ #else - free(mt); + free(mt); /* native heap */ #endif } @@ -600,7 +600,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf) stackSize = PTHREAD_STACK_MIN; #endif - ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); + ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */ if (ret != 0 || myStack == NULL) { wc_mem_printf("posix_memalign failed\n"); return -1; @@ -650,7 +650,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf) } } - free(myStack); + free(myStack); /* native heap */ #ifdef HAVE_STACK_SIZE_VERBOSE printf("stack used = %lu\n", StackSizeCheck_stackSizeHWM > (stackSize - i) ? (unsigned long)StackSizeCheck_stackSizeHWM @@ -681,16 +681,16 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args, stackSize = PTHREAD_STACK_MIN; #endif - shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args); + shim_args = (struct stack_size_debug_context *)malloc(sizeof *shim_args); /* native heap */ if (shim_args == NULL) { perror("malloc"); return -1; } - ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); + ret = posix_memalign((void**)&myStack, sysconf(_SC_PAGESIZE), stackSize); /* native heap */ if (ret != 0 || myStack == NULL) { wc_mem_printf("posix_memalign failed\n"); - free(shim_args); + free(shim_args); /* native heap */ return -1; } @@ -699,8 +699,8 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args, ret = pthread_attr_init(&myAttr); if (ret != 0) { wc_mem_printf("attr_init failed\n"); - free(shim_args); - free(myStack); + free(shim_args); /* native heap */ + free(myStack); /* native heap */ return ret; } @@ -749,7 +749,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId, } } - free(shim_args->myStack); + free(shim_args->myStack); /* native heap */ #ifdef HAVE_STACK_SIZE_VERBOSE printf("stack used = %lu\n", *shim_args->stackSizeHWM_ptr > (shim_args->stackSize - i) @@ -761,7 +761,7 @@ static WC_INLINE int StackSizeCheck_reap(pthread_t threadId, printf("stack used = %lu\n", (unsigned long)used); } #endif - free(shim_args); + free(shim_args); /* native heap */ return (int)((size_t)status); } diff --git a/src/wolfssl/wolfcrypt/memory.h b/src/wolfssl/wolfcrypt/memory.h index 481f8aa..179a8fd 100644 --- a/src/wolfssl/wolfcrypt/memory.h +++ b/src/wolfssl/wolfcrypt/memory.h @@ -219,8 +219,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #endif #ifdef WOLFSSL_STATIC_MEMORY_LEAN - word16 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */ - byte distList[WOLFMEM_MAX_BUCKETS];/* general distribution */ + word32 sizeList[WOLFMEM_MAX_BUCKETS];/* memory sizes in ava list */ + word32 distList[WOLFMEM_MAX_BUCKETS];/* general distribution */ #else word32 maxHa; /* max concurrent handshakes */ word32 curHa; @@ -258,8 +258,8 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, WOLFSSL_API void* wolfSSL_SetGlobalHeapHint(void* heap); WOLFSSL_API void* wolfSSL_GetGlobalHeapHint(void); WOLFSSL_API int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, - unsigned int listSz, const unsigned int *sizeList, - const unsigned int *distList, unsigned char* buf, unsigned int sz, + unsigned int listSz, const word32 *sizeList, + const word32 *distList, unsigned char* buf, unsigned int sz, int flag, int max); #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK #define WOLFSSL_DEBUG_MEMORY_ALLOC 0 @@ -281,7 +281,7 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, WOLFSSL_LOCAL int FreeFixedIO(WOLFSSL_HEAP* heap, wc_Memory** io); WOLFSSL_API int wolfSSL_StaticBufferSz_ex(unsigned int listSz, - const unsigned int *sizeList, const unsigned int *distList, + const word32 *sizeList, const word32 *distList, byte* buffer, word32 sz, int flag); WOLFSSL_API int wolfSSL_StaticBufferSz(byte* buffer, word32 sz, int flag); WOLFSSL_API int wolfSSL_MemoryPaddingSz(void); @@ -449,7 +449,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag, #endif - #define ASSERT_SAVED_VECTOR_REGISTERS(fail_clause) do { \ + #define ASSERT_SAVED_VECTOR_REGISTERS() do { \ if (wc_svr_count <= 0) { \ fprintf(stderr, \ ("ASSERT_SAVED_VECTOR_REGISTERS : %s @ L%d : " \ @@ -460,7 +460,6 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag, wc_svr_last_file, \ wc_svr_last_line); \ DEBUG_VECTOR_REGISTERS_EXTRA_FAIL_CLAUSE \ - { fail_clause } \ } \ } while (0) #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) do { \ @@ -477,7 +476,7 @@ WOLFSSL_LOCAL int wc_debug_CipherLifecycleFree(void **CipherLifecycleTag, { fail_clause } \ } \ } while (0) - #define RESTORE_VECTOR_REGISTERS(...) do { \ + #define RESTORE_VECTOR_REGISTERS() do { \ --wc_svr_count; \ if ((wc_svr_count > 4) || (wc_svr_count < 0)) { \ fprintf(stderr, \ diff --git a/src/wolfssl/wolfcrypt/misc.h b/src/wolfssl/wolfcrypt/misc.h index 9acc31b..579c536 100644 --- a/src/wolfssl/wolfcrypt/misc.h +++ b/src/wolfssl/wolfcrypt/misc.h @@ -46,12 +46,10 @@ word32 rotlFixed(word32 x, word32 y); WOLFSSL_LOCAL word32 rotrFixed(word32 x, word32 y); -#ifdef WC_RC2 WOLFSSL_LOCAL word16 rotlFixed16(word16 x, word16 y); WOLFSSL_LOCAL word16 rotrFixed16(word16 x, word16 y); -#endif WOLFSSL_LOCAL word32 ByteReverseWord32(word32 value); @@ -74,6 +72,15 @@ void ForceZero(void* mem, word32 len); WOLFSSL_LOCAL int ConstantCompare(const byte* a, const byte* b, int length); +WOLFSSL_LOCAL +word32 readUnalignedWord32(const byte *in); +WOLFSSL_LOCAL +word32 writeUnalignedWord32(void *out, word32 in); +WOLFSSL_LOCAL +void readUnalignedWords32(word32 *out, const byte *in, size_t count); +WOLFSSL_LOCAL +void writeUnalignedWords32(byte *out, const word32 *in, size_t count); + #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL word64 readUnalignedWord64(const byte *in); diff --git a/src/wolfssl/wolfcrypt/pkcs11.h b/src/wolfssl/wolfcrypt/pkcs11.h index 7a53710..f252a00 100644 --- a/src/wolfssl/wolfcrypt/pkcs11.h +++ b/src/wolfssl/wolfcrypt/pkcs11.h @@ -71,10 +71,12 @@ extern "C" { #define CKF_RW_SESSION 0x00000002UL #define CKF_SERIAL_SESSION 0x00000004UL +#define CKO_CERTIFICATE 0x00000001UL #define CKO_PUBLIC_KEY 0x00000002UL #define CKO_PRIVATE_KEY 0x00000003UL #define CKO_SECRET_KEY 0x00000004UL + #define CKK_RSA 0x00000000UL #define CKK_DH 0x00000002UL #define CKK_EC 0x00000003UL diff --git a/src/wolfssl/wolfcrypt/pkcs7.h b/src/wolfssl/wolfcrypt/pkcs7.h index 80c687b..bc34147 100644 --- a/src/wolfssl/wolfcrypt/pkcs7.h +++ b/src/wolfssl/wolfcrypt/pkcs7.h @@ -158,7 +158,7 @@ enum Pkcs7_Misc { MAX_CONTENT_KEY_LEN = 32, /* highest current cipher is AES-256-CBC */ MAX_CONTENT_IV_SIZE = 16, /* highest current is AES128 */ #ifndef NO_AES - MAX_CONTENT_BLOCK_LEN = AES_BLOCK_SIZE, + MAX_CONTENT_BLOCK_LEN = WC_AES_BLOCK_SIZE, #else MAX_CONTENT_BLOCK_LEN = DES_BLOCK_SIZE, #endif @@ -202,37 +202,42 @@ typedef struct PKCS7DecodedAttrib { typedef struct PKCS7State PKCS7State; typedef struct Pkcs7Cert Pkcs7Cert; typedef struct Pkcs7EncodedRecip Pkcs7EncodedRecip; -typedef struct PKCS7 PKCS7; -typedef struct PKCS7 PKCS7_SIGNED; typedef struct PKCS7SignerInfo PKCS7SignerInfo; +typedef struct wc_PKCS7 wc_PKCS7; +typedef struct wc_PKCS7 wc_PKCS7_SIGNED; + +#ifndef OPENSSL_COEXIST +#define PKCS7 wc_PKCS7 +#define PKCS7_SIGNED wc_PKCS7_SIGNED +#endif /* OtherRecipientInfo decrypt callback prototype */ -typedef int (*CallbackOriDecrypt)(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, +typedef int (*CallbackOriDecrypt)(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, byte* oriValue, word32 oriValueSz, byte* decryptedKey, word32* decryptedKeySz, void* ctx); -typedef int (*CallbackOriEncrypt)(PKCS7* pkcs7, byte* cek, word32 cekSz, +typedef int (*CallbackOriEncrypt)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType, word32* oriTypeSz, byte* oriValue, word32* oriValueSz, void* ctx); -typedef int (*CallbackDecryptContent)(PKCS7* pkcs7, int encryptOID, +typedef int (*CallbackDecryptContent)(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out, void* ctx); -typedef int (*CallbackWrapCEK)(PKCS7* pkcs7, byte* cek, word32 cekSz, +typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, word32 keyIdSz, byte* originKey, word32 originKeySz, byte* out, word32 outSz, int keyWrapAlgo, int type, int dir); /* Callbacks for supporting different stream cases */ -typedef int (*CallbackGetContent)(PKCS7* pkcs7, byte** content, void* ctx); -typedef int (*CallbackStreamOut)(PKCS7* pkcs7, const byte* output, +typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx); +typedef int (*CallbackStreamOut)(wc_PKCS7* pkcs7, const byte* output, word32 outputSz, void* ctx); #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) /* RSA sign raw digest callback, user builds DigestInfo */ -typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest, +typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest, word32 digestSz, byte* out, word32 outSz, byte* privateKey, word32 privateKeySz, int devId, int hashOID); @@ -241,7 +246,7 @@ typedef int (*CallbackRsaSignRawDigest)(PKCS7* pkcs7, byte* digest, /* Public Structure Warning: * Existing members must not be changed to maintain backwards compatibility! */ -struct PKCS7 { +struct wc_PKCS7 { WC_RNG* rng; PKCS7Attrib* signedAttribs; byte* content; /* inner content, not owner */ @@ -370,55 +375,55 @@ struct PKCS7 { /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; -WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); +WOLFSSL_API wc_PKCS7* wc_PKCS7_New(void* heap, int devId); #ifdef WC_ASN_UNKNOWN_EXT_CB - WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, + WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7, wc_UnknownExtCallback cb); #endif -WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); -WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz); -WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz); -WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7); +WOLFSSL_API int wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId); +WOLFSSL_API int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz); +WOLFSSL_API int wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* der, word32 derSz); +WOLFSSL_API void wc_PKCS7_Free(wc_PKCS7* pkcs7); -WOLFSSL_API int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, +WOLFSSL_API int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid, word32 oidSz, byte* out, word32* outSz); -WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(PKCS7* pkcs7, int type); -WOLFSSL_API int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, +WOLFSSL_API int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type); +WOLFSSL_API int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz); WOLFSSL_API int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz); WOLFSSL_API int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, word32 blockSz); /* CMS/PKCS#7 Data */ -WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, +WOLFSSL_API int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /* CMS/PKCS#7 SignedData */ -WOLFSSL_API int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, +WOLFSSL_API int wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in, word16 inSz); -WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag); -WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7); -WOLFSSL_API int wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag); -WOLFSSL_API int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag); +WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7); +WOLFSSL_API int wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag); +WOLFSSL_API int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); -WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +WOLFSSL_API int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, word32* outputFootSz); -WOLFSSL_API void wc_PKCS7_AllowDegenerate(PKCS7* pkcs7, word16 flag); -WOLFSSL_API int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, +WOLFSSL_API void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag); +WOLFSSL_API int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz); -WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +WOLFSSL_API int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, word32 pkiMsgFootSz); -WOLFSSL_API int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz); +WOLFSSL_API int wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz); /* CMS single-shot API for Signed FirmwarePkgData */ -WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey, +WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey, word32 privateKeySz, int signOID, int hashOID, byte* content, word32 contentSz, @@ -427,7 +432,7 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedFPD(PKCS7* pkcs7, byte* privateKey, word32 outputSz); #ifndef NO_PKCS7_ENCRYPTED_DATA /* CMS single-shot API for Signed Encrypted FirmwarePkgData */ -WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7, byte* encryptKey, word32 encryptKeySz, byte* privateKey, word32 privateKeySz, int encryptOID, int signOID, @@ -441,7 +446,7 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, #endif /* NO_PKCS7_ENCRYPTED_DATA */ #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) /* CMS single-shot API for Signed Compressed FirmwarePkgData */ -WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7, byte* privateKey, word32 privateKeySz, int signOID, int hashOID, byte* content, word32 contentSz, @@ -451,7 +456,7 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedCompressedFPD(PKCS7* pkcs7, #ifndef NO_PKCS7_ENCRYPTED_DATA /* CMS single-shot API for Signed Encrypted Compressed FirmwarePkgData */ -WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7, byte* encryptKey, word32 encryptKeySz, byte* privateKey, word32 privateKeySz, int encryptOID, int signOID, @@ -466,80 +471,80 @@ WOLFSSL_API int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(PKCS7* pkcs7, #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ /* EnvelopedData and AuthEnvelopedData RecipientInfo functions */ -WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, +WOLFSSL_API int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz, int options); -WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, +WOLFSSL_API int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz, int keyWrapOID, int keyAgreeOID, byte* ukm, word32 ukmSz, int options); -WOLFSSL_API int wc_PKCS7_SetKey(PKCS7* pkcs7, byte* key, word32 keySz); -WOLFSSL_API int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, +WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz); +WOLFSSL_API int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek, word32 kekSz, byte* keyID, word32 keyIdSz, void* timePtr, byte* otherOID, word32 otherOIDSz, byte* other, word32 otherSz, int options); -WOLFSSL_API int wc_PKCS7_SetPassword(PKCS7* pkcs7, byte* passwd, word32 pLen); -WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, +WOLFSSL_API int wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen); +WOLFSSL_API int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen, byte* salt, word32 saltSz, int kdfOID, int prfOID, int iterations, int kekEncryptOID, int options); -WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(PKCS7* pkcs7, void* ctx); -WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(PKCS7* pkcs7, void* ctx); -WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(PKCS7* pkcs7, CallbackOriDecrypt cb); -WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt cb, +WOLFSSL_API int wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx); +WOLFSSL_API int wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx); +WOLFSSL_API int wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb); +WOLFSSL_API int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt cb, int options); -WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK wrapCEKCb); #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) -WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, CallbackRsaSignRawDigest cb); #endif /* CMS/PKCS#7 EnvelopedData */ -WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); -WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, +WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); /* CMS/PKCS#7 AuthEnvelopedData */ -WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); -WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, +WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); /* CMS/PKCS#7 EncryptedData */ #ifndef NO_PKCS7_ENCRYPTED_DATA -WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); -WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, +WOLFSSL_API int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); -WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(PKCS7* pkcs7, +WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7, CallbackDecryptContent decryptionCb); -WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(PKCS7* pkcs7, void* ctx); +WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx); #endif /* NO_PKCS7_ENCRYPTED_DATA */ /* stream and certs */ -WOLFSSL_LOCAL int wc_PKCS7_WriteOut(PKCS7* pkcs7, byte* output, +WOLFSSL_LOCAL int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input, word32 inputSz); -WOLFSSL_API int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag, +WOLFSSL_API int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag, CallbackGetContent getContentCb, CallbackStreamOut streamOutCb, void* ctx); -WOLFSSL_API int wc_PKCS7_GetStreamMode(PKCS7* pkcs7); -WOLFSSL_API int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag); -WOLFSSL_API int wc_PKCS7_GetNoCerts(PKCS7* pkcs7); +WOLFSSL_API int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7); +WOLFSSL_API int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag); +WOLFSSL_API int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7); /* CMS/PKCS#7 CompressedData */ #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) -WOLFSSL_API int wc_PKCS7_EncodeCompressedData(PKCS7* pkcs7, byte* output, +WOLFSSL_API int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); -WOLFSSL_API int wc_PKCS7_DecodeCompressedData(PKCS7* pkcs7, byte* pkiMsg, +WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h index 85b4ed1..de37936 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -31,7 +31,7 @@ /* WOLFSSL_USER_SETTINGS must be defined, typically in the CMakeLists.txt: */ /* set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS") */ #ifndef WOLFSSL_USER_SETTINGS - #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets" #endif /* FreeRTOS */ diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 99d2ca2..d49ef3e 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -30,7 +30,7 @@ #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ #ifndef WOLFSSL_USER_SETTINGS - #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets" #endif #include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */ diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index afeb352..6f6e203 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -76,7 +76,7 @@ #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ #ifndef WOLFSSL_USER_SETTINGS - #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets" #endif #if defined(CONFIG_ESP_TLS_USING_WOLFSSL) || \ diff --git a/src/wolfssl/wolfcrypt/rsa.h b/src/wolfssl/wolfcrypt/rsa.h index 3f39d5b..dc23839 100644 --- a/src/wolfssl/wolfcrypt/rsa.h +++ b/src/wolfssl/wolfcrypt/rsa.h @@ -169,8 +169,12 @@ enum { RSA_PSS_SALT_MAX_SZ = 62, #ifdef OPENSSL_EXTRA - RSA_PKCS1_PADDING_SIZE = 11, - RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */ + WC_RSA_PKCS1_PADDING_SIZE = 11, + WC_RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */ + #ifndef OPENSSL_COEXIST + #define RSA_PKCS1_PADDING_SIZE WC_RSA_PKCS1_PADDING_SIZE + #define RSA_PKCS1_OAEP_PADDING_SIZE WC_RSA_PKCS1_OAEP_PADDING_SIZE + #endif #endif #ifdef WC_RSA_PSS RSA_PSS_PAD_TERM = 0xBC, @@ -436,7 +440,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 labelSz); -#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); #endif diff --git a/src/wolfssl/wolfcrypt/settings.h b/src/wolfssl/wolfcrypt/settings.h index e02870c..50eb0cb 100644 --- a/src/wolfssl/wolfcrypt/settings.h +++ b/src/wolfssl/wolfcrypt/settings.h @@ -28,6 +28,8 @@ * * ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]" * + * To build using a custom configuration method, define WOLFSSL_CUSTOM_CONFIG + * * For more information see: * * https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/ @@ -45,11 +47,14 @@ extern "C" { #endif -/* This flag allows wolfSSL to include options.h instead of having client - * projects do it themselves. This should *NEVER* be defined when building - * wolfSSL as it can cause hard to debug problems. */ -#if defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H) -#include +/* WOLFSSL_USE_OPTIONS_H directs wolfSSL to include options.h on behalf of + * application code, rather than the application including it directly. This is + * not defined when compiling wolfSSL library objects, which are configured + * through CFLAGS. + */ +#if (defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)) && \ + !defined(WOLFSSL_NO_OPTIONS_H) + #include #endif /* Uncomment next line if using IPHONE */ @@ -264,6 +269,9 @@ /* Uncomment next line if using MAXQ108x */ /* #define WOLFSSL_MAXQ108X */ +/* Uncomment next line if using Raspberry Pi RP2040 or RP2350 */ +/* #define WOLFSSL_RPIPICO */ + /* Check PLATFORMIO first, as it may define other known environments. */ #ifdef PLATFORMIO #ifdef ESP_PLATFORM @@ -314,6 +322,13 @@ #endif #endif +#if !defined(WOLFSSL_CUSTOM_CONFIG) && \ + ((defined(BUILDING_WOLFSSL) && defined(WOLFSSL_USE_OPTIONS_H)) || \ + (defined(BUILDING_WOLFSSL) && defined(WOLFSSL_OPTIONS_H) && \ + !defined(EXTERNAL_OPTS_OPENVPN))) + #warning wolfssl/options.h included in compiled wolfssl library object. +#endif + #ifdef WOLFSSL_USER_SETTINGS #include "user_settings.h" #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) @@ -323,6 +338,15 @@ /* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */ #include "nucleus.h" #include "os/networking/ssl/lite/cyassl_nucleus_defs.h" +#elif !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_OPTIONS_H) && \ + !defined(WOLFSSL_NO_OPTIONS_H) && !defined(WOLFSSL_CUSTOM_CONFIG) + /* This warning indicates that wolfSSL features may not have been properly + * configured before other wolfSSL headers were included. If you are using + * an alternative configuration method -- e.g. custom header, or CFLAGS in + * an application build -- then your application can avoid this warning by + * defining WOLFSSL_NO_OPTIONS_H or WOLFSSL_CUSTOM_CONFIG as appropriate. + */ + #warning "No configuration for wolfSSL detected, check header order" #endif #include @@ -412,6 +436,11 @@ #undef WC_RSA_BLINDING #endif +/* old FIPS has only AES_BLOCK_SIZE. */ +#if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0))) + #define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE +#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(7,0,0)) */ #ifdef WOLFSSL_HARDEN_TLS #if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128 @@ -994,6 +1023,11 @@ #define TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE 64 #define TSIP_TLS_MASTERSECRET_SIZE 80 /* 20 words */ #define TSIP_TLS_ENCPUBKEY_SZ_BY_CERTVRFY 560 /* in byte */ + + #ifdef WOLF_CRYPTO_CB + /* make sure RSA padding callbacks are enabled */ + #define WOLF_CRYPTO_CB_RSA_PAD + #endif #endif /* WOLFSSL_RENESAS_TSIP */ #if !defined(WOLFSSL_NO_HASH_RAW) && defined(WOLFSSL_RENESAS_RX64_HASH) @@ -1291,8 +1325,8 @@ #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) - #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \ - || defined(HAVE_ALPN) + #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL) || defined(HAVE_ALPN) #define XSTRTOK strtok_r #endif #endif @@ -1358,10 +1392,13 @@ #define NO_SESSION_CACHE #endif -/* Micrium will use Visual Studio for compilation but not the Win32 API */ +/* For platforms where the target OS is not Windows, but compilation is + * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API. + * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */ #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ !defined(FREERTOS_TCP) && !defined(EBSNET) && !defined(WOLFSSL_EROAD) && \ - !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) + !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \ + !defined(WOLFSSL_NOT_WINDOWS_API) #define USE_WINDOWS_API #endif @@ -1419,9 +1456,9 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_LEANPSK) && !defined(XMALLOC_USER) && \ !defined(NO_WOLFSSL_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY) #include - #define XMALLOC(s, h, type) ((void)(h), (void)(type), malloc((s))) - #define XFREE(p, h, type) ((void)(h), (void)(type), free((p))) - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) + #define XMALLOC(s, h, type) ((void)(h), (void)(type), malloc((s))) /* native heap */ + #define XFREE(p, h, type) ((void)(h), (void)(type), free((p))) /* native heap */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */ #endif #if defined(XMALLOC_USER) && defined(SSN_BUILDING_LIBYASSL) @@ -1456,18 +1493,18 @@ extern void uITRON4_free(void *p) ; (s), (__FILE__), (__LINE__), (__FUNCTION__) )) #else #define XMALLOC(s, h, type) \ - ((void)(h), (void)(type), pvPortMalloc((s))) + ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */ #endif /* XFREE */ - #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) + #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) /* native heap */ /* XREALLOC */ #if defined(WOLFSSL_ESPIDF) /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) * There's no pvPortRealloc available: */ - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */ #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL) /* FreeRTOS pvPortRealloc() implementation can be found here: @@ -1509,8 +1546,12 @@ extern void uITRON4_free(void *p) ; #ifdef FREERTOS_TCP #if !defined(NO_WOLFSSL_MEMORY) && !defined(XMALLOC_USER) && \ !defined(WOLFSSL_STATIC_MEMORY) - #define XMALLOC(s, h, type) pvPortMalloc((s)) - #define XFREE(p, h, type) vPortFree((p)) + #ifndef XMALLOC + #define XMALLOC(s, h, type) pvPortMalloc((s)) /* native heap */ + #endif + #ifndef XFREE + #define XFREE(p, h, type) vPortFree((p)) /* native heap */ + #endif #endif #define WOLFSSL_GENSEED_FORTEST @@ -1678,8 +1719,8 @@ extern void uITRON4_free(void *p) ; #endif #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \ !defined(WOLFSSL_STATIC_MEMORY) - #define XMALLOC(s, h, type) ((void)(h), (void)(type), pvPortMalloc((s))) - #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) + #define XMALLOC(s, h, type) ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */ + #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) /* native heap */ /* FreeRTOS pvPortRealloc() implementation can be found here: https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ @@ -1797,8 +1838,8 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_CRYPT_HW_MUTEX 1 #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) - #define XMALLOC(s, h, type) ((void)(h), (void)(type), pvPortMalloc((s))) - #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) + #define XMALLOC(s, h, type) ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */ + #define XFREE(p, h, type) ((void)(h), (void)(type), vPortFree((p))) /* native heap */ #endif /* #define USER_TICKS */ @@ -2055,7 +2096,7 @@ extern void uITRON4_free(void *p) ; defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \ defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \ defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \ - defined(WOLFSSL_STM32G4) + defined(WOLFSSL_STM32G4) || defined(WOLFSSL_STM32MP13) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -2117,6 +2158,12 @@ extern void uITRON4_free(void *p) ; #include "stm32u5xx_hal.h" #elif defined(WOLFSSL_STM32H5) #include "stm32h5xx_hal.h" + #elif defined(WOLFSSL_STM32MP13) + /* HAL headers error on our ASM files */ + #ifndef __ASSEMBLER__ + #include "stm32mp13xx_hal.h" + #include "stm32mp13xx_hal_conf.h" + #endif #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -2642,11 +2689,6 @@ extern void uITRON4_free(void *p) ; #endif #endif -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) - #undef KEEP_PEER_CERT - #define KEEP_PEER_CERT -#endif - /* stream ciphers except arc4 need 32bit alignment, intel ok without */ #ifndef XSTREAM_ALIGN @@ -2743,10 +2785,18 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SP_INT_DIGIT_ALIGN #define WOLFSSL_SP_INT_DIGIT_ALIGN #endif +#if defined(__sparc) + #undef WOLFSSL_SP_INT_DIGIT_ALIGN + #define WOLFSSL_SP_INT_DIGIT_ALIGN +#endif #if defined(__APPLE__) || defined(WOLF_C89) #define WOLFSSL_SP_NO_DYN_STACK #endif +#if defined(__WATCOMC__) && !defined(WOLF_NO_VARIADIC_MACROS) + #define WOLF_NO_VARIADIC_MACROS +#endif + #ifdef __INTEL_COMPILER #pragma warning(disable:2259) /* explicit casts to smaller sizes, disable */ #endif @@ -2810,6 +2860,58 @@ extern void uITRON4_free(void *p) ; #endif /*----------------------------------------------------------------------------*/ +/* SP Math specific options */ +/* Determine when mp_add_d is required. */ +#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(OPENSSL_EXTRA) + #define WOLFSSL_SP_ADD_D +#endif + +/* Determine when mp_sub_d is required. */ +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) + #define WOLFSSL_SP_SUB_D +#endif + +/* Determine when mp_read_radix with a radix of 10 is required. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ + !defined(NO_DSA) || defined(OPENSSL_EXTRA) + #define WOLFSSL_SP_READ_RADIX_16 +#endif + +/* Determine when mp_read_radix with a radix of 10 is required. */ +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) + #define WOLFSSL_SP_READ_RADIX_10 +#endif + +/* Determine when mp_invmod is required. */ +#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + #define WOLFSSL_SP_INVMOD +#endif + +/* Determine when mp_invmod_mont_ct is required. */ +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) + #define WOLFSSL_SP_INVMOD_MONT_CT +#endif + +/* Determine when mp_prime_gen is required. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) + #define WOLFSSL_SP_PRIME_GEN +#endif + +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) + /* Determine when mp_mul_d is required */ + #define WOLFSSL_SP_MUL_D +#endif /* user can specify what curves they want with ECC_USER_CURVES otherwise @@ -2900,7 +3002,7 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ECC */ -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA) @@ -2999,6 +3101,13 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ED448 */ +/* FIPS does not support CFB1 or CFB8 */ +#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \ + (defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) + #define WOLFSSL_NO_AES_CFB_1_8 +#endif + /* AES Config */ #ifndef NO_AES /* By default enable all AES key sizes, decryption and CBC */ @@ -3168,6 +3277,14 @@ extern void uITRON4_free(void *p) ; #undef NO_DH #endif +/* CryptoCell defines */ +#ifdef WOLFSSL_CRYPTOCELL + #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) + /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */ + #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST + #endif /* HAVE_ECC && HAVE_ECC_SIGN */ +#endif + /* Asynchronous Crypto */ #ifdef WOLFSSL_ASYNC_CRYPT #if !defined(HAVE_CAVIUM) && !defined(HAVE_INTEL_QA) && \ @@ -3192,6 +3309,12 @@ extern void uITRON4_free(void *p) ; * but not required */ #define ECC_CACHE_CURVE #endif + + #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) + /* Don't attempt to sign/verify an all-zero digest in wolfCrypt tests */ + #define WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST + #endif /* HAVE_ECC && HAVE_ECC_SIGN */ + #endif /* WOLFSSL_ASYNC_CRYPT */ #ifndef WC_ASYNC_DEV_SIZE #define WC_ASYNC_DEV_SIZE 0 @@ -3387,8 +3510,9 @@ extern void uITRON4_free(void *p) ; #endif #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) #undef WOLFSSL_ASN_TIME_STRING #define WOLFSSL_ASN_TIME_STRING #endif @@ -3407,13 +3531,14 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_OCSP_PARSE_STATUS #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(WOLFSSL_CERT_GEN) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_CERT_GEN) #undef WOLFSSL_MULTI_ATTRIB #define WOLFSSL_MULTI_ATTRIB #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(OPENSSL_EXTRA_X509_SMALL) #undef WOLFSSL_EKU_OID #define WOLFSSL_EKU_OID #endif @@ -3477,6 +3602,7 @@ extern void uITRON4_free(void *p) ; #undef HAVE_STRINGS_H #undef HAVE_ERRNO_H #undef HAVE_THREAD_LS + #undef HAVE_ATEXIT #undef WOLFSSL_HAVE_MIN #undef WOLFSSL_HAVE_MAX #define SIZEOF_LONG 8 @@ -3501,12 +3627,10 @@ extern void uITRON4_free(void *p) ; #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(HAVE_LIGHTY)) && !defined(NO_TLS) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && !defined(NO_TLS) #define OPENSSL_NO_ENGINE - #ifndef OPENSSL_EXTRA - #define OPENSSL_EXTRA - #endif + /* Session Tickets will be enabled when --enable-opensslall is used. * Time is required for ticket expiration checking */ #if !defined(HAVE_SESSION_TICKET) && !defined(NO_ASN_TIME) @@ -3533,11 +3657,18 @@ extern void uITRON4_free(void *p) ; #define OPENSSL_EXTRA #endif + +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT)) && \ + !defined(WOLFSSL_ASN_CA_ISSUER) + #define WOLFSSL_ASN_CA_ISSUER +#endif + + /* --------------------------------------------------------------------------- * OpenSSL compat layer * --------------------------------------------------------------------------- */ -#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST) +#ifdef OPENSSL_EXTRA #undef WOLFSSL_ALWAYS_VERIFY_CB #define WOLFSSL_ALWAYS_VERIFY_CB @@ -3561,7 +3692,7 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SESSION_ID_CTX #define WOLFSSL_SESSION_ID_CTX -#endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */ +#endif /* OPENSSL_EXTRA */ #ifdef OPENSSL_EXTRA_X509_SMALL #undef WOLFSSL_NO_OPENSSL_RAND_CB @@ -3613,6 +3744,11 @@ extern void uITRON4_free(void *p) ; #ifndef NO_OLD_WC_NAMES #define NO_OLD_WC_NAMES #endif + #if defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0)) + /* old FIPS needs this remapping. */ + #define Sha3 wc_Sha3 + #endif #endif #if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) @@ -3656,8 +3792,9 @@ extern void uITRON4_free(void *p) ; #endif /* Parts of the openssl compatibility layer require peer certs */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(HAVE_LIGHTY) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(HAVE_LIGHTY)) && !defined(NO_CERTS) #undef KEEP_PEER_CERT #define KEEP_PEER_CERT #endif @@ -3688,6 +3825,37 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_HAVE_TLS_UNIQUE #endif +/* WPAS Small option requires OPENSSL_EXTRA_X509_SMALL */ +#if defined(WOLFSSL_WPAS_SMALL) && !defined(OPENSSL_EXTRA_X509_SMALL) + #define OPENSSL_EXTRA_X509_SMALL +#endif + +/* Web Server needs to enable OPENSSL_EXTRA_X509_SMALL */ +#if defined(HAVE_WEBSERVER) && !defined(OPENSSL_EXTRA_X509_SMALL) + #define OPENSSL_EXTRA_X509_SMALL +#endif + +/* The EX data CRYPTO API's used with compatibility */ +#if !defined(HAVE_EX_DATA_CRYPTO) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB) || \ + defined(WOLFSSL_WOLFSENTRY_HOOKS)) + #define HAVE_EX_DATA_CRYPTO +#endif + +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(HAVE_EX_DATA_CLEANUP_HOOKS) + #define HAVE_EX_DATA_CLEANUP_HOOKS +#endif + +/* Enable EX Data support if required */ +#if (defined(HAVE_EX_DATA_CRYPTO) || defined(HAVE_EX_DATA_CLEANUP_HOOKS)) && \ + !defined(HAVE_EX_DATA) + #define HAVE_EX_DATA +#endif + + /* RAW hash function APIs are not implemented */ #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH) #undef WOLFSSL_NO_HASH_RAW @@ -3754,15 +3922,17 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_BASE64_DECODE #endif -#if defined(HAVE_EX_DATA) || defined(FORTRESS) - #if defined(FORTRESS) && !defined(HAVE_EX_DATA) - #define HAVE_EX_DATA - #endif +#if defined(FORTRESS) && !defined(HAVE_EX_DATA) + #define HAVE_EX_DATA +#endif + +#ifdef HAVE_EX_DATA #ifndef MAX_EX_DATA #define MAX_EX_DATA 5 /* allow for five items of ex_data */ #endif #endif + #ifdef NO_WOLFSSL_SMALL_STACK #undef WOLFSSL_SMALL_STACK #endif @@ -4000,10 +4170,6 @@ extern void uITRON4_free(void *p) ; #error "DTLS v1.3 requires both WOLFSSL_TLS13 and WOLFSSL_DTLS" #endif -#if defined(WOLFSSL_DTLS_CID) && !defined(WOLFSSL_DTLS13) -#error "ConnectionID is supported for DTLSv1.3 only" -#endif - #if defined(WOLFSSL_QUIC) && defined(WOLFSSL_CALLBACKS) #error WOLFSSL_QUIC is incompatible with WOLFSSL_CALLBACKS. #endif @@ -4163,15 +4329,24 @@ extern void uITRON4_free(void *p) ; #endif #endif -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(OPENSSL_COEXIST) - #error "OPENSSL_EXTRA can not be defined with OPENSSL_COEXIST" +#if defined(OPENSSL_ALL) && defined(OPENSSL_COEXIST) + #error "OPENSSL_ALL can not be defined with OPENSSL_COEXIST" #endif #if !defined(NO_DSA) && defined(NO_SHA) #error "Please disable DSA if disabling SHA-1" #endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + #if !defined(WOLFSSL_CRYPTO_POLICY_FILE) + #error "WOLFSSL_SYS_CRYPTO_POLICY requires a crypto policy file" + #endif /* ! WOLFSSL_CRYPTO_POLICY_FILE */ + + #if !defined(OPENSSL_EXTRA) + #error "WOLFSSL_SYS_CRYPTO_POLICY requires OPENSSL_EXTRA" + #endif /* ! OPENSSL_EXTRA */ +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + /* if configure.ac turned on this feature, HAVE_ENTROPY_MEMUSE will be set, * also define HAVE_WOLFENTROPY */ #ifdef HAVE_ENTROPY_MEMUSE diff --git a/src/wolfssl/wolfcrypt/sha3.h b/src/wolfssl/wolfcrypt/sha3.h index f65c41d..2491acd 100644 --- a/src/wolfssl/wolfcrypt/sha3.h +++ b/src/wolfssl/wolfcrypt/sha3.h @@ -45,6 +45,10 @@ #include #endif +#ifdef STM32_HASH + #include +#endif + /* in bytes */ enum { /* SHAKE-128 */ @@ -140,6 +144,9 @@ struct wc_Sha3 { #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif +#if defined(STM32_HASH_SHA3) + STM32_HASH_Context stmCtx; +#endif }; #ifndef WC_SHA3_TYPE_DEFINED @@ -219,8 +226,13 @@ WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n, WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); WOLFSSL_LOCAL void sha3_block_avx2(word64* s); WOLFSSL_LOCAL void BlockSha3(word64 *s); +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 +WOLFSSL_LOCAL void BlockSha3_crypto(word64 *s); #endif -#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) +WOLFSSL_LOCAL void BlockSha3_base(word64 *s); +WOLFSSL_LOCAL void BlockSha3(word64 *s); +#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif diff --git a/src/wolfssl/wolfcrypt/sha512.h b/src/wolfssl/wolfcrypt/sha512.h index e971a8d..5033a2c 100644 --- a/src/wolfssl/wolfcrypt/sha512.h +++ b/src/wolfssl/wolfcrypt/sha512.h @@ -73,6 +73,10 @@ #include "fsl_caam.h" #endif +#ifdef STM32_HASH + #include +#endif + #if defined(_MSC_VER) #define SHA512_NOINLINE __declspec(noinline) #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) @@ -202,6 +206,9 @@ struct wc_Sha512 { #ifdef HAVE_ARIA MC_HSESSION hSession; #endif +#if defined(STM32_HASH_SHA512) + STM32_HASH_Context stmCtx; +#endif #endif /* WOLFSSL_PSOC6_CRYPTO */ }; @@ -221,14 +228,11 @@ struct wc_Sha512 { #ifdef WOLFSSL_ARMASM #ifdef __aarch64__ -#ifndef WOLFSSL_ARMASM_CRYPTO_SHA512 void Transform_Sha512_Len_neon(wc_Sha512* sha512, const byte* data, word32 len); - #define Transform_Sha512_Len Transform_Sha512_Len_neon -#else +#ifdef WOLFSSL_ARMASM_CRYPTO_SHA512 void Transform_Sha512_Len_crypto(wc_Sha512* sha512, const byte* data, word32 len); - #define Transform_Sha512_Len Transform_Sha512_Len_crypto #endif #else extern void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, diff --git a/src/wolfssl/wolfcrypt/sp_int.h b/src/wolfssl/wolfcrypt/sp_int.h index 2a9a880..dc707d2 100644 --- a/src/wolfssl/wolfcrypt/sp_int.h +++ b/src/wolfssl/wolfcrypt/sp_int.h @@ -30,8 +30,9 @@ This library provides single precision (SP) integer math functions. #ifndef WOLFSSL_LINUXKM #include #endif -#include -#include +#include +#include +#include #ifdef __cplusplus extern "C" { @@ -100,6 +101,15 @@ extern "C" { #error "Size of unsigned int not detected" #endif +#if defined(__WATCOMC__) && defined(__WATCOM_INT64__) + /* For older Watcom C compiler force types */ + #define SP_ULLONG_BITS 64 + typedef unsigned __int64 sp_uint64; + typedef __int64 sp_int64; + +#else + +/* 32-bit type */ #if defined(WOLF_C89) && !defined(NO_64BIT) && \ ULONG_MAX == 18446744073709551615UL #define SP_ULONG_BITS 64 @@ -108,8 +118,8 @@ extern "C" { typedef long sp_int64; #elif !defined(WOLF_C89) && !defined(NO_64BIT) && \ ULONG_MAX == 18446744073709551615ULL && \ - 4294967295UL != 18446744073709551615ULL /* verify pre-processor supports - * 64-bit ULL types */ + /* sanity check pre-processor supports 64-bit ULL types */ \ + 4294967295UL != 18446744073709551615ULL #define SP_ULONG_BITS 64 typedef unsigned long sp_uint64; @@ -132,6 +142,7 @@ extern "C" { #error "Size of unsigned long not detected" #endif +/* 64-bit type */ #ifdef ULLONG_MAX #if defined(WOLF_C89) && ULLONG_MAX == 18446744073709551615UL #define SP_ULLONG_BITS 64 @@ -165,6 +176,7 @@ extern "C" { #error "Size of unsigned long long not detected" #endif #elif (SP_ULONG_BITS == 32) && !defined(NO_64BIT) + #define SP_ULLONG_BITS 64 /* Speculatively use long long as the 64-bit type as we don't have one * otherwise. */ typedef unsigned long long sp_uint64; @@ -173,6 +185,7 @@ extern "C" { #define SP_ULLONG_BITS 0 #endif +#endif /* __WATCOMC__ */ #ifdef WOLFSSL_SP_DIV_32 #define WOLFSSL_SP_DIV_WORD_HALF @@ -691,7 +704,7 @@ typedef struct sp_ecc_ctx { if ((a)->used > 0) { \ for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ } \ - (a)->used = (mp_size_t)(ii + 1); \ + (a)->used = (wc_mp_size_t)(ii + 1); \ } \ } while (0) @@ -867,10 +880,10 @@ typedef unsigned int sp_size_t; #endif /* Type for number of digits. */ -#define mp_size_t sp_size_t +#define wc_mp_size_t sp_size_t #ifdef WOLFSSL_SP_INT_NEGATIVE typedef sp_uint8 sp_sign_t; - #define mp_sign_t sp_sign_t + #define wc_mp_sign_t sp_sign_t #endif /** diff --git a/src/wolfssl/wolfcrypt/tfm.h b/src/wolfssl/wolfcrypt/tfm.h index a9b0df2..80b7f0f 100644 --- a/src/wolfssl/wolfcrypt/tfm.h +++ b/src/wolfssl/wolfcrypt/tfm.h @@ -379,8 +379,8 @@ while (0) #define WOLF_BIGINT_DEFINED #endif -#define mp_size_t int -#define mp_sign_t int +#define wc_mp_size_t int +#define wc_mp_sign_t int /* a FP type */ typedef struct fp_int { diff --git a/src/wolfssl/wolfcrypt/types.h b/src/wolfssl/wolfcrypt/types.h index 1b437c1..f8042cf 100644 --- a/src/wolfssl/wolfcrypt/types.h +++ b/src/wolfssl/wolfcrypt/types.h @@ -34,6 +34,10 @@ decouple library dependencies with standard string, memory and so on. #include #include + #if defined(EXTERNAL_OPTS_OPENVPN) && defined(BUILDING_WOLFSSL) + #error EXTERNAL_OPTS_OPENVPN should not be defined in compiled wolfssl library files. + #endif + #ifdef __APPLE__ #include #endif @@ -77,6 +81,7 @@ decouple library dependencies with standard string, memory and so on. #endif #ifndef WOLFSSL_TYPES + #define WOLFSSL_TYPES #ifndef byte /* If using C++ C17 or later and getting: * "error: reference to 'byte' is ambiguous", this is caused by @@ -113,23 +118,84 @@ decouple library dependencies with standard string, memory and so on. #endif #ifndef WC_BITFIELD - #define WC_BITFIELD byte + #ifdef WOLF_C89 + #define WC_BITFIELD unsigned + #else + #define WC_BITFIELD byte + #endif #endif #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES /* if a version is available, pivot on the version, otherwise guess it's - * allowed, subject to override. + * disallowed, subject to override. */ #if !defined(WOLF_C89) && (!defined(__STDC__) \ || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \ || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \ || (defined(__cplusplus) && (__cplusplus >= 201103L))) #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 - #else - #define HAVE_ANONYMOUS_INLINE_AGGREGATES 0 #endif + #elif ~(~HAVE_ANONYMOUS_INLINE_AGGREGATES + 1) == 1 + /* forced on with empty value -- remap to 1 */ + #undef HAVE_ANONYMOUS_INLINE_AGGREGATES + #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 + #elif HAVE_ANONYMOUS_INLINE_AGGREGATES + /* forced on with explicit nonzero value -- leave as-is. */ + #else + /* forced off with explicit zero value -- remap to undef. */ + #undef HAVE_ANONYMOUS_INLINE_AGGREGATES + #endif + + #ifndef HAVE_EMPTY_AGGREGATES + /* The C standards don't define empty aggregates, but gcc and clang do. + * We need to accommodate them for one of the same reasons C++ does -- + * conditionally empty aggregates, e.g. in hash.h. + */ + #if !defined(WOLF_C89) && defined(__GNUC__) && \ + !defined(__STRICT_ANSI__) && \ + defined(HAVE_ANONYMOUS_INLINE_AGGREGATES) + #define HAVE_EMPTY_AGGREGATES 1 + #endif + #elif ~(~HAVE_EMPTY_AGGREGATES + 1) == 1 + /* forced on with empty value -- remap to 1 */ + #undef HAVE_EMPTY_AGGREGATES + #define HAVE_EMPTY_AGGREGATES 1 + #elif HAVE_EMPTY_AGGREGATES + /* forced on with explicit nonzero value -- leave as-is. */ + #else + /* forced off with explicit zero value -- remap to undef. */ + #undef HAVE_EMPTY_AGGREGATES #endif + #define _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) a ## b ## c + #define _WOLF_AGG_DUMMY_MEMBER_HELPER(a, b, c) _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) + #ifdef HAVE_EMPTY_AGGREGATES + /* swallow the semicolon with a zero-sized array (language extension + * specific to gcc/clang). + */ + #define WOLF_AGG_DUMMY_MEMBER \ + struct { \ + PRAGMA_GCC_DIAG_PUSH \ + PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"") \ + PRAGMA_CLANG_DIAG_PUSH \ + PRAGMA_CLANG("clang diagnostic ignored \"-Wzero-length-array\"") \ + byte _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member)[0]; \ + PRAGMA_CLANG_DIAG_POP \ + PRAGMA_GCC_DIAG_POP \ + } + #else + /* Use a single byte with a constructed name as a dummy member -- these + * are the standard semantics of an empty structure in C++. + */ + #define WOLF_AGG_DUMMY_MEMBER char _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member) + #endif + + /* helpers for stringifying the expanded value of a macro argument rather + * than its literal text: + */ + #define _WC_STRINGIFY_L2(str) #str + #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str) + /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall * -Wextra -pedantic), a trailing comma on the last value in an enum * definition is a syntax error. We use this macro to accommodate that @@ -137,17 +203,13 @@ decouple library dependencies with standard string, memory and so on. * preprocessor-gated. */ #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS) - #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _wolf_ ## prefix ## _enum_dummy_last_element + #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) a ## b ## c ## d ## e + #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(a, b, c, d, e) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) + #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(_wolf_, prefix, _L, __LINE__, _enum_dummy_last_element) #else #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */ #endif - /* helpers for stringifying the expanded value of a macro argument rather - * than its literal text: - */ - #define _WC_STRINGIFY_L2(str) #str - #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str) - /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ #if defined(_WIN32) || defined(HAVE_LIMITS_H) /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, @@ -182,7 +244,10 @@ decouple library dependencies with standard string, memory and so on. #endif #endif - #if defined(_MSC_VER) || defined(__BCPLUSPLUS__) + #if (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + defined(__BCPLUSPLUS__) || \ + (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) + /* windows types */ #define WORD64_AVAILABLE #define W64LIT(x) x##ui64 #define SW64LIT(x) x##i64 @@ -305,28 +370,10 @@ typedef struct w64wrapper { WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE }; + #define WOLFSSL_MAX_8BIT 0xffU #define WOLFSSL_MAX_16BIT 0xffffU #define WOLFSSL_MAX_32BIT 0xffffffffU - #ifndef WARN_UNUSED_RESULT - #if defined(WOLFSSL_LINUXKM) && defined(__must_check) - #define WARN_UNUSED_RESULT __must_check - #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ - (defined(__IAR_SYSTEMS_ICC__) && (__VER__ >= 9040001)) - #define WARN_UNUSED_RESULT __attribute__((warn_unused_result)) - #else - #define WARN_UNUSED_RESULT - #endif - #endif /* WARN_UNUSED_RESULT */ - - #ifndef WC_MAYBE_UNUSED - #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || defined(__IAR_SYSTEMS_ICC__) - #define WC_MAYBE_UNUSED __attribute__((unused)) - #else - #define WC_MAYBE_UNUSED - #endif - #endif /* WC_MAYBE_UNUSED */ - #ifndef WC_DO_NOTHING #define WC_DO_NOTHING do {} while (0) #ifdef _MSC_VER @@ -337,50 +384,13 @@ typedef struct w64wrapper { #endif #endif - /* use inlining if compiler allows */ - #ifndef WC_INLINE - #ifndef NO_INLINE - #ifdef _MSC_VER - #define WC_INLINE __inline - #elif defined(__GNUC__) - #ifdef WOLFSSL_VXWORKS - #define WC_INLINE __inline__ - #else - #define WC_INLINE inline - #endif - #elif defined(__IAR_SYSTEMS_ICC__) - #define WC_INLINE inline - #elif defined(THREADX) - #define WC_INLINE _Inline - #elif defined(__ghc__) - #ifndef __cplusplus - #define WC_INLINE __inline - #else - #define WC_INLINE inline - #endif - #elif defined(__CCRX__) - #define WC_INLINE inline - #elif defined(__DCC__) - #ifndef __cplusplus - #define WC_INLINE __inline__ - #else - #define WC_INLINE inline - #endif - #else - #define WC_INLINE WC_MAYBE_UNUSED - #endif - #else - #define WC_INLINE WC_MAYBE_UNUSED - #endif - #endif - #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) #define INLINE WC_INLINE #endif /* set up rotate style */ - #if (defined(_MSC_VER) || defined(__BCPLUSPLUS__)) && \ - !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS) + #if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS) #define INTEL_INTRINSICS #define FAST_ROTATE #elif defined(__MWERKS__) && TARGET_CPU_PPC @@ -428,16 +438,6 @@ typedef struct w64wrapper { #define FALL_THROUGH #endif - /* For platforms where the target OS is not Windows, but compilation is - * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API. - * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */ - #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ - !defined(FREERTOS_TCP) && !defined(EBSNET) && \ - !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \ - !defined(WOLFSSL_NOT_WINDOWS_API) - #define USE_WINDOWS_API - #endif - #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */ #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x))) @@ -445,16 +445,6 @@ typedef struct w64wrapper { #define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \ ((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0)) - /* idea to add global alloc override by Moises Guimaraes */ - /* default to libc stuff */ - /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embedded systems doesn't like free(0) so test for NULL - * explicitly. - * - * For example: - * #define XFREE(p, h, t) \ - * {void* xp = (p); if (xp != NULL) free(xp, h, t);} - */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -547,14 +537,14 @@ typedef struct w64wrapper { #else /* just use plain C stdlib stuff if desired */ #include - #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) + #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) /* native heap */ #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) /* native heap */ #else - #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) /* native heap */ #endif #define XREALLOC(p, n, h, t) \ - ((void)(h), (void)(t), realloc((p), (size_t)(n))) + ((void)(h), (void)(t), realloc((p), (size_t)(n))) /* native heap */ #endif #elif defined(WOLFSSL_LINUXKM) @@ -833,7 +823,7 @@ typedef struct w64wrapper { #ifndef USE_WINDOWS_API #if defined(WOLFSSL_ESPIDF) && \ (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7)) - #include + #include /* later gcc than 7.1 introduces -Wformat-truncation */ /* In cases when truncation is expected the caller needs*/ /* to check the return value from the function so that */ @@ -869,7 +859,11 @@ typedef struct w64wrapper { #endif #define XSPRINTF sprintf /* snprintf not available for C89, so remap using macro */ - #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__) + #ifdef WOLF_NO_VARIADIC_MACROS + #error WOLF_NO_VARIADIC_MACROS requires user-supplied binding for XSNPRINTF + #else + #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__) + #endif #else #ifndef NO_STDIO_FILESYSTEM #include @@ -880,17 +874,18 @@ typedef struct w64wrapper { #if defined(_MSC_VER) || defined(__CYGWIN__) || defined(__MINGW32__) #if defined(_MSC_VER) && (_MSC_VER >= 1900) /* Beginning with the UCRT in Visual Studio 2015 and - Windows 10, snprintf is no longer identical to - _snprintf. The snprintf function behavior is now - C99 standard compliant. */ + * Windows 10, snprintf is no longer identical to + * _snprintf. The snprintf function behavior is now + * C99 standard compliant. */ #include #define XSNPRINTF snprintf #else /* 4996 warning to use MS extensions e.g., _sprintf_s - instead of _snprintf */ + * instead of _snprintf */ #if !defined(__MINGW32__) #pragma warning(disable: 4996) #endif + #include static WC_INLINE int xsnprintf(char *buffer, size_t bufsize, const char *format, ...) { @@ -1114,15 +1109,17 @@ typedef struct w64wrapper { DYNAMIC_TYPE_LMS = 101, DYNAMIC_TYPE_BIO = 102, DYNAMIC_TYPE_X509_ACERT = 103, - DYNAMIC_TYPE_SNIFFER_SERVER = 1000, - DYNAMIC_TYPE_SNIFFER_SESSION = 1001, - DYNAMIC_TYPE_SNIFFER_PB = 1002, - DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, - DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, - DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, - DYNAMIC_TYPE_SNIFFER_KEY = 1006, - DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, - DYNAMIC_TYPE_AES_EAX = 1008 + DYNAMIC_TYPE_OS_BUF = 104, + DYNAMIC_TYPE_SNIFFER_SERVER = 1000, + DYNAMIC_TYPE_SNIFFER_SESSION = 1001, + DYNAMIC_TYPE_SNIFFER_PB = 1002, + DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, + DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, + DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, + DYNAMIC_TYPE_SNIFFER_KEY = 1006, + DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, + DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008, + DYNAMIC_TYPE_AES_EAX = 1009 }; /* max error buffer string size */ @@ -1146,8 +1143,9 @@ typedef struct w64wrapper { WC_ALGO_TYPE_SEED = 5, WC_ALGO_TYPE_HMAC = 6, WC_ALGO_TYPE_CMAC = 7, + WC_ALGO_TYPE_CERT = 8, - WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CMAC + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CERT }; /* hash types */ @@ -1456,7 +1454,7 @@ typedef struct w64wrapper { #endif #ifdef SINGLE_THREADED - #if defined(WC_32BIT_CPU) + #if defined(WC_32BIT_CPU) || defined(HAVE_STACK_SIZE) typedef void* THREAD_RETURN; #else typedef unsigned int THREAD_RETURN; @@ -1495,7 +1493,8 @@ typedef struct w64wrapper { typedef void THREAD_RETURN; #define WOLFSSL_THREAD_VOID_RETURN typedef struct { - struct k_thread tid; + /* Zephyr k_thread can be large, > 128 bytes. */ + struct k_thread* tid; k_thread_stack_t* threadStack; } THREAD_TYPE; #define WOLFSSL_THREAD @@ -1556,6 +1555,10 @@ typedef struct w64wrapper { #if !defined(__MINGW32__) #define WOLFSSL_THREAD_NO_JOIN __cdecl #endif + #elif defined(THREADX) + typedef unsigned int THREAD_RETURN; + typedef TX_THREAD THREAD_TYPE; + #define WOLFSSL_THREAD #else typedef unsigned int THREAD_RETURN; typedef size_t THREAD_TYPE; @@ -1757,7 +1760,7 @@ typedef struct w64wrapper { #endif #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #endif #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() 0 @@ -1771,10 +1774,10 @@ typedef struct w64wrapper { #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING #endif #ifndef ASSERT_SAVED_VECTOR_REGISTERS - #define ASSERT_SAVED_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define ASSERT_SAVED_VECTOR_REGISTERS() WC_DO_NOTHING #endif #ifndef ASSERT_RESTORED_VECTOR_REGISTERS - #define ASSERT_RESTORED_VECTOR_REGISTERS(...) WC_DO_NOTHING + #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING #endif #ifndef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING diff --git a/src/wolfssl/wolfcrypt/wc_lms.h b/src/wolfssl/wolfcrypt/wc_lms.h index 0f31696..d7317ea 100644 --- a/src/wolfssl/wolfcrypt/wc_lms.h +++ b/src/wolfssl/wolfcrypt/wc_lms.h @@ -88,6 +88,8 @@ #ifndef WC_LMS_H #define WC_LMS_H +#include + #if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) #include diff --git a/src/wolfssl/wolfcrypt/wc_port.h b/src/wolfssl/wolfcrypt/wc_port.h index 6dc7d2c..4be0502 100644 --- a/src/wolfssl/wolfcrypt/wc_port.h +++ b/src/wolfssl/wolfcrypt/wc_port.h @@ -62,6 +62,63 @@ #include "../../linuxkm/linuxkm_wc_port.h" #endif /* WOLFSSL_LINUXKM */ +#ifndef WARN_UNUSED_RESULT + #if defined(WOLFSSL_LINUXKM) && defined(__must_check) + #define WARN_UNUSED_RESULT __must_check + #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ + (defined(__IAR_SYSTEMS_ICC__) && (__VER__ >= 9040001)) + #define WARN_UNUSED_RESULT __attribute__((warn_unused_result)) + #else + #define WARN_UNUSED_RESULT + #endif +#endif /* !WARN_UNUSED_RESULT */ + +#ifndef WC_MAYBE_UNUSED + #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || \ + defined(__IAR_SYSTEMS_ICC__) + #define WC_MAYBE_UNUSED __attribute__((unused)) + #else + #define WC_MAYBE_UNUSED + #endif +#endif /* !WC_MAYBE_UNUSED */ + +/* use inlining if compiler allows */ +#ifndef WC_INLINE +#ifndef NO_INLINE + #ifdef _MSC_VER + #define WC_INLINE __inline + #elif defined(__GNUC__) + #ifdef WOLFSSL_VXWORKS + #define WC_INLINE __inline__ + #else + #define WC_INLINE inline + #endif + #elif defined(__IAR_SYSTEMS_ICC__) + #define WC_INLINE inline + #elif defined(THREADX) + #define WC_INLINE _Inline + #elif defined(__ghc__) + #ifndef __cplusplus + #define WC_INLINE __inline + #else + #define WC_INLINE inline + #endif + #elif defined(__CCRX__) + #define WC_INLINE inline + #elif defined(__DCC__) + #ifndef __cplusplus + #define WC_INLINE __inline__ + #else + #define WC_INLINE inline + #endif + #else + #define WC_INLINE WC_MAYBE_UNUSED + #endif +#else + #define WC_INLINE WC_MAYBE_UNUSED +#endif +#endif + /* THREADING/MUTEX SECTION */ #if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM) /* No system headers required for build. */ @@ -75,7 +132,7 @@ #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif - #ifndef WOLFSSL_SGX + #if !defined(WOLFSSL_SGX) && !defined(WOLFSSL_NOT_WINDOWS_API) #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) /* On WinCE winsock2.h must be included before windows.h */ #include @@ -320,6 +377,10 @@ #endif /* SINGLE_THREADED */ +#ifdef WOLFSSL_TEST_NO_MUTEX_INITIALIZER + #undef WOLFSSL_MUTEX_INITIALIZER +#endif + #ifdef WOLFSSL_MUTEX_INITIALIZER #define WOLFSSL_MUTEX_INITIALIZER_CLAUSE(lockname) = WOLFSSL_MUTEX_INITIALIZER(lockname) #else @@ -331,11 +392,16 @@ #endif #ifndef WOLFSSL_NO_ATOMICS -#ifdef HAVE_C___ATOMIC +#ifdef SINGLE_THREADED + typedef int wolfSSL_Atomic_Int; + #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) + #define WOLFSSL_ATOMIC_OPS +#elif defined(HAVE_C___ATOMIC) #ifdef __cplusplus #if defined(__GNUC__) && defined(__ATOMIC_RELAXED) /* C++ using direct calls to compiler built-in functions */ typedef volatile int wolfSSL_Atomic_Int; + #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_OPS #endif #else @@ -343,10 +409,11 @@ /* Default C Implementation */ #include typedef atomic_int wolfSSL_Atomic_Int; + #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_OPS #endif /* WOLFSSL_HAVE_ATOMIC_H */ #endif -#elif defined(_MSC_VER) +#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API) /* Use MSVC compiler intrinsics for atomic ops */ #ifdef _WIN32_WCE #include @@ -354,38 +421,52 @@ #include #endif typedef volatile long wolfSSL_Atomic_Int; + #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) #define WOLFSSL_ATOMIC_OPS #endif #endif /* WOLFSSL_NO_ATOMICS */ -#ifdef WOLFSSL_ATOMIC_OPS +#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED) WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i); /* Fetch* functions return the value of the counter immediately preceding * the effects of the function. */ WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i); WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); #else - /* Code using these fallback macros needs to arrange its own fallback for - * wolfSSL_Atomic_Int, which is never defined if - * !defined(WOLFSSL_ATOMIC_OPS). This forces local awareness of - * thread-unsafe semantics. + /* Code using these fallback implementations in non-SINGLE_THREADED builds + * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int, + * which is not defined if !defined(WOLFSSL_ATOMIC_OPS) && + * !defined(SINGLE_THREADED). This forces local awareness of thread-unsafe + * semantics. */ #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i)) - #define wolfSSL_Atomic_Int_FetchAdd(c, i) (*(c) += (i), *(c) - (i)) - #define wolfSSL_Atomic_Int_FetchSub(c, i) (*(c) -= (i), *(c) + (i)) + static WC_INLINE int wolfSSL_Atomic_Int_FetchAdd(int *c, int i) { + int ret = *c; + *c += i; + return ret; + } + static WC_INLINE int wolfSSL_Atomic_Int_FetchSub(int *c, int i) { + int ret = *c; + *c -= i; + return ret; + } #endif /* Reference counting. */ -typedef struct wolfSSL_Ref { -#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_ATOMIC_OPS) +typedef struct wolfSSL_RefWithMutex { +#if !defined(SINGLE_THREADED) wolfSSL_Mutex mutex; #endif -#ifdef WOLFSSL_ATOMIC_OPS + int count; +} wolfSSL_RefWithMutex; + +#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED) +typedef struct wolfSSL_Ref { wolfSSL_Atomic_Int count; +} wolfSSL_Ref; #else - int count; +typedef struct wolfSSL_RefWithMutex wolfSSL_Ref; #endif -} wolfSSL_Ref; #if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS) @@ -412,10 +493,33 @@ typedef struct wolfSSL_Ref { #define WOLFSSL_REFCNT_ERROR_RETURN -WOLFSSL_LOCAL void wolfSSL_RefInit(wolfSSL_Ref* ref, int* err); -WOLFSSL_LOCAL void wolfSSL_RefFree(wolfSSL_Ref* ref); -WOLFSSL_LOCAL void wolfSSL_RefInc(wolfSSL_Ref* ref, int* err); -WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); +#define wolfSSL_RefInit wolfSSL_RefWithMutexInit +#define wolfSSL_RefFree wolfSSL_RefWithMutexFree +#define wolfSSL_RefInc wolfSSL_RefWithMutexInc +#define wolfSSL_RefDec wolfSSL_RefWithMutexDec + +#endif + +#if defined(SINGLE_THREADED) + +#define wolfSSL_RefWithMutexInit wolfSSL_RefInit +#define wolfSSL_RefWithMutexFree wolfSSL_RefFree +#define wolfSSL_RefWithMutexInc wolfSSL_RefInc +#define wolfSSL_RefWithMutexLock(ref) 0 +#define wolfSSL_RefWithMutexUnlock(ref) 0 +#define wolfSSL_RefWithMutexDec wolfSSL_RefDec + +#else + +WOLFSSL_LOCAL void wolfSSL_RefWithMutexInit(wolfSSL_RefWithMutex* ref, + int* err); +WOLFSSL_LOCAL void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref); +WOLFSSL_LOCAL void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref, + int* err); +WOLFSSL_LOCAL int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref); +WOLFSSL_LOCAL int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref); +WOLFSSL_LOCAL void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref, + int* isZero, int* err); #endif @@ -947,9 +1051,11 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); /* Windows API defines its own min() macro. */ #if defined(USE_WINDOWS_API) #if defined(min) || defined(WOLFSSL_MYSQL_COMPATIBLE) + #undef WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MIN #endif /* min */ #if defined(max) || defined(WOLFSSL_MYSQL_COMPATIBLE) + #undef WOLFSSL_HAVE_MAX #define WOLFSSL_HAVE_MAX #endif /* max */ #endif /* USE_WINDOWS_API */ @@ -1273,7 +1379,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* !NO_ASN_TIME */ -#ifndef WOLFSSL_LEANPSK +#if (!defined(WOLFSSL_LEANPSK) && !defined(STRING_USER)) || \ + defined(USE_WOLF_STRNSTR) char* mystrnstr(const char* s1, const char* s2, unsigned int n); #endif @@ -1291,9 +1398,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); /* By default, the OCTEON's global variables are all thread local. This * tag allows them to be shared between threads. */ #include "cvmx-platform.h" - #define WOLFSSL_GLOBAL CVMX_SHARED + #define WC_THREADSHARED CVMX_SHARED #else - #define WOLFSSL_GLOBAL + #define WC_THREADSHARED #endif #ifdef WOLFSSL_DSP @@ -1331,10 +1438,13 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L) #include #define XFENCE() atomic_thread_fence(memory_order_seq_cst) - #elif defined(__GNUC__) && (__GNUC__ >= 4) && (__GNUC__ < 5) + #elif defined(__GNUC__) && (__GNUC__ == 4) && \ + defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 1) #define XFENCE() __sync_synchronize() #elif (defined(__GNUC__) && (__GNUC__ >= 5)) || defined (__clang__) #define XFENCE() __atomic_thread_fence(__ATOMIC_SEQ_CST) + #elif defined(WOLFSSL_NO_ASM) + #define XFENCE() WC_DO_NOTHING #elif defined (__i386__) || defined(__x86_64__) #define XFENCE() XASM_VOLATILE("lfence") #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__) diff --git a/src/wolfssl/wolfio.h b/src/wolfssl/wolfio.h index 2cd43c7..4d1145b 100644 --- a/src/wolfssl/wolfio.h +++ b/src/wolfssl/wolfio.h @@ -416,7 +416,7 @@ #endif #endif #ifndef XSOCKOPT_TYPE_OPTVAL_TYPE - #ifdef USE_WINDOWS_API + #ifndef USE_WINDOWS_API #define XSOCKOPT_TYPE_OPTVAL_TYPE void* #else #define XSOCKOPT_TYPE_OPTVAL_TYPE char* @@ -520,13 +520,19 @@ WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, #endif #endif /* WOLFSSL_NO_SOCK */ +WOLFSSL_API int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); +WOLFSSL_API int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); +#ifndef OPENSSL_COEXIST /* Preserve API previously exposed */ -WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); -WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); +#define BioSend wolfSSL_BioSend +#define BioReceive wolfSSL_BioReceive +#endif WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, char* buf, int sz); +#endif WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); #if defined(USE_WOLFSSL_IO) /* default IO callbacks */ @@ -605,6 +611,8 @@ WOLFSSL_API void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv WOLFSSL_API void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend); WOLFSSL_API void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv); WOLFSSL_API void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend); +WOLFSSL_API void wolfSSL_SSLDisableRead(WOLFSSL *ssl); +WOLFSSL_API void wolfSSL_SSLEnableRead(WOLFSSL *ssl); /* deprecated old name */ #define wolfSSL_SetIORecv wolfSSL_CTX_SetIORecv #define wolfSSL_SetIOSend wolfSSL_CTX_SetIOSend From cccc88420fd2fc9a42fdeb95d52d16728bb7cccb Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 7 May 2025 11:00:01 +0200 Subject: [PATCH 2/8] wolfssl 5.8.0 Release for Arduino --- ChangeLog.md | 210 + README | 300 +- README.md | 305 +- examples/template/README.md | 34 + examples/template/template.ino | 143 + examples/template/wolfssl_helper.c | 52 + examples/template/wolfssl_helper.h | 37 + .../wolfssl_library/src/wolfssl_library.cpp | 42 + .../wolfssl_library/wolfssl_library.h | 46 + examples/wolfssl_AES_CTR/README.md | 34 + examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino | 268 + examples/wolfssl_client/README.md | 6 + examples/wolfssl_client/wolfssl_client.ino | 13 +- examples/wolfssl_server/README.md | 6 + examples/wolfssl_server/wolfssl_server.ino | 14 +- examples/wolfssl_version/wolfssl_version.ino | 23 +- library.properties | 2 +- src/src/bio.c | 105 +- src/src/conf.c | 40 +- src/src/crl.c | 49 +- src/src/dtls.c | 19 +- src/src/dtls13.c | 147 +- src/src/internal.c | 965 ++- src/src/keys.c | 23 +- src/src/ocsp.c | 460 +- src/src/pk.c | 111 +- src/src/quic.c | 34 +- src/src/sniffer.c | 11 +- src/src/ssl.c | 1847 +++-- src/src/ssl_asn1.c | 75 +- src/src/ssl_bn.c | 468 +- src/src/ssl_certman.c | 9 +- src/src/ssl_crypto.c | 29 +- src/src/ssl_load.c | 254 +- src/src/ssl_misc.c | 10 +- src/src/ssl_p7p12.c | 14 +- src/src/ssl_sess.c | 42 +- src/src/tls.c | 2190 ++++-- src/src/tls13.c | 559 +- src/src/wolfio.c | 65 +- src/src/x509.c | 386 +- src/src/x509_str.c | 125 +- src/user_settings.h | 34 +- src/wolfcrypt/src/aes.c | 596 +- src/wolfcrypt/src/arc4.c | 10 +- src/wolfcrypt/src/ascon.c | 521 ++ src/wolfcrypt/src/asm.c | 9 +- src/wolfcrypt/src/asn.c | 2203 ++++-- src/wolfcrypt/src/bio.c | 105 +- src/wolfcrypt/src/blake2b.c | 33 +- src/wolfcrypt/src/blake2s.c | 33 +- src/wolfcrypt/src/camellia.c | 11 +- src/wolfcrypt/src/chacha.c | 14 +- src/wolfcrypt/src/chacha20_poly1305.c | 10 +- src/wolfcrypt/src/cmac.c | 15 +- src/wolfcrypt/src/coding.c | 198 +- src/wolfcrypt/src/compress.c | 12 +- src/wolfcrypt/src/cpuid.c | 31 +- src/wolfcrypt/src/cryptocb.c | 38 +- src/wolfcrypt/src/curve25519.c | 214 +- src/wolfcrypt/src/curve448.c | 9 +- src/wolfcrypt/src/des3.c | 14 +- src/wolfcrypt/src/dh.c | 117 +- src/wolfcrypt/src/dilithium.c | 158 +- src/wolfcrypt/src/dsa.c | 11 +- src/wolfcrypt/src/ecc.c | 112 +- src/wolfcrypt/src/eccsi.c | 11 +- src/wolfcrypt/src/ed25519.c | 14 +- src/wolfcrypt/src/ed448.c | 10 +- src/wolfcrypt/src/error.c | 17 +- src/wolfcrypt/src/evp.c | 761 ++- src/wolfcrypt/src/ext_lms.c | 18 +- src/wolfcrypt/src/ext_mlkem.c | 762 +++ src/wolfcrypt/src/ext_xmss.c | 9 +- src/wolfcrypt/src/falcon.c | 38 +- src/wolfcrypt/src/fe_448.c | 24 +- src/wolfcrypt/src/fe_low_mem.c | 9 +- src/wolfcrypt/src/fe_operations.c | 98 +- src/wolfcrypt/src/ge_448.c | 1168 ++-- src/wolfcrypt/src/ge_low_mem.c | 10 +- src/wolfcrypt/src/ge_operations.c | 16 +- src/wolfcrypt/src/hash.c | 10 +- src/wolfcrypt/src/hmac.c | 424 +- src/wolfcrypt/src/hpke.c | 108 +- src/wolfcrypt/src/integer.c | 57 +- src/wolfcrypt/src/kdf.c | 30 +- src/wolfcrypt/src/logging.c | 28 +- src/wolfcrypt/src/md2.c | 23 +- src/wolfcrypt/src/md4.c | 24 +- src/wolfcrypt/src/md5.c | 12 +- src/wolfcrypt/src/memory.c | 26 +- src/wolfcrypt/src/misc.c | 522 +- src/wolfcrypt/src/pkcs12.c | 79 +- src/wolfcrypt/src/pkcs7.c | 1419 ++-- src/wolfcrypt/src/poly1305.c | 58 +- src/wolfcrypt/src/port/Espressif/esp32_aes.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_mp.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_sha.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_util.c | 31 +- .../src/port/Espressif/esp_sdk_mem_lib.c | 2 +- .../src/port/Espressif/esp_sdk_time_lib.c | 2 +- .../src/port/Espressif/esp_sdk_wifi_lib.c | 2 +- src/wolfcrypt/src/port/atmel/atmel.c | 2 +- src/wolfcrypt/src/pwdbased.c | 15 +- src/wolfcrypt/src/random.c | 91 +- src/wolfcrypt/src/rc2.c | 10 +- src/wolfcrypt/src/ripemd.c | 12 +- src/wolfcrypt/src/rsa.c | 60 +- src/wolfcrypt/src/sakke.c | 11 +- src/wolfcrypt/src/sha.c | 13 +- src/wolfcrypt/src/sha256.c | 20 +- src/wolfcrypt/src/sha3.c | 28 +- src/wolfcrypt/src/sha512.c | 36 +- src/wolfcrypt/src/signature.c | 10 +- src/wolfcrypt/src/siphash.c | 13 +- src/wolfcrypt/src/sm2.c | 8 +- src/wolfcrypt/src/sm3.c | 8 +- src/wolfcrypt/src/sm4.c | 8 +- src/wolfcrypt/src/sp_arm32.c | 3782 +++++++++-- src/wolfcrypt/src/sp_arm64.c | 9 +- src/wolfcrypt/src/sp_armthumb.c | 51 +- src/wolfcrypt/src/sp_c32.c | 9 +- src/wolfcrypt/src/sp_c64.c | 9 +- src/wolfcrypt/src/sp_cortexm.c | 1527 +++-- src/wolfcrypt/src/sp_dsp32.c | 10 +- src/wolfcrypt/src/sp_int.c | 212 +- src/wolfcrypt/src/sp_sm2_arm32.c | 8 +- src/wolfcrypt/src/sp_sm2_arm64.c | 8 +- src/wolfcrypt/src/sp_sm2_armthumb.c | 8 +- src/wolfcrypt/src/sp_sm2_c32.c | 8 +- src/wolfcrypt/src/sp_sm2_c64.c | 8 +- src/wolfcrypt/src/sp_sm2_cortexm.c | 8 +- src/wolfcrypt/src/sp_sm2_x86_64.c | 8 +- src/wolfcrypt/src/sp_x86_64.c | 9 +- src/wolfcrypt/src/sphincs.c | 12 +- src/wolfcrypt/src/srp.c | 95 +- src/wolfcrypt/src/tfm.c | 15 +- src/wolfcrypt/src/wc_dsp.c | 9 +- src/wolfcrypt/src/wc_encrypt.c | 14 +- src/wolfcrypt/src/wc_lms.c | 49 +- src/wolfcrypt/src/wc_lms_impl.c | 38 +- src/wolfcrypt/src/wc_mlkem.c | 2070 ++++++ src/wolfcrypt/src/wc_mlkem_poly.c | 5986 +++++++++++++++++ src/wolfcrypt/src/wc_pkcs11.c | 10 +- src/wolfcrypt/src/wc_port.c | 366 +- src/wolfcrypt/src/wc_xmss.c | 10 +- src/wolfcrypt/src/wc_xmss_impl.c | 100 +- src/wolfcrypt/src/wolfevent.c | 10 +- src/wolfcrypt/src/wolfmath.c | 10 +- src/wolfssl-arduino.cpp | 33 + src/wolfssl.h | 16 +- src/wolfssl/bio.c | 105 +- src/wolfssl/callbacks.h | 2 +- src/wolfssl/crl.h | 2 +- src/wolfssl/error-ssl.h | 2 +- src/wolfssl/evp.c | 761 ++- src/wolfssl/internal.h | 157 +- src/wolfssl/ocsp.h | 2 +- src/wolfssl/openssl/aes.h | 2 +- src/wolfssl/openssl/asn1.h | 7 +- src/wolfssl/openssl/asn1t.h | 2 +- src/wolfssl/openssl/bio.h | 3 +- src/wolfssl/openssl/bn.h | 43 +- src/wolfssl/openssl/buffer.h | 2 +- src/wolfssl/openssl/camellia.h | 2 +- src/wolfssl/openssl/cmac.h | 2 +- src/wolfssl/openssl/cms.h | 2 +- src/wolfssl/openssl/compat_types.h | 2 +- src/wolfssl/openssl/conf.h | 2 +- src/wolfssl/openssl/crypto.h | 2 +- src/wolfssl/openssl/des.h | 2 +- src/wolfssl/openssl/dh.h | 2 +- src/wolfssl/openssl/dsa.h | 2 +- src/wolfssl/openssl/ec.h | 2 +- src/wolfssl/openssl/ec25519.h | 2 +- src/wolfssl/openssl/ec448.h | 2 +- src/wolfssl/openssl/ecdh.h | 2 +- src/wolfssl/openssl/ecdsa.h | 2 +- src/wolfssl/openssl/ed25519.h | 2 +- src/wolfssl/openssl/ed448.h | 2 +- src/wolfssl/openssl/err.h | 2 +- src/wolfssl/openssl/evp.h | 14 +- src/wolfssl/openssl/fips_rand.h | 2 +- src/wolfssl/openssl/hmac.h | 2 +- src/wolfssl/openssl/kdf.h | 2 +- src/wolfssl/openssl/lhash.h | 2 +- src/wolfssl/openssl/md4.h | 2 +- src/wolfssl/openssl/md5.h | 2 +- src/wolfssl/openssl/modes.h | 2 +- src/wolfssl/openssl/obj_mac.h | 23 +- src/wolfssl/openssl/objects.h | 4 +- src/wolfssl/openssl/ocsp.h | 2 +- src/wolfssl/openssl/opensslv.h | 2 +- src/wolfssl/openssl/ossl_typ.h | 2 +- src/wolfssl/openssl/pem.h | 2 +- src/wolfssl/openssl/pkcs12.h | 2 +- src/wolfssl/openssl/pkcs7.h | 2 +- src/wolfssl/openssl/rand.h | 2 +- src/wolfssl/openssl/rc4.h | 2 +- src/wolfssl/openssl/ripemd.h | 2 +- src/wolfssl/openssl/rsa.h | 2 +- src/wolfssl/openssl/safestack.h | 2 +- src/wolfssl/openssl/sha.h | 2 +- src/wolfssl/openssl/sha3.h | 2 +- src/wolfssl/openssl/srp.h | 2 +- src/wolfssl/openssl/ssl.h | 25 +- src/wolfssl/openssl/stack.h | 2 +- src/wolfssl/openssl/tls1.h | 2 +- src/wolfssl/openssl/txt_db.h | 2 +- src/wolfssl/openssl/x509.h | 5 +- src/wolfssl/openssl/x509_vfy.h | 2 +- src/wolfssl/openssl/x509v3.h | 2 +- src/wolfssl/quic.h | 2 +- src/wolfssl/sniffer.h | 2 +- src/wolfssl/sniffer_error.h | 2 +- src/wolfssl/ssl.h | 199 +- src/wolfssl/test.h | 113 +- src/wolfssl/version.h | 6 +- src/wolfssl/wolfcrypt/aes.h | 59 +- src/wolfssl/wolfcrypt/arc4.h | 2 +- src/wolfssl/wolfcrypt/ascon.h | 109 + src/wolfssl/wolfcrypt/asn.h | 248 +- src/wolfssl/wolfcrypt/asn_public.h | 11 +- src/wolfssl/wolfcrypt/blake2-impl.h | 2 +- src/wolfssl/wolfcrypt/blake2-int.h | 2 +- src/wolfssl/wolfcrypt/blake2.h | 6 +- src/wolfssl/wolfcrypt/camellia.h | 2 +- src/wolfssl/wolfcrypt/chacha.h | 2 +- src/wolfssl/wolfcrypt/chacha20_poly1305.h | 10 +- src/wolfssl/wolfcrypt/cmac.h | 2 +- src/wolfssl/wolfcrypt/coding.h | 5 +- src/wolfssl/wolfcrypt/compress.h | 2 +- src/wolfssl/wolfcrypt/cpuid.h | 2 +- src/wolfssl/wolfcrypt/cryptocb.h | 116 +- src/wolfssl/wolfcrypt/curve25519.h | 24 +- src/wolfssl/wolfcrypt/curve448.h | 2 +- src/wolfssl/wolfcrypt/des3.h | 2 +- src/wolfssl/wolfcrypt/dh.h | 2 +- src/wolfssl/wolfcrypt/dilithium.h | 67 +- src/wolfssl/wolfcrypt/dsa.h | 2 +- src/wolfssl/wolfcrypt/ecc.h | 5 +- src/wolfssl/wolfcrypt/eccsi.h | 2 +- src/wolfssl/wolfcrypt/ed25519.h | 3 +- src/wolfssl/wolfcrypt/ed448.h | 2 +- src/wolfssl/wolfcrypt/error-crypt.h | 12 +- src/wolfssl/wolfcrypt/ext_lms.h | 2 +- src/wolfssl/wolfcrypt/ext_mlkem.h | 74 + src/wolfssl/wolfcrypt/ext_xmss.h | 2 +- src/wolfssl/wolfcrypt/falcon.h | 2 +- src/wolfssl/wolfcrypt/fe_448.h | 5 +- src/wolfssl/wolfcrypt/fe_operations.h | 6 +- src/wolfssl/wolfcrypt/fips_test.h | 6 +- src/wolfssl/wolfcrypt/ge_448.h | 2 +- src/wolfssl/wolfcrypt/ge_operations.h | 2 +- src/wolfssl/wolfcrypt/hash.h | 12 +- src/wolfssl/wolfcrypt/hmac.h | 6 +- src/wolfssl/wolfcrypt/hpke.h | 11 +- src/wolfssl/wolfcrypt/integer.h | 2 +- src/wolfssl/wolfcrypt/kdf.h | 2 +- src/wolfssl/wolfcrypt/libwolfssl_sources.h | 50 + .../wolfcrypt/libwolfssl_sources_asm.h | 48 + src/wolfssl/wolfcrypt/lms.h | 8 +- src/wolfssl/wolfcrypt/logging.h | 6 +- src/wolfssl/wolfcrypt/md2.h | 2 +- src/wolfssl/wolfcrypt/md4.h | 2 +- src/wolfssl/wolfcrypt/md5.h | 2 +- src/wolfssl/wolfcrypt/mem_track.h | 6 +- src/wolfssl/wolfcrypt/memory.h | 2 +- src/wolfssl/wolfcrypt/misc.h | 5 +- src/wolfssl/wolfcrypt/mlkem.h | 374 + src/wolfssl/wolfcrypt/mpi_class.h | 2 +- src/wolfssl/wolfcrypt/mpi_superclass.h | 2 +- src/wolfssl/wolfcrypt/pkcs11.h | 2 +- src/wolfssl/wolfcrypt/pkcs12.h | 5 +- src/wolfssl/wolfcrypt/pkcs7.h | 17 +- src/wolfssl/wolfcrypt/poly1305.h | 16 +- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 2 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 48 +- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 2 +- src/wolfssl/wolfcrypt/port/atmel/atmel.h | 2 +- src/wolfssl/wolfcrypt/pwdbased.h | 2 +- src/wolfssl/wolfcrypt/random.h | 2 +- src/wolfssl/wolfcrypt/rc2.h | 2 +- src/wolfssl/wolfcrypt/ripemd.h | 2 +- src/wolfssl/wolfcrypt/rsa.h | 2 +- src/wolfssl/wolfcrypt/sakke.h | 2 +- src/wolfssl/wolfcrypt/selftest.h | 2 +- src/wolfssl/wolfcrypt/settings.h | 137 +- src/wolfssl/wolfcrypt/sha.h | 2 +- src/wolfssl/wolfcrypt/sha256.h | 8 +- src/wolfssl/wolfcrypt/sha3.h | 3 +- src/wolfssl/wolfcrypt/sha512.h | 4 +- src/wolfssl/wolfcrypt/signature.h | 2 +- src/wolfssl/wolfcrypt/siphash.h | 2 +- src/wolfssl/wolfcrypt/sm2.h | 2 +- src/wolfssl/wolfcrypt/sm3.h | 2 +- src/wolfssl/wolfcrypt/sm4.h | 2 +- src/wolfssl/wolfcrypt/sp.h | 2 +- src/wolfssl/wolfcrypt/sp_int.h | 21 +- src/wolfssl/wolfcrypt/sphincs.h | 2 +- src/wolfssl/wolfcrypt/srp.h | 2 +- src/wolfssl/wolfcrypt/tfm.h | 2 +- src/wolfssl/wolfcrypt/types.h | 173 +- src/wolfssl/wolfcrypt/visibility.h | 33 +- src/wolfssl/wolfcrypt/wc_encrypt.h | 2 +- src/wolfssl/wolfcrypt/wc_lms.h | 28 +- src/wolfssl/wolfcrypt/wc_mlkem.h | 378 ++ src/wolfssl/wolfcrypt/wc_pkcs11.h | 2 +- src/wolfssl/wolfcrypt/wc_port.h | 107 +- src/wolfssl/wolfcrypt/wc_xmss.h | 2 +- src/wolfssl/wolfcrypt/wolfevent.h | 2 +- src/wolfssl/wolfcrypt/wolfmath.h | 17 +- src/wolfssl/wolfcrypt/xmss.h | 2 +- src/wolfssl/wolfio.h | 91 +- 314 files changed, 30464 insertions(+), 8361 deletions(-) create mode 100644 examples/template/README.md create mode 100644 examples/template/template.ino create mode 100644 examples/template/wolfssl_helper.c create mode 100644 examples/template/wolfssl_helper.h create mode 100644 examples/template/wolfssl_library/src/wolfssl_library.cpp create mode 100644 examples/template/wolfssl_library/wolfssl_library.h create mode 100644 examples/wolfssl_AES_CTR/README.md create mode 100644 examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino create mode 100644 src/wolfcrypt/src/ascon.c create mode 100644 src/wolfcrypt/src/ext_mlkem.c create mode 100644 src/wolfcrypt/src/wc_mlkem.c create mode 100644 src/wolfcrypt/src/wc_mlkem_poly.c create mode 100644 src/wolfssl-arduino.cpp create mode 100644 src/wolfssl/wolfcrypt/ascon.h create mode 100644 src/wolfssl/wolfcrypt/ext_mlkem.h create mode 100644 src/wolfssl/wolfcrypt/libwolfssl_sources.h create mode 100644 src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h create mode 100644 src/wolfssl/wolfcrypt/mlkem.h create mode 100644 src/wolfssl/wolfcrypt/wc_mlkem.h diff --git a/ChangeLog.md b/ChangeLog.md index 0b32346..a9cdff9 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,213 @@ +# wolfSSL Release 5.8.0 (Apr 24, 2025) + +Release 5.8.0 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is deprecated + +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + +## New Feature Additions +* Algorithm registration in the Linux kernel module for all supported FIPS AES, + SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes. +* Implemented various fixes to support building for Open Watcom including OS/2 + support and Open Watcom 1.9 compatibility (PR 8505, 8484) +* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488) +* Added support for STM32WBA (PR 8550) +* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks + build (PR 8303) +* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594) +* Added support for libimobiledevice commit 860ffb (PR 8373) +* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD + (PR 8307) +* Added blinding option when using a Curve25519 private key by defining the + macro WOLFSSL_CURVE25519_BLINDING (PR 8392) + + +## Linux Kernel Module +* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes), + rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256, + P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with + bare and PKCS1 padding +* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552) +* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for + compatibility with FIPS 140-3 Cert #4718. +* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override + macro (PR 8654) +* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit + 7450ebd29c (merged for Linux 6.15) (PR 8667) +* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673) +* Fix for uninitialized build error with fedora (PR 8569) +* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663, + 8646) +* Added force zero shared secret buffer, and clear of old key with ecdh + (PR 8685) +* Update fips-check.sh script to pickup XTS streaming support on aarch64 and + disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546) + + +## Enhancements and Optimizations + +### Security & Cryptography +* Add constant-time implementation improvements for encoding functions. We thank + Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and + reporting several non-constant-time implementations. (PR 8396, 8617) +* Additional support for PKCS7 verify and decode with indefinite lengths + (PR 8520, 834, 8645) +* Add more PQC hybrid key exchange algorithms such as support for combinations + with X25519 and X448 enabling compatibility with the PQC key exchange support + in Chromium browsers and Mozilla Firefox (PR 7821) +* Add short-circuit comparisons to DH key validation for RFC 7919 parameters + (PR 8335) +* Improve FIPS compatibility with various build configurations for more resource + constrained builds (PR 8370) +* Added option to disable ECC public key order checking (PR 8581) +* Allow critical alt and basic constraints extensions (PR 8542) +* New codepoint for MLDSA to help with interoperability (PR 8393) +* Add support for parsing trusted PEM certs having the header + “BEGIN_TRUSTED_CERT” (PR 8400) +* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs + (PR 8599, 8686) +* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c + handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425) + +### Build System, Configuration, CI & Protocols +* Internal refactor for include of config.h and when building with + BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated + function” when trying to improperly use an internal API of wolfSSL in an + external application. (PR 8640, 8647, 8660, 8662, 8664) +* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548) +* Add CMake and Zephyr support for XMSS and LMS (PR 8494) +* Added GitHub CI for CMake builds (PR 8439) +* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382) +* Add MSYS2 build continuous integration test (PR 8504) +* Update DevKitPro doc to list calico dependency with build commands (PR 8607) +* Conversion compiler warning fixes and additional continuous integration test + added (PR 8538) +* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481) +* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds + (PR 8526) + +### Performance Improvements +* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429) +* LMS fixes and improvements adding API to get Key ID from raw private key, + change to identifiers to match standard, and fix for when + WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623) +* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage, + performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619, + 8622, 8588) +* Performance improvements for AES-GCM and when doing multiple HMAC operations + (PR 8445) + +### Assembly and Platform-Specific Enhancements +* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for + Aarch64 use (PR 8344, 8561, 8671) +* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD + (PR 8325, 8348) +* Only perform ARM assembly CPUID checks if support was enabled at build time + (PR 8566) +* Optimizations for ARM32 assembly instructions on platforms less than ARMv7 + (PR 8395) +* Improve MSVC feature detection for static assert macros (PR 8440) +* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402) +* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h + (PR 8422, PR 8641) + +### OpenSSL Compatibility Layer +* Modification to the push/pop to/from in OpenSSL compatibility layer. This is + a pretty major API change in the OpenSSL compatibility stack functions. + Previously the API would push/pop from the beginning of the list but now they + operate on the tail of the list. This matters when using the sk_value with + index values. (PR 8616) +* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498) +* Expand the OpenSSL compatibility layer to include an implementation of + BN_CTX_get (PR 8388) + +### API Additions and Modifications +* Refactor Hpke to allow multiple uses of a context instead of just one shot + mode (PR 6805) +* Add support for PSK client callback with Ada and use with Alire (thanks + @mgrojo, PR 8332, 8606) +* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add + functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to + rotate the server's echConfigs (PR 8556) +* Added the public API wc_PkcsPad to do PKCS padding (PR 8502) +* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518) +* Update Kyber APIs to ML-KEM APIs (PR 8536) +* Add option to disallow automatic use of "default" devId using the macro + WC_NO_DEFAULT_DEVID (PR 8555) +* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk + format (PR 8630) + +### Porting and Language Support +* Update Python port to support version 3.12.6 (PR 8345) +* New additions for MAXQ with wolfPKCS11 (PR 8343) +* Port to ntp 4.2.8p17 additions (PR 8324) +* Add version 0.9.14 to tested libvncserver builds (PR 8337) + +### General Improvements and Cleanups +* Cleanups for STM32 AES GCM (PR 8584) +* Improvements to isascii() and the CMake key log option (PR 8596) +* Arduino documentation updates, comments and spelling corrections (PR 8381, + 8384, 8514) +* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and + --enable-all builds (PR 8369, 8371) + + +## Fixes +* Fix a use after free caused by an early free on error in the X509 store + (PR 8449) +* Fix to account for existing PKCS8 header with + wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612) +* Fixed failing CMake build issue when standard threads support is not found in + the system (PR 8485) +* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with + gcc -march=native -O2 (PR 8329) +* Fix Windows socket API compatibility warning with mingw32 build (PR 8424) +* Fix potential null pointer increments in cipher list parsing (PR 8420) +* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7. + Thanks to the team at Code Intelligence for the report. (PR 8466) +* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379) +* Fixed building with VS2008 and .NET 3.5 (PR 8621) +* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447) +* Fixed SSL_set_mtu compatibility function return code (PR 8330) +* Fixed Renesas RX TSIP (PR 8595) +* Fixed ECC non-blocking tests (PR 8533) +* Fixed CMake on MINGW and MSYS (PR 8377) +* Fixed Watcom compiler and added new CI test (PR 8391) +* Fixed STM32 PKA ECC 521-bit support (PR 8450) +* Fixed STM32 PKA with P521 and shared secret (PR 8601) +* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602) +* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD + (PR 8575) +* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350) +* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407) +* Fix CMake lean_tls build (PR 8460) +* Fix for QUIC callback failure (PR 8475) +* Fix missing alert types in AlertTypeToString for print out with debugging + enabled (PR 8572) +* Fixes for MSVS build issues with PQC configure (PR 8568) +* Fix for SE050 port and minor improvements (PR 8431, 8437) +* Fix for missing rewind function in zephyr and add missing files for compiling + with assembly optimizations (PR 8531, 8541) +* Fix for quic_record_append to return the correct code (PR 8340, 8358) +* Fixes for Bind 9.18.28 port (PR 8331) +* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when + negotiating TLS 1.3 (PR 8487) +* Fix to properly check for signature_algorithms from the client in a TLS 1.3 + server (PR 8356) +* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code + Intelligence for the report (PR 8426) +* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations + (PR 8590, 8635) +* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm + or zmm registers are used (PR 8479) +* Entropy MemUse fix for when block size less than update bits (PR 8675) + + # wolfSSL Release 5.7.6 (Dec 31, 2024) Release 5.7.6 has been developed according to wolfSSL's development and QA diff --git a/README b/README index 47579ee..582977d 100644 --- a/README +++ b/README @@ -70,130 +70,214 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.6 (Dec 31, 2024) +# wolfSSL Release 5.8.0 (Apr 24, 2025) -Release 5.7.6 has been developed according to wolfSSL's development and QA +Release 5.8.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: - * --enable-heapmath is deprecated. - * In this release, the default cipher suite preference is updated to prioritize - TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. - * This release adds a sanity check for including wolfssl/options.h or - user_settings.h. - +NOTE: * --enable-heapmath is deprecated PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. -## Vulnerabilities -* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 - when performing OCSP requests for intermediate certificates in a certificate - chain. This affects only TLS 1.3 connections on the server side. It would not - impact other TLS protocol versions or connections that are not using the - traditional OCSP implementation. (Fix in pull request 8115) - - ## New Feature Additions -* Add support for RP2350 and improve RP2040 support, both with RNG optimizations - (PR 8153) -* Add support for STM32MP135F, including STM32CubeIDE support and HAL support - for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) -* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) -* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) -* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and - wc_Curve25519KeyDecode (PR 8129) -* CRL improvements and update callback, added the functions - wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) -* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) +* Algorithm registration in the Linux kernel module for all supported FIPS AES, + SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes. +* Implemented various fixes to support building for Open Watcom including OS/2 + support and Open Watcom 1.9 compatibility (PR 8505, 8484) +* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488) +* Added support for STM32WBA (PR 8550) +* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks + build (PR 8303) +* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594) +* Added support for libimobiledevice commit 860ffb (PR 8373) +* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD + (PR 8307) +* Added blinding option when using a Curve25519 private key by defining the + macro WOLFSSL_CURVE25519_BLINDING (PR 8392) + + +## Linux Kernel Module +* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes), + rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256, + P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with + bare and PKCS1 padding +* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552) +* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for + compatibility with FIPS 140-3 Cert #4718. +* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override + macro (PR 8654) +* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit + 7450ebd29c (merged for Linux 6.15) (PR 8667) +* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673) +* Fix for uninitialized build error with fedora (PR 8569) +* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663, + 8646) +* Added force zero shared secret buffer, and clear of old key with ecdh + (PR 8685) +* Update fips-check.sh script to pickup XTS streaming support on aarch64 and + disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546) ## Enhancements and Optimizations -* Add a CMake dependency check for pthreads when required. (PR 8162) -* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary - not affected). (PR 8170) -* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) -* Change the default cipher suite preference, prioritizing - TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) -* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling - (PR 8215) -* Make library build when no hardware crypto available for Aarch64 (PR 8293) -* Update assembly code to avoid `uint*_t` types for better compatibility with - older C standards. (PR 8133) -* Add initial documentation for writing ASN template code to decode BER/DER. - (PR 8120) -* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) -* Allow SHA-3 hardware cryptography instructions to be explicitly not used in - MacOS builds (PR 8282) -* Make Kyber and ML-KEM available individually and together. (PR 8143) -* Update configuration options to include Kyber/ML-KEM and fix defines used in - wolfSSL_get_curve_name. (PR 8183) -* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) -* Improved test coverage and minor improvements of X509 (PR 8176) -* Add sanity checks for configuration methods, ensuring the inclusion of - wolfssl/options.h or user_settings.h. (PR 8262) -* Enable support for building without TLS (NO_TLS). Provides reduced code size - option for non-TLS users who want features like the certificate manager or - compatibility layer. (PR 8273) -* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) -* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) -* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) -* Add support for the RFC822 Mailbox attribute (PR 8280) -* Initialize variables and adjust types resolve warnings with Visual Studio in - Windows builds. (PR 8181) -* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) -* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests - (PR 8261, 8255, 8245) -* Remove trailing error exit code in wolfSSL install setup script (PR 8189) -* Update Arduino files for wolfssl 5.7.4 (PR 8219) -* Improve Espressif SHA HW/SW mutex messages (PR 8225) -* Apply post-5.7.4 release updates for Espressif Managed Component examples - (PR 8251) -* Expansion of c89 conformance (PR 8164) -* Added configure option for additional sanity checks with --enable-faultharden - (PR 8289) -* Aarch64 ASM additions to check CPU features before hardware crypto instruction - use (PR 8314) + +### Security & Cryptography +* Add constant-time implementation improvements for encoding functions. We thank + Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and + reporting several non-constant-time implementations. (PR 8396, 8617) +* Additional support for PKCS7 verify and decode with indefinite lengths + (PR 8520, 834, 8645) +* Add more PQC hybrid key exchange algorithms such as support for combinations + with X25519 and X448 enabling compatibility with the PQC key exchange support + in Chromium browsers and Mozilla Firefox (PR 7821) +* Add short-circuit comparisons to DH key validation for RFC 7919 parameters + (PR 8335) +* Improve FIPS compatibility with various build configurations for more resource + constrained builds (PR 8370) +* Added option to disable ECC public key order checking (PR 8581) +* Allow critical alt and basic constraints extensions (PR 8542) +* New codepoint for MLDSA to help with interoperability (PR 8393) +* Add support for parsing trusted PEM certs having the header + “BEGIN_TRUSTED_CERT” (PR 8400) +* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs + (PR 8599, 8686) +* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c + handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425) + +### Build System, Configuration, CI & Protocols +* Internal refactor for include of config.h and when building with + BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated + function” when trying to improperly use an internal API of wolfSSL in an + external application. (PR 8640, 8647, 8660, 8662, 8664) +* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548) +* Add CMake and Zephyr support for XMSS and LMS (PR 8494) +* Added GitHub CI for CMake builds (PR 8439) +* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382) +* Add MSYS2 build continuous integration test (PR 8504) +* Update DevKitPro doc to list calico dependency with build commands (PR 8607) +* Conversion compiler warning fixes and additional continuous integration test + added (PR 8538) +* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481) +* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds + (PR 8526) + +### Performance Improvements +* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429) +* LMS fixes and improvements adding API to get Key ID from raw private key, + change to identifiers to match standard, and fix for when + WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623) +* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage, + performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619, + 8622, 8588) +* Performance improvements for AES-GCM and when doing multiple HMAC operations + (PR 8445) + +### Assembly and Platform-Specific Enhancements +* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for + Aarch64 use (PR 8344, 8561, 8671) +* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD + (PR 8325, 8348) +* Only perform ARM assembly CPUID checks if support was enabled at build time + (PR 8566) +* Optimizations for ARM32 assembly instructions on platforms less than ARMv7 + (PR 8395) +* Improve MSVC feature detection for static assert macros (PR 8440) +* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402) +* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h + (PR 8422, PR 8641) + +### OpenSSL Compatibility Layer +* Modification to the push/pop to/from in OpenSSL compatibility layer. This is + a pretty major API change in the OpenSSL compatibility stack functions. + Previously the API would push/pop from the beginning of the list but now they + operate on the tail of the list. This matters when using the sk_value with + index values. (PR 8616) +* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498) +* Expand the OpenSSL compatibility layer to include an implementation of + BN_CTX_get (PR 8388) + +### API Additions and Modifications +* Refactor Hpke to allow multiple uses of a context instead of just one shot + mode (PR 6805) +* Add support for PSK client callback with Ada and use with Alire (thanks + @mgrojo, PR 8332, 8606) +* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add + functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to + rotate the server's echConfigs (PR 8556) +* Added the public API wc_PkcsPad to do PKCS padding (PR 8502) +* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518) +* Update Kyber APIs to ML-KEM APIs (PR 8536) +* Add option to disallow automatic use of "default" devId using the macro + WC_NO_DEFAULT_DEVID (PR 8555) +* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk + format (PR 8630) + +### Porting and Language Support +* Update Python port to support version 3.12.6 (PR 8345) +* New additions for MAXQ with wolfPKCS11 (PR 8343) +* Port to ntp 4.2.8p17 additions (PR 8324) +* Add version 0.9.14 to tested libvncserver builds (PR 8337) + +### General Improvements and Cleanups +* Cleanups for STM32 AES GCM (PR 8584) +* Improvements to isascii() and the CMake key log option (PR 8596) +* Arduino documentation updates, comments and spelling corrections (PR 8381, + 8384, 8514) +* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and + --enable-all builds (PR 8369, 8371) ## Fixes -* Fix a memory issue when using the compatibility layer with - WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) -* Fix a build issue with signature fault hardening when using public key - callbacks (HAVE_PK_CALLBACKS). (PR 8287) -* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX - objects and free’ing one of them (PR 8180) -* Fix potential memory leak in error case with Aria. (PR 8268) -* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) -* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) -* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) -* Fix incorrect version setting in CSRs. (PR 8136) -* Correct debugging output for cryptodev. (PR 8202) -* Fix for benchmark application use with /dev/crypto GMAC auth error due to size - of AAD (PR 8210) -* Add missing checks for the initialization of sp_int/mp_int with DSA to free - memory properly in error cases. (PR 8209) -* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) -* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) -* Prevent adding a certificate to the CA cache for Renesas builds if it does not - set CA:TRUE in basic constraints. (PR 8060) -* Fix attribute certificate holder entityName parsing. (PR 8166) -* Resolve build issues for configurations without any wolfSSL/openssl - compatibility layer headers. (PR 8182) -* Fix for building SP RSA small and RSA public only (PR 8235) -* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) -* Fix to ensure all files have settings.h included (like wc_lms.c) and guards - for building all `*.c` files (PR 8257 and PR 8140) -* Fix x86 target build issues in Visual Studio for non-Windows operating - systems. (PR 8098) -* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) -* Properly handle reference counting when adding to the X509 store. (PR 8233) -* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas - example. Thanks to Hongbo for the report on example issues. (PR 7537) -* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. - Thanks to Peter for the issue reported. (PR 8139) +* Fix a use after free caused by an early free on error in the X509 store + (PR 8449) +* Fix to account for existing PKCS8 header with + wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612) +* Fixed failing CMake build issue when standard threads support is not found in + the system (PR 8485) +* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with + gcc -march=native -O2 (PR 8329) +* Fix Windows socket API compatibility warning with mingw32 build (PR 8424) +* Fix potential null pointer increments in cipher list parsing (PR 8420) +* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7. + Thanks to the team at Code Intelligence for the report. (PR 8466) +* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379) +* Fixed building with VS2008 and .NET 3.5 (PR 8621) +* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447) +* Fixed SSL_set_mtu compatibility function return code (PR 8330) +* Fixed Renesas RX TSIP (PR 8595) +* Fixed ECC non-blocking tests (PR 8533) +* Fixed CMake on MINGW and MSYS (PR 8377) +* Fixed Watcom compiler and added new CI test (PR 8391) +* Fixed STM32 PKA ECC 521-bit support (PR 8450) +* Fixed STM32 PKA with P521 and shared secret (PR 8601) +* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602) +* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD + (PR 8575) +* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350) +* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407) +* Fix CMake lean_tls build (PR 8460) +* Fix for QUIC callback failure (PR 8475) +* Fix missing alert types in AlertTypeToString for print out with debugging + enabled (PR 8572) +* Fixes for MSVS build issues with PQC configure (PR 8568) +* Fix for SE050 port and minor improvements (PR 8431, 8437) +* Fix for missing rewind function in zephyr and add missing files for compiling + with assembly optimizations (PR 8531, 8541) +* Fix for quic_record_append to return the correct code (PR 8340, 8358) +* Fixes for Bind 9.18.28 port (PR 8331) +* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when + negotiating TLS 1.3 (PR 8487) +* Fix to properly check for signature_algorithms from the client in a TLS 1.3 + server (PR 8356) +* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code + Intelligence for the report (PR 8426) +* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations + (PR 8590, 8635) +* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm + or zmm registers are used (PR 8479) +* Entropy MemUse fix for when block size less than update bits (PR 8675) For additional vulnerability information visit the vulnerability page at: diff --git a/README.md b/README.md index b75d0d5..7c0fd06 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Arduino wolfSSL Library -This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.7.6 for the Arduino platform. +This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.8.0 for the Arduino platform. The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json). @@ -63,7 +63,7 @@ OpenSSL. wolfSSL is powered by the wolfCrypt cryptography library. Two versions of wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and -certificate #3389). FIPS 140-3 validation is in progress. For additional +certificate #3389). FIPS 140-3 validated (Certificate #4718). For additional information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com. @@ -124,131 +124,214 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.6 (Dec 31, 2024) +# wolfSSL Release 5.8.0 (Apr 24, 2025) -Release 5.7.6 has been developed according to wolfSSL's development and QA +Release 5.8.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: - * --enable-heapmath is deprecated. - * In this release, the default cipher suite preference is updated to prioritize - TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. - * This release adds a sanity check for including wolfssl/options.h or - user_settings.h. - +NOTE: * --enable-heapmath is deprecated PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. -## Vulnerabilities -* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 - when performing OCSP requests for intermediate certificates in a certificate - chain. This affects only TLS 1.3 connections on the server side. It would not - impact other TLS protocol versions or connections that are not using the - traditional OCSP implementation. (Fix in pull request 8115) - - ## New Feature Additions -* Add support for RP2350 and improve RP2040 support, both with RNG optimizations - (PR 8153) -* Add support for STM32MP135F, including STM32CubeIDE support and HAL support - for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) -* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) -* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) -* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and - wc_Curve25519KeyDecode (PR 8129) -* CRL improvements and update callback, added the functions - wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) -* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) +* Algorithm registration in the Linux kernel module for all supported FIPS AES, + SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes. +* Implemented various fixes to support building for Open Watcom including OS/2 + support and Open Watcom 1.9 compatibility (PR 8505, 8484) +* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488) +* Added support for STM32WBA (PR 8550) +* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks + build (PR 8303) +* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594) +* Added support for libimobiledevice commit 860ffb (PR 8373) +* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD + (PR 8307) +* Added blinding option when using a Curve25519 private key by defining the + macro WOLFSSL_CURVE25519_BLINDING (PR 8392) + + +## Linux Kernel Module +* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes), + rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256, + P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with + bare and PKCS1 padding +* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552) +* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for + compatibility with FIPS 140-3 Cert #4718. +* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override + macro (PR 8654) +* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit + 7450ebd29c (merged for Linux 6.15) (PR 8667) +* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673) +* Fix for uninitialized build error with fedora (PR 8569) +* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663, + 8646) +* Added force zero shared secret buffer, and clear of old key with ecdh + (PR 8685) +* Update fips-check.sh script to pickup XTS streaming support on aarch64 and + disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546) ## Enhancements and Optimizations -* Add a CMake dependency check for pthreads when required. (PR 8162) -* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary - not affected). (PR 8170) -* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) -* Change the default cipher suite preference, prioritizing - TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) -* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling - (PR 8215) -* Make library build when no hardware crypto available for Aarch64 (PR 8293) -* Update assembly code to avoid `uint*_t` types for better compatibility with - older C standards. (PR 8133) -* Add initial documentation for writing ASN template code to decode BER/DER. - (PR 8120) -* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) -* Allow SHA-3 hardware cryptography instructions to be explicitly not used in - MacOS builds (PR 8282) -* Make Kyber and ML-KEM available individually and together. (PR 8143) -* Update configuration options to include Kyber/ML-KEM and fix defines used in - wolfSSL_get_curve_name. (PR 8183) -* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) -* Improved test coverage and minor improvements of X509 (PR 8176) -* Add sanity checks for configuration methods, ensuring the inclusion of - wolfssl/options.h or user_settings.h. (PR 8262) -* Enable support for building without TLS (NO_TLS). Provides reduced code size - option for non-TLS users who want features like the certificate manager or - compatibility layer. (PR 8273) -* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) -* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) -* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) -* Add support for the RFC822 Mailbox attribute (PR 8280) -* Initialize variables and adjust types resolve warnings with Visual Studio in - Windows builds. (PR 8181) -* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) -* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests - (PR 8261, 8255, 8245) -* Remove trailing error exit code in wolfSSL install setup script (PR 8189) -* Update Arduino files for wolfssl 5.7.4 (PR 8219) -* Improve Espressif SHA HW/SW mutex messages (PR 8225) -* Apply post-5.7.4 release updates for Espressif Managed Component examples - (PR 8251) -* Expansion of c89 conformance (PR 8164) -* Added configure option for additional sanity checks with --enable-faultharden - (PR 8289) -* Aarch64 ASM additions to check CPU features before hardware crypto instruction - use (PR 8314) +### Security & Cryptography +* Add constant-time implementation improvements for encoding functions. We thank + Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and + reporting several non-constant-time implementations. (PR 8396, 8617) +* Additional support for PKCS7 verify and decode with indefinite lengths + (PR 8520, 834, 8645) +* Add more PQC hybrid key exchange algorithms such as support for combinations + with X25519 and X448 enabling compatibility with the PQC key exchange support + in Chromium browsers and Mozilla Firefox (PR 7821) +* Add short-circuit comparisons to DH key validation for RFC 7919 parameters + (PR 8335) +* Improve FIPS compatibility with various build configurations for more resource + constrained builds (PR 8370) +* Added option to disable ECC public key order checking (PR 8581) +* Allow critical alt and basic constraints extensions (PR 8542) +* New codepoint for MLDSA to help with interoperability (PR 8393) +* Add support for parsing trusted PEM certs having the header + “BEGIN_TRUSTED_CERT” (PR 8400) +* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs + (PR 8599, 8686) +* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c + handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425) + +### Build System, Configuration, CI & Protocols +* Internal refactor for include of config.h and when building with + BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated + function” when trying to improperly use an internal API of wolfSSL in an + external application. (PR 8640, 8647, 8660, 8662, 8664) +* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548) +* Add CMake and Zephyr support for XMSS and LMS (PR 8494) +* Added GitHub CI for CMake builds (PR 8439) +* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382) +* Add MSYS2 build continuous integration test (PR 8504) +* Update DevKitPro doc to list calico dependency with build commands (PR 8607) +* Conversion compiler warning fixes and additional continuous integration test + added (PR 8538) +* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481) +* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds + (PR 8526) + +### Performance Improvements +* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429) +* LMS fixes and improvements adding API to get Key ID from raw private key, + change to identifiers to match standard, and fix for when + WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623) +* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage, + performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619, + 8622, 8588) +* Performance improvements for AES-GCM and when doing multiple HMAC operations + (PR 8445) + +### Assembly and Platform-Specific Enhancements +* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for + Aarch64 use (PR 8344, 8561, 8671) +* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD + (PR 8325, 8348) +* Only perform ARM assembly CPUID checks if support was enabled at build time + (PR 8566) +* Optimizations for ARM32 assembly instructions on platforms less than ARMv7 + (PR 8395) +* Improve MSVC feature detection for static assert macros (PR 8440) +* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402) +* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h + (PR 8422, PR 8641) + +### OpenSSL Compatibility Layer +* Modification to the push/pop to/from in OpenSSL compatibility layer. This is + a pretty major API change in the OpenSSL compatibility stack functions. + Previously the API would push/pop from the beginning of the list but now they + operate on the tail of the list. This matters when using the sk_value with + index values. (PR 8616) +* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498) +* Expand the OpenSSL compatibility layer to include an implementation of + BN_CTX_get (PR 8388) + +### API Additions and Modifications +* Refactor Hpke to allow multiple uses of a context instead of just one shot + mode (PR 6805) +* Add support for PSK client callback with Ada and use with Alire (thanks + @mgrojo, PR 8332, 8606) +* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add + functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to + rotate the server's echConfigs (PR 8556) +* Added the public API wc_PkcsPad to do PKCS padding (PR 8502) +* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518) +* Update Kyber APIs to ML-KEM APIs (PR 8536) +* Add option to disallow automatic use of "default" devId using the macro + WC_NO_DEFAULT_DEVID (PR 8555) +* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk + format (PR 8630) + +### Porting and Language Support +* Update Python port to support version 3.12.6 (PR 8345) +* New additions for MAXQ with wolfPKCS11 (PR 8343) +* Port to ntp 4.2.8p17 additions (PR 8324) +* Add version 0.9.14 to tested libvncserver builds (PR 8337) + +### General Improvements and Cleanups +* Cleanups for STM32 AES GCM (PR 8584) +* Improvements to isascii() and the CMake key log option (PR 8596) +* Arduino documentation updates, comments and spelling corrections (PR 8381, + 8384, 8514) +* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and + --enable-all builds (PR 8369, 8371) -## Fixes -* Fix a memory issue when using the compatibility layer with - WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) -* Fix a build issue with signature fault hardening when using public key - callbacks (HAVE_PK_CALLBACKS). (PR 8287) -* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX - objects and free’ing one of them (PR 8180) -* Fix potential memory leak in error case with Aria. (PR 8268) -* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) -* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) -* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) -* Fix incorrect version setting in CSRs. (PR 8136) -* Correct debugging output for cryptodev. (PR 8202) -* Fix for benchmark application use with /dev/crypto GMAC auth error due to size - of AAD (PR 8210) -* Add missing checks for the initialization of sp_int/mp_int with DSA to free - memory properly in error cases. (PR 8209) -* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) -* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) -* Prevent adding a certificate to the CA cache for Renesas builds if it does not - set CA:TRUE in basic constraints. (PR 8060) -* Fix attribute certificate holder entityName parsing. (PR 8166) -* Resolve build issues for configurations without any wolfSSL/openssl - compatibility layer headers. (PR 8182) -* Fix for building SP RSA small and RSA public only (PR 8235) -* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) -* Fix to ensure all files have settings.h included (like wc_lms.c) and guards - for building all `*.c` files (PR 8257 and PR 8140) -* Fix x86 target build issues in Visual Studio for non-Windows operating - systems. (PR 8098) -* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) -* Properly handle reference counting when adding to the X509 store. (PR 8233) -* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas - example. Thanks to Hongbo for the report on example issues. (PR 7537) -* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. - Thanks to Peter for the issue reported. (PR 8139) +## Fixes +* Fix a use after free caused by an early free on error in the X509 store + (PR 8449) +* Fix to account for existing PKCS8 header with + wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612) +* Fixed failing CMake build issue when standard threads support is not found in + the system (PR 8485) +* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with + gcc -march=native -O2 (PR 8329) +* Fix Windows socket API compatibility warning with mingw32 build (PR 8424) +* Fix potential null pointer increments in cipher list parsing (PR 8420) +* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7. + Thanks to the team at Code Intelligence for the report. (PR 8466) +* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379) +* Fixed building with VS2008 and .NET 3.5 (PR 8621) +* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447) +* Fixed SSL_set_mtu compatibility function return code (PR 8330) +* Fixed Renesas RX TSIP (PR 8595) +* Fixed ECC non-blocking tests (PR 8533) +* Fixed CMake on MINGW and MSYS (PR 8377) +* Fixed Watcom compiler and added new CI test (PR 8391) +* Fixed STM32 PKA ECC 521-bit support (PR 8450) +* Fixed STM32 PKA with P521 and shared secret (PR 8601) +* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602) +* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD + (PR 8575) +* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350) +* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407) +* Fix CMake lean_tls build (PR 8460) +* Fix for QUIC callback failure (PR 8475) +* Fix missing alert types in AlertTypeToString for print out with debugging + enabled (PR 8572) +* Fixes for MSVS build issues with PQC configure (PR 8568) +* Fix for SE050 port and minor improvements (PR 8431, 8437) +* Fix for missing rewind function in zephyr and add missing files for compiling + with assembly optimizations (PR 8531, 8541) +* Fix for quic_record_append to return the correct code (PR 8340, 8358) +* Fixes for Bind 9.18.28 port (PR 8331) +* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when + negotiating TLS 1.3 (PR 8487) +* Fix to properly check for signature_algorithms from the client in a TLS 1.3 + server (PR 8356) +* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code + Intelligence for the report (PR 8426) +* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations + (PR 8590, 8635) +* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm + or zmm registers are used (PR 8479) +* Entropy MemUse fix for when block size less than update bits (PR 8675) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/examples/template/README.md b/examples/template/README.md new file mode 100644 index 0000000..5ce0cbf --- /dev/null +++ b/examples/template/README.md @@ -0,0 +1,34 @@ +# Template Example + +Open the [template.ino](./template.ino) file in the Arduino IDE. + +Other IDE products are also supported, such as: + +- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html) +- [VisualGDB](https://visualgdb.com/tutorials/arduino/) +- [VisualMicro](https://www.visualmicro.com/) + +For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE). +Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). + + +### Troubleshooting + +When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this: + +```text +c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr' +collect2.exe: error: ld returned 1 exit status + +exit status 1 + +Compilation error: exit status 1 +``` + +Try cleaning the Arduino cache directories. For Windows, that's typically in: + +```text +C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches +``` + +Remove all other boards from other serial ports, leaving one the one being programmed. diff --git a/examples/template/template.ino b/examples/template/template.ino new file mode 100644 index 0000000..8998976 --- /dev/null +++ b/examples/template/template.ino @@ -0,0 +1,143 @@ +/* template.ino + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ + +/* This is Arduino reference sketch example 2 of 2: multiple file .ino */ +/* See also template.ino project example using a single file project. */ + +/* Do not insert attempts at appending wolfssl user_settings.h here. + * All wolfssl settings needed by wolfSSL must be in the user_settings.h */ +#include + +/* settings.h is included from Arduino `wolfssl.h`, but a good practice to + * include before any other wolfssl headers. As a reminder here: */ +#include + +/* Include a simple wolfSSL header to this example: */ +#include + +/* There's a wolfSSL_Arduino_Serial_Print() for logging messages in wolfssl. */ +#include + +/* Include files (.c, .cpp, .h) typically in the same directory as the sketch; + * The wolfssl_helper is an example of this: */ +#include "wolfssl_helper.h" + +/* Arduino library header files are typically not in an `include` directory; + * The wolfssl_library is an example of a library directory: */ +#include "wolfssl_library/wolfssl_library.h" +#include "wolfssl_library/src/wolfssl_library.cpp" /* Force compilation */ + +/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ +#define SERIAL_BAUD 115200 + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino setup() */ +/*****************************************************************************/ +/*****************************************************************************/ +void setup() { + Serial.begin(SERIAL_BAUD); + while (!Serial) { + /* wait for serial port to connect. Needed for native USB port only */ + delay(10); + } + /* See https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h */ + /* Various historical versions have differing features enabled. */ +#ifdef WOLFSSL_USER_SETTINGS_ID + /* Print the release version at runtime for reference. */ + Serial.println(WOLFSSL_USER_SETTINGS_ID); +#else + /* Introduced after v5.7.6, or otherwise missing from user_settings.h */ + Serial.println("A WOLFSSL_USER_SETTINGS_ID not found."); +#endif + + Serial.println(F("wolfSSL setup complete!!")); + Serial.println(F("")); + Serial.println(F("")); +} + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino loop() */ +/*****************************************************************************/ +/*****************************************************************************/ +void loop() { + int ret; + Serial.println("\nLOOP!\n\n"); + + Serial.print("wolfSSL Version: "); + Serial.println(LIBWOLFSSL_VERSION_STRING); + + /* A project-level include. + * These files typically WILL be visible automatically in the Arduino IDE */ + ret = wolfssl_helper_sample(); + Serial.print("- wolfssl_helper_sample ret = "); + Serial.println(ret); + + /* A local library directory. + * These files typically WILL NOT be visible in the Arduino IDE */ + ret = wolfssl_library_sample(); + Serial.print("- wolfssl_library_sample ret = "); + Serial.println(ret); + + /* This next section demonstrates wolfSSL logging. Logging is toggled + * on or off for each Arduino loop() iteration. WOLFSSL_MSG() only + * prints messages when debugging is turned on. */ + + /* Internal wolfssl_log() uses wolfSSL_Arduino_Serial_Print() */ + Serial.println(""); + Serial.println("Example wolfSSL_Arduino_Serial_Print():"); + wolfSSL_Arduino_Serial_Print("Hello from wolfSSL_Arduino_Serial_Print"); + + /* WOLFSSL_MSG uses wolfssl_log() for conditional messages. */ + Serial.println("The next line is conditional depending on debug state:"); + WOLFSSL_MSG("Hello from wolfssl_log"); + Serial.println(""); + + ret = WOLFSSL_IS_DEBUG_ON(); + if (ret == 0) { + Serial.println(""); /* nothing would have printed in WOLFSSL_MSG */ + Serial.println("WOLFSSL_IS_DEBUG_ON is not set (debugging off)"); + + Serial.println("Calling wolfSSL_Debugging_ON()"); + wolfSSL_Debugging_ON(); + } + else { + Serial.println("WOLFSSL_IS_DEBUG_ON is set (debugging on)"); + + Serial.println("Calling wolfSSL_Debugging_OFF()"); + wolfSSL_Debugging_OFF(); + } + + delay(60000); +} diff --git a/examples/template/wolfssl_helper.c b/examples/template/wolfssl_helper.c new file mode 100644 index 0000000..f4eeb57 --- /dev/null +++ b/examples/template/wolfssl_helper.c @@ -0,0 +1,52 @@ +/* my_library.cpp + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This is a sample include directory library using wolfSSL. + * + * Do not explicitly include wolfSSL user_settings.h here. + * + * Be sure to include these files in all libraries that reference + * wolfssl in this order: */ + +#include +/* settings.h is typically included in wolfssl.h, but here as a reminder: */ +#include +#include + +#include "wolfssl_helper.h" + +int wolfssl_helper_sample() +{ + /* We cannot use Serial.print in a "c" file */ + /* Serial.print("Hello world!"); */ + int ret; + printf("Hello wolfssl_helper_sample!\r\n"); + + printf("- Calling wolfSSL_Init()\r\n"); + ret = wolfSSL_Init(); + if (ret == WOLFSSL_SUCCESS) { + printf("- Success wolfssl_helper!\r\n"); + } + else { + printf("- Error initializing wolfSSL!\r\n"); + } + return ret; +} diff --git a/examples/template/wolfssl_helper.h b/examples/template/wolfssl_helper.h new file mode 100644 index 0000000..844f022 --- /dev/null +++ b/examples/template/wolfssl_helper.h @@ -0,0 +1,37 @@ +/* wolfssl_helper.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef _WOLFSSL_HELPER_H_ +#define _WOLFSSL_HELPER_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/* Sample source code is C, but Arduino is compiling with C++ */ +int wolfssl_helper_sample(); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/examples/template/wolfssl_library/src/wolfssl_library.cpp b/examples/template/wolfssl_library/src/wolfssl_library.cpp new file mode 100644 index 0000000..e4d9685 --- /dev/null +++ b/examples/template/wolfssl_library/src/wolfssl_library.cpp @@ -0,0 +1,42 @@ +/* wolfssl_library.cpp + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#include +#include +#include + +/* Arduino source is typically in a `src` directory, with header in parent: */ +#include "../wolfssl_library.h" + +int wolfssl_library_sample() +{ + int ret = 0; + Serial.println("\nHello wolfssl_library!"); + + printf("- Calling wolfSSL_Init()\r\n"); + ret = wolfSSL_Init(); + if (ret == WOLFSSL_SUCCESS) { + printf("- Success wolfssl_library!\r\n"); + } + else { + printf("- Error initializing wolfSSL!\r\n"); + } + return ret; +} diff --git a/examples/template/wolfssl_library/wolfssl_library.h b/examples/template/wolfssl_library/wolfssl_library.h new file mode 100644 index 0000000..98f5dfd --- /dev/null +++ b/examples/template/wolfssl_library/wolfssl_library.h @@ -0,0 +1,46 @@ +/* wolfssl_library.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* This is a sample include directory library using wolfSSL. + * + * Do not explicitly include wolfSSL user_settings.h here. + * + * Be sure to include these files in all libraries that reference + * wolfssl in this order: */ + +#include +#include "wolfssl.h" + + #ifndef _WOLFSSL_LIBRARY_H_ + #define _WOLFSSL_LIBRARY_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +int wolfssl_library_sample(); + +#ifdef __cplusplus +} +#endif + +#endif /* _WOLFSSL_LIBRARY_H_ */ diff --git a/examples/wolfssl_AES_CTR/README.md b/examples/wolfssl_AES_CTR/README.md new file mode 100644 index 0000000..c9b26d6 --- /dev/null +++ b/examples/wolfssl_AES_CTR/README.md @@ -0,0 +1,34 @@ +# Arduino AES CTR Example + +Open the [wolfssl_AES_CTR.ino](./wolfssl_AES_CTR.ino) file in the Arduino IDE. + +Other IDE products are also supported, such as: + +- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html) +- [VisualGDB](https://visualgdb.com/tutorials/arduino/) +- [VisualMicro](https://www.visualmicro.com/) + +For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE). +Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). + + +### Troubleshooting + +When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this: + +```text +c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr' +collect2.exe: error: ld returned 1 exit status + +exit status 1 + +Compilation error: exit status 1 +``` + +Try cleaning the Arduino cache directories. For Windows, that's typically in: + +```text +C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches +``` + +Remove all other boards from other serial ports, leaving one the one being programmed. diff --git a/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino b/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino new file mode 100644 index 0000000..31ef797 --- /dev/null +++ b/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino @@ -0,0 +1,268 @@ +/* wolfssl_AES_CTR.ino + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* +The Advanced Encryption Standard (AES) is a specification for the encryption of electronic +data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. + +AES Counter mode (AES-CTR) is a "Block Cipher Mode of Operation" that +turns a block cipher into a stream cipher, as explained here: +https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Counter_(CTR) + +The wolfSSL AES algorithms in this sketch (e.g wc_AesCtrEncrypt) are just some of +many algorithms in the wolfSSL library. All are documented in the wolfSSL Manual at +https://www.wolfssl.com/documentation/manuals/wolfssl/group__AES.html + +This sketch example demonstrates AES-CTR usage by first encrypting the input +data producing the cipher, then decrypt the cipher to reveal the original data. + +Required user inputs +-------------------- +1) Encryption Key +2) Initialization Vector ("iv") +3) The input data to be encrypted + +Tested on +--------- +Arduino UNO R4 WiFi (Renesas ARM Cortex M4) +Sparkfun MicroMod WiFi Function Board (ESP32-WROOM-32E) +Wemos D1 R32 Development Board (ESP32-WROOM-32) +Teensy 4.1 (ARM Cortex M7) + +*/ + +#define WOLFSSL_AES_CTR_EXAMPLE +#include +#include + +#if defined(NO_AES) or !defined(WOLFSSL_AES_COUNTER) or !defined(WOLFSSL_AES_128) + /* edit user_settings.h in ~\Arduino\libraries\wolfssl\src + * e.g. for Windows: + * C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src + */ + #error "Missing AES, WOLFSSL_AES_COUNTER or WOLFSSL_AES_128" +#endif + +/* macro to check for expected results */ +#define ExpectIntEQ(p1, p2) if (p1 == p2) { \ + Serial.println(F("OK")); \ + } \ + else { \ + Serial.println(F("FAIL")); \ + } + + +/* USER INPUTS: + * The Encryption Key (encKey) is confidential and must only be shared with + * the intended recipient of the data. Length must be 16, 24, 32 or larger + * multiples of AES_BLOCK_SIZE + * + * The initialization Vector (iv) is a nonce/counter (or 'salt') that is + * incremented between each encryption to ensures no two ciphers are identical, + * even if the input data is unchanged. Can be any length. + * + * The input data ("input") provides the bytes to be encrypted. + * Must be 16, 24, 32 bytes, or larger multiples of AES_BLOCK_SIZE + */ + +/* Choose one of these data sets, or provide your own. */ +/* Example data set 1 */ +byte encKey[] = {0x33,0x9a,0x28,0x9d,0x08,0x61,0xe8,0x34, + 0x16,0xe5,0x8d,0xb7,0x58,0x33,0xdc,0x0a}; /* 16 bytes */ +byte iv[] = {0x43,0x05, 0, 0, 0, 0, 0, 0, /* Padded to */ + 0, 0, 0, 0, 0, 0, 0, 0}; /* 16 bytes */ +byte input[] = {0x05,0x00,0x8c,0x0a,0x21,0x00,0x6a,0x00, + 0x5c,0x00,0xff,0xff,0xc1,0xfc,0x25,0xc4}; /* 16 bytes */ + +/* + * Example data set 2 +byte encKey[] = {0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37, + 0x38,0x39,0x61,0x62,0x63,0x64,0x65,0x66, + 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37, + 0x38,0x39,0x61,0x62,0x63,0x64,0x65,0x66}; // 32 bytes + +byte iv[] = "1234567890abcdef"; + +byte input[] = { // Now is the time for all w/o trailing 0 + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20}; // 24 bytes +*/ + +/* create aes objects for encryption & decryption */ +Aes aesEnc; +Aes aesDec; + +/* Print out the data as HEX bytes with breaks every 8 bytes */ +void reportData(byte * data, int sz) { + int i; + for (i = 0; i < sz; i++) { + if (data[i] < 0x10) { + Serial.print(F("0")); + } + Serial.print(data[i], HEX); + if (i < sz - 1) { + if (((i + 1) % 8) == 0) { + Serial.print(F(" | ")); + } + else { + Serial.print(F(" ")); + } + } + } + Serial.println(); +} + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino setup() */ +/*****************************************************************************/ +/*****************************************************************************/ +void setup() { + Serial.begin(115200); + while (!Serial && millis() < 1000) ; /* wait for serial, up to 1 sec */ + + Serial.println(); + Serial.println(); + Serial.println(F("===== wolfSSL example: AES Counter mode =====")); + Serial.print(F("wolfSSL library version: ")); + Serial.println(LIBWOLFSSL_VERSION_STRING); + Serial.println(); +} + + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino loop() */ +/*****************************************************************************/ +/*****************************************************************************/ +void loop() { + memset(&aesEnc, 0, sizeof(Aes)); /* fill aesEnc with zeros */ + memset(&aesDec, 0, sizeof(Aes)); /* ditto aesDec */ + + /* --------------------------------------------------------------------- */ + /* Choose blkSize of be 16, 24, 32 or larger multiples of 8, based */ + /* on sizeof(input) data. Uncomment the relevant lines from following: */ + + Serial.print(F("data set 1 [")); + uint32_t blkSize = AES_BLOCK_SIZE * 1; /* 16 bytes (for data set 1) */ + + /* Serial.print(F("data set 2 - ")); */ + /* uint32_t blkSize = AES_BLOCK_SIZE * 1.5; // 24 bytes (for data set 2) */ + + /* Serial.print(F("my data set - ")); */ + /* uint32_t blkSize = AES_BLOCK_SIZE * n; // choose an appropriate n */ + + Serial.print(F("blkSize: ")); + Serial.print(blkSize); + Serial.println(F(" bytes]")); + Serial.println(); + /* ----------------------------------------------------------------------*/ + + byte cipher[blkSize]; /* for the encrypted data (or "cipher") */ + byte output[blkSize]; /* for the deciphered data */ + memset(cipher, 0, blkSize); /* fill with zeros */ + memset(output, 0, blkSize); /* fill with zeros */ + + /* initialize structures for encryption and decryption. */ + Serial.println(F("--- Encryption ...")); + Serial.print(F("init aes (enc) : ")); + + /* init aesEnc structure, with NULL heap hint, dev id not used. */ + ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); + + /* set up the key + salt in the AES encryption structure. */ + Serial.print(F("load key (enc) : ")); + ExpectIntEQ(wc_AesSetKey(&aesEnc, encKey, blkSize, iv, AES_ENCRYPTION), 0); + + /* encrypt */ + Serial.print(F("encryption done: ")); + ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, cipher, + input, sizeof(input) / sizeof(byte) ), 0); + + Serial.println(); + Serial.println(F("--- Decryption ...")); + /* set up the key + salt in the AES decryption structure. */ + Serial.print(F("init aes (dec) : ")); + + /* init aesDec structure, with NULL heap hint, dev id not used. */ + ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); + + /* set up the key + salt in an AES decryption structure. */ + Serial.print(F("load key (dec) : ")); + ExpectIntEQ(wc_AesSetKey(&aesDec, encKey, blkSize, iv, AES_ENCRYPTION), 0); + + /* decrypt */ + Serial.print(F("decryption done: ")); + ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, output, + cipher, sizeof(cipher) / sizeof(byte)), 0); + Serial.println(); + + /* Test for bad args */ + Serial.println(F("--- Check for bad arguments ...")); + Serial.print(F("Bad arguments 1: ")); + ExpectIntEQ(wc_AesCtrEncrypt(NULL, output, + cipher, sizeof(cipher) / sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + Serial.print(F("Bad arguments 2: ")); + ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, + cipher, sizeof(cipher) / sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + Serial.print(F("Bad arguments 3: ")); + ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, output, + NULL, sizeof(cipher) / sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Display data and results. */ + Serial.println(); + Serial.println(F("--- Inputs ...")); + Serial.print(F("key : ")); reportData(encKey, sizeof(encKey)); + Serial.print(F("salt/iv : ")); reportData(iv, sizeof(iv)); + Serial.print(F("data in : ")); reportData(input, sizeof(input)); + + Serial.println(); + Serial.println(F("--- Outputs ...")); + Serial.print(F("cipher : ")); + reportData(cipher, sizeof(cipher)); + Serial.print(F("decipher: ")); + reportData(output, sizeof(output)); + Serial.println(); + + if (memcmp(input, output, sizeof(input)) == 0) { + Serial.println(F("** SUCCESS ** deciphered data matches input data.")); + } + else { + Serial.print(F("*** FAILED *** deciphered & input data DO NOT MATCH.")); + } + Serial.println(); + + /* Free up resources associated with the aes structures. */ + wc_AesFree(&aesEnc); + wc_AesFree(&aesDec); + + Serial.println(F("===== end =====")); + + while (1) { + /* nothing */ + } +} diff --git a/examples/wolfssl_client/README.md b/examples/wolfssl_client/README.md index caf83c5..3068931 100644 --- a/examples/wolfssl_client/README.md +++ b/examples/wolfssl_client/README.md @@ -2,6 +2,12 @@ Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE. +If using WiFi, be sure to set `ssid` and `password` values. + +May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1. + +See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address. + Other IDE products are also supported, such as: - [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html) diff --git a/examples/wolfssl_client/wolfssl_client.ino b/examples/wolfssl_client/wolfssl_client.ino index d6ef702..8af1eaf 100644 --- a/examples/wolfssl_client/wolfssl_client.ino +++ b/examples/wolfssl_client/wolfssl_client.ino @@ -37,7 +37,7 @@ Tested with: */ /* If you have a private include, define it here, otherwise edit WiFi params */ -#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" +/* #define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" */ /* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ #define REPEAT_CONNECTION 0 @@ -68,12 +68,12 @@ Tested with: /* the /workspace directory may contain a private config * excluded from GitHub with items such as WiFi passwords */ #include MY_PRIVATE_CONFIG - static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID; - static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD; + static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; + static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; #else /* when using WiFi capable boards: */ - static const char* ssid PROGMEM = "your_SSID"; - static const char* password PROGMEM = "your_PASSWORD"; + static const char ssid[] PROGMEM = "your_SSID"; + static const char password[] PROGMEM = "your_PASSWORD"; #endif #define BROADCAST_ADDRESS "255.255.255.255" @@ -166,9 +166,10 @@ Tested with: #elif defined(OTHER_BOARD) */ #else + /* assume all other boards using WiFi library. Edit as needed: */ + #include #define USING_WIFI WiFiClient client; - #endif /* Only for syntax highlighters to show interesting options enabled: */ diff --git a/examples/wolfssl_server/README.md b/examples/wolfssl_server/README.md index a707357..e961d71 100644 --- a/examples/wolfssl_server/README.md +++ b/examples/wolfssl_server/README.md @@ -2,6 +2,12 @@ Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE. +If using WiFi, be sure to set `ssid` and `password` values. + +May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1. + +See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address. + Other IDE products are also supported, such as: - [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html) diff --git a/examples/wolfssl_server/wolfssl_server.ino b/examples/wolfssl_server/wolfssl_server.ino index c3820df..1b9d4ed 100644 --- a/examples/wolfssl_server/wolfssl_server.ino +++ b/examples/wolfssl_server/wolfssl_server.ino @@ -1,6 +1,6 @@ /* wolfssl_server.ino * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,7 +37,7 @@ Tested with: */ /* If you have a private include, define it here, otherwise edit WiFi params */ -#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" +/* #define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" */ /* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ #define REPEAT_CONNECTION 1 @@ -68,12 +68,12 @@ Tested with: /* the /workspace directory may contain a private config * excluded from GitHub with items such as WiFi passwords */ #include MY_PRIVATE_CONFIG - static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID; - static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD; + static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; + static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; #else /* when using WiFi capable boards: */ - static const char* ssid PROGMEM = "your_SSID"; - static const char* password PROGMEM = "your_PASSWORD"; + static const char ssid[] PROGMEM = "your_SSID"; + static const char password[] PROGMEM = "your_PASSWORD"; #endif #define BROADCAST_ADDRESS "255.255.255.255" @@ -166,6 +166,8 @@ Tested with: #elif defined(OTHER_BOARD) */ #else + /* assume all other boards using WiFi library. Edit as needed: */ + #include #define USING_WIFI WiFiClient client; WiFiServer server(WOLFSSL_PORT); diff --git a/examples/wolfssl_version/wolfssl_version.ino b/examples/wolfssl_version/wolfssl_version.ino index a2f13fe..12be948 100644 --- a/examples/wolfssl_version/wolfssl_version.ino +++ b/examples/wolfssl_version/wolfssl_version.ino @@ -30,13 +30,21 @@ * The wolfSSL "settings.h" must be included in each source file using wolfSSL. * The wolfSSL "settings.h" must appear before any other wolfSSL include. */ + +/* This is Arduino sketch example 1 of 2: single file .ino compile. */ +/* See also template.ino project example using multiple files. */ + #include #include /* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ #define SERIAL_BAUD 115200 -/* Arduino setup */ +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino setup() */ +/*****************************************************************************/ +/*****************************************************************************/ void setup() { Serial.begin(SERIAL_BAUD); while (!Serial) { @@ -45,9 +53,20 @@ void setup() { Serial.println(F("")); Serial.println(F("")); Serial.println(F("wolfSSL setup complete!")); + + /* See https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h */ + /* Various historical versions have differing features enabled. */ +#ifdef WOLFSSL_USER_SETTINGS_ID + /* Print the release version at runtime for reference. */ + Serial.println(WOLFSSL_USER_SETTINGS_ID); +#endif } -/* Arduino main application loop. */ +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino loop() */ +/*****************************************************************************/ +/*****************************************************************************/ void loop() { Serial.print("wolfSSL Version: "); Serial.println(LIBWOLFSSL_VERSION_STRING); diff --git a/library.properties b/library.properties index 1f9456b..16c905a 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=wolfssl -version=5.7.6 +version=5.8.0 author=wolfSSL Inc. maintainer=wolfSSL inc sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. diff --git a/src/src/bio.c b/src/src/bio.c index b265456..0b52a6c 100644 --- a/src/src/bio.c +++ b/src/src/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#include #if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */ #define _GNU_SOURCE 1 @@ -142,7 +139,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } - XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); + XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, (size_t)sz); bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { @@ -167,14 +164,14 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, - bio->wrSz - bio->rdIdx); + (long unsigned int)bio->wrSz - (size_t)bio->rdIdx); bio->wrSz -= bio->rdIdx; bio->rdIdx = 0; /* Resize down to WOLFSSL_BIO_RESIZE_THRESHOLD for fewer * allocations. */ if (wolfSSL_BUF_MEM_resize(bio->mem_buf, - bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? bio->wrSz : - WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { + bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? + (size_t)bio->wrSz : WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error"); return WOLFSSL_BIO_ERROR; } @@ -389,6 +386,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif break; + case WOLFSSL_BIO_NULL: + ret = 0; + break; + } /* switch */ } @@ -564,7 +565,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite"); return sz1; } - XMEMCPY(buf, data, sz1); + XMEMCPY(buf, data, (size_t)sz1); data = (char*)data + sz1; len -= sz1; @@ -572,7 +573,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, /* try again to see if maybe we wrapped around the ring buffer */ sz2 = wolfSSL_BIO_nwrite(bio, &buf, len); if (sz2 > 0) { - XMEMCPY(buf, data, sz2); + XMEMCPY(buf, data, (size_t)sz2); sz1 += sz2; if (len > sz2) bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY; @@ -610,8 +611,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, if (len == 0) return WOLFSSL_SUCCESS; /* Return early to make logic simpler */ - if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, bio->wrSz + len, 0) - == 0) { + if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) + + ((size_t)len), 0) == 0) { WOLFSSL_MSG("Error growing memory area"); return WOLFSSL_FAILURE; } @@ -621,7 +622,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, return WOLFSSL_FAILURE; } - XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); + XMEMCPY(bio->mem_buf->data + bio->wrSz, data, (size_t)len); bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->num.length = bio->mem_buf->max; bio->wrSz += len; @@ -813,6 +814,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif break; + case WOLFSSL_BIO_NULL: + ret = len; + break; + } /* switch */ } @@ -1138,7 +1143,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) ret = wolfSSL_BIO_nread(bio, &c, cSz); if (ret > 0 && ret < sz) { - XMEMCPY(buf, c, ret); + XMEMCPY(buf, c, (size_t)ret); } break; } @@ -1161,6 +1166,10 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) break; #endif /* WOLFCRYPT_ONLY */ + case WOLFSSL_BIO_NULL: + ret = 0; + break; + default: WOLFSSL_MSG("BIO type not supported yet with wolfSSL_BIO_gets"); } @@ -1256,13 +1265,13 @@ size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio) return 0; if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz; + return (size_t)bio->wrSz; } /* type BIO_BIO then check paired buffer */ if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) { WOLFSSL_BIO* pair = bio->pair; - return pair->wrIdx; + return (size_t)pair->wrIdx; } return 0; @@ -1308,12 +1317,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) #ifndef WOLFCRYPT_ONLY if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { - return (long)wolfSSL_pending(bio->ptr.ssl); + return (size_t)wolfSSL_pending(bio->ptr.ssl); } #endif if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz - bio->rdIdx; + return (size_t)(bio->wrSz - bio->rdIdx); } /* type BIO_BIO then check paired buffer */ @@ -1322,11 +1331,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) { /* in wrap around state where beginning of buffer is being * overwritten */ - return pair->wrSz - pair->rdIdx + pair->wrIdx; + return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) + + ((size_t)pair->wrIdx); } else { /* simple case where has not wrapped around */ - return pair->wrIdx - pair->rdIdx; + return (size_t)(pair->wrIdx - pair->rdIdx); } } return 0; @@ -1423,7 +1433,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + bio->ptr.mem_buf_data = (byte*)XMALLOC((size_t)size, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); @@ -1439,7 +1449,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num.length = size; + bio->num.length = (size_t)size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1908,7 +1918,7 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio) { - int len; + int len = 0; #ifndef NO_FILESYSTEM long memSz = 0; XFILE file; @@ -2309,6 +2319,15 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return &meth; } + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_NULL); + + WOLFSSL_ENTER("wolfSSL_BIO_s_null"); + + return &meth; + } WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) { @@ -2353,7 +2372,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); if (bio) { - bio->type = WOLFSSL_BIO_DGRAM; bio->shutdown = (byte)closeF; bio->num.fd = (SOCKET_T)fd; } @@ -2381,10 +2399,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else port = str + XSTRLEN(str); /* point to null terminator */ - bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */ + bio->ip = (char*)XMALLOC( + (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ip != NULL) { - XMEMCPY(bio->ip, str, port - str); + XMEMCPY(bio->ip, str, (size_t)(port - str)); bio->ip[port - str] = '\0'; bio->type = WOLFSSL_BIO_SOCKET; } @@ -2770,9 +2789,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else { size_t currLen = XSTRLEN(b->ip); + #ifdef WOLFSSL_NO_REALLOC + char* tmp = NULL; + #endif + if (currLen != newLen) { + #ifdef WOLFSSL_NO_REALLOC + tmp = b->ip; + b->ip = (char*)XMALLOC(newLen+1, b->heap, DYNAMIC_TYPE_OPENSSL); + if (b->ip != NULL && tmp != NULL) { + XMEMCPY(b->ip, tmp, newLen); + XFREE(tmp, b->heap, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; + } + #else b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap, DYNAMIC_TYPE_OPENSSL); + #endif if (b->ip == NULL) { WOLFSSL_MSG("Hostname realloc failed."); return WOLFSSL_FAILURE; @@ -2926,7 +2959,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->wrSz = len; bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { - XMEMCPY(bio->ptr.mem_buf_data, buf, len); + XMEMCPY(bio->ptr.mem_buf_data, buf, (size_t)len); bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -3295,11 +3328,11 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) count = XVSNPRINTF(NULL, 0, format, args); if (count >= 0) { - pt = (char*)XMALLOC(count + 1, bio->heap, + pt = (char*)XMALLOC((size_t)count + 1, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt != NULL) { - count = XVSNPRINTF(pt, count + 1, format, copy); + count = XVSNPRINTF(pt, (size_t)count + 1, format, copy); if (count >= 0) { ret = wolfSSL_BIO_write(bio, pt, count); @@ -3369,18 +3402,20 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%02x ", (unsigned char)buf[i]); else - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), + " "); if (i == 7) - (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); + (void)XSNPRINTF(line + o + 2, (size_t)((int)sizeof(line) - + (o + 2)), "-"); o += 3; } - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/src/conf.c b/src/src/conf.c index b614148..a30be38 100644 --- a/src/src/conf.c +++ b/src/src/conf.c @@ -1,6 +1,6 @@ /* conf.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFSSL_CONF_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -773,8 +768,18 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, /* This will allocate slightly more memory than necessary * but better be safe */ strLen += valueLen; + #ifdef WOLFSSL_NO_REALLOC + newRet = (char*)XMALLOC(strLen + 1, NULL, + DYNAMIC_TYPE_OPENSSL); + if (newRet != NULL && ret != NULL) { + XMEMCPY(newRet, ret, (strLen - valueLen) + 1); + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + ret = NULL; + } + #else newRet = (char*)XREALLOC(ret, strLen + 1, NULL, DYNAMIC_TYPE_OPENSSL); + #endif if (!newRet) { WOLFSSL_MSG("realloc error"); goto expand_cleanup; @@ -979,8 +984,6 @@ void wolfSSL_NCONF_free(WOLFSSL_CONF *conf) void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val) { - WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL; - if (val) { if (val->name) { /* Not a section. Don't free section as it is a shared pointer. */ @@ -992,12 +995,7 @@ void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val) XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL); /* Only free the stack structures. The contained conf values * will be freed in wolfSSL_NCONF_free */ - sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value; - while (sk) { - WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *tmp = sk->next; - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); - sk = tmp; - } + wolfSSL_sk_free((WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value); } XFREE(val, NULL, DYNAMIC_TYPE_OPENSSL); } @@ -1023,19 +1021,9 @@ WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new( */ void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk) { - WOLFSSL_STACK* tmp; WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free"); - if (sk == NULL) - return; - - /* parse through stack freeing each node */ - while (sk) { - tmp = sk->next; - wolfSSL_X509V3_conf_free(sk->data.conf); - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); - sk = tmp; - } + wolfSSL_sk_pop_free(sk, NULL); } int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk) diff --git a/src/src/crl.c b/src/src/crl.c index b78002c..437342c 100644 --- a/src/src/crl.c +++ b/src/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* CRL Options: @@ -32,11 +33,6 @@ CRL Options: * Return any errors encountered during loading CRL * from a directory. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #ifndef WOLFCRYPT_ONLY #ifdef HAVE_CRL @@ -87,6 +83,13 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) WOLFSSL_MSG("Init Mutex failed"); return BAD_MUTEX_E; } +#ifdef OPENSSL_ALL + { + int ret; + wolfSSL_RefInit(&crl->ref, &ret); + (void)ret; + } +#endif return 0; } @@ -213,7 +216,7 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap) WOLFSSL_ENTER("FreeCRL_Entry"); - while (tmp) { + while (tmp != NULL) { next = tmp->next; XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); tmp = next; @@ -241,11 +244,24 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) { CRL_Entry* tmp; + WOLFSSL_ENTER("FreeCRL"); + if (crl == NULL) return; +#ifdef OPENSSL_ALL + { + int ret; + int doFree = 0; + wolfSSL_RefDec(&crl->ref, &doFree, &ret); + if (ret != 0) + WOLFSSL_MSG("Couldn't lock x509 mutex"); + if (!doFree) + return; + } +#endif + tmp = crl->crlList; - WOLFSSL_ENTER("FreeCRL"); #ifdef HAVE_CRL_MONITOR if (crl->monitors[0].path) XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); @@ -898,7 +914,7 @@ static RevokedCert *DupRevokedCertList(RevokedCert* in, void* heap) static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) { CRL_Entry *dupl; - const size_t copyOffset = OFFSETOF(CRL_Entry, verifyMutex) + + const size_t copyOffset = WC_OFFSETOF(CRL_Entry, verifyMutex) + sizeof(ent->verifyMutex); #ifdef CRL_STATIC_REVOKED_LIST if (ent->totalCerts > CRL_MAX_REVOKED_CERTS) { @@ -916,9 +932,17 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) #ifndef CRL_STATIC_REVOKED_LIST dupl->certs = DupRevokedCertList(ent->certs, heap); + if (ent->certs != NULL && dupl->certs == NULL) { + CRL_Entry_free(dupl, heap); + return NULL; + } #endif #ifdef OPENSSL_EXTRA dupl->issuer = wolfSSL_X509_NAME_dup(ent->issuer); + if (ent->issuer != NULL && dupl->issuer == NULL) { + CRL_Entry_free(dupl, heap); + return NULL; + } #endif if (!ent->verified) { @@ -1027,6 +1051,7 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) if (dupl->monitors[0].path != NULL) { XFREE(dupl->monitors[0].path, dupl->heap, DYNAMIC_TYPE_CRL_MONITOR); + dupl->monitors[0].path = NULL; } return MEMORY_E; } @@ -1034,6 +1059,8 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl) #endif dupl->crlList = DupCRL_list(crl->crlList, dupl->heap); + if (dupl->crlList == NULL) + return MEMORY_E; #ifdef HAVE_CRL_IO dupl->crlIOCb = crl->crlIOCb; #endif @@ -1775,6 +1802,10 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) ret = ProcessFile(NULL, name, type, CRL_TYPE, NULL, 0, crl, VERIFY); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("CRL file load failed"); + wc_ReadDirClose(readCtx); + #ifdef WOLFSSL_SMALL_STACK + XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } } diff --git a/src/src/dtls.c b/src/src/dtls.c index ae27804..2d3c38b 100644 --- a/src/src/dtls.c +++ b/src/src/dtls.c @@ -1,6 +1,6 @@ /* dtls.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include + /* * WOLFSSL_DTLS_NO_HVR_ON_RESUME * WOLFSSL_DTLS13_NO_HRR_ON_RESUME @@ -46,12 +48,6 @@ * to explicitly enable this during runtime. */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#include - #ifndef WOLFCRYPT_ONLY #include @@ -365,7 +361,8 @@ static int FindExtByType(WolfSSL_ConstVector* ret, word16 extType, ato16(exts.elements + idx, &type); idx += OPAQUE16_LEN; idx += ReadVector16(exts.elements + idx, &ext); - if (idx > exts.size) + if (idx > exts.size || + ext.elements + ext.size > exts.elements + exts.size) return BUFFER_ERROR; if (type == extType) { XMEMCPY(ret, &ext, sizeof(ext)); @@ -498,7 +495,7 @@ static int TlsCheckSupportedVersion(const WOLFSSL* ssl, ch->extension, &tlsxFound); if (ret != 0) return ret; - if (!tlsxFound) { + if (!tlsxFound || tlsxSupportedVersions.elements == NULL) { *isTls13 = 0; return 0; } @@ -847,8 +844,6 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) WOLFSSL* nonConstSSL = (WOLFSSL*)ssl; TLSX* sslExts = nonConstSSL->extensions; - if (ret != 0) - goto dtls13_cleanup; nonConstSSL->options.tls = 1; nonConstSSL->options.tls1_1 = 1; nonConstSSL->options.tls1_3 = 1; @@ -1221,7 +1216,7 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl) info = (CIDInfo*)XMALLOC(sizeof(CIDInfo), ssl->heap, DYNAMIC_TYPE_TLSX); if (info == NULL) return MEMORY_ERROR; - ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL**), ssl->heap, DYNAMIC_TYPE_TLSX); + ext = (WOLFSSL**)XMALLOC(sizeof(WOLFSSL*), ssl->heap, DYNAMIC_TYPE_TLSX); if (ext == NULL) { XFREE(info, ssl->heap, DYNAMIC_TYPE_TLSX); return MEMORY_ERROR; diff --git a/src/src/dtls13.c b/src/src/dtls13.c index 161ce4f..5a9b6dc 100644 --- a/src/src/dtls13.c +++ b/src/src/dtls13.c @@ -1,6 +1,6 @@ /* dtls13.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H -#include -#endif - -#include +#include #ifdef WOLFSSL_DTLS13 @@ -31,10 +27,7 @@ #include #include #include -#include #include -#include -#include #ifdef NO_INLINE #include @@ -185,7 +178,8 @@ int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out, /* seq[0] combines the epoch and 16 MSB of sequence number. We write on the epoch field and will overflow to the first two bytes of the sequence number */ - c32toa(seq[0], hdr->epoch); + c16toa((word16)(seq[0] >> 16), hdr->epoch); + c16toa((word16)seq[0], hdr->sequenceNumber); c32toa(seq[1], &hdr->sequenceNumber[2]); c16toa(length, hdr->length); @@ -724,7 +718,7 @@ static Dtls13RecordNumber* Dtls13NewRecordNumber(w64wrapper epoch, return rn; } -static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) +int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) { Dtls13RecordNumber* rn; @@ -734,12 +728,28 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) #endif { + /* Find location to insert new record */ + Dtls13RecordNumber** prevNext = &ssl->dtls13Rtx.seenRecords; + Dtls13RecordNumber* cur = ssl->dtls13Rtx.seenRecords; + + for (; cur != NULL; prevNext = &cur->next, cur = cur->next) { + if (w64Equal(cur->epoch, epoch) && w64Equal(cur->seq, seq)) { + /* already in list. no duplicates. */ + return 0; + } + else if (w64LT(epoch, cur->epoch) + || (w64Equal(epoch, cur->epoch) + && w64LT(seq, cur->seq))) { + break; + } + } + rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); if (rn == NULL) return MEMORY_E; - rn->next = ssl->dtls13Rtx.seenRecords; - ssl->dtls13Rtx.seenRecords = rn; + *prevNext = rn; + rn->next = cur; #ifdef WOLFSSL_RW_THREADED wc_UnLockMutex(&ssl->dtls13Rtx.mutex); #endif @@ -1551,11 +1561,14 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) byte* output; int isLast; int sendSz; +#ifndef NO_ASN_TIME word32 now; +#endif int ret; WOLFSSL_ENTER("Dtls13RtxSendBuffered"); +#ifndef NO_ASN_TIME now = LowResTimer(); if (now - ssl->dtls13Rtx.lastRtx < DTLS13_MIN_RTX_INTERVAL) { #ifdef WOLFSSL_DEBUG_TLS @@ -1565,6 +1578,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) } ssl->dtls13Rtx.lastRtx = now; +#endif r = ssl->dtls13Rtx.rtxRecords; prevNext = &ssl->dtls13Rtx.rtxRecords; @@ -1639,6 +1653,102 @@ static int Dtls13AcceptFragmented(WOLFSSL *ssl, enum HandShakeType type) #endif return 0; } + +int Dtls13CheckEpoch(WOLFSSL* ssl, enum HandShakeType type) +{ + w64wrapper plainEpoch = w64From32(0x0, 0x0); + w64wrapper hsEpoch = w64From32(0x0, DTLS13_EPOCH_HANDSHAKE); + w64wrapper t0Epoch = w64From32(0x0, DTLS13_EPOCH_TRAFFIC0); + + if (IsAtLeastTLSv1_3(ssl->version)) { + switch (type) { + case client_hello: + case server_hello: + case hello_verify_request: + case hello_retry_request: + case hello_request: + if (!w64Equal(ssl->keys.curEpoch64, plainEpoch)) { + WOLFSSL_MSG("Msg should be epoch 0"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + break; + case encrypted_extensions: + case server_key_exchange: + case server_hello_done: + case client_key_exchange: + if (!w64Equal(ssl->keys.curEpoch64, hsEpoch)) { + if (ssl->options.side == WOLFSSL_CLIENT_END && + ssl->options.serverState < SERVER_HELLO_COMPLETE) { + /* before processing SH we don't know which version + * will be negotiated. */ + if (!w64Equal(ssl->keys.curEpoch64, plainEpoch)) { + WOLFSSL_MSG("Msg should be epoch 2 or 0"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + } + else { + WOLFSSL_MSG("Msg should be epoch 2"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + } + break; + case certificate_request: + case certificate: + case certificate_verify: + case finished: + if (!ssl->options.handShakeDone) { + if (!w64Equal(ssl->keys.curEpoch64, hsEpoch)) { + if (ssl->options.side == WOLFSSL_CLIENT_END && + ssl->options.serverState < SERVER_HELLO_COMPLETE) { + /* before processing SH we don't know which version + * will be negotiated. */ + if (!w64Equal(ssl->keys.curEpoch64, plainEpoch)) { + WOLFSSL_MSG("Msg should be epoch 2 or 0"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + } + else { + WOLFSSL_MSG("Msg should be epoch 2"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + } + } + else { + /* Allow epoch 2 in case of rtx */ + if (!w64GTE(ssl->keys.curEpoch64, hsEpoch)) { + WOLFSSL_MSG("Msg should be epoch 2+"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + } + break; + case certificate_status: + case change_cipher_hs: + case key_update: + case session_ticket: + if (!w64GTE(ssl->keys.curEpoch64, t0Epoch)) { + WOLFSSL_MSG("Msg should be epoch 3+"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + break; + case end_of_early_data: + case message_hash: + case no_shake: + default: + WOLFSSL_MSG("Unknown message type"); + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } + } + return 0; +} + /** * Dtls13HandshakeRecv() - process an handshake message. Deal with fragmentation if needed @@ -1674,6 +1784,12 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, return ret; } + ret = Dtls13CheckEpoch(ssl, (enum HandShakeType)handshakeType); + if (ret != 0) { + WOLFSSL_ERROR(ret); + return ret; + } + if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.acceptState < TLS13_ACCEPT_FIRST_REPLY_DONE) { if (handshakeType != client_hello) { @@ -1961,6 +2077,9 @@ int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision) end: ForceZero(key_dig, MAX_PRF_DIG); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(key_dig, sizeof(key_dig)); +#endif return ret; } @@ -2419,7 +2538,7 @@ static int Dtls13GetAckListLength(Dtls13RecordNumber* list, word16* length) return 0; } -static int Dtls13WriteAckMessage(WOLFSSL* ssl, +int Dtls13WriteAckMessage(WOLFSSL* ssl, Dtls13RecordNumber* recordNumberList, word32* length) { word16 msgSz, headerLength; diff --git a/src/src/internal.c b/src/src/internal.c index 666de86..eb2f16d 100644 --- a/src/src/internal.c +++ b/src/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include /* * WOLFSSL_SMALL_CERT_VERIFY: @@ -157,7 +153,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #error Cannot use both secure-renegotiation and renegotiation-indication #endif -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #ifndef NO_WOLFSSL_CLIENT static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, @@ -170,7 +166,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size); #endif -#endif +#endif /* !NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER @@ -183,7 +179,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif #endif /* !NO_WOLFSSL_SERVER */ -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET) #if defined(WOLFSSL_HAPROXY) @@ -202,7 +198,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS int enc, byte* ticket, int inLen, int* outLen, void* userCtx); #endif -#endif +#endif /* !NO_WOLFSSL_SERVER && HAVE_SESSION_TICKET */ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, byte dec, byte** seq, int verifyOrder); @@ -240,13 +236,14 @@ enum processReply { }; -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44 }; + #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade) #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ @@ -257,7 +254,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, #endif -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #if !defined(NO_CERT) && defined(WOLFSSL_BLIND_PRIVATE_KEY) @@ -300,7 +297,7 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) xorbuf(key->buffer, mask->buffer, mask->length); } } -#endif +#endif /* !NO_CERT && WOLFSSL_BLIND_PRIVATE_KEY */ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -605,24 +602,24 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv) int IsEncryptionOn(const WOLFSSL* ssl, int isSend) { - #ifdef WOLFSSL_DTLS +#ifdef WOLFSSL_DTLS /* For DTLS, epoch 0 is always not encrypted. */ if (ssl->options.dtls && !isSend) { if (!IsAtLeastTLSv1_3(ssl->version) && ssl->keys.curEpoch == 0) return 0; -#ifdef WOLFSSL_DTLS13 + #ifdef WOLFSSL_DTLS13 else if (IsAtLeastTLSv1_3(ssl->version) && w64IsZero(ssl->keys.curEpoch64)) return 0; -#endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS13 */ } - #endif /* WOLFSSL_DTLS */ - #ifdef WOLFSSL_QUIC +#endif /* WOLFSSL_DTLS */ +#ifdef WOLFSSL_QUIC if (WOLFSSL_IS_QUIC(ssl) && IsAtLeastTLSv1_3(ssl->version)) { return 0; } - #endif +#endif /* WOLFSSL_QUIC */ return ssl->keys.encryptionOn && (isSend ? ssl->encrypt.setup : ssl->decrypt.setup); } @@ -2262,7 +2259,8 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) return InitSSL_Suites(ssl); } -#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ +#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE || + * WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(WOLFSSL_SYS_CRYPTO_POLICY) /* Check the wolfssl method meets minimum requirements for @@ -2812,7 +2810,7 @@ void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap) (void)heap; } -#endif +#endif /* WOLFSSL_TLS13 && HAVE_ECH */ /* In case contexts are held in array and don't want to free actual ctx. */ @@ -3023,7 +3021,16 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) if (isZero) { WOLFSSL_MSG("CTX ref count down to 0, doing full free"); - +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(WC_NO_RNG) + if (ctx->srp != NULL) { + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; + wc_SrpTerm(ctx->srp); + XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp = NULL; + } +#endif SSL_CtxResourceFree(ctx); #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS) @@ -3469,7 +3476,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, (void) tls; tls1_2 = pv.minor <= DTLSv1_2_MINOR; } -#endif +#endif /* WOLFSSL_DTLS */ (void)tls; /* shut up compiler */ (void)tls1_2; @@ -3539,6 +3546,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_SM4_GCM_SM3; } #endif + #ifdef BUILD_TLS_SM4_CCM_SM3 if (tls1_3) { suites->suites[idx++] = CIPHER_BYTE; @@ -3769,7 +3777,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif -#endif +#endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #ifdef OPENSSL_EXTRA @@ -4006,7 +4014,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4018,7 +4026,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ /* Place as higher priority for MYSQL testing */ #if !defined(WOLFSSL_MYSQL_COMPATIBLE) @@ -4028,7 +4036,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif -#endif +#endif /* !WOLFSSL_MYSQL_COMPATIBLE */ #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA if (tls && haveDH && haveRSA && haveAES128 && haveSHA1) { @@ -4110,7 +4118,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA if (tls && haveECC && haveNull && haveSHA1) { @@ -4143,7 +4151,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_RSA_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK && haveSHA1) { @@ -4162,7 +4170,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4174,7 +4182,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; } -#endif +#endif /* BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 */ #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4186,7 +4194,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4231,7 +4239,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4243,7 +4251,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4255,7 +4263,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4267,7 +4275,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4279,7 +4287,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = ECDHE_PSK_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM if (tls && havePSK && haveAES128) { @@ -4319,7 +4327,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 */ #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4331,7 +4339,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; } -#endif +#endif /* BUILD_TLS_PSK_WITH_NULL_SHA384 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4343,7 +4351,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4355,7 +4363,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4367,7 +4375,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_PSK_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_NULL_SHA if (tls && havePSK && haveNull) { @@ -4435,7 +4443,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4447,7 +4455,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4459,7 +4467,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4471,7 +4479,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 if (tls && haveECC) { @@ -4479,12 +4487,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3; } #endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 if (tls && haveECC) { suites->suites[idx++] = SM_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3; } #endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 if (tls && haveECC) { suites->suites[idx++] = SM_BYTE; @@ -4573,14 +4583,11 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) } break; #endif -#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - case PQC_SA_MAJOR: - /* Hash performed as part of sign/verify operation. - * However, if we want a dual alg signature with a - * classic algorithm as alternative, we need an explicit - * hash algo here. - */ + /* Hash performed as part of sign/verify operation. + * However, if we want a dual alg signature with a classic algorithm as + * alternative, we need an explicit hash algo here. */ #ifdef HAVE_FALCON + case FALCON_SA_MAJOR: if (input[1] == FALCON_LEVEL1_SA_MINOR) { *hsType = falcon_level1_sa_algo; *hashAlgo = sha256_mac; @@ -4589,8 +4596,10 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) *hsType = falcon_level5_sa_algo; *hashAlgo = sha512_mac; } + break; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + case DILITHIUM_SA_MAJOR: if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) { *hsType = dilithium_level2_sa_algo; *hashAlgo = sha256_mac; @@ -4603,16 +4612,16 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) *hsType = dilithium_level5_sa_algo; *hashAlgo = sha512_mac; } - #endif /* HAVE_DILITHIUM */ break; -#endif + #endif /* HAVE_DILITHIUM */ default: *hashAlgo = input[0]; *hsType = input[1]; break; } } -#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ +#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS || + * ( !NO_WOLFSSL_CLIENT && (!NO_DH || HAVE_ECC) ) */ #ifndef WOLFSSL_NO_TLS12 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) @@ -4897,7 +4906,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) } #endif -#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH) +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) static void SetDigest(WOLFSSL* ssl, int hashAlgo) { switch (hashAlgo) { @@ -4958,7 +4968,7 @@ word32 MacSize(const WOLFSSL* ssl) } #ifndef NO_RSA -#if !defined(WOLFSSL_NO_TLS12) || \ +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) || \ (defined(WC_RSA_PSS) && defined(HAVE_PK_CALLBACKS)) #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) static int TypeHash(int hashAlgo) @@ -5784,7 +5794,7 @@ int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id, word32 idSz, const byte* sig, return ret; } -#endif /* WOLFSSL_SM2 */ +#endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */ #ifdef HAVE_ED25519 /* Check whether the key contains a public key. @@ -5971,7 +5981,7 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, } #endif /* HAVE_ED25519 */ -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #ifdef HAVE_CURVE25519 #ifdef HAVE_PK_CALLBACKS @@ -6045,8 +6055,14 @@ static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key, else #endif { - ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen, - EC25519_LITTLE_ENDIAN); + #ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_set_rng(priv_key, ssl->rng); + if (ret == 0) + #endif + { + ret = wc_curve25519_shared_secret_ex(priv_key, pub_key, out, outlen, + EC25519_LITTLE_ENDIAN); + } } /* Handle async pending response */ @@ -6108,7 +6124,7 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key, } #endif /* HAVE_CURVE25519 */ -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #ifdef HAVE_ED448 /* Check whether the key contains a public key. @@ -6905,8 +6921,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) * then we possibly already have a side defined. Don't overwrite unless * the context has a well defined role. */ if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) - ssl->options.side = ctx->method->side; - ssl->options.downgrade = ctx->method->downgrade; + ssl->options.side = (word16)(ctx->method->side); + ssl->options.downgrade = (word16)(ctx->method->downgrade); ssl->options.minDowngrade = ctx->minDowngrade; ssl->options.haveRSA = ctx->haveRSA; @@ -6918,7 +6934,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->options.haveDilithiumSig = ctx->haveDilithiumSig; #ifndef NO_PSK - ssl->options.havePSK = ctx->havePSK; + ssl->options.havePSK = (word16)(ctx->havePSK); ssl->options.client_psk_cb = ctx->client_psk_cb; ssl->options.server_psk_cb = ctx->server_psk_cb; ssl->options.psk_ctx = ctx->psk_ctx; @@ -7262,7 +7278,7 @@ void FreeHandshakeHashes(WOLFSSL* ssl) (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ !defined(WOLFSSL_NO_CLIENT_AUTH) if (ssl->hsHashes->messages != NULL) { - ForceZero(ssl->hsHashes->messages, ssl->hsHashes->length); + ForceZero(ssl->hsHashes->messages, (word32)ssl->hsHashes->length); XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); ssl->hsHashes->messages = NULL; } @@ -7285,11 +7301,13 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, /* save the original so we can put it back afterward */ tmpHashes = ssl->hsHashes; - ssl->hsHashes = NULL; + ssl->hsHashes = *destination; ret = InitHandshakeHashes(ssl); if (ret != 0) { WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret); + ssl->hsHashes = tmpHashes; /* restore hsHashes pointer to original + * before returning */ return ret; } @@ -7330,8 +7348,9 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ !defined(WOLFSSL_NO_CLIENT_AUTH) if (ret == 0 && source->messages != NULL) { - (*destination)->messages = (byte*)XMALLOC(source->length, ssl->heap, - DYNAMIC_TYPE_HASHES); + (*destination)->messages = (byte*)XMALLOC((size_t)source->length, + ssl->heap, + (int)DYNAMIC_TYPE_HASHES); (*destination)->length = source->length; (*destination)->prevLen = source->prevLen; @@ -7340,7 +7359,7 @@ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, } else { XMEMCPY((*destination)->messages, source->messages, - source->length); + (size_t)source->length); } } #endif @@ -7446,7 +7465,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) wc_MemZero_Add("ServerFinished hash", &ssl->serverFinished, TLS_FINISHED_SZ_MAX); #endif -#endif +#endif /* WOLFSSL_CHECK_MEM_ZERO */ #if defined(WOLFSSL_STATIC_MEMORY) if (ctx->heap != NULL) { @@ -7602,7 +7621,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) !defined(HAVE_SELFTEST) ssl->options.dhDoKeyTest = 1; #endif -#endif +#endif /* !NO_DH */ #ifdef WOLFSSL_DTLS #ifdef WOLFSSL_SCTP @@ -7646,7 +7665,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ #endif -#endif +#endif /* WOLFSSL_DTLS */ #ifndef WOLFSSL_AEAD_ONLY @@ -7660,7 +7679,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->hmac = Renesas_cmn_TLS_hmac; #endif #endif -#endif +#endif /* WOLFSSL_AEAD_ONLY */ #if defined(WOLFSSL_OPENVPN) && defined(HAVE_KEYING_MATERIAL) /* Save arrays by default for OpenVPN */ @@ -7701,7 +7720,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT ssl->options.tls13MiddleBoxCompat = 1; #endif -#endif +#endif /* WOLFSSL_TLS13 */ #ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_MAX_FRAGMENT @@ -7785,6 +7804,14 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) return MEMORY_E; } XMEMSET(ssl->param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + /* pass on PARAM flags value from ctx to ssl */ + if (wolfSSL_X509_VERIFY_PARAM_set_flags(wolfSSL_get0_param(ssl), + (unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags( + wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ssl->param set flags error"); + return WOLFSSL_FAILURE; + } #endif if (ctx->suites == NULL) { @@ -8357,13 +8384,21 @@ void FreeKeyExchange(WOLFSSL* ssl) /* Free up all memory used by Suites structure from WOLFSSL */ void FreeSuites(WOLFSSL* ssl) { -#ifdef OPENSSL_ALL +#ifdef OPENSSL_EXTRA if (ssl->suitesStack != NULL) { /* Enough to free stack structure since WOLFSSL_CIPHER * isn't allocated separately. */ wolfSSL_sk_SSL_CIPHER_free(ssl->suitesStack); ssl->suitesStack = NULL; } + if (ssl->clSuitesStack != NULL) { + /* Enough to free stack structure since WOLFSSL_CIPHER + * isn't allocated separately. */ + wolfSSL_sk_SSL_CIPHER_free(ssl->clSuitesStack); + ssl->clSuitesStack = NULL; + } + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = NULL; #endif XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->suites = NULL; @@ -8405,6 +8440,13 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) } FreeSuites(ssl); FreeHandshakeHashes(ssl); +#ifdef HAVE_ECH + /* try to free the ech hashes in case we errored out */ + ssl->hsHashes = ssl->hsHashesEch; + FreeHandshakeHashes(ssl); + ssl->hsHashes = ssl->hsHashesEchInner; + FreeHandshakeHashes(ssl); +#endif XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); /* clear keys struct after session */ @@ -8418,9 +8460,6 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) if (ssl->options.useEch == 1) { FreeEchConfigs(ssl->echConfigs, ssl->heap); ssl->echConfigs = NULL; - /* free the ech specific hashes */ - ssl->hsHashes = ssl->hsHashesEch; - FreeHandshakeHashes(ssl); ssl->options.useEch = 0; } #endif /* HAVE_ECH */ @@ -8659,6 +8698,13 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL); #endif +#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) + if (ssl->ocspResp) { + XFREE(ssl->ocspResp, NULL, 0); + ssl->ocspResp = NULL; + ssl->ocspRespSz = 0; + } +#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) while (ssl->certReqCtx != NULL) { CertReqCtx* curr = ssl->certReqCtx; @@ -8731,6 +8777,7 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) * isn't allocated separately. */ wolfSSL_sk_CIPHER_free(ssl->supportedCiphers); wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); + wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL); #ifdef KEEP_OUR_CERT wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL); #endif @@ -8866,6 +8913,10 @@ void FreeHandshakeResources(WOLFSSL* ssl) FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; #endif /* HAVE_FALCON */ +#if defined(HAVE_DILITHIUM) + FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey); + ssl->peerDilithiumKeyPresent = 0; +#endif /* HAVE_DILITHIUM */ } #ifdef HAVE_ECC @@ -8982,6 +9033,14 @@ void FreeHandshakeResources(WOLFSSL* ssl) * !WOLFSSL_POST_HANDSHAKE_AUTH */ #endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */ +#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) + if (ssl->ocspResp != NULL) { + XFREE(ssl->ocspResp, NULL, 0); + ssl->ocspResp = NULL; + ssl->ocspRespSz = 0; + } +#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */ + #ifdef WOLFSSL_STATIC_MEMORY /* when done with handshake decrement current handshake count */ if (ssl->heap != NULL) { @@ -9424,7 +9483,7 @@ static void DtlsMsgAssembleCompleteMessage(DtlsMsg* msg) * alignment of char. */ dtls = (DtlsHandShakeHeader*)(void *)((char *)msg->fragBucketList - + OFFSETOF(DtlsFragBucket,buf) + + WC_OFFSETOF(DtlsFragBucket,buf) - DTLS_HANDSHAKE_HEADER_SZ); msg->fragBucketList = NULL; @@ -9843,7 +9902,7 @@ int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket) WriteSEQ(ssl, epochOrder, dtls->sequence_number); DtlsSEQIncrement(ssl, epochOrder); - if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0) { + if ((ret = CheckAvailableSize(ssl, (int)pool->sz)) != 0) { WOLFSSL_ERROR(ret); return ret; } @@ -10316,10 +10375,10 @@ int HashRaw(WOLFSSL* ssl, const byte* data, int sz) #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) - wc_ShaUpdate(&ssl->hsHashes->hashSha, data, sz); + wc_ShaUpdate(&ssl->hsHashes->hashSha, data, (word32)(sz)); #endif #if !defined(NO_MD5) && !defined(NO_OLD_TLS) - wc_Md5Update(&ssl->hsHashes->hashMd5, data, sz); + wc_Md5Update(&ssl->hsHashes->hashMd5, data, (word32)(sz)); #endif if (IsAtLeastTLSv1_2(ssl)) { @@ -10639,7 +10698,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (!ssl->options.buildingMsg) { /* Hash it before the loop as we modify the input with * encryption on */ - ret = HashRaw(ssl, input + rHdrSz, inputSz + hsHdrSz); + ret = HashRaw(ssl, input + rHdrSz, (int)(inputSz) + hsHdrSz); if (ret != 0) return ret; #ifdef WOLFSSL_DTLS @@ -10899,7 +10958,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) if (!forcedFree && usedLength > 0) { XMEMCPY(ssl->buffers.inputBuffer.staticBuffer, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, - usedLength); + (size_t)(usedLength)); } ForceZero(ssl->buffers.inputBuffer.buffer, @@ -11207,7 +11266,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) if (usedLength) XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer + - ssl->buffers.inputBuffer.idx, usedLength); + ssl->buffers.inputBuffer.idx, (size_t)(usedLength)); if (ssl->buffers.inputBuffer.dynamicFlag) { if (IsEncryptionOn(ssl, 1)) { @@ -11888,7 +11947,7 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, (!ssl->options.dtls && rh->pvMinor < ssl->version.minor)) #else - rh->pvMinor < ssl->version.minor + (rh->pvMinor < ssl->version.minor) #endif )) { WOLFSSL_MSG("SSL version error"); @@ -13427,7 +13486,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->isCa = dCert->isCA; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + x509->basicConstCrit = dCert->extBasicConstCrit; x509->pathLength = dCert->pathLength; + x509->pathLengthSet = dCert->pathLengthSet; x509->keyUsage = dCert->extKeyUsage; x509->CRLdistSet = dCert->extCRLdistSet; @@ -13481,7 +13542,6 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) } #endif x509->basicConstSet = dCert->extBasicConstSet; - x509->basicConstCrit = dCert->extBasicConstCrit; x509->basicConstPlSet = dCert->pathLengthSet; x509->subjAltNameSet = dCert->extSubjAltNameSet; x509->subjAltNameCrit = dCert->extSubjAltNameCrit; @@ -13594,6 +13654,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) if (x509->sapkiDer != NULL) { XMEMCPY(x509->sapkiDer, dCert->sapkiDer, dCert->sapkiLen); x509->sapkiLen = dCert->sapkiLen; + x509->sapkiCrit = dCert->extSapkiCrit; } else { ret = MEMORY_E; @@ -13606,6 +13667,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->altSigAlgDer, dCert->altSigAlgDer, dCert->altSigAlgLen); x509->altSigAlgLen = dCert->altSigAlgLen; + x509->altSigAlgCrit = dCert->extAltSigAlgCrit; } else { ret = MEMORY_E; @@ -13618,6 +13680,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XMEMCPY(x509->altSigValDer, dCert->altSigValDer, dCert->altSigValLen); x509->altSigValLen = dCert->altSigValLen; + x509->altSigValCrit = dCert->extAltSigValCrit; } else { ret = MEMORY_E; @@ -13756,8 +13819,6 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr; -#else - (void)idx; #endif #ifdef WOLFSSL_SMALL_STACK CertStatus* status; @@ -13786,6 +13847,8 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->status_request = 0; break; } + #else + (void)idx; #endif #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -13829,7 +13892,7 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* InitOcspResponse sets single and status to response struct. */ InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap); - if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0) + if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0, 0) != 0) ret = BAD_CERTIFICATE_STATUS_ERROR; else if (CompareOcspReqResp(request, response) != 0) ret = BAD_CERTIFICATE_STATUS_ERROR; @@ -14021,7 +14084,7 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, if (subjectCNLen > ASN_NAME_MAX-1) subjectCNLen = ASN_NAME_MAX-1; if (subjectCNLen > 0) { - XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen); + XMEMCPY(domain, args->dCert->subjectCN, (size_t)(subjectCNLen)); domain[subjectCNLen] = '\0'; } } @@ -14117,8 +14180,10 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, if (store != NULL) wolfSSL_X509_STORE_CTX_free(store); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - if (x509 != NULL) + if (x509 != NULL) { wolfSSL_X509_free(x509); + x509 = NULL; + } #endif XFREE(domain, heap, DYNAMIC_TYPE_STRING); return MEMORY_E; @@ -14544,6 +14609,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) if (x509 != NULL) { ret = wolfSSL_X509_STORE_add_cert(store, x509); wolfSSL_X509_free(x509); + x509 = NULL; } else { WOLFSSL_MSG("failed to load certificate"); ret = WOLFSSL_FAILURE; @@ -14889,6 +14955,7 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: if (ssl->options.minDilithiumKeySz < 0 || DILITHIUM_LEVEL2_KEY_SIZE @@ -14913,6 +14980,31 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) ret = DILITHIUM_KEY_SIZE_E; } break; + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + case ML_DSA_LEVEL2k: + if (ssl->options.minDilithiumKeySz < 0 || + ML_DSA_LEVEL2_KEY_SIZE + < (word16)ssl->options.minDilithiumKeySz) { + WOLFSSL_MSG("Dilithium key size in cert chain error"); + ret = DILITHIUM_KEY_SIZE_E; + } + break; + case ML_DSA_LEVEL3k: + if (ssl->options.minDilithiumKeySz < 0 || + ML_DSA_LEVEL3_KEY_SIZE + < (word16)ssl->options.minDilithiumKeySz) { + WOLFSSL_MSG( "Dilithium key size in cert chain error"); + ret = DILITHIUM_KEY_SIZE_E; + } + break; + case ML_DSA_LEVEL5k: + if (ssl->options.minDilithiumKeySz < 0 || + ML_DSA_LEVEL5_KEY_SIZE + < (word16)ssl->options.minDilithiumKeySz) { + WOLFSSL_MSG("Dilithium key size in cert chain error"); + ret = DILITHIUM_KEY_SIZE_E; + } + break; #endif /* HAVE_DILITHIUM */ default: WOLFSSL_MSG("Key size not checked"); @@ -14995,6 +15087,25 @@ static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args) } #endif +#ifdef OPENSSL_EXTRA +/* account for verify params flag set */ +static int AdjustCMForParams(WOLFSSL* ssl) +{ + int flags; + WOLFSSL_X509_VERIFY_PARAM* param; + + param = wolfSSL_get0_param(ssl); + flags = wolfSSL_X509_VERIFY_PARAM_get_flags(param); + + /* For now there is a possible contradiction of PARAM flags and store flags. + * Do not disable CRL support if it has already been enabled with store. */ + if (flags == 0) { + return WOLFSSL_SUCCESS; + } + return wolfSSL_X509_STORE_set_flags(SSL_STORE(ssl), flags); +} +#endif + int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz) { @@ -15063,6 +15174,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif } +#ifdef OPENSSL_EXTRA + /* account for verify params flag set */ + if (AdjustCMForParams(ssl) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Issue with updating store flags from PARAMS set"); + ERROR_OUT(WOLFSSL_FAILURE, exit_ppc); + } +#endif + switch (ssl->options.asyncState) { case TLS_ASYNC_BEGIN: @@ -15867,7 +15986,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG( "\tCallback override available, will continue"); /* check if fatal error */ - args->fatal = (args->verifyErr) ? 1 : 0; + args->fatal = (args->verifyErr) ? (word16)(1) + : (word16)(0); if (args->fatal) DoCertFatalAlert(ssl, ret); } @@ -16541,9 +16661,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: + #endif { int keyRet = 0; if (ssl->peerDilithiumKey == NULL) { @@ -16557,18 +16682,32 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } if (keyRet == 0) { - if (args->dCert->keyOID == DILITHIUM_LEVEL2k) { + if (args->dCert->keyOID == ML_DSA_LEVEL2k) { keyRet = wc_dilithium_set_level( - ssl->peerDilithiumKey, 2); + ssl->peerDilithiumKey, WC_ML_DSA_44); + } + else if (args->dCert->keyOID == ML_DSA_LEVEL3k) { + keyRet = wc_dilithium_set_level( + ssl->peerDilithiumKey, WC_ML_DSA_65); + } + else if (args->dCert->keyOID == ML_DSA_LEVEL5k) { + keyRet = wc_dilithium_set_level( + ssl->peerDilithiumKey, WC_ML_DSA_87); + } + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if (args->dCert->keyOID == DILITHIUM_LEVEL2k) { + keyRet = wc_dilithium_set_level( + ssl->peerDilithiumKey, WC_ML_DSA_44_DRAFT); } else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) { keyRet = wc_dilithium_set_level( - ssl->peerDilithiumKey, 3); + ssl->peerDilithiumKey, WC_ML_DSA_65_DRAFT); } else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) { keyRet = wc_dilithium_set_level( - ssl->peerDilithiumKey, 5); + ssl->peerDilithiumKey, WC_ML_DSA_87_DRAFT); } + #endif } if (keyRet != 0 || @@ -16726,7 +16865,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* handle processing of certificate (11) */ @@ -16863,7 +17002,7 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, status_length, ssl->heap); response->pendingCAs = pendingCAs; if ((OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, - 0) != 0) + 0, 0) != 0) || (response->responseStatus != OCSP_SUCCESSFUL) || (response->single->status->status != CERT_GOOD)) ret = BAD_CERTIFICATE_STATUS_ERROR; @@ -16943,11 +17082,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #endif /* !NO_CERTS */ -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz) @@ -17556,7 +17695,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) } #endif } -#endif +#endif /* !NO_WOLFSSL_SERVER */ if (ssl->options.dtls) ssl->msgsReceived.got_change_cipher = 1; break; @@ -17570,7 +17709,6 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) return 0; } - int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type, word32 size, word32 totalSz) { @@ -18083,8 +18221,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_LEAVE("DoHandShakeMsg()", ret); return ret; } - -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_EXTRA_ALERTS int SendFatalAlertOnly(WOLFSSL *ssl, int error) @@ -19524,7 +19661,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, additionalSz = writeAeadAuthData(ssl, /* Length of the plain text minus the explicit * IV length minus the authentication tag size. */ - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, type, ssl->encrypt.additional, 0, NULL, CUR_ORDER); if (additionalSz < 0) { ret = additionalSz; @@ -19548,19 +19685,19 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, additionalSz); + ssl->encrypt.additional, (word32)(additionalSz)); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { ret = aes_auth_fn(ssl->encrypt.aes, - out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.nonce, AESGCM_NONCE_SZ, - out + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - ssl->encrypt.additional, additionalSz); + out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + ssl->encrypt.nonce, AESGCM_NONCE_SZ, + out + sz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + ssl->encrypt.additional, (word32)(additionalSz)); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -20016,24 +20153,24 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, plain + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, ssl->decrypt.nonce, AESGCM_NONCE_SZ, (byte *)(input + sz - ssl->specs.aead_mac_size), ssl->specs.aead_mac_size, - ssl->decrypt.additional, additionalSz); + ssl->decrypt.additional, (word32)(additionalSz)); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) #endif /* HAVE_PK_CALLBACKS */ { if ((ret = aes_auth_fn(ssl->decrypt.aes, - plain + AESGCM_EXP_IV_SZ, - input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.nonce, AESGCM_NONCE_SZ, - input + sz - ssl->specs.aead_mac_size, - ssl->specs.aead_mac_size, - ssl->decrypt.additional, additionalSz)) < 0) { + plain + AESGCM_EXP_IV_SZ, + input + AESGCM_EXP_IV_SZ, + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + ssl->decrypt.nonce, AESGCM_NONCE_SZ, + input + sz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + ssl->decrypt.additional, (word32)(additionalSz))) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, @@ -20794,7 +20931,7 @@ static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; #endif - XMEMSET(mac, 0, macSz); + XMEMSET(mac, 0, (size_t)(macSz)); for (i = scanStart; i < sz; i += macSz) { for (j = 0; j < macSz && j + i < sz; j++) { started = ctMaskGTE(i + j, macStart); @@ -20881,6 +21018,16 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) isEarlyData = isEarlyData && w64Equal(ssl->keys.curEpoch64, w64From32(0x0, DTLS13_EPOCH_EARLYDATA)); #endif +#ifdef WOLFSSL_DTLS13 + /* Application data should never appear in epoch 0 or 2 */ + if (ssl->options.tls1_3 && ssl->options.dtls && + (w64Equal(ssl->keys.curEpoch64, w64From32(0x0, DTLS13_EPOCH_HANDSHAKE)) + || w64Equal(ssl->keys.curEpoch64, w64From32(0x0, 0x0)))) + { + WOLFSSL_ERROR_VERBOSE(SANITY_MSG_E); + return SANITY_MSG_E; + } +#endif #ifdef WOLFSSL_EARLY_DATA if (isEarlyData && acceptEarlyData) { @@ -20945,7 +21092,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) } #endif - dataSz = msgSz - ssl->keys.padSz; + dataSz = (int)(msgSz - ssl->keys.padSz); if (dataSz < 0) { WOLFSSL_MSG("App data buffer error, malicious input?"); if (sniff == NO_SNIFF) { @@ -21150,6 +21297,13 @@ const char* AlertTypeToString(int type) return internal_error_str; } + case inappropriate_fallback: + { + static const char inappropriate_fallback_str[] = + "inappropriate_fallback"; + return inappropriate_fallback_str; + } + case user_canceled: { static const char user_canceled_str[] = @@ -21164,6 +21318,20 @@ const char* AlertTypeToString(int type) return no_renegotiation_str; } + case missing_extension: + { + static const char missing_extension_str[] = + "missing_extension"; + return missing_extension_str; + } + + case unsupported_extension: + { + static const char unsupported_extension_str[] = + "unsupported_extension"; + return unsupported_extension_str; + } + case unrecognized_name: { static const char unrecognized_name_str[] = @@ -21178,6 +21346,20 @@ const char* AlertTypeToString(int type) return bad_certificate_status_response_str; } + case unknown_psk_identity: + { + static const char unknown_psk_identity_str[] = + "unknown_psk_identity"; + return unknown_psk_identity_str; + } + + case certificate_required: + { + static const char certificate_required_str[] = + "certificate_required"; + return certificate_required_str; + } + case no_application_protocol: { static const char no_application_protocol_str[] = @@ -21335,7 +21517,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0) XMEMMOVE(ssl->buffers.inputBuffer.buffer, ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx, - usedLength); + (size_t)(usedLength)); /* remove processed data */ ssl->buffers.inputBuffer.idx = 0; @@ -21395,6 +21577,7 @@ static WC_INLINE int VerifyMacEnc(WOLFSSL* ssl, const byte* input, word32 msgSz, WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); return VERIFY_MAC_ERROR; } + XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE); ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1, PEER_ORDER); ret |= ConstantCompare(verify, input + msgSz - digestSz, (int)digestSz); @@ -21417,7 +21600,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, word32 digestSz = MacSize(ssl); byte verify[WC_MAX_DIGEST_SIZE]; - + XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE); if (ssl->specs.cipher_type == block) { pad = input[msgSz - 1]; padByte = 1; @@ -22918,7 +23101,8 @@ int SendChangeCipher(WOLFSSL* ssl) else return SendBuffered(ssl); } -#endif +#endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || + * (WOLFSSL_TLS13 && WOLFSSL_TLS13_MIDDLEBOX_COMPAT) */ #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY) @@ -23481,7 +23665,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, min(args->ivSz, MAX_IV_SZ)); args->idx += min(args->ivSz, MAX_IV_SZ); } - XMEMCPY(output + args->idx, input, inSz); + XMEMCPY(output + args->idx, input, (size_t)(inSz)); args->idx += (word32)inSz; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) { @@ -23995,7 +24179,7 @@ int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, ret = InitOcspRequest(request, cert, 0, ssl->heap); if (ret == 0) { /* make sure ctx OCSP request is updated */ - if (!ssl->buffers.weOwnCert) { + if (!ssl->buffers.weOwnCert && SSL_CM(ssl) != NULL) { wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock; if (wc_LockMutex(ocspLock) == 0) { if (ssl->ctx->certOcspRequest == NULL) { @@ -24143,7 +24327,9 @@ int cipherExtraData(WOLFSSL* ssl) #ifndef WOLFSSL_NO_TLS12 #ifndef NO_CERTS -#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) + +#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \ + !defined(NO_TLS) /* handle generation of certificate (11) */ int SendCertificate(WOLFSSL* ssl) { @@ -24250,12 +24436,12 @@ int SendCertificate(WOLFSSL* ssl) else { fragSz = maxFragment - HANDSHAKE_HEADER_SZ; } - sendSz += fragSz + HANDSHAKE_HEADER_SZ; + sendSz += (int)(fragSz) + HANDSHAKE_HEADER_SZ; i += HANDSHAKE_HEADER_SZ; } else { fragSz = min(length, maxFragment); - sendSz += fragSz; + sendSz += (int)(fragSz); } if (IsEncryptionOn(ssl, 1)) @@ -24384,7 +24570,7 @@ int SendCertificate(WOLFSSL* ssl) DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); } #ifndef WOLFSSL_DTLS @@ -24456,8 +24642,9 @@ int SendCertificate(WOLFSSL* ssl) return ret; } -#endif /* !NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* !NO_TLS && (!NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH) */ +#if !defined(NO_TLS) /* handle generation of certificate_request (13) */ int SendCertificateRequest(WOLFSSL* ssl) { @@ -24611,7 +24798,7 @@ int SendCertificateRequest(WOLFSSL* ssl) if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, @@ -24665,8 +24852,11 @@ int SendCertificateRequest(WOLFSSL* ssl) return ret; } +#endif /* !NO_TLS */ + #ifndef NO_WOLFSSL_SERVER + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, @@ -24736,6 +24926,53 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, return ret; } #endif + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY)) +static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl) +{ + WOLFSSL_OCSP *ocsp; + void *ioCtx = NULL; + buffer response; + int ret; + + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + + ocsp = SSL_CM(ssl)->ocsp_stapling; + if (ocsp == NULL || ocsp->statusCb == NULL) + return BAD_FUNC_ARG; + ioCtx = (ssl->ocspIOCtx != NULL) ? ssl->ocspIOCtx : ocsp->cm->ocspIOCtx; + XMEMSET(&response, 0, sizeof(response)); + WOLFSSL_MSG("Calling ocsp->statusCb"); + ret = ocsp->statusCb(ssl, ioCtx); + switch (ret) { + case SSL_TLSEXT_ERR_OK: + if (ssl->ocspResp == NULL || ssl->ocspRespSz == 0) { + ret = 0; + break; + } + response.buffer = ssl->ocspResp; + response.length = ssl->ocspRespSz; + ret = BuildCertificateStatus(ssl, WOLFSSL_CSR_OCSP, &response, 1); + break; + case SSL_TLSEXT_ERR_NOACK: + /* No OCSP response to send */ + ret = 0; + break; + case SSL_TLSEXT_ERR_ALERT_FATAL: + /* fall through */ + default: + ret = WOLFSSL_FATAL_ERROR; + break; + } + return ret; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && (defined(OPENSSL_ALL) || + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */ + #endif /* NO_WOLFSSL_SERVER */ /* handle generation of certificate_status (22) */ @@ -24747,7 +24984,10 @@ int SendCertificateStatus(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_SEND); WOLFSSL_ENTER("SendCertificateStatus"); - (void) ssl; + if (ssl == NULL || SSL_CM(ssl) == NULL) { + WOLFSSL_MSG("SendCertificateStatus bad args"); + return BAD_FUNC_ARG; + } #ifdef HAVE_CERTIFICATE_STATUS_REQUEST status_type = ssl->status_request; @@ -24757,6 +24997,16 @@ int SendCertificateStatus(WOLFSSL* ssl) status_type = status_type ? status_type : ssl->status_request_v2; #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY)) + if (SSL_CM(ssl)->ocsp_stapling != NULL && + SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) { + if (ssl->status_request == WOLFSSL_CSR_OCSP) + return BuildCertificateStatusWithStatusCB(ssl); + } +#endif + switch (status_type) { #ifndef NO_WOLFSSL_SERVER @@ -25032,7 +25282,8 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) } #endif /* WOLFSSL_DTLS */ -#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) +#if !defined(NO_TLS) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) /* * Enforce limits specified in * https://www.rfc-editor.org/rfc/rfc8446#section-5.5 @@ -25164,10 +25415,12 @@ int SendAsyncData(WOLFSSL* ssl) * 2 in SCR and we have plain data ready * Early data logic may bypass this logic in TLSv1.3 when appropriate. */ -static int ssl_in_handshake(WOLFSSL *ssl, int send) +static int ssl_in_handshake(WOLFSSL *ssl, int sending_data) { +int SendAsyncData = 1; +(void)SendAsyncData; if (IsSCR(ssl)) { - if (send) { + if (sending_data) { /* allow sending data in SCR */ return 0; } else { @@ -25200,16 +25453,21 @@ static int ssl_in_handshake(WOLFSSL *ssl, int send) return 0; } -int SendData(WOLFSSL* ssl, const void* data, int sz) +int SendData(WOLFSSL* ssl, const void* data, size_t sz) { - int sent = 0, /* plainText size */ - sendSz, + word32 sent = 0; /* plainText size */ + int sendSz, ret; #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) int groupMsgs = 0; #endif int error = ssl->error; + if (sz > INT_MAX) { + WOLFSSL_MSG("SendData sz overflow"); + return WOLFSSL_FATAL_ERROR; + } + if (error == WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT || error == WC_NO_ERR_TRACE(WC_PENDING_E) @@ -25314,7 +25572,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) sent = ssl->buffers.prevSent + ssl->buffers.plainSz; WOLFSSL_MSG("sent write buffered data"); - if (sent > sz) { + if (sent > (word32)sz) { WOLFSSL_MSG("error: write() after WANT_WRITE with short size"); return (ssl->error = BAD_FUNC_ARG); } @@ -25403,19 +25661,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { - buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent); + buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent); } else #endif { - buffSz = wolfSSL_GetMaxFragSize(ssl, sz - sent); + buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent); } - if (sent == sz) break; + if (sent == (word32)sz) break; #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) - if (ssl->options.dtls && (buffSz < sz - sent)) { + if (ssl->options.dtls && ((size_t)buffSz < (word32)sz - sent)) { error = DTLS_SIZE_ERROR; ssl->error = error; WOLFSSL_ERROR(error); @@ -25571,6 +25829,9 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } return error; } + else { + ssl->error = 0; /* Clear any previous errors */ + } sent += buffSz; @@ -25586,13 +25847,18 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) } /* process input data */ -int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) +int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek) { int size; int error = ssl->error; WOLFSSL_ENTER("ReceiveData"); + if (sz > INT_MAX) { + WOLFSSL_MSG("ReceiveData sz overflow"); + return WOLFSSL_FATAL_ERROR; + } + /* reset error state */ if (error == WC_NO_ERR_TRACE(WANT_READ) || error == WOLFSSL_ERROR_WANT_READ) { @@ -25742,9 +26008,10 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) #endif } - size = (int)min((word32)sz, ssl->buffers.clearOutputBuffer.length); + size = (sz < (size_t)ssl->buffers.clearOutputBuffer.length) ? + (int)sz : (int)ssl->buffers.clearOutputBuffer.length; - XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); + XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, (size_t)(size)); if (peek == 0) { ssl->buffers.clearOutputBuffer.length -= (word32)size; @@ -25766,10 +26033,19 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) int ret; int outputSz; int dtlsExtra = 0; + const char* alert_str = NULL; WOLFSSL_ENTER("SendAlert"); - WOLFSSL_MSG_EX("SendAlert: %d %s", type, AlertTypeToString(type)); + alert_str = AlertTypeToString(type); + if (alert_str != NULL) + { + WOLFSSL_MSG_EX("SendAlert: %d %s", type, alert_str); + } + else + { + WOLFSSL_MSG_EX("SendAlert: %d", type); + } #ifdef WOLFSSL_QUIC if (WOLFSSL_IS_QUIC(ssl)) { @@ -27708,6 +27984,7 @@ static int ParseCipherList(Suites* suites, } if (currLen == 0) break; + ++next; /* increment to skip ':' */ } #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) @@ -28059,8 +28336,7 @@ static int ParseCipherList(Suites* suites, break; } } - } - while (next++); /* increment to skip ':' */ + } while (next); if (ret) { int keySz = 0; @@ -28294,7 +28570,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, return ret; } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */ #ifdef OPENSSL_EXTRA @@ -28487,6 +28763,7 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2) { /* Certificate has Dilithium level 2 key, only match with it. */ return sigAlgo == dilithium_level2_sa_algo; @@ -28499,6 +28776,19 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) /* Certificate has Dilithium level 5 key, only match with it. */ return sigAlgo == dilithium_level5_sa_algo; } + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2) { + /* Certificate has ML-DSA level 2 key, only match with it. */ + return sigAlgo == dilithium_level2_sa_algo; + } + if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL3) { + /* Certificate has ML-DSA level 3 key, only match with it. */ + return sigAlgo == dilithium_level3_sa_algo; + } + if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL5) { + /* Certificate has ML-DSA level 5 key, only match with it. */ + return sigAlgo == dilithium_level5_sa_algo; + } #endif /* HAVE_DILITHIUM */ #ifdef WC_RSA_PSS /* RSA certificate and PSS sig alg. */ @@ -28661,10 +28951,16 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz, } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) - if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 || - ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 || - ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) { - /* Matched Dilithium - set chosen and finished. */ + if (ssl->pkCurveOID == CTC_ML_DSA_LEVEL2 || + ssl->pkCurveOID == CTC_ML_DSA_LEVEL3 || + ssl->pkCurveOID == CTC_ML_DSA_LEVEL5 + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 + || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 + || ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5 + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + ) { + /* Matched ML-DSA or Dilithium - set chosen and finished. */ ssl->options.sigAlgo = sigAlgo; ssl->options.hashAlgo = hashAlgo; ret = 0; @@ -29010,7 +29306,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz, return 0; } -#endif /* WOLFSSL_CALLBACKS */ +#endif /* WOLFSSL_CALLBACKS || OPENSSL_EXTRA */ #if !defined(NO_CERTS) @@ -29183,7 +29479,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) (ssl->buffers.keyType == dilithium_level3_sa_algo) || (ssl->buffers.keyType == dilithium_level5_sa_algo)) ssl->hsType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_dpk; } @@ -29197,9 +29493,10 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if (ssl->buffers.keyId) { ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey, - ssl->buffers.key->buffer, - ssl->buffers.key->length, ssl->heap, - ssl->buffers.keyDevId); + (ssl->buffers.key->buffer), + (int)(ssl->buffers.key->length), + ssl->heap, + ssl->buffers.keyDevId); } if (ret == 0) { if (ssl->buffers.keySz < ssl->options.minRsaKeySz) { @@ -29223,7 +29520,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } else if (ssl->buffers.keyId) { ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, - ssl->buffers.key->buffer, + (ssl->buffers.key->buffer), ssl->buffers.key->length, ssl->heap, ssl->buffers.keyDevId); } @@ -29292,13 +29589,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } if (ret == 0) { if (ssl->buffers.keyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44); } else if (ssl->buffers.keyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65); } else if (ssl->buffers.keyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87); } } if (ret == 0) { @@ -29632,13 +29929,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) } if (ssl->buffers.keyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44); } else if (ssl->buffers.keyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65); } else if (ssl->buffers.keyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87); } else { /* What if ssl->buffers.keyType is 0? We might want to do something @@ -29845,15 +30142,15 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) if (ret == 0) { if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) { ret = wc_dilithium_set_level( - (dilithium_key*)ssl->hsAltKey, 2); + (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44); } else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) { ret = wc_dilithium_set_level( - (dilithium_key*)ssl->hsAltKey, 3); + (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65); } else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) { ret = wc_dilithium_set_level( - (dilithium_key*)ssl->hsAltKey, 5); + (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87); } } if (ret == 0) { @@ -30064,13 +30361,13 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) } if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 2); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44); } else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 3); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65); } else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, 5); + ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87); } else { /* What if ssl->buffers.keyType is 0? We might want to do something @@ -30139,7 +30436,8 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) return ret; } #endif /* WOLFSSL_DUAL_ALG_CERTS */ -#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ + +#endif /* !NO_CERTS */ #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) /* returns 1 if able to do TLS 1.3 otherwise 0 */ @@ -30164,7 +30462,7 @@ int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) } #endif /* WOLFSSL_TLS13 */ -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #if (!defined(NO_WOLFSSL_CLIENT) && (!defined(NO_DH) || defined(HAVE_ECC) || \ defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))) || \ (!defined(NO_WOLFSSL_SERVER) && (defined(HAVE_ECC) || \ @@ -30275,8 +30573,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, return ret; } -#endif -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_WOLFSSL_CLIENT [...etc] || !NO_WOLFSSL_SERVER [...etc] */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ /* client only parts */ #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -30352,7 +30650,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, idSz = 0; } -#endif +#endif /* HAVE_SESSION_TICKET */ length = VERSION_SZ + RAN_LEN + (word32)idSz + ENUM_LEN + SUITE_LEN @@ -30383,7 +30681,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif if (extSz != 0) length += extSz + HELLO_EXT_SZ_SZ; -#endif +#endif /* HAVE_TLS_EXTENSIONS */ sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; if (ssl->arrays == NULL) { @@ -30455,7 +30753,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, idx += cookieSz; } } -#endif +#endif /* WOLFSSL_DTLS */ #ifndef NO_FORCE_SCR_SAME_SUITE if (IsSCR(ssl)) { @@ -30465,7 +30763,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, output[idx++] = ssl->options.cipherSuite; } else -#endif +#endif /* NO_FORCE_SCR_SAME_SUITE */ { /* then cipher suites */ c16toa(suites->suiteSz, output + idx); @@ -30491,7 +30789,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, (void)idx; /* suppress analyzer warning, keep idx current */ #else if (extSz != 0) { - c16toa(extSz, output + idx); + c16toa((word16)(extSz), output + idx); idx += HELLO_EXT_SZ_SZ; if (IsAtLeastTLSv1_2(ssl)) { @@ -30521,7 +30819,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif } -#endif +#endif /* HAVE_TLS_EXTENSIONS */ if (IsEncryptionOn(ssl, 1)) { byte* input; @@ -30536,7 +30834,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, @@ -30671,7 +30969,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, && ssl->session->ticketLen > 0 #endif ); -#endif +#endif /* HAVE_SECRET_CALLBACK */ #ifdef HAVE_SESSION_TICKET /* server may send blank ticket which may not be expected to indicate @@ -30705,11 +31003,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif - #ifdef OPENSSL_EXTRA + #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS); } - #endif + #endif if (ssl->options.dtls) { if (pv.major != DTLS_MAJOR || pv.minor == DTLS_BOGUS_MINOR) { @@ -30757,7 +31055,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } - #endif + #endif /* HAVE_SECURE_RENEGOTIATION */ /* Checks made - OK to downgrade. */ ssl->version.minor = pv.minor; @@ -30921,7 +31219,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } } else -#endif +#endif /* HAVE_SECURE_RENEGOTIATION && !NO_FORCE_SCR_SAME_SUITE */ { word32 idx, found = 0; const Suites* suites = WOLFSSL_SUITES(ssl); @@ -30991,6 +31289,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, else ssl->options.haveEMS = 0; /* If no extensions, no EMS */ #else + /* !HAVE_TLS_EXTENSIONS */ { byte pendingEMS = 0; @@ -31038,7 +31337,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, else i += extSz; - totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; + totalExtSz -= (word16)(OPAQUE16_LEN) + + (word16)(OPAQUE16_LEN) + + extSz; } *inOutIdx = i; @@ -31050,7 +31351,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (!pendingEMS && ssl->options.haveEMS) ssl->options.haveEMS = 0; } -#endif +#endif /* HAVE_TLS_EXTENSIONS */ #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) if (ssl->secure_renegotiation == NULL || @@ -31115,7 +31416,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } } else - #endif + #endif /* WOLFSSL_TLS13 */ if (ssl->ctx->method->version.major == SSLv3_MAJOR && ssl->ctx->method->version.minor == TLSv1_2_MINOR && (wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_2) == 0) { @@ -31350,7 +31651,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif *inOutIdx += dnSz; - len -= OPAQUE16_LEN + dnSz; + len -= (word16)(OPAQUE16_LEN) + dnSz; } #ifdef OPENSSL_EXTRA @@ -31366,6 +31667,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, return CLIENT_CERT_CB_ERROR; } wolfSSL_X509_free(x509); + x509 = NULL; wolfSSL_EVP_PKEY_free(pkey); } @@ -31862,7 +32164,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* get PSK server hint from the wire */ srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, - srvHintLen); + (size_t)(srvHintLen)); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ args->idx += length; break; @@ -32082,7 +32384,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, /* get PSK server hint from the wire */ srvHintLen = (int)min(length, MAX_PSK_ID_LEN); XMEMCPY(ssl->arrays->server_hint, input + args->idx, - srvHintLen); + (size_t)(srvHintLen)); ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */ args->idx += length; @@ -32998,7 +33300,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create private key */ ssl->hsType = DYNAMIC_TYPE_CURVE25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -33049,7 +33351,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create ephemeral private key */ ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -33100,7 +33402,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create private key */ ssl->hsType = DYNAMIC_TYPE_CURVE25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -34837,7 +35139,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */ -#endif /* NO_CERTS */ +#endif /* !NO_CERTS */ #ifdef HAVE_ECC /* returns the WOLFSSL_* version of the curve from the OID sum */ @@ -34924,6 +35226,57 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* HAVE_ECC */ +#ifdef WOLFSSL_HAVE_MLKEM + /* Returns 1 when the given group is a PQC group, 0 otherwise. */ + int NamedGroupIsPqc(int group) + { + switch (group) { + #ifndef WOLFSSL_NO_ML_KEM + case WOLFSSL_ML_KEM_512: + case WOLFSSL_ML_KEM_768: + case WOLFSSL_ML_KEM_1024: + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_KYBER_LEVEL5: + #endif + return 1; + default: + return 0; + } + } + + /* Returns 1 when the given group is a PQC hybrid group, 0 otherwise. */ + int NamedGroupIsPqcHybrid(int group) + { + switch (group) { + #ifndef WOLFSSL_NO_ML_KEM + case WOLFSSL_P256_ML_KEM_768: + case WOLFSSL_X25519_ML_KEM_768: + case WOLFSSL_P384_ML_KEM_1024: + case WOLFSSL_P256_ML_KEM_512: + case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P521_ML_KEM_1024: + case WOLFSSL_X25519_ML_KEM_512: + case WOLFSSL_X448_ML_KEM_768: + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case WOLFSSL_P256_KYBER_LEVEL3: + case WOLFSSL_X25519_KYBER_LEVEL3: + case WOLFSSL_P256_KYBER_LEVEL1: + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P521_KYBER_LEVEL5: + case WOLFSSL_X25519_KYBER_LEVEL1: + case WOLFSSL_X448_KYBER_LEVEL3: + #endif + return 1; + default: + return 0; + } + } +#endif /* WOLFSSL_HAVE_MLKEM */ + int TranslateErrorToAlert(int err) { switch (err) { @@ -35164,7 +35517,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello)) != 0) { @@ -37553,11 +37906,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, { byte b; ProtocolVersion pv; -#ifdef WOLFSSL_SMALL_STACK - Suites* clSuites = NULL; -#else - Suites clSuites[1]; -#endif word32 i = *inOutIdx; word32 begin = i; int ret = 0; @@ -37625,8 +37973,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR) pv.minor = TLSv1_2_MINOR; - lesserVersion = !ssl->options.dtls && ssl->version.minor > pv.minor; - lesserVersion |= ssl->options.dtls && ssl->version.minor < pv.minor; + lesserVersion = (byte)(!ssl->options.dtls && + ssl->version.minor > pv.minor); + lesserVersion |= ssl->options.dtls &&ssl->version.minor < pv.minor; if (lesserVersion) { byte belowMinDowngrade; @@ -37855,40 +38204,40 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto out; } -#ifdef WOLFSSL_SMALL_STACK - clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, DYNAMIC_TYPE_SUITES); - if (clSuites == NULL) { + if (ssl->clSuites == NULL) { ret = MEMORY_E; goto out; } -#endif - XMEMSET(clSuites, 0, sizeof(Suites)); - ato16(&input[i], &clSuites->suiteSz); + XMEMSET(ssl->clSuites, 0, sizeof(Suites)); + ato16(&input[i], &ssl->clSuites->suiteSz); i += OPAQUE16_LEN; /* Cipher suite lists are always multiples of two in length. */ - if (clSuites->suiteSz % 2 != 0) { + if (ssl->clSuites->suiteSz % 2 != 0) { ret = BUFFER_ERROR; goto out; } /* suites and compression length check */ - if ((i - begin) + clSuites->suiteSz + OPAQUE8_LEN > helloSz) { + if ((i - begin) + ssl->clSuites->suiteSz + OPAQUE8_LEN > helloSz) { ret = BUFFER_ERROR; goto out; } - if (clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) { + if (ssl->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) { ret = BUFFER_ERROR; goto out; } - XMEMCPY(clSuites->suites, input + i, clSuites->suiteSz); + XMEMCPY(ssl->clSuites->suites, input + i, ssl->clSuites->suiteSz); #ifdef HAVE_SERVER_RENEGOTIATION_INFO /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ - if (FindSuite(clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { + if (FindSuite(ssl->clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= + 0) { TLSX* extension; /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ @@ -37910,7 +38259,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ #if defined(HAVE_FALLBACK_SCSV) || defined(OPENSSL_ALL) /* check for TLS_FALLBACK_SCSV suite */ - if (FindSuite(clSuites, TLS_FALLBACK_SCSV, 0) >= 0) { + if (FindSuite(ssl->clSuites, TLS_FALLBACK_SCSV, 0) >= 0) { WOLFSSL_MSG("Found Fallback SCSV"); if (ssl->ctx->method->version.minor > pv.minor) { WOLFSSL_MSG("Client trying to connect with lesser version"); @@ -37921,8 +38270,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif - i += clSuites->suiteSz; - clSuites->hashSigAlgoSz = 0; + i += ssl->clSuites->suiteSz; + ssl->clSuites->hashSigAlgoSz = 0; /* compression length */ b = input[i++]; @@ -38009,7 +38358,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef HAVE_TLS_EXTENSIONS /* tls extensions */ if ((ret = TLSX_Parse(ssl, input + i, totalExtSz, client_hello, - clSuites))) + ssl->clSuites))) goto out; #ifdef WOLFSSL_TLS13 if (TLSX_Find(ssl->extensions, @@ -38065,15 +38414,16 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto out; } - clSuites->hashSigAlgoSz = hashSigAlgoSz; - if (clSuites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { + ssl->clSuites->hashSigAlgoSz = hashSigAlgoSz; + if (ssl->clSuites->hashSigAlgoSz > + WOLFSSL_MAX_SIGALGO) { WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, " "truncating"); - clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; + ssl->clSuites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; } - XMEMCPY(clSuites->hashSigAlgo, &input[i], - clSuites->hashSigAlgoSz); + XMEMCPY(ssl->clSuites->hashSigAlgo, &input[i], + ssl->clSuites->hashSigAlgoSz); i += hashSigAlgoSz; } @@ -38084,7 +38434,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, else i += extSz; - totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz; + totalExtSz -= (word16)(OPAQUE16_LEN + OPAQUE16_LEN) + extSz; } #endif *inOutIdx = i; @@ -38104,7 +38454,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* ProcessOld uses same resume code */ WOLFSSL_MSG_EX("ssl->options.resuming %d", ssl->options.resuming); if (ssl->options.resuming) { - ret = HandleTlsResumption(ssl, clSuites); + ret = HandleTlsResumption(ssl, ssl->clSuites); if (ret != 0) goto out; @@ -38140,19 +38490,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif #ifdef OPENSSL_EXTRA - ssl->clSuites = clSuites; /* cppcheck-suppress autoVariables - * - * (suppress warning that ssl, a persistent - * non-local allocation, has its ->clSuites - * set to clSuites, a local stack allocation. - * we clear this assignment before returning.) - */ /* Give user last chance to provide a cert for cipher selection */ if (ret == 0 && ssl->ctx->certSetupCb != NULL) ret = CertSetupCbWrapper(ssl); #endif if (ret == 0) - ret = MatchSuite(ssl, clSuites); + ret = MatchSuite(ssl, ssl->clSuites); #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_ENCRYPT_THEN_MAC) && \ !defined(WOLFSSL_AEAD_ONLY) @@ -38170,11 +38513,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif out: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if !defined(OPENSSL_EXTRA) + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); ssl->clSuites = NULL; -#endif -#ifdef WOLFSSL_SMALL_STACK - XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); #endif WOLFSSL_LEAVE("DoClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); @@ -38709,7 +39050,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (input == NULL) return MEMORY_E; - XMEMCPY(input, output + recordHeaderSz, inputSz); + XMEMCPY(input, output + recordHeaderSz, (size_t)(inputSz)); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, server_hello_done)) != 0) { @@ -39404,8 +39745,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_MSG("Found session matching the session id" " found in the ticket"); /* Allocate and populate an InternalTicket */ + #ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC(sizeof(InternalTicket), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (tmp != NULL && psk->identity != NULL) + { + XMEMCPY(tmp, psk->identity, psk->identityLen); + XFREE(psk->identity, ssl->heap, DYNAMIC_TYPE_TLSX); + psk->identity = NULL; + } + #else tmp = (byte*)XREALLOC(psk->identity, sizeof(InternalTicket), ssl->heap, DYNAMIC_TYPE_TLSX); + #endif if (tmp != NULL) { XMEMSET(tmp, 0, sizeof(InternalTicket)); psk->identity = tmp; @@ -41522,8 +41874,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ret = args->lastErr; args->lastErr = 0; /* reset */ /* On error 'ret' will be negative */ - mask = ((unsigned int)ret >> - ((sizeof(ret) * 8) - 1)) - 1; + mask = (byte)(((unsigned int)ret >> ((sizeof(ret) * 8) - 1)) - 1); /* build PreMasterSecret */ ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; @@ -41962,7 +42313,7 @@ int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe) return 0; } -#endif +#endif /* WOLFSSL_IOTSAFE && HAVE_PK_CALLBACKS */ #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) /* create an instance of WOLFSSL_BY_DIR_HASH structure */ @@ -42051,32 +42402,7 @@ WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_value( WOLFSSL_BY_DIR_HASH* wolfSSL_sk_BY_DIR_HASH_pop( WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_BY_DIR_HASH* hash; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_pop"); - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - hash = sk->data.dir_hash; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.dir_hash = node->data.dir_hash; - sk->next = node->next; - wolfSSL_sk_free_node(node); - } - else { /* last x509 in stack */ - sk->data.dir_hash = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return hash; + return (WOLFSSL_BY_DIR_HASH *)wolfSSL_sk_pop(sk); } /* release all contents in stack, and then release stack itself. */ /* Second argument is a function pointer to release resources. */ @@ -42131,39 +42457,13 @@ void wolfSSL_sk_BY_DIR_HASH_free(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) int wolfSSL_sk_BY_DIR_HASH_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH)* sk, WOLFSSL_BY_DIR_HASH* in) { - WOLFSSL_STACK* node; - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_push"); if (sk == NULL || in == NULL) { return WOLFSSL_FAILURE; } - /* no previous values in stack */ - if (sk->data.dir_hash == NULL) { - sk->data.dir_hash = in; - sk->num += 1; - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_OPENSSL); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->data.dir_hash = sk->data.dir_hash; - node->next = sk->next; - node->type = sk->type; - sk->next = node; - sk->data.dir_hash = in; - sk->num += 1; - - return WOLFSSL_SUCCESS; + return wolfSSL_sk_push(sk, in); } /* create an instance of WOLFSSL_BY_DIR_entry structure */ WOLFSSL_BY_DIR_entry* wolfSSL_BY_DIR_entry_new(void) @@ -42234,32 +42534,7 @@ WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_value( WOLFSSL_BY_DIR_entry* wolfSSL_sk_BY_DIR_entry_pop( WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_BY_DIR_entry* entry; - - WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_pop"); - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - entry = sk->data.dir_entry; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.dir_entry = node->data.dir_entry; - sk->next = node->next; - wolfSSL_sk_free_node(node); - } - else { /* last x509 in stack */ - sk->data.dir_entry = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return entry; + return (WOLFSSL_BY_DIR_entry *)wolfSSL_sk_pop(sk); } /* release all contents in stack, and then release stack itself. */ /* Second argument is a function pointer to release resources. */ @@ -42315,40 +42590,16 @@ void wolfSSL_sk_BY_DIR_entry_free(WOLF_STACK_OF(wolfSSL_BY_DIR_entry) *sk) int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, WOLFSSL_BY_DIR_entry* in) { - WOLFSSL_STACK* node; + WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_push"); if (sk == NULL || in == NULL) { return WOLFSSL_FAILURE; } - /* no previous values in stack */ - if (sk->data.dir_entry == NULL) { - sk->data.dir_entry = in; - sk->num += 1; - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_OPENSSL); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->data.dir_entry = sk->data.dir_entry; - node->next = sk->next; - node->type = sk->type; - sk->next = node; - sk->data.dir_entry = in; - sk->num += 1; - - return WOLFSSL_SUCCESS; + return wolfSSL_sk_push(sk, in); } -#endif /* OPENSSL_ALL */ +#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_FILESYSTEM */ #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) @@ -42487,4 +42738,4 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, #undef ERROR_OUT -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY */ diff --git a/src/src/keys.c b/src/src/keys.c index 4ff687e..8f8d2eb 100644 --- a/src/src/keys.c +++ b/src/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,11 +22,7 @@ /* Name change compatibility layer no longer needs to be included here */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) @@ -128,6 +124,9 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite, } #endif /* NO_WOLFSSL_CLIENT */ + /* Initialize specs */ + XMEMSET(specs, 0, sizeof(CipherSpecs)); + /* Chacha extensions, 0xcc */ if (cipherSuite0 == CHACHA_BYTE) { @@ -3908,7 +3907,8 @@ int DeriveKeys(WOLFSSL* ssl) XMEMCPY(shaInput + idx, ssl->arrays->clientRandom, RAN_LEN); if (ret == 0) { ret = wc_ShaUpdate(sha, shaInput, - (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + j); + (KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN) - KEY_PREFIX + + (word32)(j)); } if (ret == 0) { ret = wc_ShaFinal(sha, shaOutput); @@ -3942,12 +3942,13 @@ int DeriveKeys(WOLFSSL* ssl) static int CleanPreMaster(WOLFSSL* ssl) { - int i, ret, sz = ssl->arrays->preMasterSz; + int i, ret, sz = (int)(ssl->arrays->preMasterSz); for (i = 0; i < sz; i++) ssl->arrays->preMasterSecret[i] = 0; - ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); + ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, + (word32)(sz)); if (ret != 0) return ret; @@ -4035,8 +4036,8 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) } idx = 0; - XMEMCPY(shaInput, prefix, i + 1); - idx += i + 1; + XMEMCPY(shaInput, prefix, (size_t)(i + 1)); + idx += (word32)(i + 1); XMEMCPY(shaInput + idx, ssl->arrays->preMasterSecret, pmsSz); idx += pmsSz; diff --git a/src/src/ocsp.c b/src/src/ocsp.c index cf824f6..c90936a 100644 --- a/src/src/ocsp.c +++ b/src/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* Name change compatibility layer no longer needs to be included here */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - /* * WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK: * Disable looking for an authorized responder in the verification path of @@ -333,7 +328,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, ocspResponse->pendingCAs = TLSX_CSR2_GetPendingSigners(((WOLFSSL*)ocspRequest->ssl)->extensions); } #endif - ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0); + ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0, 0); if (ret != 0) { ocsp->error = ret; WOLFSSL_LEAVE("OcspResponseDecode failed", ocsp->error); @@ -480,31 +475,6 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, ioCtx = (ssl && ssl->ocspIOCtx != NULL) ? ssl->ocspIOCtx : ocsp->cm->ocspIOCtx; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - if (ocsp->statusCb != NULL && ssl != NULL) { - WOLFSSL_MSG("Calling ocsp->statusCb"); - ret = ocsp->statusCb(ssl, ioCtx); - switch (ret) { - case SSL_TLSEXT_ERR_OK: - ret = wolfSSL_get_ocsp_response(ssl, &response); - ret = CheckOcspResponse(ocsp, response, ret, responseBuffer, - status, entry, NULL, heap); - XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); - break; - case SSL_TLSEXT_ERR_NOACK: - ret = OCSP_LOOKUP_FAIL; - break; - case SSL_TLSEXT_ERR_ALERT_FATAL: - default: - WOLFSSL_LEAVE("CheckOcspRequest", ocsp->error); - ret = WOLFSSL_FATAL_ERROR; - break; - } - WOLFSSL_LEAVE("CheckOcspRequest", ret); - return ret; - } -#endif - if (ocsp->cm->ocspUseOverrideURL) { url = ocsp->cm->ocspOverrideURL; if (url != NULL && url[0] != '\0') @@ -656,9 +626,6 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp) if (!passed) { WOLFSSL_MSG("\tOCSP Responder not authorized"); -#ifdef OPENSSL_EXTRA - bs->verifyError = OCSP_BAD_ISSUER; -#endif ret = BAD_OCSP_RESPONDER; break; } @@ -755,13 +722,23 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( WOLFSSL_CERT_MANAGER* cm = NULL; int ret = -1; DerBuffer* derCert = NULL; + int dgstType; #ifdef WOLFSSL_SMALL_STACK DecodedCert *cert = NULL; #else DecodedCert cert[1]; #endif - (void)dgst; + if (dgst == NULL) { + dgstType = WC_HASH_TYPE_SHA; + } + else if (wolfSSL_EVP_get_hashinfo(dgst, &dgstType, NULL) != + WOLFSSL_SUCCESS) { + return NULL; + } + + if (dgstType != OCSP_DIGEST) + return NULL; cm = wolfSSL_CertManagerNew(); if (cm == NULL @@ -813,6 +790,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( goto out; } else { + certId->hashAlgoOID = wc_HashGetOID(OCSP_DIGEST); XMEMCPY(certId->issuerHash, cert->issuerHash, OCSP_DIGEST_SIZE); XMEMCPY(certId->issuerKeyHash, cert->issuerKeyHash, OCSP_DIGEST_SIZE); XMEMCPY(certId->status->serial, cert->serial, (size_t)cert->serialSz); @@ -850,79 +828,246 @@ void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse) wolfSSL_OCSP_RESPONSE_free(basicResponse); } -/* Signature verified in DecodeBasicOcspResponse. - * But no store available to verify certificate. */ -int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, - WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags) +/* Calculate ancode CertID DER encoding following RFC 6960: + CertID ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + issuerNameHash OCTET STRING, + issuerKeyHash OCTET STRING, + serialNumber CertificateSerialNumber } +*/ +static int OcspEncodeCertID(WOLFSSL_OCSP_CERTID* id, byte* output, + word32* totalSz, word32* intSize) { - int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); -#ifdef WOLFSSL_SMALL_STACK - DecodedCert *cert; -#else - DecodedCert cert[1]; -#endif - byte certInit = 0; - int idx; + word32 idx = 0; + int ret; - (void)certs; + if (id == NULL || totalSz == NULL || intSize == NULL || + (output != NULL && (*totalSz == 0 || *totalSz <= *intSize))) + return BAD_FUNC_ARG; - if (flags & WOLFSSL_OCSP_NOVERIFY) - return WOLFSSL_SUCCESS; + if (output != NULL) { + ret = SetSequence(*intSize, output); + if (ret < 0) + return ret; + idx += ret; + } -#ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert *) - XMALLOC(sizeof(*cert), (st && st->cm) ? st->cm->heap : NULL, - DYNAMIC_TYPE_DCERT); - if (cert == NULL) - return WOLFSSL_FAILURE; -#endif + ret = SetAlgoID(id->hashAlgoOID, ((output != NULL) ? output + idx : output), + oidHashType, 0); + if (ret <= 0) + return -1; + idx += ret; - if (bs->verifyError != OCSP_VERIFY_ERROR_NONE) - goto out; + /* issuerNameHash */ + ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output)); + if (ret < 0) + return ret; + idx += ret; + if (output != NULL) + XMEMCPY(output + idx, id->issuerHash, OCSP_DIGEST_SIZE); + idx += OCSP_DIGEST_SIZE; + + /* issuerKeyHash */ + ret = SetOctetString(OCSP_DIGEST_SIZE, ((output != NULL) ? output + idx : output)); + if (ret < 0) + return ret; + idx += ret; + if (output != NULL) + XMEMCPY(output + idx, id->issuerKeyHash, OCSP_DIGEST_SIZE); + idx += OCSP_DIGEST_SIZE; + + /* serialNumber */ + ret = SetASNInt(id->status->serialSz, id->status->serial[0], ((output != NULL) ? output + idx : output)); + if (ret < 0) + return ret; + idx += ret; + if (output != NULL) + XMEMCPY(output + idx, id->status->serial, id->status->serialSz); + idx += id->status->serialSz; - if (flags & WOLFSSL_OCSP_TRUSTOTHER) { - for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) { - WOLFSSL_X509* x = wolfSSL_sk_X509_value(certs, idx); - int derSz = 0; - const byte* der = wolfSSL_X509_get_der(x, &derSz); - if (der != NULL && derSz == (int)bs->certSz && - XMEMCMP(bs->cert, der, (size_t)derSz) == 0) { - ret = WOLFSSL_SUCCESS; - goto out; - } + if (output == NULL) { + *intSize = idx; + ret = SetSequence(idx, NULL); + if (ret < 0) + return ret; + idx += ret; + *totalSz = idx; + } + else if (idx != *totalSz) { + return BUFFER_E; + } + + return 0; +} + +static int OcspRespIdMatches(OcspResponse* resp, const byte* NameHash, + const byte* keyHash) +{ + if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) { + return XMEMCMP(NameHash, resp->responderId.nameHash, + SIGNER_DIGEST_SIZE) == 0; + } + else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) { + return XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0; + } + + return 0; +} + +static int OcspFindSigner(WOLFSSL_OCSP_BASICRESP *resp, + WOLF_STACK_OF(WOLFSSL_X509) *certs, DecodedCert **signer, int *embedded, + unsigned long flags) +{ + WOLFSSL_X509 *signer_x509 = NULL; + DecodedCert *certDecoded; + int i; + + certDecoded = (DecodedCert *)XMALLOC(sizeof(*certDecoded), resp->heap, + DYNAMIC_TYPE_DCERT); + if (certDecoded == NULL) + return MEMORY_E; + + for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) { + signer_x509 = wolfSSL_sk_X509_value(certs, i); + if (signer_x509 == NULL) + continue; + + InitDecodedCert(certDecoded, signer_x509->derCert->buffer, + signer_x509->derCert->length, resp->heap); + if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY, + NULL, NULL) == 0) { + if (OcspRespIdMatches(resp, certDecoded->subjectHash, + certDecoded->subjectKeyHash)) { + *signer = certDecoded; + *embedded = 0; + return 0; + } } + FreeDecodedCert(certDecoded); } - InitDecodedCert(cert, bs->cert, bs->certSz, NULL); - certInit = 1; - if (ParseCertRelative(cert, CERT_TYPE, VERIFY, st->cm, NULL) < 0) - goto out; + if (flags & WOLFSSL_OCSP_NOINTERN) { + XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT); + return ASN_NO_SIGNER_E; + } - if (!(flags & WOLFSSL_OCSP_NOCHECKS)) { - if (CheckOcspResponder(bs, cert, st->cm) != 0) - goto out; + /* not found in certs, search the cert embedded in the response */ + InitDecodedCert(certDecoded, resp->cert, resp->certSz, resp->heap); + if (ParseCertRelative(certDecoded, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) { + if (OcspRespIdMatches(resp, certDecoded->subjectHash, + certDecoded->subjectKeyHash)) { + *signer = certDecoded; + *embedded = 1; + return 0; + } } + FreeDecodedCert(certDecoded); - ret = WOLFSSL_SUCCESS; -out: - if (certInit) - FreeDecodedCert(cert); + XFREE(certDecoded, resp->heap, DYNAMIC_TYPE_DCERT); + return ASN_NO_SIGNER_E; +} +static int OcspVerifySigner(WOLFSSL_OCSP_BASICRESP *resp, DecodedCert *cert, + WOLFSSL_X509_STORE *st, unsigned long flags) +{ #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, (st && st->cm) ? st->cm->heap : NULL, DYNAMIC_TYPE_DCERT); + DecodedCert *c = NULL; +#else + DecodedCert c[1]; +#endif + + int ret = -1; + if (st == NULL) + return ASN_OCSP_CONFIRM_E; + +#ifdef WOLFSSL_SMALL_STACK + c = (DecodedCert *)XMALLOC(sizeof(*c), NULL, DYNAMIC_TYPE_DCERT); + if (c == NULL) + return MEMORY_E; #endif + InitDecodedCert(c, cert->source, cert->maxIdx, NULL); + if (ParseCertRelative(c, CERT_TYPE, VERIFY, st->cm, NULL) != 0) { + ret = ASN_OCSP_CONFIRM_E; + goto err; + } +#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK + if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) { + ret = CheckOcspResponder(resp, c, st->cm); + } + else { + ret = 0; + } +#else + (void)resp; + (void)flags; + ret = 0; +#endif + +err: + FreeDecodedCert(c); +#ifdef WOLFSSL_SMALL_STACK + XFREE(c, NULL, DYNAMIC_TYPE_DCERT); +#endif return ret; } +/* Signature verified in DecodeBasicOcspResponse. + * But no store available to verify certificate. */ +int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP* bs, + WOLF_STACK_OF(WOLFSSL_X509) * certs, WOLFSSL_X509_STORE* st, + unsigned long flags) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int embedded; + DecodedCert *cert = NULL; + + ret = OcspFindSigner(bs, certs, &cert, &embedded, flags); + if (ret != 0) { + WOLFSSL_MSG("OCSP no signer found"); + return WOLFSSL_FAILURE; + } + + /* skip certificate verification if cert in certs and TRUST_OTHER is true */ + if (!embedded && (flags & WOLFSSL_OCSP_TRUSTOTHER) != 0) + flags |= WOLFSSL_OCSP_NOVERIFY; + + /* verify response signature */ + ret = ConfirmSignature( + &cert->sigCtx, + bs->response, bs->responseSz, + cert->publicKey, cert->pubKeySize, cert->keyOID, + bs->sig, bs->sigSz, bs->sigOID, bs->sigParams, bs->sigParamsSz, + NULL); + + if (ret != 0) { + WOLFSSL_MSG("OCSP signature verification failed"); + ret = -1; + goto err; + } + + if ((flags & WOLFSSL_OCSP_NOVERIFY) == 0) { + ret = OcspVerifySigner(bs, cert, st, flags); + } + +err: + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response) { + OcspEntry *s, *sNext; if (response == NULL) return; - if (response->single != NULL) { - FreeOcspEntry(response->single, NULL); - XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + + s = response->single; + while (s != NULL) { + sNext = s->next; + FreeOcspEntry(s, NULL); + XFREE(s, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + s = sNext; } XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1045,7 +1190,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, XMEMCPY(resp->source, *data, (size_t)len); resp->maxIdx = (word32)len; - ret = OcspResponseDecode(resp, NULL, NULL, 1); + ret = OcspResponseDecode(resp, NULL, NULL, 1, 1); if (ret != 0 && ret != WC_NO_ERR_TRACE(ASN_OCSP_CONFIRM_E)) { /* for just converting from a DER to an internal structure the CA may * not yet be known to this function for signature verification */ @@ -1100,27 +1245,9 @@ const char *wolfSSL_OCSP_response_status_str(long s) WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response) { WOLFSSL_OCSP_BASICRESP* bs; + const unsigned char *ptr = response->source; - bs = (WOLFSSL_OCSP_BASICRESP*)XMALLOC(sizeof(WOLFSSL_OCSP_BASICRESP), NULL, - DYNAMIC_TYPE_OCSP_REQUEST); - if (bs == NULL) - return NULL; - - XMEMCPY(bs, response, sizeof(OcspResponse)); - bs->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, - DYNAMIC_TYPE_OCSP_ENTRY); - bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (bs->single == NULL || bs->source == NULL) { - XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); - bs->single = NULL; - wolfSSL_OCSP_RESPONSE_free(bs); - bs = NULL; - } - else { - XMEMCPY(bs->single, response->single, sizeof(OcspEntry)); - XMEMCPY(bs->source, response->source, response->maxIdx); - bs->single->ownStatus = 0; - } + bs = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, response->maxIdx); return bs; } @@ -1235,22 +1362,59 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, unsigned char** data) { - if (id == NULL || data == NULL) - return WOLFSSL_FAILURE; + int allocated = 0; + word32 derSz = 0; + word32 intSz = 0; + int ret; + WOLFSSL_ENTER("wolfSSL_i2d_OCSP_CERTID"); - if (*data != NULL) { - XMEMCPY(*data, id->rawCertId, (size_t)id->rawCertIdSize); - *data = *data + id->rawCertIdSize; + if (id == NULL) + return -1; + + if (id->rawCertId != NULL) { + derSz = id->rawCertIdSize; } else { - *data = (unsigned char*)XMALLOC((size_t)id->rawCertIdSize, NULL, DYNAMIC_TYPE_OPENSSL); + ret = OcspEncodeCertID(id, NULL, &derSz, &intSz); + if (ret != 0) { + WOLFSSL_MSG("Failed to calculate CertID size"); + return -1; + } + } + + if (data == NULL) { + return derSz; + } + + if (*data == NULL) { + /* Allocate buffer for DER encoding */ + *data = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); if (*data == NULL) { - return WOLFSSL_FAILURE; + WOLFSSL_MSG("Failed to allocate memory for CertID DER encoding"); + return -1; } - XMEMCPY(*data, id->rawCertId, (size_t)id->rawCertIdSize); + allocated = 1; } - return id->rawCertIdSize; + if (id->rawCertId != NULL) { + XMEMCPY(*data, id->rawCertId, id->rawCertIdSize); + } + else { + ret = OcspEncodeCertID(id, *data, &derSz, &intSz); + if (ret < 0) { + WOLFSSL_MSG("Failed to encode CertID"); + if (allocated) { + XFREE(*data, NULL, DYNAMIC_TYPE_OPENSSL); + *data = NULL; + } + return -1; + } + } + + if (!allocated) + *data += derSz; + + return derSz; } WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, @@ -1258,44 +1422,50 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, int length) { WOLFSSL_OCSP_CERTID *cid = NULL; + int isAllocated = 0; + word32 idx = 0; + int ret; - if ((cidOut != NULL) && (derIn != NULL) && (*derIn != NULL) && - (length > 0)) { + if (derIn == NULL || *derIn == NULL || length <= 0) + return NULL; + if (cidOut != NULL && *cidOut != NULL) { cid = *cidOut; + FreeOcspEntry(cid, NULL); + } + else { + cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, + DYNAMIC_TYPE_OPENSSL); + if (cid == NULL) + return NULL; + isAllocated = 1; + } - /* If a NULL is passed we allocate the memory for the caller. */ - if (cid == NULL) { - cid = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*cid), NULL, - DYNAMIC_TYPE_OPENSSL); - } - else if (cid->rawCertId != NULL) { - XFREE(cid->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL); - cid->rawCertId = NULL; - cid->rawCertIdSize = 0; - } - - if (cid != NULL) { - cid->rawCertId = (byte*)XMALLOC((size_t)length + 1, NULL, DYNAMIC_TYPE_OPENSSL); - if (cid->rawCertId != NULL) { - XMEMCPY(cid->rawCertId, *derIn, (size_t)length); - cid->rawCertIdSize = length; - - /* Per spec. advance past the data that is being returned - * to the caller. */ - *cidOut = cid; - *derIn = *derIn + length; + XMEMSET(cid, 0, sizeof(WOLFSSL_OCSP_CERTID)); + cid->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + DYNAMIC_TYPE_OCSP_STATUS); + if (cid->status == NULL) { + XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + XMEMSET(cid->status, 0, sizeof(CertStatus)); + cid->ownStatus = 1; - return cid; - } + ret = OcspDecodeCertID(*derIn, &idx, length, cid); + if (ret != 0) { + FreeOcspEntry(cid, NULL); + if (isAllocated) { + XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL); } + return NULL; } - if ((cid != NULL) && ((cidOut == NULL) || (cid != *cidOut))) { - XFREE(cid, NULL, DYNAMIC_TYPE_OPENSSL); - } + *derIn += idx; - return NULL; + if (isAllocated && cidOut != NULL) + *cidOut = cid; + + return cid; } const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id( diff --git a/src/src/pk.c b/src/src/pk.c index 6c55bee..3136cf9 100644 --- a/src/src/pk.c +++ b/src/src/pk.c @@ -1,6 +1,6 @@ /* pk.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #include #ifndef WC_NO_RNG @@ -414,7 +410,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, if (ret == 0) { /* Generate a random salt. */ - if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) { + if (wolfSSL_RAND_bytes(info->iv, (int)info->ivSz) != 1) { WOLFSSL_MSG("generate iv failed"); ret = WOLFSSL_FATAL_ERROR; } @@ -422,7 +418,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, if (ret == 0) { /* Calculate padding size - always a padding block. */ - paddingSz = info->ivSz - ((*derSz) % info->ivSz); + paddingSz = (int)info->ivSz - ((*derSz) % (int)info->ivSz); /* Check der is big enough. */ if (maxDerSz < (*derSz) + paddingSz) { WOLFSSL_MSG("not enough DER buffer allocated"); @@ -431,7 +427,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, } if (ret == 0) { /* Set padding bytes to padding length. */ - XMEMSET(der + (*derSz), (byte)paddingSz, paddingSz); + XMEMSET(der + (*derSz), (byte)paddingSz, (size_t)paddingSz); /* Add padding to DER size. */ (*derSz) += (int)paddingSz; @@ -518,8 +514,19 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz, byte *tmpBuf; /* Add space for padding. */ + #ifdef WOLFSSL_NO_REALLOC + tmpBuf = (byte*)XMALLOC((size_t)(derSz + blockSz), heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpBuf != NULL && der != NULL) + { + XMEMCPY(tmpBuf, der, (size_t)(derSz)); + XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + } + #else tmpBuf = (byte*)XREALLOC(der, (size_t)(derSz + blockSz), heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif if (tmpBuf == NULL) { WOLFSSL_ERROR_MSG("Extending DER buffer failed"); ret = 0; /* der buffer is free'd at the end of the function */ @@ -724,7 +731,7 @@ static int wolfssl_print_indent(WOLFSSL_BIO* bio, char* line, int lineLen, if (indent > 0) { /* Print indent spaces. */ int len_wanted = XSNPRINTF(line, (size_t)lineLen, "%*s", indent, " "); - if (len_wanted >= lineLen) { + if ((len_wanted < 0) || (len_wanted >= lineLen)) { WOLFSSL_ERROR_MSG("Buffer overflow formatting indentation"); ret = 0; } @@ -1547,7 +1554,11 @@ static int wolfssl_read_der_bio(WOLFSSL_BIO* bio, unsigned char** out) WOLFSSL_ERROR_MSG("Malloc failure"); err = 1; } - if (!err) { + if ((!err) && (derLen <= (int)sizeof(seq))) { + /* Copy the previously read data into the buffer. */ + XMEMCPY(der, seq, derLen); + } + else if (!err) { /* Calculate the unread amount. */ int len = derLen - (int)sizeof(seq); /* Copy the previously read data into the buffer. */ @@ -5630,7 +5641,8 @@ static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig, ret = dLen == WC_SHA_DIGEST_SIZE ? wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG; #else - ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck); + ret = wc_DsaVerify_ex(d, (word32)dLen, sig, (DsaKey*)dsa->internal, + dsacheck); #endif if (ret != 0) { WOLFSSL_MSG("DsaVerify failed"); @@ -9475,16 +9487,16 @@ int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid * is just the numerical representation. */ - if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0) + if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0) return WOLFSSL_FATAL_ERROR; - len = SetObjectId(oidSz, NULL) + oidSz; + len = SetObjectId((int)oidSz, NULL) + (int)oidSz; if (pp == NULL) return len; if (*pp == NULL) { - out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (out == NULL) return WOLFSSL_FATAL_ERROR; } @@ -9492,7 +9504,7 @@ int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) out = *pp; } - idx = SetObjectId(oidSz, out); + idx = SetObjectId((int)oidSz, out); XMEMCPY(out + idx, oid, oidSz); if (*pp == NULL) *pp = out; @@ -10273,7 +10285,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8; if (hex[0] == '0' && hex[1] == '4') { /* uncompressed mode */ - str_sz = key_sz * 2; + str_sz = (size_t)key_sz * 2; XMEMSET(strGx, 0x0, str_sz + 1); XMEMCPY(strGx, hex + 2, str_sz); @@ -10299,7 +10311,7 @@ WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) { goto err; } - if (wolfSSL_ECPoint_d2i(octGx, key_sz + 1, group, p) + if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p) != WOLFSSL_SUCCESS) { goto err; } @@ -12234,7 +12246,7 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out) if (ret == 1) { #ifdef HAVE_COMP_KEY /* Default to compressed form if not set */ - form = (key->form != WC_POINT_CONVERSION_UNCOMPRESSED) ? + form = (key->form == WC_POINT_CONVERSION_UNCOMPRESSED) ? WC_POINT_CONVERSION_UNCOMPRESSED : WC_POINT_CONVERSION_COMPRESSED; #endif @@ -12361,7 +12373,7 @@ WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key, * * @param [in] key EC key to encode. * @param [in, out] out On in, reference to buffer to place DER encoding into. - * On out, reference to buffer adter the encoding. + * On out, reference to buffer after the encoding. * May be NULL. * @return Length of DER encoding on success. * @return 0 on error. @@ -14652,6 +14664,13 @@ int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz, res = 0; } if (res) { + #ifdef WOLFSSL_CURVE25519_BLINDING + /* An RNG is needed. */ + if (wc_curve25519_set_rng(&privkey, wolfssl_make_global_rng()) != 0) { + res = 0; + } + else + #endif /* Initialize public key object. */ if (wc_curve25519_init(&pubkey) != MP_OKAY) { WOLFSSL_MSG("wc_curve25519_init pubkey failed"); @@ -15473,7 +15492,7 @@ int wolfSSL_PEM_def_callback(char* buf, int num, int rwFlag, void* userData) if ((buf != NULL) && (userData != NULL)) { sz = (int)XSTRLEN((const char*)userData); sz = (int)min((word32)sz, (word32)num); - XMEMCPY(buf, userData, sz); + XMEMCPY(buf, userData, (size_t)sz); } else { WOLFSSL_MSG("Error, default password cannot be created."); @@ -15967,7 +15986,7 @@ static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix, /* Find prefix part. */ for (; idx < pemLen - prefixLen; idx++) { if ((pem[idx] == prefix[0]) && - (XMEMCMP(pem + idx, prefix, prefixLen) == 0)) { + (XMEMCMP(pem + idx, prefix, (size_t)prefixLen) == 0)) { idx += prefixLen; *start = idx; break; @@ -15976,7 +15995,7 @@ static void pem_find_pattern(char* pem, int pemLen, int idx, const char* prefix, /* Find postfix part. */ for (; idx < pemLen - postfixLen; idx++) { if ((pem[idx] == postfix[0]) && - (XMEMCMP(pem + idx, postfix, postfixLen) == 0)) { + (XMEMCMP(pem + idx, postfix, (size_t)postfixLen) == 0)) { *len = idx - *start; break; } @@ -16012,7 +16031,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, /* Find header. */ pem_find_pattern(pem, pemLen, 0, PEM_BEGIN, PEM_HDR_FIN, &start, &nameLen); /* Allocate memory for header name. */ - *name = (char*)XMALLOC(nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *name = (char*)XMALLOC((size_t)nameLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*name == NULL) { ret = MEMORY_E; } @@ -16023,7 +16042,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, ret = ASN_NO_PEM_HEADER; } else { - XMEMCPY(*name, pem + start, nameLen); + XMEMCPY(*name, pem + start, (size_t)nameLen); } } if (ret == 0) { @@ -16035,7 +16054,8 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, hdrLen++; } /* Allocate memory for encryption header string. */ - *header = (char*)XMALLOC(hdrLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *header = (char*)XMALLOC((size_t)hdrLen + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (*header == NULL) { ret = MEMORY_E; } @@ -16044,7 +16064,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, /* Put in encryption header string. */ (*header)[hdrLen] = '\0'; if (hdrLen > 0) { - XMEMCPY(*header, pem + startHdr, hdrLen); + XMEMCPY(*header, pem + startHdr, (size_t)hdrLen); start = startHdr + hdrLen + 1; } @@ -16053,7 +16073,7 @@ static int pem_read_data(char* pem, int pemLen, char **name, char **header, &endLen); /* Validate header name and footer name are the same. */ if ((endLen != nameLen) || - (XMEMCMP(*name, pem + startEnd, nameLen) != 0)) { + (XMEMCMP(*name, pem + startEnd, (size_t)nameLen) != 0)) { ret = ASN_NO_PEM_HEADER; } } @@ -16103,13 +16123,13 @@ static int pem_write_data(const char *name, const char *header, pemLen = (derLen + 2) / 3 * 4; pemLen += (pemLen + 63) / 64; /* Header */ - pemLen += PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + pemLen += (word32)(PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ); if (headerLen > 0) { /* Encryption lines plus extra carriage return. */ - pemLen += headerLen + 1; + pemLen += (word32)headerLen + 1; } /* Trailer */ - pemLen += PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; + pemLen += (word32)(PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ); pem = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { @@ -16121,14 +16141,14 @@ static int pem_write_data(const char *name, const char *header, /* Add header. */ XMEMCPY(p, PEM_BEGIN, PEM_BEGIN_SZ); p += PEM_BEGIN_SZ; - XMEMCPY(p, name, nameLen); + XMEMCPY(p, name, (size_t)nameLen); p += nameLen; XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ); p += PEM_HDR_FIN_EOL_SZ; if (headerLen > 0) { /* Add encryption header. */ - XMEMCPY(p, header, headerLen); + XMEMCPY(p, header, (size_t)headerLen); p += headerLen; /* Blank line after a header and before body. */ *(p++) = '\n'; @@ -16144,7 +16164,7 @@ static int pem_write_data(const char *name, const char *header, /* Add trailer. */ XMEMCPY(p, PEM_END, PEM_END_SZ); p += PEM_END_SZ; - XMEMCPY(p, name, nameLen); + XMEMCPY(p, name, (size_t)nameLen); p += nameLen; XMEMCPY(p, PEM_HDR_FIN_EOL_NEWLINE, PEM_HDR_FIN_EOL_SZ); p += PEM_HDR_FIN_EOL_SZ; @@ -16153,6 +16173,11 @@ static int pem_write_data(const char *name, const char *header, *pemOut = pem; *pemOutLen = (word32)((size_t)p - (size_t)pem); } + else { + /* Dispose of any allocated memory. */ + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pem = NULL; + } return ret; } @@ -16192,13 +16217,13 @@ int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, } if ((res == 1) && (!memAlloced)) { /* Need to return allocated memory - make sure it is allocated. */ - char* p = (char*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + char* p = (char*)XMALLOC((size_t)pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (p == NULL) { res = 0; } else { /* Copy the data into new buffer. */ - XMEMCPY(p, pem, pemLen); + XMEMCPY(p, pem, (size_t)pemLen); pem = p; } } @@ -16250,7 +16275,7 @@ int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name, } XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return (!err) ? pemLen : 0; + return (!err) ? (int)pemLen : 0; } #endif /* !NO_BIO */ @@ -16475,7 +16500,8 @@ int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, if (ret == 0) { /* Encrypt private into buffer. */ - ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, + ret = TraditionalEnc((byte*)pkey->pkey.ptr + pkey->pkcs8HeaderSz, + (word32)pkey->pkey_sz - pkey->pkcs8HeaderSz, key, keySz, passwd, passwdSz, PKCS5, PBES2, encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL); if (ret > 0) { @@ -16509,7 +16535,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (pkey->type == WC_EVP_PKEY_EC) { /* ECC private and get curve OID information. */ algId = ECDSAk; - ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, + ret = wc_ecc_get_oid((word32)pkey->ecc->group->curve_oid, &curveOid, &oidSz); } else @@ -16536,7 +16562,7 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (keySz == NULL) return BAD_FUNC_ARG; - *keySz = pkey->pkey_sz; + *keySz = (word32)pkey->pkey_sz; if (key == NULL) return LENGTH_ONLY_E; @@ -16556,8 +16582,9 @@ int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) if (ret >= 0) { /* Encode private key in PKCS#8 format. */ - ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr, - pkey->pkey_sz, algId, curveOid, oidSz); + ret = wc_CreatePKCS8Key(key, keySz, (byte*)pkey->pkey.ptr + + pkey->pkcs8HeaderSz, (word32)pkey->pkey_sz - pkey->pkcs8HeaderSz, + algId, curveOid, oidSz); } return ret; diff --git a/src/src/quic.c b/src/src/quic.c index 64cf14f..5791a7d 100644 --- a/src/src/quic.c +++ b/src/src/quic.c @@ -1,6 +1,6 @@ /* quic.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* Name change compatibility layer no longer needs to be included here */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #ifdef NO_INLINE #include #else @@ -154,17 +150,15 @@ static int quic_record_append(WOLFSSL *ssl, QuicRecord *qr, const uint8_t *data, } } - if (quic_record_complete(qr) || len == 0) { - return 0; - } - - missing = qr->len - qr->end; - if (len > missing) { - len = missing; + if (!quic_record_complete(qr) && len != 0) { + missing = qr->len - qr->end; + if (len > missing) { + len = missing; + } + XMEMCPY(qr->data + qr->end, data, len); + qr->end += (word32)len; + consumed += len; } - XMEMCPY(qr->data + qr->end, data, len); - qr->end += (word32)len; - consumed += len; cleanup: *pconsumed = (ret == WOLFSSL_SUCCESS) ? consumed : 0; @@ -927,8 +921,12 @@ int wolfSSL_quic_forward_secrets(WOLFSSL* ssl, int ktype, int side) goto cleanup; } - ret = !ssl->quic.method->set_encryption_secrets( - ssl, level, rx_secret, tx_secret, ssl->specs.hash_size); + if(!ssl->quic.method->set_encryption_secrets( + ssl, level, rx_secret, tx_secret, ssl->specs.hash_size)) { + WOLFSSL_MSG("WOLFSSL_QUIC_FORWARD_SECRETS failed"); + ret = WOLFSSL_FATAL_ERROR; + goto cleanup; + } /* Having installed the secrets, any future read/write will happen * at the level. Except early data, which is detected on the record diff --git a/src/src/sniffer.c b/src/src/sniffer.c index a3814a4..4d0c8e1 100644 --- a/src/src/sniffer.c +++ b/src/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include +#include #ifdef WOLFSSL_ASYNC_CRYPT #include diff --git a/src/src/ssl.c b/src/src/ssl.c index c38fcbf..0b74065 100644 --- a/src/src/ssl.c +++ b/src/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XISASCII */ #define _GNU_SOURCE 1 @@ -202,79 +198,20 @@ * * For OpenSSL compatibility. * - * This function shouldn't exist! - * Uses defines in wolfssl/openssl/evp.h. - * Uses EccEnumToNID which uses defines in wolfssl/openssl/ec.h. - * * @param [in] sn Short name of OID. * @return NID corresponding to shortname on success. * @return WC_NID_undef when not recognized. */ int wc_OBJ_sn2nid(const char *sn) { - const struct { - const char *sn; - int nid; - } sn2nid[] = { -#ifndef NO_CERTS - {WOLFSSL_COMMON_NAME, WC_NID_commonName}, - {WOLFSSL_COUNTRY_NAME, WC_NID_countryName}, - {WOLFSSL_LOCALITY_NAME, WC_NID_localityName}, - {WOLFSSL_STATE_NAME, WC_NID_stateOrProvinceName}, - {WOLFSSL_ORG_NAME, WC_NID_organizationName}, - {WOLFSSL_ORGUNIT_NAME, WC_NID_organizationalUnitName}, - #ifdef WOLFSSL_CERT_NAME_ALL - {WOLFSSL_NAME, WC_NID_name}, - {WOLFSSL_INITIALS, WC_NID_initials}, - {WOLFSSL_GIVEN_NAME, WC_NID_givenName}, - {WOLFSSL_DNQUALIFIER, WC_NID_dnQualifier}, - #endif - {WOLFSSL_EMAIL_ADDR, WC_NID_emailAddress}, -#endif - {"SHA1", WC_NID_sha1}, - {NULL, -1}}; - int i; -#ifdef HAVE_ECC - char curveName[ECC_MAXNAME + 1]; - int eccEnum; -#endif - + const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info; + size_t i; WOLFSSL_ENTER("wc_OBJ_sn2nid"); - - for(i=0; sn2nid[i].sn != NULL; i++) { - if (XSTRCMP(sn, sn2nid[i].sn) == 0) { - return sn2nid[i].nid; - } + for (i = 0; i < wolfssl_object_info_sz; i++, obj_info++) { + if (XSTRCMP(sn, obj_info->sName) == 0) + return obj_info->nid; } - -#ifdef HAVE_ECC - if (XSTRLEN(sn) > ECC_MAXNAME) - return WC_NID_undef; - - /* Nginx uses this OpenSSL string. */ - if (XSTRCMP(sn, "prime256v1") == 0) - sn = "SECP256R1"; - /* OpenSSL allows lowercase curve names */ - for (i = 0; i < (int)(sizeof(curveName) - 1) && *sn; i++) { - curveName[i] = (char)XTOUPPER((unsigned char) *sn++); - } - curveName[i] = '\0'; - /* find based on name and return NID */ - for (i = 0; -#ifndef WOLFSSL_ECC_CURVE_STATIC - ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; -#else - ecc_sets[i].size != 0; -#endif - i++) { - if (XSTRCMP(curveName, ecc_sets[i].name) == 0) { - eccEnum = ecc_sets[i].id; - /* Convert enum value in ecc_curve_id to OpenSSL NID */ - return EccEnumToNID(eccEnum); - } - } -#endif /* HAVE_ECC */ - + WOLFSSL_MSG("short name not found in table"); return WC_NID_undef; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -423,6 +360,8 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, { int ret = 0; word16 encLen = DHKEM_X25519_ENC_LEN; + WOLFSSL_EchConfig* newConfig; + WOLFSSL_EchConfig* parentConfig; #ifdef WOLFSSL_SMALL_STACK Hpke* hpke = NULL; WC_RNG* rng; @@ -447,16 +386,16 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, return ret; } - ctx->echConfigs = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), + newConfig = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ctx->echConfigs == NULL) + if (newConfig == NULL) ret = MEMORY_E; else - XMEMSET(ctx->echConfigs, 0, sizeof(WOLFSSL_EchConfig)); + XMEMSET(newConfig, 0, sizeof(WOLFSSL_EchConfig)); /* set random config id */ if (ret == 0) - ret = wc_RNG_GenerateByte(rng, &ctx->echConfigs->configId); + ret = wc_RNG_GenerateByte(rng, &newConfig->configId); /* if 0 is selected for algorithms use default, may change with draft */ if (kemId == 0) @@ -470,19 +409,20 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, if (ret == 0) { /* set the kem id */ - ctx->echConfigs->kemId = kemId; + newConfig->kemId = kemId; /* set the cipher suite, only 1 for now */ - ctx->echConfigs->numCipherSuites = 1; - ctx->echConfigs->cipherSuites = (EchCipherSuite*)XMALLOC( - sizeof(EchCipherSuite), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + newConfig->numCipherSuites = 1; + newConfig->cipherSuites = + (EchCipherSuite*)XMALLOC(sizeof(EchCipherSuite), ctx->heap, + DYNAMIC_TYPE_TMP_BUFFER); - if (ctx->echConfigs->cipherSuites == NULL) { + if (newConfig->cipherSuites == NULL) { ret = MEMORY_E; } else { - ctx->echConfigs->cipherSuites[0].kdfId = kdfId; - ctx->echConfigs->cipherSuites[0].aeadId = aeadId; + newConfig->cipherSuites[0].kdfId = kdfId; + newConfig->cipherSuites[0].aeadId = aeadId; } } @@ -499,38 +439,47 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, /* generate the receiver private key */ if (ret == 0) - ret = wc_HpkeGenerateKeyPair(hpke, &ctx->echConfigs->receiverPrivkey, - rng); + ret = wc_HpkeGenerateKeyPair(hpke, &newConfig->receiverPrivkey, rng); /* done with RNG */ wc_FreeRng(rng); /* serialize the receiver key */ if (ret == 0) - ret = wc_HpkeSerializePublicKey(hpke, ctx->echConfigs->receiverPrivkey, - ctx->echConfigs->receiverPubkey, &encLen); + ret = wc_HpkeSerializePublicKey(hpke, newConfig->receiverPrivkey, + newConfig->receiverPubkey, &encLen); if (ret == 0) { - ctx->echConfigs->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1, + newConfig->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ctx->echConfigs->publicName == NULL) { + if (newConfig->publicName == NULL) { ret = MEMORY_E; } else { - XMEMCPY(ctx->echConfigs->publicName, publicName, + XMEMCPY(newConfig->publicName, publicName, XSTRLEN(publicName) + 1); } } if (ret != 0) { - if (ctx->echConfigs) { - XFREE(ctx->echConfigs->cipherSuites, ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(ctx->echConfigs->publicName, ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(ctx->echConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - /* set to null to avoid double free in cleanup */ - ctx->echConfigs = NULL; + if (newConfig) { + XFREE(newConfig->cipherSuites, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(newConfig->publicName, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(newConfig, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + } + else { + parentConfig = ctx->echConfigs; + + if (parentConfig == NULL) { + ctx->echConfigs = newConfig; + } + else { + while (parentConfig->next != NULL) { + parentConfig = parentConfig->next; + } + + parentConfig->next = newConfig; } } @@ -545,6 +494,59 @@ int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, return ret; } +int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, const char* echConfigs64, + word32 echConfigs64Len) +{ + int ret = 0; + word32 decodedLen = echConfigs64Len * 3 / 4 + 1; + byte* decodedConfigs; + + if (ctx == NULL || echConfigs64 == NULL || echConfigs64Len == 0) + return BAD_FUNC_ARG; + + decodedConfigs = (byte*)XMALLOC(decodedLen, ctx->heap, + DYNAMIC_TYPE_TMP_BUFFER); + + if (decodedConfigs == NULL) + return MEMORY_E; + + decodedConfigs[decodedLen - 1] = 0; + + /* decode the echConfigs */ + ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len, + decodedConfigs, &decodedLen); + + if (ret != 0) { + XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + ret = wolfSSL_CTX_SetEchConfigs(ctx, decodedConfigs, decodedLen); + + XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, const byte* echConfigs, + word32 echConfigsLen) +{ + int ret; + + if (ctx == NULL || echConfigs == NULL || echConfigsLen == 0) + return BAD_FUNC_ARG; + + FreeEchConfigs(ctx->echConfigs, ctx->heap); + ctx->echConfigs = NULL; + ret = SetEchConfigsEx(&ctx->echConfigs, ctx->heap, echConfigs, + echConfigsLen); + + if (ret == 0) + return WOLFSSL_SUCCESS; + + return ret; +} + /* get the ech configs that the server context is using */ int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, word32* outputLen) { @@ -552,9 +554,8 @@ int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, return BAD_FUNC_ARG; /* if we don't have ech configs */ - if (ctx->echConfigs == NULL) { + if (ctx->echConfigs == NULL) return WOLFSSL_FATAL_ERROR; - } return GetEchConfigsEx(ctx->echConfigs, output, outputLen); } @@ -615,7 +616,202 @@ int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64, /* set the ech config from a raw buffer, this is the format ech configs are * sent using retry_configs from the ech server */ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, - word32 echConfigsLen) + word32 echConfigsLen) +{ + int ret; + + if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0) + return BAD_FUNC_ARG; + + /* already have ech configs */ + if (ssl->options.useEch == 1) { + return WOLFSSL_FATAL_ERROR; + } + + ret = SetEchConfigsEx(&ssl->echConfigs, ssl->heap, echConfigs, + echConfigsLen); + + /* if we found valid configs */ + if (ret == 0) { + ssl->options.useEch = 1; + return WOLFSSL_SUCCESS; + } + + return ret; +} + +/* get the raw ech config from our struct */ +int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) +{ + int i; + word16 totalLen = 0; + + if (config == NULL || (output == NULL && outputLen == NULL)) + return BAD_FUNC_ARG; + + /* 2 for version */ + totalLen += 2; + /* 2 for length */ + totalLen += 2; + /* 1 for configId */ + totalLen += 1; + /* 2 for kemId */ + totalLen += 2; + /* 2 for hpke_len */ + totalLen += 2; + + /* hpke_pub_key */ + switch (config->kemId) { + case DHKEM_P256_HKDF_SHA256: + totalLen += DHKEM_P256_ENC_LEN; + break; + case DHKEM_P384_HKDF_SHA384: + totalLen += DHKEM_P384_ENC_LEN; + break; + case DHKEM_P521_HKDF_SHA512: + totalLen += DHKEM_P521_ENC_LEN; + break; + case DHKEM_X25519_HKDF_SHA256: + totalLen += DHKEM_X25519_ENC_LEN; + break; + case DHKEM_X448_HKDF_SHA512: + totalLen += DHKEM_X448_ENC_LEN; + break; + } + + /* cipherSuitesLen */ + totalLen += 2; + /* cipherSuites */ + totalLen += config->numCipherSuites * 4; + /* public name len */ + totalLen += 2; + + /* public name */ + totalLen += XSTRLEN(config->publicName); + /* trailing zeros */ + totalLen += 2; + + if (output == NULL) { + *outputLen = totalLen; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + if (totalLen > *outputLen) { + *outputLen = totalLen; + return INPUT_SIZE_E; + } + + /* version */ + c16toa(TLSX_ECH, output); + output += 2; + + /* length - 4 for version and length itself */ + c16toa(totalLen - 4, output); + output += 2; + + /* configId */ + *output = config->configId; + output++; + /* kemId */ + c16toa(config->kemId, output); + output += 2; + + /* length and key itself */ + switch (config->kemId) { + case DHKEM_P256_HKDF_SHA256: + c16toa(DHKEM_P256_ENC_LEN, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN); + output += DHKEM_P256_ENC_LEN; + break; + case DHKEM_P384_HKDF_SHA384: + c16toa(DHKEM_P384_ENC_LEN, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN); + output += DHKEM_P384_ENC_LEN; + break; + case DHKEM_P521_HKDF_SHA512: + c16toa(DHKEM_P521_ENC_LEN, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN); + output += DHKEM_P521_ENC_LEN; + break; + case DHKEM_X25519_HKDF_SHA256: + c16toa(DHKEM_X25519_ENC_LEN, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN); + output += DHKEM_X25519_ENC_LEN; + break; + case DHKEM_X448_HKDF_SHA512: + c16toa(DHKEM_X448_ENC_LEN, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN); + output += DHKEM_X448_ENC_LEN; + break; + } + + /* cipherSuites len */ + c16toa(config->numCipherSuites * 4, output); + output += 2; + + /* cipherSuites */ + for (i = 0; i < config->numCipherSuites; i++) { + c16toa(config->cipherSuites[i].kdfId, output); + output += 2; + c16toa(config->cipherSuites[i].aeadId, output); + output += 2; + } + + /* set maximum name length to 0 */ + *output = 0; + output++; + + /* publicName len */ + *output = XSTRLEN(config->publicName); + output++; + + /* publicName */ + XMEMCPY(output, config->publicName, + XSTRLEN(config->publicName)); + output += XSTRLEN(config->publicName); + + /* terminating zeros */ + c16toa(0, output); + /* output += 2; */ + + *outputLen = totalLen; + + return 0; +} + +/* wrapper function to get ech configs from application code */ +int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen) +{ + if (ssl == NULL || outputLen == NULL) + return BAD_FUNC_ARG; + + /* if we don't have ech configs */ + if (ssl->options.useEch != 1) { + return WOLFSSL_FATAL_ERROR; + } + + return GetEchConfigsEx(ssl->echConfigs, output, outputLen); +} + +void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable) +{ + if (ssl != NULL) { + ssl->options.disableECH = !enable; + if (ssl->options.disableECH) { + TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); + FreeEchConfigs(ssl->echConfigs, ssl->heap); + ssl->echConfigs = NULL; + } + } +} + +int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap, + const byte* echConfigs, word32 echConfigsLen) { int ret = 0; int i; @@ -631,14 +827,9 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, WOLFSSL_EchConfig* lastConfig = NULL; byte* echConfig = NULL; - if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0) + if (outputConfigs == NULL || echConfigs == NULL || echConfigsLen == 0) return BAD_FUNC_ARG; - /* already have ech configs */ - if (ssl->options.useEch == 1) { - return WOLFSSL_FATAL_ERROR; - } - /* check that the total length is well formed */ ato16(echConfigs, &totalLength); @@ -673,8 +864,8 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, if (workingConfig == NULL) { workingConfig = - (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap, + DYNAMIC_TYPE_TMP_BUFFER); configList = workingConfig; if (workingConfig != NULL) { workingConfig->next = NULL; @@ -684,7 +875,7 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, lastConfig = workingConfig; workingConfig->next = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + heap, DYNAMIC_TYPE_TMP_BUFFER); workingConfig = workingConfig->next; } @@ -700,7 +891,7 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, /* raw body */ workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + heap, DYNAMIC_TYPE_TMP_BUFFER); if (workingConfig->raw == NULL) { ret = MEMORY_E; break; @@ -727,7 +918,7 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, ato16(echConfig, &cipherSuitesLen); workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + heap, DYNAMIC_TYPE_TMP_BUFFER); if (workingConfig->cipherSuites == NULL) { ret = MEMORY_E; break; @@ -742,16 +933,17 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, &workingConfig->cipherSuites[j].aeadId); } echConfig += cipherSuitesLen; + /* ignore the maximum name length */ + echConfig++; /* publicNameLen */ - ato16(echConfig, &publicNameLen); + publicNameLen = *(echConfig); workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1, - ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + heap, DYNAMIC_TYPE_TMP_BUFFER); if (workingConfig->publicName == NULL) { ret = MEMORY_E; break; } - - echConfig += 2; + echConfig++; /* publicName */ XMEMCPY(workingConfig->publicName, echConfig, publicNameLen); /* null terminated */ @@ -770,206 +962,39 @@ int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, if (j >= HPKE_SUPPORTED_KEM_LEN || EchConfigGetSupportedCipherSuite(workingConfig) < 0) { - XFREE(workingConfig->cipherSuites, ssl->heap, + XFREE(workingConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(workingConfig->publicName, ssl->heap, + XFREE(workingConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(workingConfig->raw, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); workingConfig = lastConfig; } } while ((word32)i < echConfigsLen); - /* if we found valid configs */ - if (ret == 0 && configList != NULL) { - ssl->options.useEch = 1; - ssl->echConfigs = configList; - - return WOLFSSL_SUCCESS; - } - - workingConfig = configList; - - while (workingConfig != NULL) { - lastConfig = workingConfig; - workingConfig = workingConfig->next; - - XFREE(lastConfig->cipherSuites, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(lastConfig->publicName, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(lastConfig->raw, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - - XFREE(lastConfig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - - if (ret == 0) - return WOLFSSL_FATAL_ERROR; - - return ret; -} - -/* get the raw ech config from our struct */ -int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) -{ - int i; - word16 totalLen = 0; - - if (config == NULL || (output == NULL && outputLen == NULL)) - return BAD_FUNC_ARG; - - /* 2 for version */ - totalLen += 2; - /* 2 for length */ - totalLen += 2; - /* 1 for configId */ - totalLen += 1; - /* 2 for kemId */ - totalLen += 2; - /* 2 for hpke_len */ - totalLen += 2; - - /* hpke_pub_key */ - switch (config->kemId) { - case DHKEM_P256_HKDF_SHA256: - totalLen += DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - totalLen += DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - totalLen += DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - totalLen += DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - totalLen += DHKEM_X448_ENC_LEN; - break; - } - - /* cipherSuitesLen */ - totalLen += 2; - /* cipherSuites */ - totalLen += config->numCipherSuites * 4; - /* public name len */ - totalLen += 2; - - /* public name */ - totalLen += XSTRLEN(config->publicName); - /* trailing zeros */ - totalLen += 2; - - if (output == NULL) { - *outputLen = totalLen; - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - - if (totalLen > *outputLen) { - *outputLen = totalLen; - return INPUT_SIZE_E; - } - - /* version */ - c16toa(TLSX_ECH, output); - output += 2; - - /* length - 4 for version and length itself */ - c16toa(totalLen - 4, output); - output += 2; - - /* configId */ - *output = config->configId; - output++; - /* kemId */ - c16toa(config->kemId, output); - output += 2; - - /* length and key itself */ - switch (config->kemId) { - case DHKEM_P256_HKDF_SHA256: - c16toa(DHKEM_P256_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN); - output += DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - c16toa(DHKEM_P384_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN); - output += DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - c16toa(DHKEM_P521_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN); - output += DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - c16toa(DHKEM_X25519_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN); - output += DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - c16toa(DHKEM_X448_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN); - output += DHKEM_X448_ENC_LEN; - break; - } - - /* cipherSuites len */ - c16toa(config->numCipherSuites * 4, output); - output += 2; - - /* cipherSuites */ - for (i = 0; i < config->numCipherSuites; i++) { - c16toa(config->cipherSuites[i].kdfId, output); - output += 2; - c16toa(config->cipherSuites[i].aeadId, output); - output += 2; - } - - /* publicName len */ - c16toa(XSTRLEN(config->publicName), output); - output += 2; - - /* publicName */ - XMEMCPY(output, config->publicName, - XSTRLEN(config->publicName)); - output += XSTRLEN(config->publicName); + /* if we found valid configs */ + if (ret == 0 && configList != NULL) { + *outputConfigs = configList; - /* terminating zeros */ - c16toa(0, output); - /* output += 2; */ + return ret; + } - *outputLen = totalLen; + workingConfig = configList; - return 0; -} + while (workingConfig != NULL) { + lastConfig = workingConfig; + workingConfig = workingConfig->next; -/* wrapper function to get ech configs from application code */ -int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen) -{ - if (ssl == NULL || outputLen == NULL) - return BAD_FUNC_ARG; + XFREE(lastConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lastConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lastConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); - /* if we don't have ech configs */ - if (ssl->options.useEch != 1) { - return WOLFSSL_FATAL_ERROR; + XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER); } - return GetEchConfigsEx(ssl->echConfigs, output, outputLen); -} + if (ret == 0) + return WOLFSSL_FATAL_ERROR; -void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable) -{ - if (ssl != NULL) { - ssl->options.disableECH = !enable; - if (ssl->options.disableECH) { - TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); - FreeEchConfigs(ssl->echConfigs, ssl->heap); - ssl->echConfigs = NULL; - } - } + return ret; } /* get the raw ech configs from our linked list of ech config structs */ @@ -981,7 +1006,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) word32 totalLen = 2; word32 workingOutputLen; - if (configs == NULL || outputLen == NULL) + if (configs == NULL || outputLen == NULL || *outputLen < totalLen) return BAD_FUNC_ARG; workingOutputLen = *outputLen - totalLen; @@ -1194,16 +1219,6 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_CTX_free"); if (ctx) { -#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ -&& !defined(NO_SHA256) && !defined(WC_NO_RNG) - if (ctx->srp != NULL) { - XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp_password = NULL; - wc_SrpTerm(ctx->srp); - XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp = NULL; - } -#endif FreeSSL_Ctx(ctx); } @@ -1689,7 +1704,7 @@ int wolfSSL_get_ciphers(char* buf, int len) for (i = 0; i < ciphersSz; i++) { int cipherNameSz = (int)XSTRLEN(ciphers[i].name); if (cipherNameSz + 1 < len) { - XSTRNCPY(buf, ciphers[i].name, len); + XSTRNCPY(buf, ciphers[i].name, (size_t)len); buf += cipherNameSz; if (i < ciphersSz - 1) @@ -1726,7 +1741,7 @@ int wolfSSL_get_ciphers_iana(char* buf, int len) #endif cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana); if (cipherNameSz + 1 < len) { - XSTRNCPY(buf, ciphers[i].name_iana, len); + XSTRNCPY(buf, ciphers[i].name_iana, (size_t)len); buf += cipherNameSz; if (i < ciphersSz - 1) @@ -1752,7 +1767,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) cipher = wolfSSL_get_cipher_name_iana(ssl); len = (int)min((word32)len, (word32)(XSTRLEN(cipher) + 1)); - XMEMCPY(buf, cipher, len); + XMEMCPY(buf, cipher, (size_t)len); return buf; } @@ -2124,14 +2139,17 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) return WOLFSSL_SUCCESS; } -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) -int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) { - if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0) +#ifdef OPENSSL_EXTRA +/* Maps to compatibility API SSL_set_mtu and is same as wolfSSL_dtls_set_mtu, + * but expects only success or failure returns. */ +int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) +{ + if (wolfSSL_dtls_set_mtu(ssl, mtu) == WOLFSSL_SUCCESS) return WOLFSSL_SUCCESS; else return WOLFSSL_FAILURE; } -#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA */ #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */ @@ -2218,6 +2236,15 @@ static int DtlsSrtpSelProfiles(word16* id, const char* profile_str) return WOLFSSL_SUCCESS; } +/** + * @brief Set the SRTP protection profiles for DTLS. + * + * @param ctx Pointer to the WOLFSSL_CTX structure representing the SSL/TLS + * context. + * @param profile_str A colon-separated string of SRTP profile names. + * @return 0 on success to match OpenSSL + * @return 1 on error to match OpenSSL + */ int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -2233,6 +2260,16 @@ int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str) return ret; } + +/** + * @brief Set the SRTP protection profiles for DTLS. + * + * @param ssl Pointer to the WOLFSSL structure representing the SSL/TLS + * session. + * @param profile_str A colon-separated string of SRTP profile names. + * @return 0 on success to match OpenSSL + * @return 1 on error to match OpenSSL + */ int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -2294,7 +2331,7 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl, return BUFFER_E; } - return wolfSSL_export_keying_material(ssl, out, profile->kdfBits, + return wolfSSL_export_keying_material(ssl, out, (size_t)profile->kdfBits, DTLS_SRTP_KEYING_MATERIAL_LABEL, XSTR_SIZEOF(DTLS_SRTP_KEYING_MATERIAL_LABEL), NULL, 0, 0); } @@ -2845,23 +2882,32 @@ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz) #ifdef HAVE_ECC int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) { + short keySzBytes; + WOLFSSL_ENTER("wolfSSL_CTX_SetMinEccKey_Sz"); - if (ctx == NULL || keySz < 0 || keySz % 8 != 0) { - WOLFSSL_MSG("Key size must be divisible by 8 or ctx was null"); + if (ctx == NULL || keySz < 0) { + WOLFSSL_MSG("Key size must be positive value or ctx was null"); return BAD_FUNC_ARG; } + if (keySz % 8 == 0) { + keySzBytes = keySz / 8; + } + else { + keySzBytes = (keySz / 8) + 1; + } + #if defined(WOLFSSL_SYS_CRYPTO_POLICY) if (crypto_policy.enabled) { - if (ctx->minEccKeySz > (keySz / 8)) { + if (ctx->minEccKeySz > (keySzBytes)) { return CRYPTO_POLICY_FORBIDDEN; } } #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ - ctx->minEccKeySz = keySz / 8; + ctx->minEccKeySz = keySzBytes; #ifndef NO_CERTS - ctx->cm->minEccKeySz = keySz / 8; + ctx->cm->minEccKeySz = keySzBytes; #endif return WOLFSSL_SUCCESS; } @@ -2869,21 +2915,30 @@ int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz) int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz) { + short keySzBytes; + WOLFSSL_ENTER("wolfSSL_SetMinEccKey_Sz"); - if (ssl == NULL || keySz < 0 || keySz % 8 != 0) { - WOLFSSL_MSG("Key size must be divisible by 8 or ssl was null"); + if (ssl == NULL || keySz < 0) { + WOLFSSL_MSG("Key size must be positive value or ctx was null"); return BAD_FUNC_ARG; } + if (keySz % 8 == 0) { + keySzBytes = keySz / 8; + } + else { + keySzBytes = (keySz / 8) + 1; + } + #if defined(WOLFSSL_SYS_CRYPTO_POLICY) if (crypto_policy.enabled) { - if (ssl->options.minEccKeySz > (keySz / 8)) { + if (ssl->options.minEccKeySz > (keySzBytes)) { return CRYPTO_POLICY_FORBIDDEN; } } #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ - ssl->options.minEccKeySz = keySz / 8; + ssl->options.minEccKeySz = keySzBytes; return WOLFSSL_SUCCESS; } @@ -3036,14 +3091,13 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl) #endif /* !NO_DH */ -WOLFSSL_ABI -int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) +static int wolfSSL_write_internal(WOLFSSL* ssl, const void* data, size_t sz) { int ret; WOLFSSL_ENTER("wolfSSL_write"); - if (ssl == NULL || data == NULL || sz < 0) + if (ssl == NULL || data == NULL) return BAD_FUNC_ARG; #ifdef WOLFSSL_QUIC @@ -3103,6 +3157,17 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) return ret; } +WOLFSSL_ABI +int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) +{ + WOLFSSL_ENTER("wolfSSL_write"); + + if (sz < 0) + return BAD_FUNC_ARG; + + return wolfSSL_write_internal(ssl, data, (size_t)sz); +} + int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) { int maxLength; @@ -3139,13 +3204,50 @@ int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_SUCCESS; } -static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) + +int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz, size_t* wr) +{ + int ret; + + if (wr != NULL) { + *wr = 0; + } + + ret = wolfSSL_write_internal(ssl, data, sz); + if (ret >= 0) { + if (wr != NULL) { + *wr = (size_t)ret; + } + + /* handle partial write cases, if not set then a partial write is + * considered a failure case, or if set and ret is 0 then is a fail */ + if (ret == 0 && ssl->options.partialWrite) { + ret = 0; + } + else if ((size_t)ret < sz && !ssl->options.partialWrite) { + ret = 0; + } + else { + /* wrote out all application data, or wrote out 1 byte or more with + * partial write flag set */ + ret = 1; + } + } + else { + ret = 0; + } + + return ret; +} + + +static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, size_t sz, int peek) { int ret; WOLFSSL_ENTER("wolfSSL_read_internal"); - if (ssl == NULL || data == NULL || sz < 0) + if (ssl == NULL || data == NULL) return BAD_FUNC_ARG; #ifdef WOLFSSL_QUIC @@ -3223,7 +3325,10 @@ int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz) { WOLFSSL_ENTER("wolfSSL_peek"); - return wolfSSL_read_internal(ssl, data, sz, TRUE); + if (sz < 0) + return BAD_FUNC_ARG; + + return wolfSSL_read_internal(ssl, data, (size_t)sz, TRUE); } @@ -3232,6 +3337,9 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) { WOLFSSL_ENTER("wolfSSL_read"); + if (sz < 0) + return BAD_FUNC_ARG; + #ifdef OPENSSL_EXTRA if (ssl == NULL) { return BAD_FUNC_ARG; @@ -3241,10 +3349,34 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) ssl->cbmode = WOLFSSL_CB_READ; } #endif - return wolfSSL_read_internal(ssl, data, sz, FALSE); + return wolfSSL_read_internal(ssl, data, (size_t)sz, FALSE); } +/* returns 0 on failure and on no read */ +int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd) +{ + int ret; + + #ifdef OPENSSL_EXTRA + if (ssl == NULL) { + return BAD_FUNC_ARG; + } + if (ssl->CBIS != NULL) { + ssl->CBIS(ssl, WOLFSSL_CB_READ, WOLFSSL_SUCCESS); + ssl->cbmode = WOLFSSL_CB_READ; + } + #endif + ret = wolfSSL_read_internal(ssl, data, sz, FALSE); + + if (ret > 0 && rd != NULL) { + *rd = (size_t)ret; + } + + if (ret <= 0) ret = 0; + return ret; +} + #ifdef WOLFSSL_MULTICAST int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz) @@ -3253,10 +3385,10 @@ int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz) WOLFSSL_ENTER("wolfSSL_mcast_read"); - if (ssl == NULL) + if ((ssl == NULL) || (sz < 0)) return BAD_FUNC_ARG; - ret = wolfSSL_read_internal(ssl, data, sz, FALSE); + ret = wolfSSL_read_internal(ssl, data, (size_t)sz, FALSE); if (ssl->options.dtls && ssl->options.haveMcast && id != NULL) *id = ssl->keys.curPeerId; return ret; @@ -3562,27 +3694,36 @@ static int isValidCurveGroup(word16 name) case WOLFSSL_FFDHE_6144: case WOLFSSL_FFDHE_8192: -#ifdef WOLFSSL_HAVE_KYBER +#ifdef WOLFSSL_HAVE_MLKEM #ifndef WOLFSSL_NO_ML_KEM case WOLFSSL_ML_KEM_512: case WOLFSSL_ML_KEM_768: case WOLFSSL_ML_KEM_1024: - #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS) + #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS) case WOLFSSL_P256_ML_KEM_512: case WOLFSSL_P384_ML_KEM_768: case WOLFSSL_P521_ML_KEM_1024: + case WOLFSSL_P384_ML_KEM_1024: + case WOLFSSL_X25519_ML_KEM_512: + case WOLFSSL_X448_ML_KEM_768: + case WOLFSSL_X25519_ML_KEM_768: + case WOLFSSL_P256_ML_KEM_768: #endif #endif /* !WOLFSSL_NO_ML_KEM */ -#ifdef WOLFSSL_KYBER_ORIGINAL +#ifdef WOLFSSL_MLKEM_KYBER case WOLFSSL_KYBER_LEVEL1: case WOLFSSL_KYBER_LEVEL3: case WOLFSSL_KYBER_LEVEL5: - #if defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS) + #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS) case WOLFSSL_P256_KYBER_LEVEL1: case WOLFSSL_P384_KYBER_LEVEL3: case WOLFSSL_P521_KYBER_LEVEL5: + case WOLFSSL_X25519_KYBER_LEVEL1: + case WOLFSSL_X448_KYBER_LEVEL3: + case WOLFSSL_X25519_KYBER_LEVEL3: + case WOLFSSL_P256_KYBER_LEVEL3: #endif -#endif /* WOLFSSL_KYBER_ORIGINAL */ +#endif /* WOLFSSL_MLKEM_KYBER */ #endif return 1; @@ -3808,7 +3949,7 @@ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz) *list = NULL; return WOLFSSL_FAILURE; } - XMEMCPY(p, s + i, len); + XMEMCPY(p, s + i, (size_t)len); } *p = 0; @@ -5805,6 +5946,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: if (cm->minDilithiumKeySz < 0 || DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) { @@ -5826,6 +5968,28 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) WOLFSSL_MSG("\tCA Dilithium level 5 key size error"); } break; + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + case ML_DSA_LEVEL2k: + if (cm->minDilithiumKeySz < 0 || + ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 2 key size error"); + } + break; + case ML_DSA_LEVEL3k: + if (cm->minDilithiumKeySz < 0 || + ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 3 key size error"); + } + break; + case ML_DSA_LEVEL5k: + if (cm->minDilithiumKeySz < 0 || + ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 5 key size error"); + } + break; #endif /* HAVE_DILITHIUM */ default: @@ -6844,9 +7008,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, } #endif #if defined(HAVE_DILITHIUM) - if ((keyOID == DILITHIUM_LEVEL2k) || - (keyOID == DILITHIUM_LEVEL3k) || - (keyOID == DILITHIUM_LEVEL5k)) { + if ((keyOID == ML_DSA_LEVEL2k) || + (keyOID == ML_DSA_LEVEL3k) || + (keyOID == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (keyOID == DILITHIUM_LEVEL2k) + || (keyOID == DILITHIUM_LEVEL3k) + || (keyOID == DILITHIUM_LEVEL5k) + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + ) { type = DYNAMIC_TYPE_DILITHIUM; } #endif @@ -6876,9 +7046,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, } #endif #if defined(HAVE_DILITHIUM) - if ((keyOID == DILITHIUM_LEVEL2k) || - (keyOID == DILITHIUM_LEVEL3k) || - (keyOID == DILITHIUM_LEVEL5k)) { + if ((keyOID == ML_DSA_LEVEL2k) || + (keyOID == ML_DSA_LEVEL3k) || + (keyOID == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (keyOID == DILITHIUM_LEVEL2k) + || (keyOID == DILITHIUM_LEVEL3k) + || (keyOID == DILITHIUM_LEVEL5k) + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + ) { ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, WC_PQC_SIG_TYPE_DILITHIUM, pubKey, pubSz); @@ -6915,9 +7091,15 @@ static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, } #endif #if defined(HAVE_DILITHIUM) - if ((keyOID == DILITHIUM_LEVEL2k) || - (keyOID == DILITHIUM_LEVEL3k) || - (keyOID == DILITHIUM_LEVEL5k)) { + if ((keyOID == ML_DSA_LEVEL2k) || + (keyOID == ML_DSA_LEVEL3k) || + (keyOID == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (keyOID == DILITHIUM_LEVEL2k) + || (keyOID == DILITHIUM_LEVEL3k) + || (keyOID == DILITHIUM_LEVEL5k) + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + ) { wc_dilithium_free((dilithium_key*)pkey); } #endif @@ -7129,6 +7311,11 @@ int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) #endif #endif + /* placing error into error queue for Python port */ + if (res != WOLFSSL_SUCCESS) { + WOLFSSL_ERROR(WC_KEY_MISMATCH_E); + } + return res; } #endif /* !NO_CHECK_PRIVATE_KEY */ @@ -7252,7 +7439,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { @@ -7424,7 +7611,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { @@ -7508,14 +7695,14 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { ret = 0; } if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, memSz); + XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz); pkey->type = WC_EVP_PKEY_DH; pkey->ownDh = 1; @@ -7593,14 +7780,14 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, ret = 1; pkey->type = WC_EVP_PKEY_DH; pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL) { ret = 0; } if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, memSz); + XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz); pkey->ownDh = 1; pkey->dh = wolfSSL_DH_new(); if (pkey->dh == NULL) { @@ -7742,31 +7929,31 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, /* Test if Dilithium key. Try all levels. */ if (priv) { - isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) && + isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) && (wc_dilithium_import_private(mem, (word32)memSz, dilithium) == 0)); if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) && + isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) && (wc_dilithium_import_private(mem, (word32)memSz, dilithium) == 0)); } if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) && + isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) && (wc_dilithium_import_private(mem, (word32)memSz, dilithium) == 0)); } } else { - isDilithium = ((wc_dilithium_set_level(dilithium, 2) == 0) && + isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) && (wc_dilithium_import_public(mem, (word32)memSz, dilithium) == 0)); if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, 3) == 0) && + isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) && (wc_dilithium_import_public(mem, (word32)memSz, dilithium) == 0)); } if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, 5) == 0) && + isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) && (wc_dilithium_import_public(mem, (word32)memSz, dilithium) == 0)); } @@ -7921,16 +8108,16 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( pkcs8Der->length, &algId); if (ret >= 0) { if (advanceLen == 0) /* Set only if not PEM */ - advanceLen = inOutIdx + ret; + advanceLen = (int)inOutIdx + ret; if (algId == DHk) { /* Special case for DH as we expect the DER buffer to be always * be in PKCS8 format */ rawDer.buffer = pkcs8Der->buffer; - rawDer.length = inOutIdx + ret; + rawDer.length = inOutIdx + (word32)ret; } else { rawDer.buffer = pkcs8Der->buffer + inOutIdx; - rawDer.length = ret; + rawDer.length = (word32)ret; } ret = 0; /* good DER */ } @@ -7988,11 +8175,11 @@ int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) return WOLFSSL_FATAL_ERROR; len = (int)keySz; - if (pp == NULL) + if ((pp == NULL) || (len == 0)) return len; if (*pp == NULL) { - out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (out == NULL) return WOLFSSL_FATAL_ERROR; } @@ -8082,7 +8269,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, return NULL; } - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { return NULL; } @@ -8141,15 +8329,16 @@ static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, if (*der) { /* since this function signature has no size value passed in it is * assumed that the user has allocated a large enough buffer */ - XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); *der += sz; } else { - *der = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); + *der = (unsigned char*)XMALLOC((size_t)sz, NULL, + DYNAMIC_TYPE_OPENSSL); if (*der == NULL) { return WOLFSSL_FATAL_ERROR; } - XMEMCPY(*der, pt + pkcs8HeaderSz, sz); + XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); } } return sz; @@ -8221,14 +8410,15 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, local->type = type; local->pkey_sz = (int)inSz; local->pkcs8HeaderSz = pkcs8HeaderSz; - local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + local->pkey.ptr = (char*)XMALLOC((size_t)inSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); if (local->pkey.ptr == NULL) { wolfSSL_EVP_PKEY_free(local); local = NULL; return NULL; } else { - XMEMCPY(local->pkey.ptr, *in, inSz); + XMEMCPY(local->pkey.ptr, *in, (size_t)inSz); } switch (type) { @@ -9164,8 +9354,14 @@ static int CheckcipherList(const char* list) next = XSTRSTR(next, ":"); - current_length = (!next) ? (word32)XSTRLEN(current) - : (word32)(next - current); + if (next) { + current_length = (word32)(next - current); + ++next; /* increment to skip ':' */ + } + else { + current_length = (word32)XSTRLEN(current); + } + if (current_length == 0) { break; } @@ -9222,8 +9418,7 @@ static int CheckcipherList(const char* list) /* list has mixed suites */ return 0; } - } - while (next++); /* increment to skip ':' */ + } while (next); if (findTLSv13Suites == 0 && findbeforeSuites == 1) { ret = 1;/* only before TLSv13 suites */ @@ -11271,7 +11466,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif byte* myBuffer = staticBuffer; int dynamic = 0; - int sending = 0; + word32 sending = 0; int idx = 0; int i; int ret; @@ -11279,11 +11474,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_writev"); for (i = 0; i < iovcnt; i++) - sending += (int)iov[i].iov_len; + sending += iov[i].iov_len; - if (sending > (int)sizeof(staticBuffer)) { - myBuffer = (byte*)XMALLOC((size_t)sending, ssl->heap, - DYNAMIC_TYPE_WRITEV); + if (sending > sizeof(staticBuffer)) { + myBuffer = (byte*)XMALLOC(sending, ssl->heap, + DYNAMIC_TYPE_WRITEV); if (!myBuffer) return MEMORY_ERROR; @@ -11300,7 +11495,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) */ PRAGMA_GCC_DIAG_PUSH PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") - ret = wolfSSL_write(ssl, myBuffer, sending); + ret = wolfSSL_write_internal(ssl, myBuffer, sending); PRAGMA_GCC_DIAG_POP if (dynamic) @@ -12094,13 +12289,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) *sigAlgo = FALCON_LEVEL5k; break; case dilithium_level2_sa_algo: - *sigAlgo = DILITHIUM_LEVEL2k; + *sigAlgo = ML_DSA_LEVEL2k; break; case dilithium_level3_sa_algo: - *sigAlgo = DILITHIUM_LEVEL3k; + *sigAlgo = ML_DSA_LEVEL3k; break; case dilithium_level5_sa_algo: - *sigAlgo = DILITHIUM_LEVEL5k; + *sigAlgo = ML_DSA_LEVEL5k; break; case sm2_sa_algo: *sigAlgo = SM2k; @@ -12316,6 +12511,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) err = WOLFSSL_SUCCESS; cleanup: wolfSSL_X509_free(cert); + cert = NULL; wolfSSL_BIO_free(bio); if (err != WOLFSSL_SUCCESS) { /* We failed so return NULL */ @@ -12596,6 +12792,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ /* return true if connection established */ + /* this works for TLS and DTLS */ int wolfSSL_is_init_finished(const WOLFSSL* ssl) { if (ssl == NULL) @@ -12713,63 +12910,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_WPAS_SMALL)) -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - /** - * Implemented in a similar way that ngx_ssl_ocsp_validate does it when - * SSL_get0_verified_chain is not available. - * @param ssl WOLFSSL object to extract certs from - * @return Stack of verified certs - */ - WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) - { - WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL; - WOLFSSL_X509_STORE_CTX* storeCtx = NULL; - WOLFSSL_X509* peerCert = NULL; - - WOLFSSL_ENTER("wolfSSL_get0_verified_chain"); - - if (ssl == NULL || ssl->ctx == NULL) { - WOLFSSL_MSG("Bad parameter"); - return NULL; - } - - peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl); - if (peerCert == NULL) { - WOLFSSL_MSG("wolfSSL_get_peer_certificate error"); - return NULL; - } - /* wolfSSL_get_peer_certificate returns a copy. We want the internal - * member so that we don't have to worry about free'ing it. We call - * wolfSSL_get_peer_certificate so that we don't have to worry about - * setting up the internal pointer. */ - wolfSSL_X509_free(peerCert); - peerCert = (WOLFSSL_X509*)&ssl->peerCert; - chain = wolfSSL_get_peer_cert_chain(ssl); - if (chain == NULL) { - WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error"); - return NULL; - } - storeCtx = wolfSSL_X509_STORE_CTX_new(); - if (storeCtx == NULL) { - WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error"); - return NULL; - } - if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl), - peerCert, chain) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error"); - wolfSSL_X509_STORE_CTX_free(storeCtx); - return NULL; - } - if (wolfSSL_X509_verify_cert(storeCtx) <= 0) { - WOLFSSL_MSG("wolfSSL_X509_verify_cert error"); - wolfSSL_X509_STORE_CTX_free(storeCtx); - return NULL; - } - wolfSSL_X509_STORE_CTX_free(storeCtx); - return chain; - } -#endif /* SESSION_CERTS && OPENSSL_EXTRA */ - WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx) { if (ctx == NULL) { @@ -12937,7 +13077,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_ERR_get_error"); #ifdef WOLFSSL_HAVE_ERROR_QUEUE - return wc_GetErrorNodeErr(); + return (unsigned long)wc_GetErrorNodeErr(); #else return (unsigned long)(0 - NOT_COMPILED_IN); #endif @@ -13008,7 +13148,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) do { ret = wc_PeekErrorNode(0, &file, &reason, &line); if (ret >= 0) { - const char* r = wolfSSL_ERR_reason_error_string(0 - ret); + const char* r = wolfSSL_ERR_reason_error_string( + (unsigned long)(0 - ret)); if (XSNPRINTF(buf, sizeof(buf), "error:%d:wolfSSL library:%s:%s:%d\n", ret, r, file, line) @@ -14353,12 +14494,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) /* Try to populate if NULL or empty */ if (ssl->peerCertChain == NULL || - wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) + wolfSSL_sk_X509_num(ssl->peerCertChain) == 0) { wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl); + } return ssl->peerCertChain; } -#ifndef WOLFSSL_QT + static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, WOLFSSL_X509 *x); /** @@ -14366,84 +14508,66 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, * @param cm The cert manager that is queried for the issuer * @param x This cert's issuer will be queried in cm * @param sk The issuer is pushed onto this stack - * @return WOLFSSL_SUCCESS on success - * WOLFSSL_FAILURE on no issuer found + * @return 0 on success or no issuer found * WOLFSSL_FATAL_ERROR on a fatal error */ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm, WOLFSSL_X509 *x, WOLFSSL_STACK* sk) { - WOLFSSL_X509* issuer[MAX_CHAIN_DEPTH]; int i; - int push = 1; - int ret = WOLFSSL_SUCCESS; - for (i = 0; i < MAX_CHAIN_DEPTH; i++) { - if (x509GetIssuerFromCM(&issuer[i], cm, x) - != WOLFSSL_SUCCESS) + WOLFSSL_X509* issuer = NULL; + if (x509GetIssuerFromCM(&issuer, cm, x) != WOLFSSL_SUCCESS) break; - x = issuer[i]; - } - if (i == 0) /* No further chain found */ - return WOLFSSL_FAILURE; - i--; - for (; i >= 0; i--) { - if (push) { - if (wolfSSL_sk_X509_push(sk, issuer[i]) <= 0) { - wolfSSL_X509_free(issuer[i]); - ret = WOLFSSL_FATAL_ERROR; - push = 0; /* Free the rest of the unpushed certs */ - } - } - else { - wolfSSL_X509_free(issuer[i]); + if (wolfSSL_sk_X509_push(sk, issuer) <= 0) { + wolfSSL_X509_free(issuer); + issuer = NULL; + return WOLFSSL_FATAL_ERROR; } + x = issuer; } - return ret; + return 0; } -#endif /* !WOLFSSL_QT */ + /* Builds up and creates a stack of peer certificates for ssl->peerCertChain - based off of the ssl session chain. Attempts to place CA certificates - at the bottom of the stack. Returns stack of WOLFSSL_X509 certs or - NULL on failure */ -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) + or ssl->verifiedChain based off of the ssl session chain. Attempts to place + CA certificates at the bottom of the stack for a verified chain. Returns + stack of WOLFSSL_X509 certs or NULL on failure */ +static WOLF_STACK_OF(WOLFSSL_X509)* CreatePeerCertChain(const WOLFSSL* ssl, + int verifiedFlag) { WOLFSSL_STACK* sk; WOLFSSL_X509* x509; int i = 0; - int ret; + int err; WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain"); if ((ssl == NULL) || (ssl->session->chain.count == 0)) return NULL; sk = wolfSSL_sk_X509_new_null(); - i = ssl->session->chain.count-1; - for (; i >= 0; i--) { + for (i = 0; i < ssl->session->chain.count; i++) { x509 = wolfSSL_X509_new_ex(ssl->heap); if (x509 == NULL) { WOLFSSL_MSG("Error Creating X509"); wolfSSL_sk_X509_pop_free(sk, NULL); return NULL; } - ret = DecodeToX509(x509, ssl->session->chain.certs[i].buffer, + err = DecodeToX509(x509, ssl->session->chain.certs[i].buffer, ssl->session->chain.certs[i].length); -#if !defined(WOLFSSL_QT) - if (ret == 0 && i == ssl->session->chain.count-1) { - /* On the last element in the chain try to add the CA chain - * first if we have one for this cert */ + if (err == 0 && wolfSSL_sk_X509_push(sk, x509) <= 0) + err = WOLFSSL_FATAL_ERROR; + if (err == 0 && i == ssl->session->chain.count-1 && verifiedFlag) { + /* On the last element in the verified chain try to add the CA chain + * if we have one for this cert */ SSL_CM_WARNING(ssl); - if (PushCAx509Chain(SSL_CM(ssl), x509, sk) - == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { - ret = WOLFSSL_FATAL_ERROR; - } + err = PushCAx509Chain(SSL_CM(ssl), x509, sk); } -#endif - - if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) <= 0) { + if (err != 0) { WOLFSSL_MSG("Error decoding cert"); wolfSSL_X509_free(x509); + x509 = NULL; wolfSSL_sk_X509_pop_free(sk, NULL); return NULL; } @@ -14452,18 +14576,98 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) if (sk == NULL) { WOLFSSL_MSG("Null session chain"); } -#if defined(OPENSSL_ALL) - else if (ssl->options.side == WOLFSSL_SERVER_END) { - /* to be compliant with openssl - first element is kept as peer cert on server side.*/ - wolfSSL_sk_X509_pop(sk); + return sk; +} + + +/* Builds up and creates a stack of peer certificates for ssl->peerCertChain + returns the stack on success and NULL on failure */ +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) +{ + WOLFSSL_STACK* sk; + + WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain"); + if ((ssl == NULL) || (ssl->session->chain.count == 0)) + return NULL; + + sk = CreatePeerCertChain(ssl, 0); + + if (sk != NULL) { + if (ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl->session->peer) + wolfSSL_X509_free(ssl->session->peer); + + ssl->session->peer = wolfSSL_sk_X509_shift(sk); + ssl->session->peerVerifyRet = ssl->peerVerifyRet; + } + if (ssl->peerCertChain != NULL) + wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); + /* This is Free'd when ssl is Free'd */ + ssl->peerCertChain = sk; + } + return sk; +} + + +/** + * Implemented in a similar way that ngx_ssl_ocsp_validate does it when + * SSL_get0_verified_chain is not available. + * @param ssl WOLFSSL object to extract certs from + * @return Stack of verified certs + */ +WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) +{ + WOLF_STACK_OF(WOLFSSL_X509)* chain = NULL; + WOLFSSL_X509_STORE_CTX* storeCtx = NULL; + WOLFSSL_X509* peerCert = NULL; + + WOLFSSL_ENTER("wolfSSL_get0_verified_chain"); + + if (ssl == NULL || ssl->ctx == NULL) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + peerCert = wolfSSL_get_peer_certificate((WOLFSSL*)ssl); + if (peerCert == NULL) { + WOLFSSL_MSG("wolfSSL_get_peer_certificate error"); + return NULL; + } + /* wolfSSL_get_peer_certificate returns a copy. We want the internal + * member so that we don't have to worry about free'ing it. We call + * wolfSSL_get_peer_certificate so that we don't have to worry about + * setting up the internal pointer. */ + wolfSSL_X509_free(peerCert); + peerCert = (WOLFSSL_X509*)&ssl->peerCert; + chain = CreatePeerCertChain((WOLFSSL*)ssl, 1); + if (chain == NULL) { + WOLFSSL_MSG("wolfSSL_get_peer_cert_chain error"); + return NULL; + } + + if (ssl->verifiedChain != NULL) { + wolfSSL_sk_X509_pop_free(ssl->verifiedChain, NULL); + } + ((WOLFSSL*)ssl)->verifiedChain = chain; + + storeCtx = wolfSSL_X509_STORE_CTX_new(); + if (storeCtx == NULL) { + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_new error"); + return NULL; + } + if (wolfSSL_X509_STORE_CTX_init(storeCtx, SSL_STORE(ssl), + peerCert, chain) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init error"); + wolfSSL_X509_STORE_CTX_free(storeCtx); + return NULL; + } + if (wolfSSL_X509_verify_cert(storeCtx) <= 0) { + WOLFSSL_MSG("wolfSSL_X509_verify_cert error"); + wolfSSL_X509_STORE_CTX_free(storeCtx); + return NULL; } -#endif - if (ssl->peerCertChain != NULL) - wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); - /* This is Free'd when ssl is Free'd */ - ssl->peerCertChain = sk; - return sk; + wolfSSL_X509_STORE_CTX_free(storeCtx); + return chain; } #endif /* SESSION_CERTS && OPENSSL_EXTRA */ @@ -14541,7 +14745,14 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) { WOLFSSL_ENTER("wolfSSL_sk_push"); - return wolfSSL_sk_insert(sk, data, 0); + return wolfSSL_sk_insert(sk, data, -1); +} + +void* wolfSSL_sk_pop(WOLFSSL_STACK* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_pop"); + + return wolfSSL_sk_pop_node(sk, -1); } /* return number of elements on success 0 on fail */ @@ -14715,10 +14926,8 @@ int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx) { /* insert node into stack. not using sk since we return sk->num after */ WOLFSSL_STACK* prev_node = sk; - while (idx != 0 && prev_node->next != NULL) { + while (--idx != 0 && prev_node->next != NULL) prev_node = prev_node->next; - idx--; - } node->next = prev_node->next; prev_node->next = node; } @@ -14726,6 +14935,93 @@ int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx) return (int)sk->num; } +void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx) +{ + void* ret = NULL; + WOLFSSL_STACK* tmp = NULL; + + if (!sk) + return NULL; + if (sk->num == 0) + return NULL; + + sk->num--; + if (idx == 0 || sk->next == NULL) { + switch (sk->type) { + case STACK_TYPE_CIPHER: + /* Can't return cipher type */ + break; + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + ret = sk->data.generic; + sk->data.generic = NULL; + break; + } + if (sk->next) { + tmp = sk->next; + sk->next = tmp->next; + XMEMCPY(&sk->data, &tmp->data, sizeof(sk->data)); + wolfSSL_sk_free_node(tmp); + } + return ret; + } + + { + WOLFSSL_STACK* prev_node = sk; + tmp = sk->next; + while (--idx != 0 && tmp->next != NULL) { + prev_node = tmp; + tmp = tmp->next; + } + prev_node->next = tmp->next; + switch (sk->type) { + case STACK_TYPE_CIPHER: + /* Can't return cipher type */ + break; + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + ret = tmp->data.generic; + break; + } + wolfSSL_sk_free_node(tmp); + } + return ret; +} + #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA @@ -14857,9 +15153,9 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) } #ifndef WOLFSSL_X509_STORE_CERTS ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->buffers.certificate->buffer, - ssl->buffers.certificate->length, - ssl->heap); + ssl->buffers.certificate->buffer, + (int)ssl->buffers.certificate->length, + ssl->heap); #endif } return ssl->ourCert; @@ -14873,9 +15169,9 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) } #ifndef WOLFSSL_X509_STORE_CERTS ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->ctx->certificate->buffer, - ssl->ctx->certificate->length, - ssl->heap); + ssl->ctx->certificate->buffer, + (int)ssl->ctx->certificate->length, + ssl->heap); #endif ssl->ctx->ownOurCert = 1; } @@ -14897,7 +15193,8 @@ WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) #ifndef WOLFSSL_X509_STORE_CERTS ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, ctx->certificate->buffer, - ctx->certificate->length, ctx->heap); + (int)ctx->certificate->length, + ctx->heap); #endif ctx->ownOurCert = 1; } @@ -15172,7 +15469,7 @@ WOLFSSL_STACK* wolfSSL_sk_new_cipher(void) return sk; } -/* return 1 on success 0 on fail */ +/* returns the number of elements in stack on success, 0 on fail */ int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, WOLFSSL_CIPHER* cipher) { @@ -15276,72 +15573,103 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) if (ssl == NULL) return NULL; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_KYBER) +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) /* Check for post-quantum groups. Return now because we do not want the ECC * check to override this result in the case of a hybrid. */ if (IsAtLeastTLSv1_3(ssl->version)) { switch (ssl->namedGroup) { #ifndef WOLFSSL_NO_ML_KEM -#ifdef HAVE_LIBOQS - case WOLFSSL_ML_KEM_512: - return "ML_KEM_512"; - case WOLFSSL_ML_KEM_768: - return "ML_KEM_768"; - case WOLFSSL_ML_KEM_1024: - return "ML_KEM_1024"; - case WOLFSSL_P256_ML_KEM_512: - return "P256_ML_KEM_512"; - case WOLFSSL_P384_ML_KEM_768: - return "P384_ML_KEM_768"; - case WOLFSSL_P521_ML_KEM_1024: - return "P521_ML_KEM_1024"; -#elif defined(WOLFSSL_WC_KYBER) +#if defined(WOLFSSL_WC_MLKEM) #ifndef WOLFSSL_NO_ML_KEM_512 case WOLFSSL_ML_KEM_512: return "ML_KEM_512"; case WOLFSSL_P256_ML_KEM_512: return "P256_ML_KEM_512"; + #ifdef HAVE_CURVE25519 + case WOLFSSL_X25519_ML_KEM_512: + return "X25519_ML_KEM_512"; + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 case WOLFSSL_ML_KEM_768: return "ML_KEM_768"; case WOLFSSL_P384_ML_KEM_768: return "P384_ML_KEM_768"; + case WOLFSSL_P256_ML_KEM_768: + return "P256_ML_KEM_768"; + #ifdef HAVE_CURVE25519 + case WOLFSSL_X25519_ML_KEM_768: + return "X25519_ML_KEM_768"; + #endif + #ifdef HAVE_CURVE448 + case WOLFSSL_X448_ML_KEM_768: + return "X448_ML_KEM_768"; + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 case WOLFSSL_ML_KEM_1024: return "ML_KEM_1024"; case WOLFSSL_P521_ML_KEM_1024: return "P521_ML_KEM_1024"; + case WOLFSSL_P384_ML_KEM_1024: + return "P384_ML_KEM_1024"; #endif -#endif -#endif -#ifdef WOLFSSL_KYBER_ORIGINAL -#ifdef HAVE_LIBOQS - case WOLFSSL_KYBER_LEVEL1: - return "KYBER_LEVEL1"; - case WOLFSSL_KYBER_LEVEL3: - return "KYBER_LEVEL3"; - case WOLFSSL_KYBER_LEVEL5: - return "KYBER_LEVEL5"; - case WOLFSSL_P256_KYBER_LEVEL1: - return "P256_KYBER_LEVEL1"; - case WOLFSSL_P384_KYBER_LEVEL3: - return "P384_KYBER_LEVEL3"; - case WOLFSSL_P521_KYBER_LEVEL5: - return "P521_KYBER_LEVEL5"; -#elif defined(WOLFSSL_WC_KYBER) +#elif defined(HAVE_LIBOQS) + case WOLFSSL_ML_KEM_512: + return "ML_KEM_512"; + case WOLFSSL_ML_KEM_768: + return "ML_KEM_768"; + case WOLFSSL_ML_KEM_1024: + return "ML_KEM_1024"; + case WOLFSSL_P256_ML_KEM_512: + return "P256_ML_KEM_512"; + case WOLFSSL_P384_ML_KEM_768: + return "P384_ML_KEM_768"; + case WOLFSSL_P256_ML_KEM_768: + return "P256_ML_KEM_768"; + case WOLFSSL_P521_ML_KEM_1024: + return "P521_ML_KEM_1024"; + case WOLFSSL_P384_ML_KEM_1024: + return "P384_ML_KEM_1024"; + #ifdef HAVE_CURVE25519 + case WOLFSSL_X25519_ML_KEM_512: + return "X25519_ML_KEM_512"; + case WOLFSSL_X25519_ML_KEM_768: + return "X25519_ML_KEM_768"; + #endif + #ifdef HAVE_CURVE448 + case WOLFSSL_X448_ML_KEM_768: + return "X448_ML_KEM_768"; + #endif +#endif /* WOLFSSL_WC_MLKEM */ +#endif /* WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_MLKEM_KYBER +#if defined(WOLFSSL_WC_MLKEM) #ifndef WOLFSSL_NO_KYBER512 case WOLFSSL_KYBER_LEVEL1: return "KYBER_LEVEL1"; case WOLFSSL_P256_KYBER_LEVEL1: return "P256_KYBER_LEVEL1"; + #ifdef HAVE_CURVE25519 + case WOLFSSL_X25519_KYBER_LEVEL1: + return "X25519_KYBER_LEVEL1"; + #endif #endif #ifndef WOLFSSL_NO_KYBER768 case WOLFSSL_KYBER_LEVEL3: return "KYBER_LEVEL3"; case WOLFSSL_P384_KYBER_LEVEL3: return "P384_KYBER_LEVEL3"; + case WOLFSSL_P256_KYBER_LEVEL3: + return "P256_KYBER_LEVEL3"; + #ifdef HAVE_CURVE25519 + case WOLFSSL_X25519_KYBER_LEVEL3: + return "X25519_KYBER_LEVEL3"; + #endif + #ifdef HAVE_CURVE448 + case WOLFSSL_X448_KYBER_LEVEL3: + return "X448_KYBER_LEVEL3"; + #endif #endif #ifndef WOLFSSL_NO_KYBER1024 case WOLFSSL_KYBER_LEVEL5: @@ -15349,11 +15677,36 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) case WOLFSSL_P521_KYBER_LEVEL5: return "P521_KYBER_LEVEL5"; #endif -#endif -#endif +#elif defined (HAVE_LIBOQS) + case WOLFSSL_KYBER_LEVEL1: + return "KYBER_LEVEL1"; + case WOLFSSL_KYBER_LEVEL3: + return "KYBER_LEVEL3"; + case WOLFSSL_KYBER_LEVEL5: + return "KYBER_LEVEL5"; + case WOLFSSL_P256_KYBER_LEVEL1: + return "P256_KYBER_LEVEL1"; + case WOLFSSL_P384_KYBER_LEVEL3: + return "P384_KYBER_LEVEL3"; + case WOLFSSL_P256_KYBER_LEVEL3: + return "P256_KYBER_LEVEL3"; + case WOLFSSL_P521_KYBER_LEVEL5: + return "P521_KYBER_LEVEL5"; + #ifdef HAVE_CURVE25519 + case WOLFSSL_X25519_KYBER_LEVEL1: + return "X25519_KYBER_LEVEL1"; + case WOLFSSL_X25519_KYBER_LEVEL3: + return "X25519_KYBER_LEVEL3"; + #endif + #ifdef HAVE_CURVE448 + case WOLFSSL_X448_KYBER_LEVEL3: + return "X448_KYBER_LEVEL3"; + #endif +#endif /* WOLFSSL_WC_MLKEM */ +#endif /* WOLFSSL_MLKEM_KYBER */ } } -#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_TLS13 && WOLFSSL_HAVE_MLKEM */ #ifdef HAVE_FFDHE if (ssl->namedGroup != 0) { @@ -15640,42 +15993,42 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) /* Build up the string by copying onto the end. */ - XSTRNCPY(dp, name, len); + XSTRNCPY(dp, name, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " ", len); + XSTRNCPY(dp, " ", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, protocol, len); + XSTRNCPY(dp, protocol, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Kx=", len); + XSTRNCPY(dp, " Kx=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, keaStr, len); + XSTRNCPY(dp, keaStr, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Au=", len); + XSTRNCPY(dp, " Au=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, authStr, len); + XSTRNCPY(dp, authStr, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Enc=", len); + XSTRNCPY(dp, " Enc=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, encStr, len); + XSTRNCPY(dp, encStr, (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); len -= strLen; dp += strLen; - XSTRNCPY(dp, " Mac=", len); + XSTRNCPY(dp, " Mac=", (size_t)len); dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); - len -= strLen; dp += strLen; - XSTRNCPY(dp, macStr, len); + len -= strLen; dp += (size_t)strLen; + XSTRNCPY(dp, macStr, (size_t)len); dp[len-1] = '\0'; return WOLFSSL_SUCCESS; @@ -15933,7 +16286,7 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, */ if (cipher->in_stack == TRUE) { wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher); - XSTRNCPY(in,cipher->description,len); + XSTRNCPY(in,cipher->description,(size_t)len); return ret; } #endif @@ -15946,32 +16299,32 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm); /* Build up the string by copying onto the end. */ - XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len); + XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " ", len); + XSTRNCPY(in, " ", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len); + XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Kx=", len); + XSTRNCPY(in, " Kx=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, keaStr, len); + XSTRNCPY(in, keaStr, (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Au=", len); + XSTRNCPY(in, " Au=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, authStr, len); + XSTRNCPY(in, authStr, (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Enc=", len); + XSTRNCPY(in, " Enc=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, encStr, len); + XSTRNCPY(in, encStr, (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, " Mac=", len); + XSTRNCPY(in, " Mac=", (size_t)len); in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen; - XSTRNCPY(in, macStr, len); + XSTRNCPY(in, macStr, (size_t)len); in[len-1] = '\0'; return ret; @@ -17101,8 +17454,8 @@ long wolfSSL_clear_options(WOLFSSL* ssl, long opt) WOLFSSL_ENTER("wolfSSL_clear_options"); if(ssl == NULL) return WOLFSSL_FAILURE; - ssl->options.mask &= ~opt; - return ssl->options.mask; + ssl->options.mask &= (unsigned long)~opt; + return (long)ssl->options.mask; } #ifdef HAVE_PK_CALLBACKS @@ -17256,7 +17609,7 @@ void wolfSSL_ERR_load_SSL_strings(void) } #endif -#ifdef HAVE_OCSP +#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) { if (s == NULL || resp == NULL) @@ -17272,12 +17625,13 @@ long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, if (s == NULL) return WOLFSSL_FAILURE; + XFREE(s->ocspResp, NULL, 0); s->ocspResp = resp; s->ocspRespSz = len; return WOLFSSL_SUCCESS; } -#endif /* HAVE_OCSP */ +#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */ #ifdef HAVE_MAX_FRAGMENT #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -17367,7 +17721,7 @@ long wolfSSL_get_verify_result(const WOLFSSL *ssl) return WOLFSSL_FAILURE; } - return ssl->peerVerifyRet; + return (long)ssl->peerVerifyRet; } #endif @@ -17633,6 +17987,33 @@ static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out) *out = *in; } + +#if defined(OPENSSL_ALL) +static WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_dup(WOLFSSL_X509_OBJECT* obj) +{ + WOLFSSL_X509_OBJECT* ret = NULL; + if (obj) { + ret = wolfSSL_X509_OBJECT_new(); + if (ret) { + ret->type = obj->type; + switch (ret->type) { + case WOLFSSL_X509_LU_NONE: + break; + case WOLFSSL_X509_LU_X509: + ret->data.x509 = wolfSSL_X509_dup(obj->data.x509); + break; + case WOLFSSL_X509_LU_CRL: + #if defined(HAVE_CRL) + ret->data.crl = wolfSSL_X509_CRL_dup(obj->data.crl); + #endif + break; + } + } + } + return ret; +} +#endif /* OPENSSL_ALL */ + WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) { @@ -17695,6 +18076,17 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) goto error; } break; + case STACK_TYPE_X509_OBJ: + #if defined(OPENSSL_ALL) + if (!sk->data.x509_obj) + break; + cur->data.x509_obj = wolfSSL_X509_OBJECT_dup(sk->data.x509_obj); + if (!cur->data.x509_obj) { + WOLFSSL_MSG("wolfSSL_X509_OBJECT_dup error"); + goto error; + } + break; + #endif case STACK_TYPE_BIO: case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: @@ -17707,7 +18099,6 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk) case STACK_TYPE_X509_INFO: case STACK_TYPE_BY_DIR_entry: case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: case STACK_TYPE_X509_CRL: default: @@ -17766,7 +18157,7 @@ void wolfSSL_sk_free(WOLFSSL_STACK* sk) while (sk != NULL) { WOLFSSL_STACK* next = sk->next; - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_sk_free_node(sk); sk = next; } } @@ -17780,7 +18171,7 @@ void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); } -/* return 1 on success 0 on fail */ +/* returns the number of elements in stack on success, 0 on fail */ int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic) { WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push"); @@ -17801,34 +18192,11 @@ void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk) */ void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type) { - WOLFSSL_STACK* node; void* data = NULL; /* Check we have a stack passed in of the right type. */ - if ((sk != NULL) && (sk->type == type)) { - /* Get the next node to become the new first node. */ - node = sk->next; - /* Get the ASN.1 OBJECT_ID object in the first node. */ - data = sk->data.generic; - - /* Check whether there is a next node. */ - if (node != NULL) { - /* Move content out of next node into current node. */ - sk->data.obj = node->data.obj; - sk->next = node->next; - /* Dispose of node. */ - XFREE(node, NULL, DYNAMIC_TYPE_ASN1); - } - else { - /* No more nodes - clear out data. */ - sk->data.obj = NULL; - } - - /* Decrement count as long as we thought we had nodes. */ - if (sk->num > 0) { - sk->num -= 1; - } - } + if ((sk != NULL) && (sk->type == type)) + data = wolfSSL_sk_pop(sk); return data; } @@ -17952,7 +18320,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, if (sk->type != STACK_TYPE_CIPHER) func(sk->data.generic); } - XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL); sk = next; } } @@ -18044,7 +18412,7 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) if (sz > (long)sizeof(staticBuffer)) { WOLFSSL_MSG("Getting dynamic buffer"); - myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE); + myBuffer = (byte*)XMALLOC((size_t)sz, ctx->heap, DYNAMIC_TYPE_FILE); dynamic = 1; } @@ -18183,6 +18551,9 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifdef WOLFSSL_MD2 { WC_NID_md2, MD2h, oidHashType, "MD2", "md2"}, #endif + #ifndef NO_MD4 + { WC_NID_md4, MD4h, oidHashType, "MD4", "md4"}, + #endif #ifndef NO_MD5 { WC_NID_md5, MD5h, oidHashType, "MD5", "md5"}, #endif @@ -18350,12 +18721,20 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { "Falcon Level 5"}, #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT { CTC_DILITHIUM_LEVEL2, DILITHIUM_LEVEL2k, oidKeyType, "Dilithium Level 2", "Dilithium Level 2"}, { CTC_DILITHIUM_LEVEL3, DILITHIUM_LEVEL3k, oidKeyType, "Dilithium Level 3", "Dilithium Level 3"}, { CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType, "Dilithium Level 5", "Dilithium Level 5"}, + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + { CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2k, oidKeyType, + "ML-DSA 44", "ML-DSA 44"}, + { CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3k, oidKeyType, + "ML-DSA 65", "ML-DSA 65"}, + { CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5k, oidKeyType, + "ML-DSA 87", "ML-DSA 87"}, #endif /* HAVE_DILITHIUM */ /* oidCurveType */ @@ -18738,13 +19117,13 @@ static int SaToNid(byte sa, int* nid) *nid = CTC_FALCON_LEVEL5; break; case dilithium_level2_sa_algo: - *nid = CTC_DILITHIUM_LEVEL2; + *nid = CTC_ML_DSA_LEVEL2; break; case dilithium_level3_sa_algo: - *nid = CTC_DILITHIUM_LEVEL3; + *nid = CTC_ML_DSA_LEVEL3; break; case dilithium_level5_sa_algo: - *nid = CTC_DILITHIUM_LEVEL5; + *nid = CTC_ML_DSA_LEVEL5; break; case sm2_sa_algo: *nid = WC_NID_sm2; @@ -18923,7 +19302,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx) #endif { InitDecodedCert(cert, chain->certs[idx].buffer, - chain->certs[idx].length, NULL); + (word32)chain->certs[idx].length, NULL); if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL, NULL)) != 0) { WOLFSSL_MSG("Failed to parse cert"); @@ -18985,10 +19364,11 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, /* Null output buffer return size needed in outLen */ if(!buf) { - if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length, + if(Base64_Encode(chain->certs[idx].buffer, + (word32)chain->certs[idx].length, NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return WOLFSSL_FAILURE; - *outLen = szNeeded + headerLen + footerLen; + *outLen = (int)szNeeded + headerLen + footerLen; return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } @@ -18997,7 +19377,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, return BAD_FUNC_ARG; /* header */ - if (XMEMCPY(buf, header, headerLen) == NULL) + if (XMEMCPY(buf, header, (size_t)headerLen) == NULL) return WOLFSSL_FATAL_ERROR; i = headerLen; @@ -19005,14 +19385,15 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, /* body */ *outLen = inLen; /* input to Base64_Encode */ if ( (err = Base64_Encode(chain->certs[idx].buffer, - chain->certs[idx].length, buf + i, (word32*)outLen)) < 0) + (word32)chain->certs[idx].length, buf + i, + (word32*)outLen)) < 0) return err; i += *outLen; /* footer */ if ( (i + footerLen) > inLen) return BAD_FUNC_ARG; - if (XMEMCPY(buf + i, footer, footerLen) == NULL) + if (XMEMCPY(buf + i, footer, (size_t)footerLen) == NULL) return WOLFSSL_FATAL_ERROR; *outLen += headerLen + footerLen; @@ -19453,6 +19834,29 @@ void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl) return NULL; } +/* callback for extended master secret generation */ +void wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx, + CallbackGenExtMasterSecret cb) +{ + if (ctx) + ctx->GenExtMasterCb = cb; +} +/* Set extended master secret generation callback context */ +void wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl) + ssl->GenExtMasterCtx = ctx; +} +/* Get extended master secret generation callback context */ +void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl) +{ + if (ssl) + return ssl->GenExtMasterCtx; + + return NULL; +} + + /* callback for session key generation */ void wolfSSL_CTX_SetGenSessionKeyCb(WOLFSSL_CTX* ctx, CallbackGenSessionKey cb) { @@ -19732,7 +20136,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; } else { - obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; + obj->dynamic &= (unsigned char)~WOLFSSL_ASN1_DYNAMIC_DATA; } } XMEMCPY((byte*)obj->obj, objBuf, obj->objSz); @@ -19847,7 +20251,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) bufSz = bufLen - 1; } if (bufSz) { - XMEMCPY(buf, name, bufSz); + XMEMCPY(buf, name, (size_t)bufSz); } else if (a->type == WOLFSSL_GEN_DNS || a->type == WOLFSSL_GEN_EMAIL || a->type == WOLFSSL_GEN_URI) { @@ -19858,7 +20262,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) if ((desc = oid_translate_num_to_str(buf))) { bufSz = (int)XSTRLEN(desc); bufSz = (int)min((word32)bufSz,(word32) bufLen - 1); - XMEMCPY(buf, desc, bufSz); + XMEMCPY(buf, desc, (size_t)bufSz); } } else { @@ -20014,19 +20418,21 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) if (o->nid > 0) return o->nid; - if ((ret = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { + if ((ret = GetObjectId(o->obj, &idx, &oid, + (word32)o->grp, o->objSz)) < 0) { if (ret == WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) { /* Put ASN object tag in front and try again */ - int len = SetObjectId(o->objSz, NULL) + o->objSz; - byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + int len = SetObjectId((int)o->objSz, NULL) + (int)o->objSz; + byte* buf = (byte*)XMALLOC((size_t)len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (!buf) { WOLFSSL_MSG("malloc error"); return WOLFSSL_FATAL_ERROR; } - idx = SetObjectId(o->objSz, buf); + idx = (word32)SetObjectId((int)o->objSz, buf); XMEMCPY(buf + idx, o->obj, o->objSz); idx = 0; - ret = GetObjectId(buf, &idx, &oid, o->grp, len); + ret = GetObjectId(buf, &idx, &oid, (word32)o->grp, (word32)len); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret < 0) { WOLFSSL_MSG("Issue getting OID of object"); @@ -20165,13 +20571,13 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) /* try as a short name */ len = (int)XSTRLEN(s); if ((int)XSTRLEN(wolfssl_object_info[i].sName) == len && - XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) { + XSTRNCMP(wolfssl_object_info[i].sName, s, (word32)len) == 0) { return wolfssl_object_info[i].nid; } /* try as a long name */ if ((int)XSTRLEN(wolfssl_object_info[i].lName) == len && - XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) { + XSTRNCMP(wolfssl_object_info[i].lName, s, (word32)len) == 0) { return wolfssl_object_info[i].nid; } } @@ -20226,7 +20632,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; i = SetObjectId((int)outSz, (byte*)obj->obj); XMEMCPY((byte*)obj->obj + i, out, outSz); - obj->objSz = i + outSz; + obj->objSz = (word32)i + outSz; return obj; } @@ -20304,7 +20710,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) { + if (ret == ASN1_R_HEADER_TOO_LONG) { return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; } #endif @@ -20756,6 +21162,7 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) WOLFSSL_MSG("Error adding certificate to context"); /* Decrease reference count on failure */ wolfSSL_X509_free(x509); + x509 = NULL; } } } @@ -20912,7 +21319,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, return NULL; } - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { WOLFSSL_MSG("Malloc failure"); return NULL; @@ -20937,7 +21345,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, int i; int j = 0; - extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, + extraBioMem = (unsigned char *)XMALLOC((size_t)extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure"); @@ -21018,10 +21426,7 @@ void wolfSSL_print_all_errors_fp(XFILE fp) /* Note: This is a huge section of API's - through * wolfSSL_X509_OBJECT_get0_X509_CRL */ -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ - (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) #if defined(USE_WOLFSSL_MEMORY) && !defined(WOLFSSL_DEBUG_MEMORY) && \ !defined(WOLFSSL_STATIC_MEMORY) @@ -21189,6 +21594,7 @@ int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name) return ret; } +#ifndef NO_WOLFSSL_SERVER /* May be called by server to get the requested accepted name and by the client * to get the requested name. */ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) @@ -21200,6 +21606,8 @@ const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type) !wolfSSL_is_server(ssl)); return (const char *)serverName; } +#endif + #endif /* HAVE_SNI */ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) @@ -21430,9 +21838,7 @@ void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) } #endif -#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || - * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH || - * HAVE_SBLIM_SFCB)) */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ #ifdef HAVE_SNI @@ -21480,7 +21886,7 @@ unsigned long wolfSSL_ERR_peek_last_error(void) if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) return (WOLFSSL_ERR_LIB_PEM << 24) | -WC_NO_ERR_TRACE(WOLFSSL_PEM_R_NO_START_LINE_E); #if defined(WOLFSSL_PYTHON) - if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) + if (ret == ASN1_R_HEADER_TOO_LONG) return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); #endif return (unsigned long)ret; @@ -21692,7 +22098,7 @@ unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line, return (WOLFSSL_ERR_LIB_SSL << 24) | -WC_NO_ERR_TRACE(PARSE_ERROR) /* SSL_R_HTTP_REQUEST */; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - else if (err == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) + else if (err == ASN1_R_HEADER_TOO_LONG) return (WOLFSSL_ERR_LIB_ASN1 << 24) | -WC_NO_ERR_TRACE(WOLFSSL_ASN1_R_HEADER_TOO_LONG_E); #endif return err; @@ -21869,6 +22275,83 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) return ssl->suitesStack; } #endif /* OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#ifdef OPENSSL_ALL +/* returned pointer is to an internal element in WOLFSSL struct and should not + * be free'd. It gets free'd when the WOLFSSL struct is free'd. */ +WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers(WOLFSSL* ssl) +{ + WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; + const CipherSuiteInfo* cipher_names = GetCipherNames(); + int cipherSz = GetCipherNamesSize(); + const Suites* suites; + + WOLFSSL_ENTER("wolfSSL_get_client_ciphers"); + + if (ssl == NULL) { + return NULL; + } + + /* return NULL if is client side */ + if (wolfSSL_is_server(ssl) == 0) { + return NULL; + } + + suites = ssl->clSuites; + if (suites == NULL) { + WOLFSSL_MSG("No client suites stored"); + } + else if (ssl->clSuitesStack != NULL) { + ret = ssl->clSuitesStack; + } + else { /* generate cipher suites stack if not already done */ + int i; + int j; + + ret = wolfSSL_sk_new_node(ssl->heap); + if (ret != NULL) { + ret->type = STACK_TYPE_CIPHER; + + /* higher priority of cipher suite will be on top of stack */ + for (i = suites->suiteSz - 2; i >= 0; i -= 2) { + WOLFSSL_CIPHER cipher; + + /* A couple of suites are placeholders for special options, + * skip those. */ + if (SCSV_Check(suites->suites[i], suites->suites[i+1]) + || sslCipherMinMaxCheck(ssl, suites->suites[i], + suites->suites[i+1])) { + continue; + } + + cipher.cipherSuite0 = suites->suites[i]; + cipher.cipherSuite = suites->suites[i+1]; + cipher.ssl = ssl; + for (j = 0; j < cipherSz; j++) { + if (cipher_names[j].cipherSuite0 == + cipher.cipherSuite0 && + cipher_names[j].cipherSuite == + cipher.cipherSuite) { + cipher.offset = (unsigned long)j; + break; + } + } + + /* in_stack is checked in wolfSSL_CIPHER_description */ + cipher.in_stack = 1; + + if (wolfSSL_sk_CIPHER_push(ret, &cipher) <= 0) { + WOLFSSL_MSG("Error pushing client cipher onto stack"); + wolfSSL_sk_CIPHER_free(ret); + ret = NULL; + break; + } + } + } + ssl->clSuitesStack = ret; + } + return ret; +} +#endif /* OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx) @@ -22514,7 +22997,7 @@ int wolfSSL_sk_WOLFSSL_STRING_num(WOLF_STACK_OF(WOLFSSL_STRING)* strings) void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len) { - word16 nameLen; + word16 nameLen = 0; if (ssl != NULL && data != NULL && len != NULL) { TLSX_ALPN_GetRequest(ssl->extensions, (void **)data, &nameLen); @@ -22676,31 +23159,52 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { #ifdef HAVE_CURVE448 {CURVE_NAME("X448"), WC_NID_X448, WOLFSSL_ECC_X448}, #endif -#ifdef WOLFSSL_HAVE_KYBER +#ifdef WOLFSSL_HAVE_MLKEM #ifndef WOLFSSL_NO_ML_KEM {CURVE_NAME("ML_KEM_512"), WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_512}, {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768}, {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024}, -#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) +#if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512, WOLFSSL_P256_ML_KEM_512}, {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768, WOLFSSL_P384_ML_KEM_768}, + {CURVE_NAME("P256_ML_KEM_768"), WOLFSSL_P256_ML_KEM_768, + WOLFSSL_P256_ML_KEM_768}, {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024, WOLFSSL_P521_ML_KEM_1024}, + {CURVE_NAME("P384_ML_KEM_1024"), WOLFSSL_P384_ML_KEM_1024, + WOLFSSL_P384_ML_KEM_1024}, + {CURVE_NAME("X25519_ML_KEM_512"), WOLFSSL_X25519_ML_KEM_512, + WOLFSSL_X25519_ML_KEM_512}, + {CURVE_NAME("X448_ML_KEM_768"), WOLFSSL_X448_ML_KEM_768, + WOLFSSL_X448_ML_KEM_768}, + {CURVE_NAME("X25519_ML_KEM_768"), WOLFSSL_X25519_ML_KEM_768, + WOLFSSL_X25519_ML_KEM_768}, #endif #endif /* !WOLFSSL_NO_ML_KEM */ -#ifdef WOLFSSL_KYBER_ORIGINAL +#ifdef WOLFSSL_MLKEM_KYBER {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, -#if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) - {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, - {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, -#endif -#endif /* WOLFSSL_KYBER_ORIGINAL */ -#endif /* WOLFSSL_HAVE_KYBER */ +#if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) + {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, + WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, + WOLFSSL_P384_KYBER_LEVEL3}, + {CURVE_NAME("P256_KYBER_LEVEL3"), WOLFSSL_P256_KYBER_LEVEL3, + WOLFSSL_P256_KYBER_LEVEL3}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, + WOLFSSL_P521_KYBER_LEVEL5}, + {CURVE_NAME("X25519_KYBER_LEVEL1"), WOLFSSL_X25519_KYBER_LEVEL1, + WOLFSSL_X25519_KYBER_LEVEL1}, + {CURVE_NAME("X448_KYBER_LEVEL3"), WOLFSSL_X448_KYBER_LEVEL3, + WOLFSSL_X448_KYBER_LEVEL3}, + {CURVE_NAME("X25519_KYBER_LEVEL3"), WOLFSSL_X25519_KYBER_LEVEL3, + WOLFSSL_X25519_KYBER_LEVEL3}, +#endif +#endif /* WOLFSSL_MLKEM_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM */ #ifdef WOLFSSL_SM2 {CURVE_NAME("SM2"), WC_NID_sm2, WOLFSSL_ECC_SM2P256V1}, #endif @@ -22750,13 +23254,13 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, if (len > MAX_CURVE_NAME_SZ - 1) goto leave; - XMEMCPY(name, names + start, len); + XMEMCPY(name, names + start, (size_t)len); name[len] = 0; curve = WOLFSSL_NAMED_GROUP_INVALID; for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { if (len == nist_name->name_len && - XSTRNCMP(name, nist_name->name, len) == 0) { + XSTRNCMP(name, nist_name->name, (size_t)len) == 0) { curve = nist_name->curve; break; } @@ -22779,7 +23283,7 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, goto leave; } - curve = GetCurveByOID(eccSet->oidSum); + curve = GetCurveByOID((int)eccSet->oidSum); #else WOLFSSL_MSG("API not present to search farther using name"); goto leave; @@ -23910,7 +24414,7 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data) ret = wolfSSL_BIO_get_len(bio); if (ret > 0) { - mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL); + mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL); if (mem == NULL) { WOLFSSL_MSG("Memory error"); ret = MEMORY_E; @@ -24003,7 +24507,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, */ ret = GetSequence(der, &idx, &len, keyLen); if (ret >= 0) { - word32 end = idx + len; + word32 end = idx + (word32)len; while (ret >= 0 && idx < end) { /* Skip type */ idx++; @@ -24011,10 +24515,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, len = 0; ret = GetLength(der, &idx, &len, keyLen); if (ret >= 0) { - if (idx + len > end) + if (idx + (word32)len > end) ret = ASN_PARSE_E; else { - idx += len; + idx += (word32)len; cnt++; } } @@ -24836,8 +25340,18 @@ int wolfSSL_BUF_MEM_grow_ex(WOLFSSL_BUF_MEM* buf, size_t len, /* expand size, to handle growth */ mx = (len_int + 3) / 3 * 4; +#ifdef WOLFSSL_NO_REALLOC + tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL && buf->data != NULL) { + XMEMCPY(tmp, buf->data, len_int); + XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL); + buf->data = NULL; + } +#else /* use realloc */ tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + if (tmp == NULL) { return 0; /* ERR_R_MALLOC_FAILURE; */ } @@ -24879,7 +25393,18 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len) mx = ((int)len + 3) / 3 * 4; /* We want to shrink the internal buffer */ +#ifdef WOLFSSL_NO_REALLOC + tmp = (char*)XMALLOC(mx, NULL, DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL && buf->data != NULL) + { + XMEMCPY(tmp, buf->data, len); + XFREE(buf->data,NULL,DYNAMIC_TYPE_OPENSSL); + buf->data = NULL; + } +#else tmp = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + if (tmp == NULL) return 0; diff --git a/src/src/ssl_asn1.c b/src/src/ssl_asn1.c index 5ebad81..535c672 100644 --- a/src/src/ssl_asn1.c +++ b/src/src/ssl_asn1.c @@ -1,6 +1,6 @@ /* ssl_asn1.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include - #include +#include #ifndef WC_NO_RNG #include #endif @@ -797,9 +793,18 @@ static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr, int ret = 1; byte* tmp; +#ifdef WOLFSSL_NO_REALLOC + tmp = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL); + if (tmp != NULL && bitStr->data != NULL) { + XMEMCPY(tmp, bitStr->data, bitStr->length); + XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL); + bitStr->data = NULL; + } +#else /* Realloc to length required. */ tmp = (byte*)XREALLOC(bitStr->data, (size_t)len, NULL, DYNAMIC_TYPE_OPENSSL); +#endif if (tmp == NULL) { ret = 0; } @@ -1084,36 +1089,36 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, */ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src) { - WOLFSSL_ASN1_INTEGER* dup = NULL; + WOLFSSL_ASN1_INTEGER* dst = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup"); /* Check for object to duplicate. */ if (src != NULL) { /* Create a new ASN.1 INTEGER object to be copied into. */ - dup = wolfSSL_ASN1_INTEGER_new(); + dst = wolfSSL_ASN1_INTEGER_new(); } /* Check for object to copy into. */ - if (dup != NULL) { + if (dst != NULL) { /* Copy simple fields. */ - dup->length = src->length; - dup->negative = src->negative; - dup->type = src->type; + dst->length = src->length; + dst->negative = src->negative; + dst->type = src->type; if (!src->isDynamic) { /* Copy over data from/to fixed buffer. */ - XMEMCPY(dup->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX); + XMEMCPY(dst->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX); } - else if (wolfssl_asn1_integer_require_len(dup, src->length, 0) == 0) { - wolfSSL_ASN1_INTEGER_free(dup); - dup = NULL; + else if (wolfssl_asn1_integer_require_len(dst, src->length, 0) == 0) { + wolfSSL_ASN1_INTEGER_free(dst); + dst = NULL; } else { - XMEMCPY(dup->data, src->data, (size_t)src->length); + XMEMCPY(dst->data, src->data, (size_t)src->length); } } - return dup; + return dst; } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -3814,7 +3819,6 @@ static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t, * @param [in] from ASN.1 TIME object as start time. * @param [in] to ASN.1 TIME object as end time. * @return 1 on success. - * @return 0 when days or secs is NULL. * @return 0 when conversion of time fails. */ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, @@ -3824,21 +3828,15 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff"); - /* Validate parameters. */ - if (days == NULL) { - WOLFSSL_MSG("days is NULL"); - ret = 0; - } - if ((ret == 1) && (secs == NULL)) { - WOLFSSL_MSG("secs is NULL"); - ret = 0; - } - - if ((ret == 1) && ((from == NULL) && (to == NULL))) { - *days = 0; - *secs = 0; + if ((from == NULL) && (to == NULL)) { + if (days != NULL) { + *days = 0; + } + if (secs != NULL) { + *secs = 0; + } } - else if (ret == 1) { + else { const long long SECS_PER_DAY = 24 * 60 * 60; long long fromSecs; long long toSecs = 0; @@ -3849,8 +3847,13 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, } if (ret == 1) { long long diffSecs = toSecs - fromSecs; - *days = (int) (diffSecs / SECS_PER_DAY); - *secs = (int) (diffSecs - ((long long)*days * SECS_PER_DAY)); + if (days != NULL) { + *days = (int) (diffSecs / SECS_PER_DAY); + } + if (secs != NULL) { + *secs = (int) (diffSecs - + ((long long)(diffSecs / SECS_PER_DAY) * SECS_PER_DAY)); + } } } diff --git a/src/src/ssl_bn.c b/src/src/ssl_bn.c index 1c05b14..0d947a8 100644 --- a/src/src/ssl_bn.c +++ b/src/src/ssl_bn.c @@ -1,6 +1,6 @@ /* ssl_bn.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #include #ifndef WC_NO_RNG @@ -1273,43 +1269,29 @@ int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) * Word operation APIs. ******************************************************************************/ -/* Add/subtract a word to/from a big number. - * - * Internal function for adding/subtracting an unsigned long from a - * WOLFSSL_BIGNUM. To add, pass "sub" as 0. To subtract, pass it as 1. +enum BN_WORD_OP { + BN_WORD_ADD = 0, + BN_WORD_SUB = 1, + BN_WORD_MUL = 2, + BN_WORD_DIV = 3, + BN_WORD_MOD = 4 +}; + +/* Helper function for word operations. * - * @param [in, out] bn Big number to operate on. - * @param [in] w Word to operate with. - * @param [in] sub Indicates whether operation to perform is a subtract. + * @param [in, out] bn Big number to operate on. + * @param [in] w Word to operate with. + * @param [in] op Operation to perform. See BN_WORD_OP for valid values. + * @param [out] mod_res Result of the modulo operation. * @return 1 on success. - * @return 0 in failure. + * @return 0 on failure. */ -static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, - int sub) +static int bn_word_helper(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, + enum BN_WORD_OP op, WOLFSSL_BN_ULONG* mod_res) { int ret = 1; -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) -#ifdef WOLFSSL_SMALL_STACK - mp_int* w_mp = NULL; -#else - mp_int w_mp[1]; -#endif /* WOLFSSL_SMALL_STACK */ -#endif -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) -#ifdef WOLFSSL_SMALL_STACK - /* Allocate temporary MP integer. */ - w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (w_mp == NULL) { - ret = 0; - } - else -#endif /* WOLFSSL_SMALL_STACK */ - { - /* Clear out MP integer so it can be freed. */ - XMEMSET(w_mp, 0, sizeof(*w_mp)); - } -#endif + WOLFSSL_ENTER("bn_word_helper"); /* Validate parameters. */ if (ret == 1 && BN_IS_NULL(bn)) { @@ -1318,60 +1300,108 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, } if (ret == 1) { - int rc = 0; + int rc = MP_OKAY; #if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + /* When input 'w' is greater than what can be stored in one digit */ if (w > (WOLFSSL_BN_ULONG)MP_MASK) { - /* Initialize temporary MP integer. */ - if (mp_init(w_mp) != MP_OKAY) { + DECL_MP_INT_SIZE_DYN(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT, + sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT); + NEW_MP_INT_SIZE(w_mp, sizeof(WOLFSSL_BN_ULONG) * CHAR_BIT, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#ifdef MP_INT_SIZE_CHECK_NULL + if (w_mp == NULL) { + WOLFSSL_MSG("NEW_MP_INT_SIZE error"); ret = 0; } - /* Set value into temporary MP integer. */ - if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) { +#endif + if (ret == 1 && mp_set_int(w_mp, w) != MP_OKAY) { + WOLFSSL_MSG("mp_set_int error"); ret = 0; } if (ret == 1) { - if (sub) { - /* Subtract as MP integer. */ - rc = mp_sub((mp_int *)bn->internal, w_mp, - (mp_int *)bn->internal); - } - else { - /* Add as MP integer. */ - rc = mp_add((mp_int *)bn->internal, w_mp, - (mp_int *)bn->internal); - } - if (rc != MP_OKAY) { - WOLFSSL_MSG("mp_add/sub error"); - ret = 0; + switch (op) { + case BN_WORD_ADD: + rc = mp_add((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + break; + case BN_WORD_SUB: + rc = mp_sub((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + break; + case BN_WORD_MUL: + rc = mp_mul((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + break; + case BN_WORD_DIV: + rc = mp_div((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal, NULL); + break; + case BN_WORD_MOD: + rc = mp_mod((mp_int*) bn->internal, w_mp, + w_mp); + if (rc == MP_OKAY && mod_res != NULL) + *mod_res = wolfssl_bn_get_word_1(w_mp); + break; + default: + rc = WOLFSSL_NOT_IMPLEMENTED; + break; } } + FREE_MP_INT_SIZE(w_mp, NULL, DYNAMIC_TYPE_RSA); } else #endif { - if (sub) { - /* Subtract word from MP integer. */ - rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w, - (mp_int*)bn->internal); - } - else { - /* Add word from MP integer. */ - rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w, - (mp_int*)bn->internal); - } - if (rc != MP_OKAY) { - WOLFSSL_MSG("mp_add/sub_d error"); - ret = 0; + switch (op) { + case BN_WORD_ADD: + rc = mp_add_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + break; + case BN_WORD_SUB: + rc = mp_sub_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + break; + case BN_WORD_MUL: + rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + break; + case BN_WORD_DIV: +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) +/* copied from sp_int.h */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WC_MP_TO_RADIX) + rc = mp_div_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal, NULL); +#else + rc = WOLFSSL_NOT_IMPLEMENTED; +#endif +#else + rc = WOLFSSL_NOT_IMPLEMENTED; +#endif + break; + case BN_WORD_MOD: + { + mp_digit _mod_res; + rc = mp_mod_d((mp_int*) bn->internal, (mp_digit) w, + &_mod_res); + if (rc == MP_OKAY && mod_res != NULL) + *mod_res = (WOLFSSL_BN_ULONG)_mod_res; + } + break; + default: + rc = WOLFSSL_NOT_IMPLEMENTED; + break; } } + if (ret == 1 && rc != MP_OKAY) { + WOLFSSL_MSG("mp word operation error or not implemented"); + ret = 0; + } } -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) - mp_free(w_mp); -#ifdef WOLFSSL_SMALL_STACK - XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_SMALL_STACK */ -#endif + WOLFSSL_LEAVE("bn_word_helper", ret); + return ret; } @@ -1390,7 +1420,7 @@ int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) WOLFSSL_ENTER("wolfSSL_BN_add_word"); - ret = wolfssl_bn_add_word_int(bn, w, 0); + ret = bn_word_helper(bn, w, BN_WORD_ADD, NULL); WOLFSSL_LEAVE("wolfSSL_BN_add_word", ret); @@ -1412,7 +1442,7 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) WOLFSSL_ENTER("wolfSSL_BN_sub_word"); - ret = wolfssl_bn_add_word_int(bn, w, 1); + ret = bn_word_helper(bn, w, BN_WORD_SUB, NULL); WOLFSSL_LEAVE("wolfSSL_BN_sub_word", ret); @@ -1421,79 +1451,27 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) { - int ret = 1; -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) -#ifdef WOLFSSL_SMALL_STACK - mp_int* w_mp = NULL; -#else - mp_int w_mp[1]; -#endif /* WOLFSSL_SMALL_STACK */ -#endif + int ret; WOLFSSL_ENTER("wolfSSL_BN_mul_word"); -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) -#ifdef WOLFSSL_SMALL_STACK - /* Allocate temporary MP integer. */ - w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (w_mp == NULL) { - ret = 0; - } - else -#endif /* WOLFSSL_SMALL_STACK */ - { - /* Clear out MP integer so it can be freed. */ - XMEMSET(w_mp, 0, sizeof(*w_mp)); - } -#endif + ret = bn_word_helper(bn, w, BN_WORD_MUL, NULL); - /* Validate parameters. */ - if (ret == 1 && BN_IS_NULL(bn)) { - WOLFSSL_MSG("bn NULL error"); - ret = 0; - } + WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret); - if (ret == 1) { - int rc = 0; -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) - if (w > (WOLFSSL_BN_ULONG)MP_MASK) { - /* Initialize temporary MP integer. */ - if (mp_init(w_mp) != MP_OKAY) { - ret = 0; - } - /* Set value into temporary MP integer. */ - if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) { - ret = 0; - } - if (ret == 1) { - rc = mp_mul((mp_int*)bn->internal, w_mp, - (mp_int*)bn->internal); - if (rc != MP_OKAY) { - WOLFSSL_MSG("mp_mul error"); - ret = 0; - } - } - } - else -#endif - { - rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w, - (mp_int*)bn->internal); - if (rc != MP_OKAY) { - WOLFSSL_MSG("mp_mul_d error"); - ret = 0; - } - } - } + return ret; +} -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) - mp_free(w_mp); -#ifdef WOLFSSL_SMALL_STACK - XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_SMALL_STACK */ -#endif - WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret); +int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_BN_div_word"); + + ret = bn_word_helper(bn, w, BN_WORD_DIV, NULL); + + WOLFSSL_LEAVE("wolfSSL_BN_div_word", ret); return ret; } @@ -1510,70 +1488,16 @@ int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) { - WOLFSSL_BN_ULONG ret = 0; + int ret; + WOLFSSL_BN_ULONG res = 0; WOLFSSL_ENTER("wolfSSL_BN_mod_word"); - /* Validate parameters. */ - if (BN_IS_NULL(bn)) { - WOLFSSL_MSG("bn NULL error"); - ret = (WOLFSSL_BN_ULONG)-1; - } - -#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) - if ((ret == 0) && (w > (WOLFSSL_BN_ULONG)MP_MASK)) { - /* TODO: small stack */ - mp_int w_mp; - mp_int r_mp; - - /* Memset MP integers to be safe to free. */ - XMEMSET(&w_mp, 0, sizeof(w_mp)); - XMEMSET(&r_mp, 0, sizeof(r_mp)); - - /* Initialize MP integer to hold word. */ - if (mp_init(&w_mp) != MP_OKAY) { - ret = (WOLFSSL_BN_ULONG)-1; - } - /* Initialize MP integer to hold result word. */ - if ((ret == 0) && (mp_init(&r_mp) != MP_OKAY)) { - ret = (WOLFSSL_BN_ULONG)-1; - } - /* Set modulus word into MP integer. */ - if ((ret == 0) && (mp_set_int(&w_mp, w) != MP_OKAY)) { - ret = (WOLFSSL_BN_ULONG)-1; - } - /* Calculate modulus result. */ - if ((ret == 0) && (mp_mod((mp_int *)bn->internal, &w_mp, &r_mp) != - MP_OKAY)) { - WOLFSSL_MSG("mp_mod error"); - ret = (WOLFSSL_BN_ULONG)-1; - } - if (ret == 0) { - /* Get modulus result into an unsigned long. */ - ret = wolfssl_bn_get_word_1(&r_mp); - } - - /* Dispose of dynamically allocated data. */ - mp_free(&r_mp); - mp_free(&w_mp); - } - else -#endif - if (ret == 0) { - mp_digit mp_ret; + ret = bn_word_helper(bn, w, BN_WORD_MOD, &res); - /* Calculate modulus result using wolfCrypt. */ - if (mp_mod_d((mp_int*)bn->internal, (mp_digit)w, &mp_ret) != MP_OKAY) { - WOLFSSL_MSG("mp_add_d error"); - ret = (WOLFSSL_BN_ULONG)-1; - } - else { - /* Return result. */ - ret = (WOLFSSL_BN_ULONG)mp_ret; - } - } + WOLFSSL_LEAVE("wolfSSL_BN_mod_word", ret); - return ret; + return ret == 1 ? res : (WOLFSSL_BN_ULONG)-1; } #endif /* WOLFSSL_KEY_GEN && (!NO_RSA || !NO_DH || !NO_DSA) */ @@ -2434,27 +2358,38 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) } #endif /* !NO_FILESYSTEM && XFPRINTF */ +#ifndef NO_WOLFSSL_BN_CTX /******************************************************************************* * BN_CTX APIs ******************************************************************************/ -/* Allocate and return a new BN context object. - * - * BN context not needed for operations. +/* Create a new BN context object. * - * @return Pointer to dummy object. + * @return BN context object on success. + * @return NULL on failure. */ WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) { - /* wolfcrypt doesn't need BN context. */ - static int ctx; + WOLFSSL_BN_CTX* ctx = NULL; + WOLFSSL_ENTER("wolfSSL_BN_CTX_new"); - return (WOLFSSL_BN_CTX*)&ctx; + ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL, + DYNAMIC_TYPE_OPENSSL); + if (ctx != NULL) { + XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX)); + } + + return ctx; } -/* Initialize a BN context object. + +#ifndef NO_WOLFSSL_STUB +/* deprecated * - * BN context not needed for operations. + * Initialize a BN context object. + * This function was removed in OpenSSL 1.1.0 and later. + * Keeping a stub function here for older applications that have BN_CTX_init() + * calls. * * @param [in] ctx Dummy BN context. */ @@ -2462,37 +2397,59 @@ void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx) { (void)ctx; WOLFSSL_ENTER("wolfSSL_BN_CTX_init"); + WOLFSSL_STUB("wolfSSL_BN_CTX_init"); + WOLFSSL_MSG("wolfSSL_BN_CTX_init is deprecated"); } +#endif /* Free a BN context object. * - * BN context not needed for operations. - * - * @param [in] ctx Dummy BN context. + * @param [in] ctx BN context object. */ void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx) { - (void)ctx; WOLFSSL_ENTER("wolfSSL_BN_CTX_free"); - /* Don't do anything since using dummy, static BN context. */ + if (ctx != NULL) { + while (ctx->list != NULL) { + struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list; + ctx->list = ctx->list->next; + wolfSSL_BN_free(tmp->bn); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); + } } -/* Get a big number based on the BN context. +/* Get a big number from the BN context. * - * @param [in] ctx BN context. Not used. + * @param [in] ctx BN context object. * @return Big number on success. * @return NULL on failure. */ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) { - /* ctx is not used - returning a new big number. */ - (void)ctx; + WOLFSSL_BIGNUM* bn = NULL; WOLFSSL_ENTER("wolfSSL_BN_CTX_get"); + if (ctx != NULL) { + struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC( + sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL); + if (node != NULL) { + XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST)); + bn = node->bn = wolfSSL_BN_new(); + if (node->bn != NULL) { + node->next = ctx->list; + ctx->list = node; + } + else { + XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); + node = NULL; + } + } + } - /* Return a new big number. */ - return wolfSSL_BN_new(); + return bn; } #ifndef NO_WOLFSSL_STUB @@ -2512,6 +2469,75 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx) } #endif +#endif /* NO_WOLFSSL_BN_CTX */ + +/******************************************************************************* + * BN_MONT_CTX APIs + ******************************************************************************/ + +WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void) +{ + /* wolfcrypt doesn't need BN MONT context. */ + static int mont; + WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_new"); + return (WOLFSSL_BN_MONT_CTX*)&mont; +} + +void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont) +{ + (void)mont; + WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_free"); + /* Don't do anything since using dummy, static BN context. */ +} + +int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont, + const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx) +{ + (void) mont; + (void) mod; + (void) ctx; + WOLFSSL_ENTER("wolfSSL_BN_MONT_CTX_set"); + return WOLFSSL_SUCCESS; +} + +/* Calculate r = a ^ p % m. + * + * @param [out] r Big number to store the result. + * @param [in] a Base as an unsigned long. + * @param [in] p Exponent as a big number. + * @param [in] m Modulus as a big number. + * @param [in] ctx BN context object. Unused. + * @param [in] mont Montgomery context object. Unused. + * + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r, WOLFSSL_BN_ULONG a, + const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx, + WOLFSSL_BN_MONT_CTX *mont) +{ + WOLFSSL_BIGNUM* tmp = NULL; + int ret = WOLFSSL_SUCCESS; + + (void)mont; + WOLFSSL_ENTER("wolfSSL_BN_mod_exp_mont_word"); + + if (ret == WOLFSSL_SUCCESS && (tmp = wolfSSL_BN_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new failed"); + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && (wolfSSL_BN_set_word(tmp, (unsigned long)a)) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + WOLFSSL_MSG("wolfSSL_BN_set_word failed"); + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_BN_mod_exp(r, tmp, p, m, ctx); + + wolfSSL_BN_free(tmp); + return ret; +} + #endif /* OPENSSL_EXTRA */ #endif /* !WOLFSSL_SSL_BN_INCLUDED */ diff --git a/src/src/ssl_certman.c b/src/src/ssl_certman.c index 6d18db5..df88acd 100644 --- a/src/src/ssl_certman.c +++ b/src/src/ssl_certman.c @@ -1,6 +1,6 @@ /* ssl_certman.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #include @@ -401,6 +397,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm) /* Decode certificate. */ if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) { wolfSSL_X509_free(x509); + x509 = NULL; err = 1; } } diff --git a/src/src/ssl_crypto.c b/src/src/ssl_crypto.c index f2ff781..4744304 100644 --- a/src/src/ssl_crypto.c +++ b/src/src/ssl_crypto.c @@ -1,6 +1,6 @@ /* ssl_crypto.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef WOLFSSL_SSL_CRYPTO_INCLUDED #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -2543,21 +2538,23 @@ WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in, if ((!err) && (dataSz % DES_BLOCK_SIZE)) { /* Allocate a buffer big enough to hold padded input. */ dataSz += DES_BLOCK_SIZE - (dataSz % DES_BLOCK_SIZE); - data = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = (unsigned char*)XMALLOC((size_t)dataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (data == NULL) { WOLFSSL_MSG("Issue creating temporary buffer"); err = 1; } else { /* Copy input and pad with 0s. */ - XMEMCPY(data, in, length); - XMEMSET(data + length, 0, dataSz - length); + XMEMCPY(data, in, (size_t)length); + XMEMSET(data + length, 0, (size_t)(dataSz - length)); } } if (!err) { /* Allocate buffer to hold encrypted data. */ - tmp = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tmp = (unsigned char*)XMALLOC((size_t)dataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_MSG("Issue creating temporary buffer"); err = 1; @@ -2637,7 +2634,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, if (lb_sz != 0) { /* Create a 0 padded block from remaining bytes. */ XMEMSET(lastBlock, 0, DES_BLOCK_SIZE); - XMEMCPY(lastBlock, input + len, lb_sz); + XMEMCPY(lastBlock, input + len, (size_t)lb_sz); /* Encrypt last block into output. */ wc_Des_CbcEncrypt(des, output + len, lastBlock, (word32)DES_BLOCK_SIZE); @@ -2651,7 +2648,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, wc_Des_CbcDecrypt(des, lastBlock, input + len, (word32)DES_BLOCK_SIZE); /* Copy out the required amount of the decrypted block. */ - XMEMCPY(output + len, lastBlock, lb_sz); + XMEMCPY(output + len, lastBlock, (size_t)lb_sz); } } } @@ -2775,7 +2772,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, if (lb_sz != 0) { /* Create a 0 padded block from remaining bytes. */ XMEMSET(lastBlock, 0, DES_BLOCK_SIZE); - XMEMCPY(lastBlock, input + len, lb_sz); + XMEMCPY(lastBlock, input + len, (size_t)lb_sz); /* Encrypt last block into output. */ ret = wc_Des3_CbcEncrypt(des3, output + len, lastBlock, (word32)DES_BLOCK_SIZE); @@ -2825,7 +2822,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, (void)ret; #endif /* Copy out the required amount of the decrypted block. */ - XMEMCPY(output + len, lastBlock, lb_sz); + XMEMCPY(output + len, lastBlock, (size_t)lb_sz); } } } @@ -2940,7 +2937,7 @@ static int wolfssl_aes_set_key(const unsigned char *key, const int bits, return WOLFSSL_FATAL_ERROR; } - if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) { + if (wc_AesSetKey((Aes*)aes, key, (word32)((bits)/8), NULL, enc) != 0) { WOLFSSL_MSG("Error in setting AES key"); return WOLFSSL_FATAL_ERROR; } diff --git a/src/src/ssl_load.c b/src/src/ssl_load.c index 004cb65..24c8af1 100644 --- a/src/src/ssl_load.c +++ b/src/src/ssl_load.c @@ -1,6 +1,6 @@ /* ssl_load.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include /* * WOLFSSL_SYS_CA_CERTS @@ -35,8 +30,10 @@ #ifdef WOLFSSL_SYS_CA_CERTS #ifdef _WIN32 + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #include #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ /* mingw gcc does not support pragma comment, and the * linking with crypt32 is handled in configure.ac */ @@ -132,7 +129,7 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format, /* Data in buffer has PEM format - extract DER data. */ if (format == WOLFSSL_FILETYPE_PEM) { #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buff, len, type, der, heap, info, algId); + ret = PemToDer(buff, (long)(len), type, der, heap, info, algId); if (ret != 0) { FreeDer(der); } @@ -949,6 +946,9 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int ret; word32 idx; dilithium_key* key; + int keyFormatTemp = 0; + int keyTypeTemp; + int keySizeTemp; /* Allocate a Dilithium key to parse into. */ key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, @@ -959,74 +959,74 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* Initialize Dilithium key. */ ret = wc_dilithium_init(key); - if (ret == 0) { - /* Set up key to parse the format specified. */ - if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) && - ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) || - (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, 2); - } - else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) && - ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) || - (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, 3); - } - else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) && - ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) || - (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) { - ret = wc_dilithium_set_level(key, 5); - } - else { - wc_dilithium_free(key); - ret = ALGO_ID_E; - } - } - if (ret == 0) { /* Decode as a Dilithium private key. */ idx = 0; ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length); if (ret == 0) { - /* Get the minimum Dilithium key size from SSL or SSL context - * object. */ - int minKeySz = ssl ? ssl->options.minDilithiumKeySz : - ctx->minDilithiumKeySz; - - /* Format is known. */ - if (*keyFormat == DILITHIUM_LEVEL2k) { - *keyType = dilithium_level2_sa_algo; - *keySize = DILITHIUM_LEVEL2_KEY_SIZE; - } - else if (*keyFormat == DILITHIUM_LEVEL3k) { - *keyType = dilithium_level3_sa_algo; - *keySize = DILITHIUM_LEVEL3_KEY_SIZE; + ret = dilithium_get_oid_sum(key, &keyFormatTemp); + if (ret == 0) { + /* Format is known. */ + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (keyFormatTemp == DILITHIUM_LEVEL2k) { + keyTypeTemp = dilithium_level2_sa_algo; + keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE; + } + else if (keyFormatTemp == DILITHIUM_LEVEL3k) { + keyTypeTemp = dilithium_level3_sa_algo; + keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE; + } + else if (keyFormatTemp == DILITHIUM_LEVEL5k) { + keyTypeTemp = dilithium_level5_sa_algo; + keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE; + } + else + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + if (keyFormatTemp == ML_DSA_LEVEL2k) { + keyTypeTemp = dilithium_level2_sa_algo; + keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE; + } + else if (keyFormatTemp == ML_DSA_LEVEL3k) { + keyTypeTemp = dilithium_level3_sa_algo; + keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE; + } + else if (keyFormatTemp == ML_DSA_LEVEL5k) { + keyTypeTemp = dilithium_level5_sa_algo; + keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE; + } + else { + ret = ALGO_ID_E; + } } - else if (*keyFormat == DILITHIUM_LEVEL5k) { - *keyType = dilithium_level5_sa_algo; - *keySize = DILITHIUM_LEVEL5_KEY_SIZE; + + if (ret == 0) { + /* Get the minimum Dilithium key size from SSL or SSL context + * object. */ + int minKeySz = ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz; + + /* Check that the size of the Dilithium key is enough. */ + if (keySizeTemp < minKeySz) { + WOLFSSL_MSG("Dilithium private key too small"); + ret = DILITHIUM_KEY_SIZE_E; + } } - /* Check that the size of the Dilithium key is enough. */ - if (*keySize < minKeySz) { - WOLFSSL_MSG("Dilithium private key too small"); - ret = DILITHIUM_KEY_SIZE_E; + if (ret == 0) { + *keyFormat = keyFormatTemp; + *keyType = keyTypeTemp; + *keySize = keySizeTemp; } } - /* Not a Dilithium key but check whether we know what it is. */ else if (*keyFormat == 0) { WOLFSSL_MSG("Not a Dilithium key"); - /* Format unknown so keep trying. */ + /* Unknown format wasn't dilithium, so keep trying other formats. */ ret = 0; } /* Free dynamically allocated data in key. */ wc_dilithium_free(key); } - else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) { - WOLFSSL_MSG("Not a Dilithium key"); - /* Format unknown so keep trying. */ - ret = 0; - } /* Dispose of allocated key. */ XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); @@ -1057,6 +1057,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int devId = wolfSSL_CTX_GetDevId(ctx, ssl); byte* keyType = NULL; int* keySz = NULL; + int matchAnyKey = 0; (void)heap; (void)devId; @@ -1108,8 +1109,19 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, heap, devId, keyType, keySz); #endif + matchAnyKey = 1; } -#endif +#ifdef WC_RSA_PSS + if((ret == 0) && (*keyFormat == RSAPSSk)) { + /* + Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK), + and to detect that the der is RSAPSSk (when *keyFormat == 0). + */ + + matchAnyKey = 1; + } +#endif /* WC_RSA_PSS */ +#endif /* NO_RSA */ #ifdef HAVE_ECC /* Try ECC if key format is ECDSA or SM2, or yet unknown. */ if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == ECDSAk) @@ -1119,6 +1131,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, )) { ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keyFormat, heap, devId, keyType, keySz); + matchAnyKey = 1; } #endif /* HAVE_ECC */ #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) @@ -1126,6 +1139,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED25519k))) { ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keyFormat, heap, devId, keyType, keySz); + matchAnyKey = 1; } #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) @@ -1133,6 +1147,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED448k))) { ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keyFormat, heap, devId, keyType, keySz); + matchAnyKey = 1; } #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ #if defined(HAVE_FALCON) @@ -1141,22 +1156,33 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, (*keyFormat == FALCON_LEVEL5k))) { ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keyFormat, heap, keyType, keySz); + matchAnyKey = 1; } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ !defined(WOLFSSL_DILITHIUM_NO_ASN1) /* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown. */ - if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == DILITHIUM_LEVEL2k) || - (*keyFormat == DILITHIUM_LEVEL3k) || - (*keyFormat == DILITHIUM_LEVEL5k))) { + if ((ret == 0) && + ((*keyFormat == 0) || + (*keyFormat == ML_DSA_LEVEL2k) || + (*keyFormat == ML_DSA_LEVEL3k) || + (*keyFormat == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (*keyFormat == DILITHIUM_LEVEL2k) + || (*keyFormat == DILITHIUM_LEVEL3k) + || (*keyFormat == DILITHIUM_LEVEL5k) + #endif + )) { ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap, keyType, keySz); + matchAnyKey = 1; } #endif /* HAVE_DILITHIUM */ /* Check we know the format. */ - if ((ret == 0) && (*keyFormat == 0)) { + if ((ret == 0) && + ((*keyFormat == 0) || ((*keyFormat != 0) && (matchAnyKey == 0)))) { WOLFSSL_MSG("Not a supported key type"); /* Not supported key format. */ ret = WOLFSSL_BAD_FILE; @@ -1213,7 +1239,7 @@ static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der, } if (ret >= 0) { /* Zero out encrypted data not overwritten. */ - ForceZero(der->buffer + ret, der->length - ret); + ForceZero(der->buffer + ret, der->length - (word32)ret); /* Set decrypted data length. */ der->length = (word32)ret; } @@ -1461,9 +1487,14 @@ static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl, break; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: + #endif if (ssl != NULL) { ssl->options.haveDilithiumSig = 1; } @@ -1532,9 +1563,14 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl, break; #endif #ifdef HAVE_DILITHIUM + case CTC_ML_DSA_LEVEL2: + case CTC_ML_DSA_LEVEL3: + case CTC_ML_DSA_LEVEL5: + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case CTC_DILITHIUM_LEVEL2: case CTC_DILITHIUM_LEVEL3: case CTC_DILITHIUM_LEVEL5: + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ WOLFSSL_MSG("Dilithium cert signature"); if (ssl) { ssl->options.haveDilithiumSig = 1; @@ -1705,6 +1741,7 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: keyType = dilithium_level2_sa_algo; /* Dilithium is fixed key size */ @@ -1735,6 +1772,37 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DILITHIUM_KEY_SIZE_E); } break; + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + case ML_DSA_LEVEL2k: + keyType = dilithium_level2_sa_algo; + /* Dilithium is fixed key size */ + keySz = ML_DSA_LEVEL2_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case ML_DSA_LEVEL3k: + keyType = dilithium_level3_sa_algo; + /* Dilithium is fixed key size */ + keySz = ML_DSA_LEVEL3_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case ML_DSA_LEVEL5k: + keyType = dilithium_level5_sa_algo; + /* Dilithium is fixed key size */ + keySz = ML_DSA_LEVEL5_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; #endif /* HAVE_DILITHIUM */ default: @@ -1894,6 +1962,7 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: keyType = dilithium_level2_sa_algo; /* Dilithium is fixed key size */ @@ -1924,6 +1993,37 @@ static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DILITHIUM_KEY_SIZE_E); } break; + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + case ML_DSA_LEVEL2k: + keyType = dilithium_level2_sa_algo; + /* Dilithium is fixed key size */ + keySz = ML_DSA_LEVEL2_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case ML_DSA_LEVEL3k: + keyType = dilithium_level3_sa_algo; + /* Dilithium is fixed key size */ + keySz = ML_DSA_LEVEL3_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; + case ML_DSA_LEVEL5k: + keyType = dilithium_level5_sa_algo; + /* Dilithium is fixed key size */ + keySz = ML_DSA_LEVEL5_KEY_SIZE; + if (checkKeySz) { + ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz : + ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz, + DILITHIUM_KEY_SIZE_E); + } + break; #endif /* HAVE_DILITHIUM */ default: @@ -2803,7 +2903,7 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, } if (file != NULL) { - /* Load the PEM formatted CA file. */ + /* Load the PEM formatted CA file */ ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL, verify); #ifndef NO_WOLFSSL_DIR @@ -4739,6 +4839,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) if (ret == 1) { /* On success WOLFSSL_X509 memory is responsibility of SSL context. */ wolfSSL_X509_free(x509); + x509 = NULL; } WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret); @@ -4832,6 +4933,7 @@ int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) if (ret == 1) { /* Down reference or free original now as we own certificate. */ wolfSSL_X509_free(x509); + x509 = NULL; } return ret; @@ -4890,6 +4992,7 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) if (ret != 1) { /* Decrease reference count on error as we didn't store it. */ wolfSSL_X509_free(x509); + x509 = NULL; } } @@ -4953,6 +5056,7 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) if (ret != 1) { /* Free it now on error. */ wolfSSL_X509_free(x509); + x509 = NULL; } } } @@ -4985,6 +5089,7 @@ int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) if ((ret = wolfSSL_add0_chain_cert(ssl, x509)) != 1) { /* Decrease reference count on error as not stored. */ wolfSSL_X509_free(x509); + x509 = NULL; } } @@ -5113,7 +5218,8 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) if (ret == 1) { /* Allocate memory to hold DER encoding.. */ - der = (unsigned char*)XMALLOC(derSize, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = (unsigned char*)XMALLOC((size_t)derSize, NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { WOLFSSL_MSG("Malloc failure"); ret = MEMORY_E; @@ -5355,8 +5461,8 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, } if (ret == 1) { /* Copy p and g into allocated buffers. */ - XMEMCPY(pAlloc, p, pSz); - XMEMCPY(gAlloc, g, gSz); + XMEMCPY(pAlloc, p, (size_t)pSz); + XMEMCPY(gAlloc, g, (size_t)gSz); /* Set the buffers into SSL. */ ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz); } @@ -5514,8 +5620,8 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, if (ret == 1) { /* Copy p and g into allocated buffers. */ - XMEMCPY(pAlloc, p, pSz); - XMEMCPY(gAlloc, g, gSz); + XMEMCPY(pAlloc, p, (size_t)pSz); + XMEMCPY(gAlloc, g, (size_t)gSz); /* Set the buffers into SSL context. */ ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz); } @@ -5567,8 +5673,8 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL. */ - p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + p = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((p == NULL) || (g == NULL)) { ret = MEMORY_E; } @@ -5633,8 +5739,8 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL. */ - p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + p = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + g = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((p == NULL) || (g == NULL)) { ret = MEMORY_E; } diff --git a/src/src/ssl_misc.c b/src/src/ssl_misc.c index 9a5f4b0..56a71e8 100644 --- a/src/src/ssl_misc.c +++ b/src/src/ssl_misc.c @@ -1,6 +1,6 @@ /* ssl_misc.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include +#include #if !defined(WOLFSSL_SSL_MISC_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN diff --git a/src/src/ssl_p7p12.c b/src/src/ssl_p7p12.c index 12ef33c..00395c9 100644 --- a/src/src/ssl_p7p12.c +++ b/src/src/ssl_p7p12.c @@ -1,6 +1,6 @@ /* ssl_p7p12.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(OPENSSL_EXTRA) && (defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) #include @@ -231,6 +227,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) if (x509) { if (wolfSSL_sk_X509_push(ret, x509) <= 0) { wolfSSL_X509_free(x509); + x509 = NULL; WOLFSSL_MSG("wolfSSL_sk_X509_push error"); goto error; } @@ -1180,6 +1177,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, DYNAMIC_TYPE_PKCS7); if (canonSection == NULL) { goto error; + } else { + XMEMSET(canonSection, 0, (word32)canonSize); } lineLen = wolfSSL_BIO_gets(in, section, remainLen); @@ -1912,12 +1911,14 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_MSG("Issue with parsing certificate"); FreeDecodedCert(DeCert); wolfSSL_X509_free(x509); + x509 = NULL; } else { if (CopyDecodedToX509(x509, DeCert) != 0) { WOLFSSL_MSG("Failed to copy decoded cert"); FreeDecodedCert(DeCert); wolfSSL_X509_free(x509); + x509 = NULL; wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(certData, heap, DYNAMIC_TYPE_PKCS); @@ -1937,6 +1938,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (wolfSSL_sk_X509_push(*ca, x509) <= 0) { WOLFSSL_MSG("Failed to push x509 onto stack"); wolfSSL_X509_free(x509); + x509 = NULL; wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(certData, heap, DYNAMIC_TYPE_PKCS); diff --git a/src/src/ssl_sess.c b/src/src/ssl_sess.c index 1471b9d..c5e0e68 100644 --- a/src/src/ssl_sess.c +++ b/src/src/ssl_sess.c @@ -1,6 +1,6 @@ /* ssl_sess.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFSSL_SSL_SESS_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -375,7 +370,7 @@ int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession) WOLFSSL_MSG("Valid ServerID not cached already"); ssl->session->idLen = (word16)len; - XMEMCPY(ssl->session->serverID, id, len); + XMEMCPY(ssl->session->serverID, id, (size_t)len); } #ifdef HAVE_EXT_CACHE else { @@ -1457,6 +1452,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) if (peer != NULL) { wolfSSL_X509_free(peer); + peer = NULL; } #endif @@ -1819,7 +1815,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, ticLen = addSession->ticketLen; /* Alloc Memory here to avoid syscalls during lock */ if (ticLen > SESSION_TICKET_LEN) { - ticBuff = (byte*)XMALLOC(ticLen, NULL, + ticBuff = (byte*)XMALLOC((size_t)ticLen, NULL, DYNAMIC_TYPE_SESSION_TICK); if (ticBuff == NULL) { return MEMORY_E; @@ -1978,7 +1974,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, /* Copy in the certs from the session */ addSession->chain.count = cacheSession->chain.count; XMEMCPY(addSession->chain.certs, cacheSession->chain.certs, - sizeof(x509_buffer) * cacheSession->chain.count); + sizeof(x509_buffer) * (size_t)cacheSession->chain.count); } #endif /* SESSION_CERTS */ #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) @@ -2669,7 +2665,8 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) unsigned char *data; if (*p == NULL) - *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL); + *p = (unsigned char*)XMALLOC((size_t)size, NULL, + DYNAMIC_TYPE_OPENSSL); if (*p == NULL) return 0; data = *p; @@ -2693,7 +2690,7 @@ int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) c16toa((word16)sess->chain.certs[i].length, data + idx); idx += OPAQUE16_LEN; XMEMCPY(data + idx, sess->chain.certs[i].buffer, - sess->chain.certs[i].length); + (size_t)sess->chain.certs[i].length); idx += sess->chain.certs[i].length; } #endif @@ -3524,7 +3521,7 @@ int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, size = outSz; } - XMEMCPY(out, ses->masterSecret, size); + XMEMCPY(out, ses->masterSecret, (size_t)size); return size; } @@ -3538,6 +3535,10 @@ int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses) #ifdef WOLFSSL_EARLY_DATA unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session) { + if (session == NULL) { + return BAD_FUNC_ARG; + } + return session->maxEarlyDataSz; } #endif /* WOLFSSL_EARLY_DATA */ @@ -3565,7 +3566,16 @@ void SetupSession(WOLFSSL* ssl) session->side = (byte)ssl->options.side; if (!IsAtLeastTLSv1_3(ssl->version) && ssl->arrays != NULL) XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN); - session->haveEMS = ssl->options.haveEMS; + /* RFC8446 Appendix D. + * implementations which support both TLS 1.3 and earlier versions SHOULD + * indicate the use of the Extended Master Secret extension in their APIs + * whenever TLS 1.3 is used. + * Set haveEMS so that we send the extension in subsequent connections that + * offer downgrades. */ + if (IsAtLeastTLSv1_3(ssl->version)) + session->haveEMS = 1; + else + session->haveEMS = ssl->options.haveEMS; #ifdef WOLFSSL_SESSION_ID_CTX /* If using compatibility layer then check for and copy over session context * id. */ @@ -3757,7 +3767,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, word16 ticLenAlloc = 0; byte *ticBuff = NULL; #endif - const size_t copyOffset = OFFSETOF(WOLFSSL_SESSION, heap) + + const size_t copyOffset = WC_OFFSETOF(WOLFSSL_SESSION, heap) + sizeof(input->heap); int ret = WOLFSSL_SUCCESS; @@ -4096,7 +4106,7 @@ void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) ForceZero(session->sessionID, ID_LEN); if (session->type == WOLFSSL_SESSION_TYPE_HEAP) { - XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); + XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */ } } diff --git a/src/src/tls.c b/src/src/tls.c index 0e5f43b..6ad21c9 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef WOLFCRYPT_ONLY @@ -48,12 +42,12 @@ #ifdef HAVE_CURVE448 #include #endif -#ifdef WOLFSSL_HAVE_KYBER - #include -#ifdef WOLFSSL_WC_KYBER - #include +#ifdef WOLFSSL_HAVE_MLKEM + #include +#ifdef WOLFSSL_WC_MLKEM + #include #elif defined(HAVE_LIBOQS) - #include + #include #endif #endif @@ -645,12 +639,24 @@ int MakeTlsMasterSecret(WOLFSSL* ssl) XMEMSET(handshake_hash, 0, HSHASH_SZ); ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); if (ret == 0) { - ret = _MakeTlsExtendedMasterSecret( - ssl->arrays->masterSecret, SECRET_LEN, - ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, - handshake_hash, hashSz, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, - ssl->heap, ssl->devId); + #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) + ret = PROTOCOLCB_UNAVAILABLE; + if (ssl->ctx->GenExtMasterCb) { + void* ctx = wolfSSL_GetGenExtMasterSecretCtx(ssl); + ret = ssl->ctx->GenExtMasterCb(ssl, handshake_hash, hashSz, + ctx); + } + if (!ssl->ctx->GenExtMasterCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) + #endif /* (HAVE_SECRET_CALLBACK) && (HAVE_EXT_SECRET_CALLBACK) */ + { + ret = _MakeTlsExtendedMasterSecret( + ssl->arrays->masterSecret, SECRET_LEN, + ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, + handshake_hash, hashSz, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); + } ForceZero(handshake_hash, hashSz); } @@ -1024,7 +1030,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, if (ret != 0) return ret; - XMEMSET(hmac->innerHash, 0, macLen); + XMEMSET(hmac->innerHash, 0, (size_t)macLen); if (safeBlocks > 0) { ret = Hmac_HashUpdate(hmac, header, headerSz); @@ -1039,7 +1045,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, else safeBlocks = 0; - XMEMSET(digest, 0, macLen); + XMEMSET(digest, 0, (size_t)macLen); k = (unsigned int)(safeBlocks * blockSz); for (i = safeBlocks; i < blocks; i++) { unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; @@ -1190,8 +1196,8 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, ret = wc_HmacUpdate(hmac, header, headerSz); if (ret == 0) { /* Fill the rest of the block with any available data. */ - word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz; - currSz |= ctMaskGTE((int)msgSz, blockSz) & blockSz; + word32 currSz = ctMaskLT((int)msgSz, (int)blockSz) & msgSz; + currSz |= ctMaskGTE((int)msgSz, (int)blockSz) & blockSz; currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; currSz &= ~(0 - (currSz >> 31)); ret = wc_HmacUpdate(hmac, in, currSz); @@ -1338,7 +1344,7 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, #ifdef HAVE_BLAKE2 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { ret = Hmac_UpdateFinal(&hmac, digest, in, - sz + hashSz + padSz + 1, myInner, innerSz); + sz + hashSz + (word32)padSz + 1, myInner, innerSz); } else #endif @@ -1349,8 +1355,9 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, } #else - ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, - myInner, innerSz); + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + + (word32)(padSz) + 1, + myInner, innerSz); #endif } else { @@ -2964,7 +2971,10 @@ static int TLSX_TCA_VerifyParse(WOLFSSL* ssl, byte isRequest) (void)ssl; if (!isRequest) { - #ifndef NO_WOLFSSL_CLIENT + /* RFC 6066 section 6 states that the server responding + * to trusted_ca_keys is optional. Do not error out unless + * opted into with the define WOLFSSL_REQUIRE_TCA. */ + #if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_REQUIRE_TCA) TLSX* extension = TLSX_Find(ssl->extensions, TLSX_TRUSTED_CA_KEYS); if (extension && !extension->resp) { @@ -2972,7 +2982,9 @@ static int TLSX_TCA_VerifyParse(WOLFSSL* ssl, byte isRequest) WOLFSSL_ERROR_VERBOSE(TCA_ABSENT_ERROR); return TCA_ABSENT_ERROR; } - #endif /* NO_WOLFSSL_CLIENT */ + #else + WOLFSSL_MSG("No response received for trusted_ca_keys. Continuing."); + #endif /* !NO_WOLFSSL_CLIENT && WOLFSSL_REQUIRE_TCA */ } return 0; @@ -3226,6 +3238,14 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest, #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL && + SSL_CM(csr->ssl)->ocsp_stapling != NULL && + SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL && + idx == 0) { + return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspRespSz; + } +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ return (word16)(OPAQUE8_LEN + OPAQUE24_LEN + csr->responses[idx].length); } @@ -3235,6 +3255,70 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest, return size; } +#if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) && \ +(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) +static int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl) +{ + void *ioCtx = NULL; + WOLFSSL_OCSP *ocsp; + int ret; + + if (ssl == NULL || SSL_CM(ssl) == NULL) + return BAD_FUNC_ARG; + ocsp = SSL_CM(ssl)->ocsp_stapling; + if (ocsp == NULL || ocsp->statusCb == NULL) + return BAD_FUNC_ARG; + ioCtx = (ssl->ocspIOCtx != NULL) ? ssl->ocspIOCtx : ocsp->cm->ocspIOCtx; + ret = ocsp->statusCb(ssl, ioCtx); + switch (ret) { + case SSL_TLSEXT_ERR_OK: + if (ssl->ocspRespSz > 0) { + /* ack the extension, status cb provided the response in + * ssl->ocspResp */ + TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); + ssl->status_request = WOLFSSL_CSR_OCSP; + } + ret = 0; + break; + case SSL_TLSEXT_ERR_NOACK: + /* suppressing as not critical */ + ret = 0; + break; + case SSL_TLSEXT_ERR_ALERT_FATAL: + default: + ret = WOLFSSL_FATAL_ERROR; + break; + } + return ret; +} + +static int TLSX_CSR_WriteWithStatusCB(CertificateStatusRequest* csr, + byte* output) +{ + WOLFSSL *ssl = csr->ssl; + WOLFSSL_OCSP *ocsp; + word16 offset = 0; + byte *response; + int respSz; + + if (ssl == NULL || SSL_CM(ssl) == NULL) + return BAD_FUNC_ARG; + ocsp = SSL_CM(ssl)->ocsp_stapling; + if (ocsp == NULL || ocsp->statusCb == NULL) + return BAD_FUNC_ARG; + response = ssl->ocspResp; + respSz = ssl->ocspRespSz; + if (response == NULL || respSz == 0) + return BAD_FUNC_ARG; + output[offset++] = WOLFSSL_CSR_OCSP; + c32to24(respSz, output + offset); + offset += OPAQUE24_LEN; + XMEMCPY(output + offset, response, respSz); + return offset + respSz; +} +#endif /* (TLS13 && !NO_WOLFSLL_SERVER) && (OPENSSL_ALL || WOLFSSL_NGINX || +WOLFSSL_HAPROXY) */ + static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) { return TLSX_CSR_GetSize_ex(csr, isRequest, 0); @@ -3287,6 +3371,14 @@ int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { word16 offset = 0; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL && + SSL_CM(csr->ssl)->ocsp_stapling != NULL && + SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL && + idx == 0) { + return TLSX_CSR_WriteWithStatusCB(csr, output); + } +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ output[offset++] = csr->status_type; c32to24(csr->responses[idx].length, output + offset); offset += OPAQUE24_LEN; @@ -3451,7 +3543,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (request) { XMEMCPY(request->nonce, csr->request.ocsp[0].nonce, - csr->request.ocsp[0].nonceSz); + (size_t)csr->request.ocsp[0].nonceSz); request->nonceSz = csr->request.ocsp[0].nonceSz; } } @@ -3562,7 +3654,13 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { - +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + if (ssl != NULL && SSL_CM(ssl) != NULL && + SSL_CM(ssl)->ocsp_stapling != NULL && + SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) { + return TLSX_CSR_SetResponseWithStatusCB(ssl); +} +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ if (ssl->buffers.certificate == NULL) { WOLFSSL_MSG("Certificate buffer not set!"); return BUFFER_ERROR; @@ -3655,14 +3753,14 @@ int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, csr->requests--; } /* preserve nonce */ - XMEMCPY(nonce, request->nonce, nonceSz); + XMEMCPY(nonce, csr->request.ocsp->nonce, (size_t)nonceSz); if (req_cnt < MAX_CERT_EXTENSIONS) { if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0) return ret; /* restore nonce */ - XMEMCPY(request->nonce, nonce, nonceSz); + XMEMCPY(csr->request.ocsp->nonce, nonce, (size_t)nonceSz); request->nonceSz = nonceSz; csr->requests++; } @@ -3977,7 +4075,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (request) { XMEMCPY(request->nonce, csr2->request.ocsp[0].nonce, - csr2->request.ocsp[0].nonceSz); + (size_t)csr2->request.ocsp[0].nonceSz); request->nonceSz = csr2->request.ocsp[0].nonceSz; @@ -4059,6 +4157,14 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length, continue; } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + /* OpenSSL status CB supports only CERTIFICATE STATUS REQ V1 */ + if (ssl != NULL && SSL_CM(ssl) != NULL && + SSL_CM(ssl)->ocsp_stapling != NULL && + SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) { + return 0; + } +#endif /* if using status_request and already sending it, remove it * and prefer to use the v2 version */ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST @@ -4189,7 +4295,8 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, int nonceSz = csr2->request.ocsp[0].nonceSz; /* preserve nonce, replicating nonce of ocsp[0] */ - XMEMCPY(nonce, csr2->request.ocsp[0].nonce, nonceSz); + XMEMCPY(nonce, csr2->request.ocsp[0].nonce, + (size_t)nonceSz); if ((ret = InitOcspRequest( &csr2->request.ocsp[csr2->requests], cert, @@ -4198,7 +4305,7 @@ int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert, byte isPeer, /* restore nonce */ XMEMCPY(csr2->request.ocsp[csr2->requests].nonce, - nonce, nonceSz); + nonce, (size_t)nonceSz); csr2->request.ocsp[csr2->requests].nonceSz = nonceSz; csr2->requests++; } @@ -4316,6 +4423,11 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, CertificateStatusRequestItemV2* last = (CertificateStatusRequestItemV2*)extension->data; + if (last == NULL) { + XFREE(csr2, heap, DYNAMIC_TYPE_TLSX); + return BAD_FUNC_ARG; + } + for (; last->next; last = last->next); last->next = csr2; @@ -4349,7 +4461,7 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, #ifdef HAVE_SUPPORTED_CURVES #if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \ - && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_KYBER) + && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_MLKEM) #error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \ Use --enable-ecc and/or --enable-liboqs in the configure script or \ define HAVE_ECC. Alternatively use FFDHE for DH cipher suites. @@ -4809,7 +4921,7 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup, const DhParams* params = NULL; for (; serverGroup != NULL; serverGroup = serverGroup->next) { - if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(serverGroup->name)) + if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(serverGroup->name)) continue; for (group = clientGroup; group != NULL; group = group->next) { @@ -4886,7 +4998,7 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup, word32 p_len; for (; serverGroup != NULL; serverGroup = serverGroup->next) { - if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(serverGroup->name)) + if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(serverGroup->name)) continue; for (group = clientGroup; group != NULL; group = group->next) { @@ -4990,7 +5102,7 @@ int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl) return 0; clientGroup = (SupportedCurve*)extension->data; for (group = clientGroup; group != NULL; group = group->next) { - if (WOLFSSL_NAMED_GROUP_IS_FFHDE(group->name)) { + if (WOLFSSL_NAMED_GROUP_IS_FFDHE(group->name)) { found = 1; break; } @@ -7675,6 +7787,7 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) if (ret == 0) { /* setting "key" means okay to call wc_curve25519_free */ key = (curve25519_key*)kse->key; + kse->keyLen = CURVE25519_KEYSIZE; #ifdef WOLFSSL_STATIC_EPHEMERAL ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE25519, kse->key); @@ -7760,6 +7873,7 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse) ret = wc_curve448_init((curve448_key*)kse->key); if (ret == 0) { key = (curve448_key*)kse->key; + kse->keyLen = CURVE448_KEY_SIZE; #ifdef WOLFSSL_STATIC_EPHEMERAL ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE448, kse->key); @@ -7899,7 +8013,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) #ifdef WOLFSSL_STATIC_EPHEMERAL ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_ECDH, kse->key); - if (ret != 0) + if (ret != 0 || eccKey->dp->id != curveId) #endif { /* set curve info for EccMakeKey "peer" info */ @@ -7977,8 +8091,24 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) return ret; } -#ifdef WOLFSSL_HAVE_KYBER -static int kyber_id2type(int id, int *type) +#ifdef WOLFSSL_HAVE_MLKEM +#if defined(WOLFSSL_MLKEM_CACHE_A) && \ + !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY) + /* Store KyberKey object rather than private key bytes in key share entry. + * Improves performance at cost of more dynamic memory being used. */ + #define WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ +#endif +#if defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY) && \ + defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ) + #error "Choose WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY or " + "WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ" +#endif + +#if !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + (!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ)) +static int mlkem_id2type(int id, int *type) { int ret = 0; @@ -8000,7 +8130,7 @@ static int kyber_id2type(int id, int *type) break; #endif #endif -#ifdef WOLFSSL_KYBER_ORIGINAL +#ifdef WOLFSSL_MLKEM_KYBER #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: *type = KYBER512; @@ -8024,82 +8154,92 @@ static int kyber_id2type(int id, int *type) return ret; } +#endif +/* Structures and objects needed for hybrid key exchanges using both classic + * ECDHE and PQC KEM key material. */ typedef struct PqcHybridMapping { int hybrid; int ecc; int pqc; + int pqc_first; } PqcHybridMapping; static const PqcHybridMapping pqc_hybrid_mapping[] = { #ifndef WOLFSSL_NO_ML_KEM - {.hybrid = WOLFSSL_P256_ML_KEM_512, .ecc = WOLFSSL_ECC_SECP256R1, - .pqc = WOLFSSL_ML_KEM_512}, - {.hybrid = WOLFSSL_P384_ML_KEM_768, .ecc = WOLFSSL_ECC_SECP384R1, - .pqc = WOLFSSL_ML_KEM_768}, - {.hybrid = WOLFSSL_P521_ML_KEM_1024, .ecc = WOLFSSL_ECC_SECP521R1, - .pqc = WOLFSSL_ML_KEM_1024}, -#endif -#ifdef WOLFSSL_KYBER_ORIGINAL - {.hybrid = WOLFSSL_P256_KYBER_LEVEL1, .ecc = WOLFSSL_ECC_SECP256R1, - .pqc = WOLFSSL_KYBER_LEVEL1}, - {.hybrid = WOLFSSL_P384_KYBER_LEVEL3, .ecc = WOLFSSL_ECC_SECP384R1, - .pqc = WOLFSSL_KYBER_LEVEL3}, - {.hybrid = WOLFSSL_P521_KYBER_LEVEL5, .ecc = WOLFSSL_ECC_SECP521R1, - .pqc = WOLFSSL_KYBER_LEVEL5}, -#endif - {.hybrid = 0, .ecc = 0, .pqc = 0} + {WOLFSSL_P256_ML_KEM_512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, + {WOLFSSL_P384_ML_KEM_768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, + {WOLFSSL_P256_ML_KEM_768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0}, + {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, + {WOLFSSL_P384_ML_KEM_1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0}, +#ifdef HAVE_CURVE25519 + {WOLFSSL_X25519_ML_KEM_512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1}, + {WOLFSSL_X25519_ML_KEM_768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1}, +#endif +#ifdef HAVE_CURVE448 + {WOLFSSL_X448_ML_KEM_768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1}, +#endif +#endif /* WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_MLKEM_KYBER + {WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_ECC_SECP256R1, WOLFSSL_KYBER_LEVEL1, 0}, + {WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_ECC_SECP384R1, WOLFSSL_KYBER_LEVEL3, 0}, + {WOLFSSL_P256_KYBER_LEVEL3, WOLFSSL_ECC_SECP256R1, WOLFSSL_KYBER_LEVEL3, 0}, + {WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_ECC_SECP521R1, WOLFSSL_KYBER_LEVEL5, 0}, +#ifdef HAVE_CURVE25519 + {WOLFSSL_X25519_KYBER_LEVEL1, WOLFSSL_ECC_X25519, WOLFSSL_KYBER_LEVEL1, 0}, + {WOLFSSL_X25519_KYBER_LEVEL3, WOLFSSL_ECC_X25519, WOLFSSL_KYBER_LEVEL3, 0}, +#endif +#ifdef HAVE_CURVE448 + {WOLFSSL_X448_KYBER_LEVEL3, WOLFSSL_ECC_X448, WOLFSSL_KYBER_LEVEL3, 0}, +#endif +#endif /* WOLFSSL_MLKEM_KYBER */ + {0, 0, 0, 0} }; -/* This will map an ecc-pqs hybrid group into its ecc group and pqc kem group. - * If it cannot find a mapping then *pqc is set to group. ecc is optional. */ -static void findEccPqc(int *ecc, int *pqc, int group) +/* Map an ecc-pqc hybrid group into its ecc group and pqc kem group. */ +static void findEccPqc(int *ecc, int *pqc, int *pqc_first, int group) { int i; - if (pqc == NULL) { - return; - } - *pqc = 0; - if (ecc != NULL) { + if (pqc != NULL) + *pqc = 0; + if (ecc != NULL) *ecc = 0; - } + if (pqc_first != NULL) + *pqc_first = 0; for (i = 0; pqc_hybrid_mapping[i].hybrid != 0; i++) { if (pqc_hybrid_mapping[i].hybrid == group) { - *pqc = pqc_hybrid_mapping[i].pqc; - if (ecc != NULL) { + if (pqc != NULL) + *pqc = pqc_hybrid_mapping[i].pqc; + if (ecc != NULL) *ecc = pqc_hybrid_mapping[i].ecc; - } + if (pqc_first != NULL) + *pqc_first = pqc_hybrid_mapping[i].pqc_first; break; } } - - if (*pqc == 0) { - /* It is not a hybrid, so maybe its simple. */ - *pqc = group; - } } -/* Create a key share entry using liboqs parameters group. +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY +/* Create a key share entry using pqc parameters group on the client side. * Generates a key pair. * * ssl The SSL/TLS object. * kse The key share entry object. * returns 0 on success, otherwise failure. */ -static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) +static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) { int ret = 0; int type = 0; +#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ KyberKey kem[1]; - byte* pubKey = NULL; byte* privKey = NULL; - KeyShareEntry *ecc_kse = NULL; - int oqs_group = 0; - int ecc_group = 0; word32 privSz = 0; - word32 pubSz = 0; +#else + KyberKey* kem = NULL; +#endif /* This gets called twice. Once during parsing of the key share and once * during the population of the extension. No need to do work the second @@ -8108,13 +8248,14 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) return ret; } - findEccPqc(&ecc_group, &oqs_group, kse->group); - ret = kyber_id2type(oqs_group, &type); + /* Get the type of key we need from the key share group. */ + ret = mlkem_id2type(kse->group, &type); if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { WOLFSSL_MSG("Invalid Kyber algorithm specified."); ret = BAD_FUNC_ARG; } +#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ if (ret == 0) { ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); if (ret != 0) { @@ -8123,75 +8264,222 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) } if (ret == 0) { - ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, - DYNAMIC_TYPE_TLSX); - if (ecc_kse == NULL) { - WOLFSSL_MSG("ecc_kse memory allocation failure"); + ret = wc_KyberKey_PrivateKeySize(kem, &privSz); + } + if (ret == 0) { + ret = wc_KyberKey_PublicKeySize(kem, &kse->pubKeyLen); + } + + if (ret == 0) { + privKey = (byte*)XMALLOC(privSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + if (privKey == NULL) { + WOLFSSL_MSG("privkey memory allocation failure"); + ret = MEMORY_ERROR; + } + } +#else + if (ret == 0) { + /* Allocate a Kyber key to hold private key. */ + kem = (KyberKey*)XMALLOC(sizeof(KyberKey), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (kem == NULL) { + WOLFSSL_MSG("KEM memory allocation failure"); ret = MEMORY_ERROR; } } + if (ret == 0) { + ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); + if (ret != 0) { + WOLFSSL_MSG("Failed to initialize Kyber Key."); + } + } + if (ret == 0) { + ret = wc_KyberKey_PublicKeySize(kem, &kse->pubKeyLen); + } +#endif if (ret == 0) { - XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + kse->pubKey = (byte*)XMALLOC(kse->pubKeyLen, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (kse->pubKey == NULL) { + WOLFSSL_MSG("pubkey memory allocation failure"); + ret = MEMORY_ERROR; + } + } - ret = wc_KyberKey_PrivateKeySize(kem, &privSz); + if (ret == 0) { + ret = wc_KyberKey_MakeKey(kem, ssl->rng); + if (ret != 0) { + WOLFSSL_MSG("Kyber keygen failure"); + } } if (ret == 0) { - ret = wc_KyberKey_PublicKeySize(kem, &pubSz); + ret = wc_KyberKey_EncodePublicKey(kem, kse->pubKey, + kse->pubKeyLen); } - if (ret == 0 && ecc_group != 0) { - ecc_kse->group = ecc_group; - ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); - /* If fail, no error message, TLSX_KeyShare_GenEccKey will do it. */ +#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + if (ret == 0) { + ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz); + } +#endif + +#ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Public Kyber Key"); + WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen ); +#endif + + if (ret != 0) { + /* Data owned by key share entry otherwise. */ + wc_KyberKey_Free(kem); + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + #else + XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; + #endif + } + else { + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + wc_KyberKey_Free(kem); + kse->privKey = (byte*)privKey; + kse->privKeyLen = privSz; + #else + kse->key = kem; + #endif + } + + return ret; +} + +/* Create a key share entry using both ecdhe and pqc parameters groups. + * Generates two key pairs on the client side. + * + * ssl The SSL/TLS object. + * kse The key share entry object. + * returns 0 on success, otherwise failure. + */ +static int TLSX_KeyShare_GenPqcHybridKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) +{ + int ret = 0; + KeyShareEntry *ecc_kse = NULL; + KeyShareEntry *pqc_kse = NULL; + int pqc_group = 0; + int ecc_group = 0; + int pqc_first = 0; + + /* This gets called twice. Once during parsing of the key share and once + * during the population of the extension. No need to do work the second + * time. Just return success if its already been done. */ + if (kse->pubKey != NULL) { + return ret; + } + + /* Determine the ECC and PQC group of the hybrid combination */ + findEccPqc(&ecc_group, &pqc_group, &pqc_first, kse->group); + if (ecc_group == 0 || pqc_group == 0) { + WOLFSSL_MSG("Invalid hybrid group"); + ret = BAD_FUNC_ARG; } if (ret == 0) { - pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + pubSz, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pubKey == NULL) { - WOLFSSL_MSG("pubkey memory allocation failure"); + ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (ecc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); ret = MEMORY_ERROR; } + else { + XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + } } - if (ret == 0) { - privKey = (byte*)XMALLOC(privSz, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (privKey == NULL) { - WOLFSSL_MSG("privkey memory allocation failure"); + pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (pqc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); ret = MEMORY_ERROR; } + else { + XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + } } + /* Generate ECC key share part */ if (ret == 0) { - ret = wc_KyberKey_MakeKey(kem, ssl->rng); - if (ret != 0) { - WOLFSSL_MSG("Kyber keygen failure"); + ecc_kse->group = ecc_group; + #ifdef HAVE_CURVE25519 + if (ecc_group == WOLFSSL_ECC_X25519) { + ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse); + } + else + #endif + #ifdef HAVE_CURVE448 + if (ecc_group == WOLFSSL_ECC_X448) { + ret = TLSX_KeyShare_GenX448Key(ssl, ecc_kse); + } + else + #endif + { + ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); } + /* No error message, TLSX_KeyShare_Gen*Key will do it. */ } + + /* Generate PQC key share part */ if (ret == 0) { - ret = wc_KyberKey_EncodePublicKey(kem, pubKey + ecc_kse->pubKeyLen, - pubSz); + pqc_kse->group = pqc_group; + ret = TLSX_KeyShare_GenPqcKeyClient(ssl, pqc_kse); + /* No error message, TLSX_KeyShare_GenPqcKeyClient will do it. */ } + + /* Allocate memory for combined public key */ if (ret == 0) { - ret = wc_KyberKey_EncodePrivateKey(kem, privKey, privSz); + kse->pubKey = (byte*)XMALLOC(ecc_kse->pubKeyLen + pqc_kse->pubKeyLen, + ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (kse->pubKey == NULL) { + WOLFSSL_MSG("pubkey memory allocation failure"); + ret = MEMORY_ERROR; + } } + + /* Create combined public key. The order of classic/pqc key material is + * indicated by the pqc_first variable. */ if (ret == 0) { - if (ecc_kse->pubKeyLen > 0) - XMEMCPY(pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen); - kse->pubKey = pubKey; - kse->pubKeyLen = ecc_kse->pubKeyLen + pubSz; - pubKey = NULL; - - /* Note we are saving the OQS private key and ECC private key - * separately. That's because the ECC private key is not simply a - * buffer. Its is an ecc_key struct. Typically do not need the private - * key size, but will need to zero it out upon freeing. */ - kse->privKey = privKey; - privKey = NULL; - kse->privKeyLen = privSz; + if (pqc_first) { + XMEMCPY(kse->pubKey, pqc_kse->pubKey, pqc_kse->pubKeyLen); + XMEMCPY(kse->pubKey + pqc_kse->pubKeyLen, ecc_kse->pubKey, + ecc_kse->pubKeyLen); + } + else { + XMEMCPY(kse->pubKey, ecc_kse->pubKey, ecc_kse->pubKeyLen); + XMEMCPY(kse->pubKey + ecc_kse->pubKeyLen, pqc_kse->pubKey, + pqc_kse->pubKeyLen); + } + kse->pubKeyLen = ecc_kse->pubKeyLen + pqc_kse->pubKeyLen; + } + /* Store the private keys. + * Note we are saving the PQC private key and ECC private key + * separately. That's because the ECC private key is not simply a + * buffer. Its is an ecc_key struct. */ + if (ret == 0) { + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + /* PQC private key is an encoded byte array */ + kse->privKey = pqc_kse->privKey; + kse->privKeyLen = pqc_kse->privKeyLen; + pqc_kse->privKey = NULL; + #else + /* PQC private key is a pointer to KyberKey object */ + kse->privKey = (byte*)pqc_kse->key; + kse->privKeyLen = 0; + pqc_kse->key = NULL; + #endif + /* ECC private key is a pointer to ecc_key object */ kse->key = ecc_kse->key; + kse->keyLen = ecc_kse->keyLen; ecc_kse->key = NULL; } @@ -8200,14 +8488,13 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) WOLFSSL_BUFFER(kse->pubKey, kse->pubKeyLen ); #endif - wc_KyberKey_Free(kem); TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap); return ret; } -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */ +#endif /* WOLFSSL_HAVE_MLKEM */ /* Generate a secret/key using the key share entry. * @@ -8218,15 +8505,17 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse) { int ret; /* Named FFDHE groups have a bit set to identify them. */ - if (WOLFSSL_NAMED_GROUP_IS_FFHDE(kse->group)) + if (WOLFSSL_NAMED_GROUP_IS_FFDHE(kse->group)) ret = TLSX_KeyShare_GenDhKey(ssl, kse); else if (kse->group == WOLFSSL_ECC_X25519) ret = TLSX_KeyShare_GenX25519Key(ssl, kse); else if (kse->group == WOLFSSL_ECC_X448) ret = TLSX_KeyShare_GenX448Key(ssl, kse); -#ifdef WOLFSSL_HAVE_KYBER +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group)) - ret = TLSX_KeyShare_GenPqcKey(ssl, kse); + ret = TLSX_KeyShare_GenPqcKeyClient(ssl, kse); + else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(kse->group)) + ret = TLSX_KeyShare_GenPqcHybridKeyClient(ssl, kse); #endif else ret = TLSX_KeyShare_GenEccKey(ssl, kse); @@ -8247,7 +8536,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) while ((current = list) != NULL) { list = current->next; - if (WOLFSSL_NAMED_GROUP_IS_FFHDE(current->group)) { + if (WOLFSSL_NAMED_GROUP_IS_FFDHE(current->group)) { #ifndef NO_DH wc_FreeDhKey((DhKey*)current->key); #endif @@ -8262,17 +8551,43 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) wc_curve448_free((curve448_key*)current->key); #endif } -#ifdef WOLFSSL_HAVE_KYBER +#ifdef WOLFSSL_HAVE_MLKEM else if (WOLFSSL_NAMED_GROUP_IS_PQC(current->group)) { - if (current->key != NULL) { - ForceZero((byte*)current->key, current->keyLen); + wc_KyberKey_Free((KyberKey*)current->key); + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + if (current->privKey != NULL) { + ForceZero(current->privKey, current->privKeyLen); } - XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); - current->pubKey = NULL; + #endif + } + else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(current->group)) { + int ecc_group = 0; + findEccPqc(&ecc_group, NULL, NULL, current->group); + + /* Free PQC private key */ + #ifdef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + wc_KyberKey_Free((KyberKey*)current->privKey); + #else if (current->privKey != NULL) { ForceZero(current->privKey, current->privKeyLen); - XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY); - current->privKey = NULL; + } + #endif + + /* Free ECC private key */ + if (ecc_group == WOLFSSL_ECC_X25519) { + #ifdef HAVE_CURVE25519 + wc_curve25519_free((curve25519_key*)current->key); + #endif + } + else if (ecc_group == WOLFSSL_ECC_X448) { + #ifdef HAVE_CURVE448 + wc_curve448_free((curve448_key*)current->key); + #endif + } + else { + #ifdef HAVE_ECC + wc_ecc_free((ecc_key*)current->key); + #endif } } #endif @@ -8282,7 +8597,7 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) #endif } XFREE(current->key, heap, DYNAMIC_TYPE_PRIVATE_KEY); - #if !defined(NO_DH) && (!defined(NO_CERTS) || !defined(NO_PSK)) + #if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM) XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY); #endif XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -8508,10 +8823,15 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) * * ssl The SSL/TLS object. * keyShareEntry The key share entry object to use to calculate shared secret. + * ssOutput The destination buffer for the shared secret. + * ssOutSz The size of the generated shared secret. + * * returns 0 on success and other values indicate failure. */ -static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, - KeyShareEntry* keyShareEntry) +static int TLSX_KeyShare_ProcessX25519_ex(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, + unsigned char* ssOutput, + word32* ssOutSz) { int ret; @@ -8560,11 +8880,13 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, if (ret == 0) { ssl->ecdhCurveOID = ECC_X25519_OID; - + #ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_set_rng(key, ssl->rng); + } + if (ret == 0) { + #endif ret = wc_curve25519_shared_secret_ex(key, peerX25519Key, - ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz, - EC25519_LITTLE_ENDIAN); + ssOutput, ssOutSz, EC25519_LITTLE_ENDIAN); } wc_curve25519_free(peerX25519Key); @@ -8572,9 +8894,13 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, wc_curve25519_free((curve25519_key*)keyShareEntry->key); XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); keyShareEntry->key = NULL; + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; #else (void)ssl; (void)keyShareEntry; + (void)ssOutput; + (void)ssOutSz; ret = PEER_KEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); @@ -8583,13 +8909,33 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, return ret; } +/* Process the X25519 key share extension on the client side. + * + * ssl The SSL/TLS object. + * keyShareEntry The key share entry object to use to calculate shared secret. + * + * returns 0 on success and other values indicate failure. + */ +static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry) +{ + return TLSX_KeyShare_ProcessX25519_ex(ssl, keyShareEntry, + ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz); +} + /* Process the X448 key share extension on the client side. * * ssl The SSL/TLS object. * keyShareEntry The key share entry object to use to calculate shared secret. + * ssOutput The destination buffer for the shared secret. + * ssOutSz The size of the generated shared secret. + * * returns 0 on success and other values indicate failure. */ -static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) +static int TLSX_KeyShare_ProcessX448_ex(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, + unsigned char* ssOutput, + word32* ssOutSz) { int ret; @@ -8640,9 +8986,7 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->ecdhCurveOID = ECC_X448_OID; ret = wc_curve448_shared_secret_ex(key, peerX448Key, - ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz, - EC448_LITTLE_ENDIAN); + ssOutput, ssOutSz, EC448_LITTLE_ENDIAN); } wc_curve448_free(peerX448Key); @@ -8650,9 +8994,13 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) wc_curve448_free((curve448_key*)keyShareEntry->key); XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); keyShareEntry->key = NULL; + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; #else (void)ssl; (void)keyShareEntry; + (void)ssOutput; + (void)ssOutSz; ret = PEER_KEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); @@ -8661,13 +9009,31 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return ret; } +/* Process the X448 key share extension on the client side. + * + * ssl The SSL/TLS object. + * keyShareEntry The key share entry object to use to calculate shared secret. + * returns 0 on success and other values indicate failure. + */ +static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) +{ + return TLSX_KeyShare_ProcessX448_ex(ssl, keyShareEntry, + ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz); +} + /* Process the ECC key share extension on the client side. * * ssl The SSL/TLS object. * keyShareEntry The key share entry object to use to calculate shared secret. + * ssOutput The destination buffer for the shared secret. + * ssOutSz The size of the generated shared secret. + * * returns 0 on success and other values indicate failure. */ -static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) +static int TLSX_KeyShare_ProcessEcc_ex(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, + unsigned char* ssOutput, + word32* ssOutSz) { int ret = 0; #ifdef HAVE_ECC @@ -8767,9 +9133,7 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (ret == 0) { ret = EccSharedSecret(ssl, eccKey, ssl->peerEccKey, keyShareEntry->ke, &keyShareEntry->keLen, - ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, - ssl->options.side - ); + ssOutput, ssOutSz, ssl->options.side); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; @@ -8797,6 +9161,8 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) #else (void)ssl; (void)keyShareEntry; + (void)ssOutput; + (void)ssOutSz; ret = PEER_KEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); @@ -8805,174 +9171,364 @@ static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) return ret; } -#ifdef WOLFSSL_HAVE_KYBER -/* Process the Kyber key share extension on the client side. +/* Process the ECC key share extension on the client side. * * ssl The SSL/TLS object. * keyShareEntry The key share entry object to use to calculate shared secret. * returns 0 on success and other values indicate failure. */ -static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) +static int TLSX_KeyShare_ProcessEcc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) { - int ret = 0; - int type; - KyberKey kem[1]; - byte* sharedSecret = NULL; - word32 sharedSecretLen = 0; - int oqs_group = 0; - int ecc_group = 0; - ecc_key eccpubkey; - word32 outlen = 0; - word32 privSz = 0; - word32 ctSz = 0; - word32 ssSz = 0; + return TLSX_KeyShare_ProcessEcc_ex(ssl, keyShareEntry, + ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz); +} - if (keyShareEntry->ke == NULL) { - WOLFSSL_MSG("Invalid OQS algorithm specified."); - return BAD_FUNC_ARG; - } +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +/* Process the Kyber key share extension on the client side. + * + * ssl The SSL/TLS object. + * keyShareEntry The key share entry object to use to calculate shared secret. + * ssOutput The destination buffer for the shared secret. + * ssOutSz The size of the generated shared secret. + * + * returns 0 on success and other values indicate failure. + */ +static int TLSX_KeyShare_ProcessPqcClient_ex(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, + unsigned char* ssOutput, + word32* ssOutSz) +{ + int ret = 0; + KyberKey* kem = (KyberKey*)keyShareEntry->key; +#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + word32 privSz = 0; +#endif + word32 ctSz = 0; + word32 ssSz = 0; if (ssl->options.side == WOLFSSL_SERVER_END) { /* I am the server, the shared secret has already been generated and - * is in keyShareEntry->ke; copy it to the pre-master secret - * pre-allocated buffer. */ - if (keyShareEntry->keLen > ENCRYPT_LEN) { - WOLFSSL_MSG("shared secret is too long."); - return LENGTH_ERROR; - } - - XMEMCPY(ssl->arrays->preMasterSecret, keyShareEntry->ke, - keyShareEntry->keLen); - ssl->arrays->preMasterSz = keyShareEntry->keLen; - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_SECRET); - keyShareEntry->ke = NULL; - keyShareEntry->keLen = 0; + * is in ssl->arrays->preMasterSecret, so nothing really to do here. */ return 0; } - /* I am the client, the ciphertext is in keyShareEntry->ke */ - findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group); - - ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId); - if (ret != 0) { - WOLFSSL_MSG("Memory allocation error."); - return MEMORY_E; - } - - ret = kyber_id2type(oqs_group, &type); - if (ret != 0) { - wc_ecc_free(&eccpubkey); - WOLFSSL_MSG("Invalid OQS algorithm specified."); + if (keyShareEntry->ke == NULL) { + WOLFSSL_MSG("Invalid PQC algorithm specified."); return BAD_FUNC_ARG; } + if (ssOutSz == NULL) + return BAD_FUNC_ARG; - ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); - if (ret != 0) { - wc_ecc_free(&eccpubkey); - WOLFSSL_MSG("Error creating Kyber KEM"); - return MEMORY_E; - } +#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + if (kem == NULL) { + int type = 0; - if (ret == 0) { - ret = wc_KyberKey_SharedSecretSize(kem, &ssSz); - } - if (ret == 0) { - sharedSecretLen = ssSz; - switch (ecc_group) { - case WOLFSSL_ECC_SECP256R1: - sharedSecretLen += 32; - outlen = 32; - break; - case WOLFSSL_ECC_SECP384R1: - sharedSecretLen += 48; - outlen = 48; - break; - case WOLFSSL_ECC_SECP521R1: - sharedSecretLen += 66; - outlen = 66; - break; - default: - break; + /* Allocate a Kyber key to hold private key. */ + kem = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (kem == NULL) { + WOLFSSL_MSG("GenPqcKey memory error"); + ret = MEMORY_E; + } + if (ret == 0) { + ret = mlkem_id2type(keyShareEntry->group, &type); + } + if (ret != 0) { + WOLFSSL_MSG("Invalid PQC algorithm specified."); + ret = BAD_FUNC_ARG; } + if (ret == 0) { + ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); + if (ret != 0) { + WOLFSSL_MSG("Error creating Kyber KEM"); + } + } + } +#else + if (kem == NULL || keyShareEntry->privKeyLen != 0) { + WOLFSSL_MSG("Invalid Kyber key."); + ret = BAD_FUNC_ARG; } +#endif + if (ret == 0) { - sharedSecret = (byte*)XMALLOC(sharedSecretLen, ssl->heap, - DYNAMIC_TYPE_TLSX); - if (sharedSecret == NULL) { - WOLFSSL_MSG("Memory allocation error."); - ret = MEMORY_E; - } + ret = wc_KyberKey_SharedSecretSize(kem, &ssSz); } if (ret == 0) { ret = wc_KyberKey_CipherTextSize(kem, &ctSz); } + +#ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ if (ret == 0) { ret = wc_KyberKey_PrivateKeySize(kem, &privSz); } + if (ret == 0 && privSz != keyShareEntry->privKeyLen) { + WOLFSSL_MSG("Invalid private key size."); + ret = BAD_FUNC_ARG; + } if (ret == 0) { ret = wc_KyberKey_DecodePrivateKey(kem, keyShareEntry->privKey, privSz); } +#endif + if (ret == 0) { - ret = wc_KyberKey_Decapsulate(kem, sharedSecret + outlen, - keyShareEntry->ke + keyShareEntry->keLen - ctSz, ctSz); + ret = wc_KyberKey_Decapsulate(kem, ssOutput, + keyShareEntry->ke, ctSz); if (ret != 0) { WOLFSSL_MSG("wc_KyberKey decapsulation failure."); ret = BAD_FUNC_ARG; } } + if (ret == 0) { + *ssOutSz = ssSz; + } + + wc_KyberKey_Free(kem); + + XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; + + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; + + return ret; +} + +/* Process the Kyber key share extension on the client side. + * + * ssl The SSL/TLS object. + * keyShareEntry The key share entry object to use to calculate shared secret. + * + * returns 0 on success and other values indicate failure. + */ +static int TLSX_KeyShare_ProcessPqcClient(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry) +{ + return TLSX_KeyShare_ProcessPqcClient_ex(ssl, keyShareEntry, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz); +} + +/* Process the hybrid key share extension on the client side. + * + * ssl The SSL/TLS object. + * keyShareEntry The key share entry object to use to calculate shared secret. + * returns 0 on success and other values indicate failure. + */ +static int TLSX_KeyShare_ProcessPqcHybridClient(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry) +{ + int ret = 0; + int pqc_group = 0; + int ecc_group = 0; + int pqc_first = 0; + KeyShareEntry* pqc_kse = NULL; + KeyShareEntry *ecc_kse = NULL; + word32 ctSz = 0; + word32 ssSzPqc = 0; + word32 ssSzEcc = 0; + + if (ssl->options.side == WOLFSSL_SERVER_END) { + /* I am the server, the shared secret has already been generated and + * is in ssl->arrays->preMasterSecret, so nothing really to do here. */ + return 0; + } + + if (keyShareEntry->ke == NULL) { + WOLFSSL_MSG("Invalid PQC algorithm specified."); + return BAD_FUNC_ARG; + } + + /* I am the client, both the PQC ciphertext and the ECHD public key are in + * keyShareEntry->ke */ + + /* Determine the ECC and PQC group of the hybrid combination */ + findEccPqc(&ecc_group, &pqc_group, &pqc_first, keyShareEntry->group); + if (ecc_group == 0 || pqc_group == 0) { + WOLFSSL_MSG("Invalid hybrid group"); + ret = BAD_FUNC_ARG; + } - if (ecc_group != 0) { + if (ret == 0) { + ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (ecc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); + ret = MEMORY_ERROR; + } + else { + XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + } + } + if (ret == 0) { + pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (pqc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); + ret = MEMORY_ERROR; + } + else { + XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + } + } + + /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we + * decode these sizes to separate the KEM ciphertext from the ECDH public + * key. */ + if (ret == 0) { + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + int type; + + pqc_kse->privKey = keyShareEntry->privKey; + + ret = mlkem_id2type(pqc_group, &type); + if (ret != 0) { + WOLFSSL_MSG("Invalid Kyber algorithm specified."); + ret = BAD_FUNC_ARG; + } if (ret == 0) { - /* Point is validated by import function. */ - ret = wc_ecc_import_x963(keyShareEntry->ke, - keyShareEntry->keLen - ctSz, - &eccpubkey); - if (ret != 0) { - WOLFSSL_MSG("ECC Public key import error."); + pqc_kse->key = XMALLOC(sizeof(KyberKey), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (pqc_kse->key == NULL) { + WOLFSSL_MSG("GenPqcKey memory error"); + ret = MEMORY_E; } } - -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) if (ret == 0) { - ret = wc_ecc_set_rng((ecc_key *)keyShareEntry->key, ssl->rng); + ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key, + ssl->heap, ssl->devId); if (ret != 0) { - WOLFSSL_MSG("Failure to set the ECC private key RNG."); + WOLFSSL_MSG("Error creating Kyber KEM"); } } -#endif + #else + pqc_kse->key = keyShareEntry->privKey; + #endif + + pqc_kse->group = pqc_group; + pqc_kse->privKeyLen = keyShareEntry->privKeyLen; if (ret == 0) { - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_shared_secret((ecc_key *)keyShareEntry->key, - &eccpubkey, sharedSecret, &outlen); - PRIVATE_KEY_LOCK(); - if (outlen != sharedSecretLen - ssSz) { - WOLFSSL_MSG("ECC shared secret derivation error."); + ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key, + &ssSzPqc); + } + if (ret == 0) { + ret = wc_KyberKey_CipherTextSize((KyberKey*)pqc_kse->key, + &ctSz); + if (ret == 0 && keyShareEntry->keLen <= ctSz) { + WOLFSSL_MSG("Invalid ciphertext size."); ret = BAD_FUNC_ARG; } } + if (ret == 0) { + pqc_kse->keLen = ctSz; + pqc_kse->ke = (byte*)XMALLOC(pqc_kse->keLen, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pqc_kse->ke == NULL) { + WOLFSSL_MSG("pqc_kse memory allocation failure"); + ret = MEMORY_ERROR; + } + /* Copy the PQC KEM ciphertext. Depending on the pqc_first flag, + * the KEM ciphertext comes before or after the ECDH public key. */ + if (ret == 0) { + int offset = keyShareEntry->keLen - ctSz; + + if (pqc_first) + offset = 0; + + XMEMCPY(pqc_kse->ke, keyShareEntry->ke + offset, ctSz); + } + } } - if ((ret == 0) && (sharedSecretLen > ENCRYPT_LEN)) { - WOLFSSL_MSG("shared secret is too long."); - ret = LENGTH_ERROR; + + if (ret == 0) { + ecc_kse->group = ecc_group; + ecc_kse->keLen = keyShareEntry->keLen - ctSz; + ecc_kse->key = keyShareEntry->key; + ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (ecc_kse->ke == NULL) { + WOLFSSL_MSG("ecc_kse memory allocation failure"); + ret = MEMORY_ERROR; + } + /* Copy the ECDH public key. Depending on the pqc_first flag, the + * KEM ciphertext comes before or after the ECDH public key. */ + if (ret == 0) { + int offset = 0; + + if (pqc_first) + offset = ctSz; + + XMEMCPY(ecc_kse->ke, keyShareEntry->ke + offset, ecc_kse->keLen); + } + } + + /* Process ECDH key share part. The generated shared secret is directly + * stored in the ssl->arrays->preMasterSecret buffer. Depending on the + * pqc_first flag, the ECDH shared secret part goes before or after the + * KEM part. */ + if (ret == 0) { + int offset = 0; + + /* Set the ECC size variable to the initial buffer size */ + ssSzEcc = ssl->arrays->preMasterSz; + + if (pqc_first) + offset = ssSzPqc; + + #ifdef HAVE_CURVE25519 + if (ecc_group == WOLFSSL_ECC_X25519) { + ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + offset, &ssSzEcc); + } + else + #endif + #ifdef HAVE_CURVE448 + if (ecc_group == WOLFSSL_ECC_X448) { + ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + offset, &ssSzEcc); + } + else + #endif + { + ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + offset, &ssSzEcc); + } + } + + if (ret == 0) { + keyShareEntry->key = ecc_kse->key; + + if ((ret == 0) && ((ssSzEcc + ssSzPqc) > ENCRYPT_LEN)) { + WOLFSSL_MSG("shared secret is too long."); + ret = LENGTH_ERROR; + } + } + + /* Process PQC KEM key share part. Depending on the pqc_first flag, the + * KEM shared secret part goes before or after the ECDH part. */ + if (ret == 0) { + int offset = ssSzEcc; + + if (pqc_first) + offset = 0; + + ret = TLSX_KeyShare_ProcessPqcClient_ex(ssl, pqc_kse, + ssl->arrays->preMasterSecret + offset, &ssSzPqc); } if (ret == 0) { - /* Copy the shared secret to the pre-master secret pre-allocated - * buffer. */ - XMEMCPY(ssl->arrays->preMasterSecret, sharedSecret, sharedSecretLen); - ssl->arrays->preMasterSz = (word32) sharedSecretLen; + keyShareEntry->privKey = (byte*)pqc_kse->key; + + ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc; } - XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); + TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap); - wc_ecc_free(&eccpubkey); - wc_KyberKey_Free(kem); return ret; } -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_MLKEM_NO_DECAPSULATE */ /* Process the key share extension on the client side. * @@ -8992,15 +9548,17 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->arrays->preMasterSz = ENCRYPT_LEN; /* Use Key Share Data from server. */ - if (WOLFSSL_NAMED_GROUP_IS_FFHDE(keyShareEntry->group)) + if (WOLFSSL_NAMED_GROUP_IS_FFDHE(keyShareEntry->group)) ret = TLSX_KeyShare_ProcessDh(ssl, keyShareEntry); else if (keyShareEntry->group == WOLFSSL_ECC_X25519) ret = TLSX_KeyShare_ProcessX25519(ssl, keyShareEntry); else if (keyShareEntry->group == WOLFSSL_ECC_X448) ret = TLSX_KeyShare_ProcessX448(ssl, keyShareEntry); -#ifdef WOLFSSL_HAVE_KYBER +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) else if (WOLFSSL_NAMED_GROUP_IS_PQC(keyShareEntry->group)) - ret = TLSX_KeyShare_ProcessPqc(ssl, keyShareEntry); + ret = TLSX_KeyShare_ProcessPqcClient(ssl, keyShareEntry); + else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(keyShareEntry->group)) + ret = TLSX_KeyShare_ProcessPqcHybridClient(ssl, keyShareEntry); #endif else ret = TLSX_KeyShare_ProcessEcc(ssl, keyShareEntry); @@ -9049,11 +9607,18 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input, if (keLen > length - offset) return BUFFER_ERROR; -#ifdef WOLFSSL_HAVE_KYBER - if (WOLFSSL_NAMED_GROUP_IS_PQC(group) && +#ifdef WOLFSSL_HAVE_MLKEM + if ((WOLFSSL_NAMED_GROUP_IS_PQC(group) || + WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) && ssl->options.side == WOLFSSL_SERVER_END) { - /* For KEMs, the public key is not stored. Casting away const because - * we know for KEMs, it will be read-only.*/ + /* When handling a key share containing a KEM public key on the server + * end, we have to perform the encapsulation immediately in order to + * send the resulting ciphertext back to the client in the ServerHello + * message. As the public key is not stored and we do not modify it, we + * don't have to create a copy of it. + * In case of a hybrid key exchange, the ECDH part is also performed + * immediately (to not split the generation of the master secret). + * Hence, we also don't have to store this public key either. */ ke = (byte *)&input[offset]; } else #endif @@ -9228,7 +9793,7 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, /* Not in list sent if there isn't a private key. */ if (keyShareEntry == NULL || (keyShareEntry->key == NULL - #if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER) + #if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM) && keyShareEntry->privKey == NULL #endif )) { @@ -9253,13 +9818,15 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length, if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { - /* Check the selected group was supported by ClientHello extensions. */ + /* Check the selected group was supported by ClientHello extensions. + */ if (!TLSX_SupportedGroups_Find(ssl, group, ssl->extensions)) { WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; } - /* Check if the group was sent. */ + /* Make sure KeyShare for server requested group was not sent in + * ClientHello. */ if (TLSX_KeyShare_Find(ssl, group)) { WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); return BAD_KEY_SHARE_DATA; @@ -9320,76 +9887,228 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap, return 0; } -#ifdef WOLFSSL_HAVE_KYBER -static int server_generate_pqc_ciphertext(WOLFSSL* ssl, - KeyShareEntry* keyShareEntry, byte* data, word16 len) -{ - /* I am the server. The data parameter is the client's public key. I need - * to generate the public information (AKA ciphertext) and shared secret - * here. Note the "public information" is equivalent to a the public key in - * key exchange parlance. That's why it is being assigned to pubKey. - */ - int type; - KyberKey kem[1]; - byte* sharedSecret = NULL; +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) +/* Process the Kyber key share extension on the server side. + * + * ssl The SSL/TLS object. + * keyShareEntry The key share entry object to be sent to the client. + * data The key share data received from the client. + * len The length of the key share data from the client. + * ssOutput The destination buffer for the shared secret. + * ssOutSz The size of the generated shared secret. + * + * returns 0 on success and other values indicate failure. + */ +static int TLSX_KeyShare_HandlePqcKeyServer(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, byte* clientData, word16 clientLen, + unsigned char* ssOutput, word32* ssOutSz) +{ + /* We are on the server side. The key share contains a PQC KEM public key + * that we are using for an encapsulate operation. The resulting ciphertext + * is stored in the server key share. */ + KyberKey* kemKey = (KyberKey*)keyShareEntry->key; byte* ciphertext = NULL; int ret = 0; - int oqs_group = 0; - int ecc_group = 0; - KeyShareEntry *ecc_kse = NULL; - ecc_key eccpubkey; - word32 outlen = 0; word32 pubSz = 0; word32 ctSz = 0; word32 ssSz = 0; - findEccPqc(&ecc_group, &oqs_group, keyShareEntry->group); - ret = kyber_id2type(oqs_group, &type); - if (ret != 0) { - WOLFSSL_MSG("Invalid Kyber algorithm specified."); + if (clientData == NULL) { + WOLFSSL_MSG("No KEM public key from the client."); return BAD_FUNC_ARG; } - ret = wc_ecc_init_ex(&eccpubkey, ssl->heap, ssl->devId); - if (ret != 0) { - WOLFSSL_MSG("Could not do ECC public key initialization."); - return MEMORY_E; + if (kemKey == NULL) { + int type = 0; + + /* Allocate a Kyber key to hold private key. */ + kemKey = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (kemKey == NULL) { + WOLFSSL_MSG("GenPqcKey memory error"); + ret = MEMORY_E; + } + if (ret == 0) { + ret = mlkem_id2type(keyShareEntry->group, &type); + } + if (ret != 0) { + WOLFSSL_MSG("Invalid PQC algorithm specified."); + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + ret = wc_KyberKey_Init(type, kemKey, ssl->heap, ssl->devId); + if (ret != 0) { + WOLFSSL_MSG("Error creating Kyber KEM"); + } + } } - ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId); - if (ret != 0) { - wc_ecc_free(&eccpubkey); - WOLFSSL_MSG("Error creating Kyber KEM"); - return MEMORY_E; + if (ret == 0) { + ret = wc_KyberKey_PublicKeySize(kemKey, &pubSz); + } + if (ret == 0) { + ret = wc_KyberKey_CipherTextSize(kemKey, &ctSz); + } + if (ret == 0) { + ret = wc_KyberKey_SharedSecretSize(kemKey, &ssSz); + } + + if (ret == 0 && clientLen != pubSz) { + WOLFSSL_MSG("Invalid public key."); + ret = BAD_FUNC_ARG; } if (ret == 0) { - ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, - DYNAMIC_TYPE_TLSX); - if (ecc_kse == NULL) { - WOLFSSL_MSG("ecc_kse memory allocation failure"); - ret = MEMORY_ERROR; + ciphertext = (byte*)XMALLOC(ctSz, ssl->heap, DYNAMIC_TYPE_TLSX); + + if (ciphertext == NULL) { + WOLFSSL_MSG("Ciphertext memory allocation failure."); + ret = MEMORY_E; } } if (ret == 0) { - XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + ret = wc_KyberKey_DecodePublicKey(kemKey, clientData, pubSz); } - - if (ret == 0 && ecc_group != 0) { - ecc_kse->group = ecc_group; - ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); - /* No message, TLSX_KeyShare_GenEccKey() will do it. */ + if (ret == 0) { + ret = wc_KyberKey_Encapsulate(kemKey, ciphertext, + ssOutput, ssl->rng); + if (ret != 0) { + WOLFSSL_MSG("wc_KyberKey encapsulation failure."); + } } if (ret == 0) { - ret = wc_KyberKey_PublicKeySize(kem, &pubSz); + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + + *ssOutSz = ssSz; + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; + + keyShareEntry->pubKey = ciphertext; + keyShareEntry->pubKeyLen = ctSz; + ciphertext = NULL; + + /* Set namedGroup so wolfSSL_get_curve_name() can function properly on + * the server side. */ + ssl->namedGroup = keyShareEntry->group; + } + + XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); + + wc_KyberKey_Free(kemKey); + XFREE(kemKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; + return ret; +} + +static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, byte* data, word16 len) +{ + /* I am the server. The data parameter is the concatenation of the client's + * ECDH public key and the KEM public key. I need to generate a matching + * public key for ECDH and encapsulate a shared secret using the KEM public + * key. We send the ECDH public key and the KEM ciphertext back to the + * client. Additionally, we create the ECDH shared secret here already. + */ + int type; + byte* ciphertext = NULL; + int ret = 0; + int pqc_group = 0; + int ecc_group = 0; + int pqc_first = 0; + KeyShareEntry *ecc_kse = NULL; + KeyShareEntry *pqc_kse = NULL; + word32 pubSz = 0; + word32 ctSz = 0; + word32 ssSzPqc = 0; + word32 ssSzEcc = 0; + + if (data == NULL) { + WOLFSSL_MSG("No hybrid key share data from the client."); + return BAD_FUNC_ARG; + } + + /* Determine the ECC and PQC group of the hybrid combination */ + findEccPqc(&ecc_group, &pqc_group, &pqc_first, keyShareEntry->group); + if (ecc_group == 0 || pqc_group == 0) { + WOLFSSL_MSG("Invalid hybrid group"); + ret = BAD_FUNC_ARG; } + if (ret == 0) { - ret = wc_KyberKey_CipherTextSize(kem, &ctSz); + ecc_kse = (KeyShareEntry*)XMALLOC(sizeof(*ecc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + pqc_kse = (KeyShareEntry*)XMALLOC(sizeof(*pqc_kse), ssl->heap, + DYNAMIC_TYPE_TLSX); + if (ecc_kse == NULL || pqc_kse == NULL) { + WOLFSSL_MSG("kse memory allocation failure"); + ret = MEMORY_ERROR; + } } + + /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we + * decode these sizes to properly concatenate the KEM ciphertext with the + * ECDH public key. */ if (ret == 0) { - ret = wc_KyberKey_SharedSecretSize(kem, &ssSz); + XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + pqc_kse->group = pqc_group; + + /* Allocate a Kyber key to hold private key. */ + pqc_kse->key = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap, + DYNAMIC_TYPE_PRIVATE_KEY); + if (pqc_kse->key == NULL) { + WOLFSSL_MSG("GenPqcKey memory error"); + ret = MEMORY_E; + } + if (ret == 0) { + ret = mlkem_id2type(pqc_kse->group, &type); + } + if (ret != 0) { + WOLFSSL_MSG("Invalid PQC algorithm specified."); + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + ret = wc_KyberKey_Init(type, (KyberKey*)pqc_kse->key, + ssl->heap, ssl->devId); + if (ret != 0) { + WOLFSSL_MSG("Error creating Kyber KEM"); + } + } + if (ret == 0) { + ret = wc_KyberKey_SharedSecretSize((KyberKey*)pqc_kse->key, + &ssSzPqc); + } + if (ret == 0) { + ret = wc_KyberKey_CipherTextSize((KyberKey*)pqc_kse->key, + &ctSz); + } + if (ret == 0) { + ret = wc_KyberKey_PublicKeySize((KyberKey*)pqc_kse->key, + &pubSz); + } + } + + /* Generate the ECDH key share part to be sent to the client */ + if (ret == 0 && ecc_group != 0) { + XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + ecc_kse->group = ecc_group; + #ifdef HAVE_CURVE25519 + if (ecc_group == WOLFSSL_ECC_X25519) { + ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse); + } + else + #endif + #ifdef HAVE_CURVE448 + if (ecc_group == WOLFSSL_ECC_X448) { + ret = TLSX_KeyShare_GenX448Key(ssl, ecc_kse); + } + else + #endif + { + ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); + } + /* No error message, TLSX_KeyShare_GenKey will do it. */ } if (ret == 0 && len != pubSz + ecc_kse->pubKeyLen) { @@ -9397,72 +10116,113 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, ret = BAD_FUNC_ARG; } + /* Allocate buffer for the concatenated client key share data + * (PQC KEM ciphertext + ECDH public key) */ if (ret == 0) { - sharedSecret = (byte*)XMALLOC(ecc_kse->keyLen + ssSz, ssl->heap, - DYNAMIC_TYPE_SECRET); ciphertext = (byte*)XMALLOC(ecc_kse->pubKeyLen + ctSz, ssl->heap, DYNAMIC_TYPE_TLSX); - if (sharedSecret == NULL || ciphertext == NULL) { - WOLFSSL_MSG("Ciphertext/shared secret memory allocation failure."); + if (ciphertext == NULL) { + WOLFSSL_MSG("Ciphertext memory allocation failure."); ret = MEMORY_E; } } - if (ecc_group != 0) { + /* Process ECDH key share part. The generated shared secret is directly + * stored in the ssl->arrays->preMasterSecret buffer. Depending on the + * pqc_first flag, the ECDH shared secret part goes before or after the + * KEM part. */ + if (ret == 0) { + ecc_kse->keLen = len - pubSz; + ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (ecc_kse->ke == NULL) { + WOLFSSL_MSG("ecc_kse memory allocation failure"); + ret = MEMORY_ERROR; + } if (ret == 0) { - /* Point is validated by import function. */ - ret = wc_ecc_import_x963(data, len - pubSz, &eccpubkey); - if (ret != 0) { - WOLFSSL_MSG("Bad ECC public key."); + int pubOffset = 0; + int ssOffset = 0; + + /* Set the ECC size variable to the initial buffer size */ + ssSzEcc = ssl->arrays->preMasterSz; + + if (pqc_first) { + pubOffset = pubSz; + ssOffset = ssSzPqc; } - } -#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ - !defined(HAVE_SELFTEST) - if (ret == 0) { - ret = wc_ecc_set_rng((ecc_key *)ecc_kse->key, ssl->rng); - } -#endif + XMEMCPY(ecc_kse->ke, data + pubOffset, ecc_kse->keLen); + #ifdef HAVE_CURVE25519 + if (ecc_group == WOLFSSL_ECC_X25519) { + ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + } + else + #endif + #ifdef HAVE_CURVE448 + if (ecc_group == WOLFSSL_ECC_X448) { + ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + } + else + #endif + { + ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + } + } if (ret == 0) { - outlen = ecc_kse->keyLen; - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_shared_secret((ecc_key *)ecc_kse->key, &eccpubkey, - sharedSecret, - &outlen); - PRIVATE_KEY_LOCK(); - if (outlen != ecc_kse->keyLen) { + if (ssSzEcc != ecc_kse->keyLen) { WOLFSSL_MSG("Data length mismatch."); ret = BAD_FUNC_ARG; } } } - if (ret == 0) { - ret = wc_KyberKey_DecodePublicKey(kem, data + ecc_kse->pubKeyLen, - pubSz); + if (ret == 0 && ssSzEcc + ssSzPqc > ENCRYPT_LEN) { + WOLFSSL_MSG("shared secret is too long."); + ret = LENGTH_ERROR; } + + /* Process PQC KEM key share part. Depending on the pqc_first flag, the + * KEM shared secret part goes before or after the ECDH part. */ if (ret == 0) { - ret = wc_KyberKey_Encapsulate(kem, ciphertext + ecc_kse->pubKeyLen, - sharedSecret + outlen, ssl->rng); - if (ret != 0) { - WOLFSSL_MSG("wc_KyberKey encapsulation failure."); + int input_offset = ecc_kse->keLen; + int output_offset = ssSzEcc; + + if (pqc_first) { + input_offset = 0; + output_offset = 0; } + + ret = TLSX_KeyShare_HandlePqcKeyServer(ssl, pqc_kse, + data + input_offset, pubSz, + ssl->arrays->preMasterSecret + output_offset, &ssSzPqc); } if (ret == 0) { XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - keyShareEntry->ke = sharedSecret; - keyShareEntry->keLen = outlen + ssSz; - sharedSecret = NULL; + ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc; + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; - if (ecc_kse->pubKeyLen > 0) + /* Concatenate the ECDH public key and the PQC KEM ciphertext. Based on + * the pqc_first flag, the ECDH public key goes before or after the KEM + * ciphertext. */ + if (pqc_first) { + XMEMCPY(ciphertext, pqc_kse->pubKey, ctSz); + XMEMCPY(ciphertext + ctSz, ecc_kse->pubKey, ecc_kse->pubKeyLen); + } + else { XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen); + XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz); + } + keyShareEntry->pubKey = ciphertext; - keyShareEntry->pubKeyLen = (word32)(ecc_kse->pubKeyLen + ctSz); + keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz; ciphertext = NULL; /* Set namedGroup so wolfSSL_get_curve_name() can function properly on @@ -9471,13 +10231,11 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap); XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); - wc_ecc_free(&eccpubkey); - wc_KyberKey_Free(kem); return ret; } -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_MLKEM_NO_ENCAPSULATE */ /* Use the data to create a new key share object in the extensions. * @@ -9526,11 +10284,22 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, } -#ifdef WOLFSSL_HAVE_KYBER - if (WOLFSSL_NAMED_GROUP_IS_PQC(group) && - ssl->options.side == WOLFSSL_SERVER_END) { - ret = server_generate_pqc_ciphertext((WOLFSSL*)ssl, keyShareEntry, data, - len); +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) + if (ssl->options.side == WOLFSSL_SERVER_END && + WOLFSSL_NAMED_GROUP_IS_PQC(group)) { + ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz); + if (ret != 0) + return ret; + } + else if (ssl->options.side == WOLFSSL_SERVER_END && + WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) { + ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len); if (ret != 0) return ret; } @@ -9691,54 +10460,93 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) break; #endif #endif -#ifdef WOLFSSL_HAVE_KYBER +#ifdef WOLFSSL_HAVE_MLKEM #ifndef WOLFSSL_NO_ML_KEM - #ifdef WOLFSSL_WC_KYBER + #ifdef WOLFSSL_WC_MLKEM #ifndef WOLFSSL_NO_ML_KEM_512 case WOLFSSL_ML_KEM_512: case WOLFSSL_P256_ML_KEM_512: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_ML_KEM_512: + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 case WOLFSSL_ML_KEM_768: case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P256_ML_KEM_768: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_ML_KEM_768: + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + case WOLFSSL_X448_ML_KEM_768: + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 case WOLFSSL_ML_KEM_1024: case WOLFSSL_P521_ML_KEM_1024: + case WOLFSSL_P384_ML_KEM_1024: #endif break; #elif defined(HAVE_LIBOQS) case WOLFSSL_ML_KEM_512: case WOLFSSL_ML_KEM_768: case WOLFSSL_ML_KEM_1024: + { + int ret; + int id; + ret = mlkem_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } + + if (! ext_mlkem_enabled(id)) { + return 0; + } + break; + } case WOLFSSL_P256_ML_KEM_512: case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P256_ML_KEM_768: case WOLFSSL_P521_ML_KEM_1024: + case WOLFSSL_P384_ML_KEM_1024: + case WOLFSSL_X25519_ML_KEM_512: + case WOLFSSL_X448_ML_KEM_768: + case WOLFSSL_X25519_ML_KEM_768: { int ret; int id; - findEccPqc(NULL, &namedGroup, namedGroup); - ret = kyber_id2type(namedGroup, &id); + findEccPqc(NULL, &namedGroup, NULL, namedGroup); + ret = mlkem_id2type(namedGroup, &id); if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { return 0; } - if (! ext_kyber_enabled(id)) { + if (! ext_mlkem_enabled(id)) { return 0; } break; } #endif -#endif -#ifdef WOLFSSL_KYBER_ORIGINAL - #ifdef WOLFSSL_WC_KYBER +#endif /* WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_WC_MLKEM #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: case WOLFSSL_P256_KYBER_LEVEL1: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_KYBER_LEVEL1: + #endif #endif #ifdef WOLFSSL_KYBER768 case WOLFSSL_KYBER_LEVEL3: case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P256_KYBER_LEVEL3: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_KYBER_LEVEL3: + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + case WOLFSSL_X448_KYBER_LEVEL3: + #endif #endif #ifdef WOLFSSL_KYBER1024 case WOLFSSL_KYBER_LEVEL5: @@ -9749,26 +10557,43 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) case WOLFSSL_KYBER_LEVEL1: case WOLFSSL_KYBER_LEVEL3: case WOLFSSL_KYBER_LEVEL5: + { + int ret; + int id; + ret = mlkem_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } + + if (! ext_mlkem_enabled(id)) { + return 0; + } + break; + } case WOLFSSL_P256_KYBER_LEVEL1: case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P256_KYBER_LEVEL3: case WOLFSSL_P521_KYBER_LEVEL5: + case WOLFSSL_X25519_KYBER_LEVEL1: + case WOLFSSL_X448_KYBER_LEVEL3: + case WOLFSSL_X25519_KYBER_LEVEL3: { int ret; int id; - findEccPqc(NULL, &namedGroup, namedGroup); - ret = kyber_id2type(namedGroup, &id); + findEccPqc(NULL, &namedGroup, NULL, namedGroup); + ret = mlkem_id2type(namedGroup, &id); if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { return 0; } - if (! ext_kyber_enabled(id)) { + if (! ext_mlkem_enabled(id)) { return 0; } break; } #endif #endif -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM */ default: return 0; } @@ -9815,18 +10640,29 @@ static const word16 preferredGroup[] = { WOLFSSL_FFDHE_8192, #endif #ifndef WOLFSSL_NO_ML_KEM -#ifdef WOLFSSL_WC_KYBER +#ifdef WOLFSSL_WC_MLKEM #ifndef WOLFSSL_NO_ML_KEM_512 WOLFSSL_ML_KEM_512, WOLFSSL_P256_ML_KEM_512, + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519_ML_KEM_512, + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 WOLFSSL_ML_KEM_768, WOLFSSL_P384_ML_KEM_768, + WOLFSSL_P256_ML_KEM_768, + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519_ML_KEM_768, + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + WOLFSSL_X448_ML_KEM_768, + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 WOLFSSL_ML_KEM_1024, WOLFSSL_P521_ML_KEM_1024, + WOLFSSL_P384_ML_KEM_1024, #endif #elif defined(HAVE_LIBOQS) /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ @@ -9835,18 +10671,37 @@ static const word16 preferredGroup[] = { WOLFSSL_ML_KEM_1024, WOLFSSL_P256_ML_KEM_512, WOLFSSL_P384_ML_KEM_768, + WOLFSSL_P256_ML_KEM_768, WOLFSSL_P521_ML_KEM_1024, + WOLFSSL_P384_ML_KEM_1024, + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519_ML_KEM_512, + WOLFSSL_X25519_ML_KEM_768, + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + WOLFSSL_X448_ML_KEM_768, + #endif #endif #endif /* !WOLFSSL_NO_ML_KEM */ -#ifdef WOLFSSL_KYBER_ORIGINAL -#ifdef WOLFSSL_WC_KYBER +#ifdef WOLFSSL_MLKEM_KYBER +#ifdef WOLFSSL_WC_MLKEM #ifdef WOLFSSL_KYBER512 WOLFSSL_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1, + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519_KYBER_LEVEL1, + #endif #endif #ifdef WOLFSSL_KYBER768 WOLFSSL_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3, + WOLFSSL_P256_KYBER_LEVEL3, + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519_KYBER_LEVEL3, + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + WOLFSSL_X448_KYBER_LEVEL3, + #endif #endif #ifdef WOLFSSL_KYBER1024 WOLFSSL_KYBER_LEVEL5, @@ -9859,9 +10714,17 @@ static const word16 preferredGroup[] = { WOLFSSL_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P384_KYBER_LEVEL3, + WOLFSSL_P256_KYBER_LEVEL3, WOLFSSL_P521_KYBER_LEVEL5, + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519_KYBER_LEVEL1, + WOLFSSL_X25519_KYBER_LEVEL3, + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + WOLFSSL_X448_KYBER_LEVEL3, + #endif #endif -#endif /* WOLFSSL_KYBER_ORIGINAL */ +#endif /* WOLFSSL_MLKEM_KYBER */ WOLFSSL_NAMED_GROUP_INVALID }; @@ -9884,8 +10747,7 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group) byte numGroups; if (ssl->numGroups == 0) { - groups = preferredGroup; - numGroups = PREFERRED_GROUP_SZ; + return 0; } else { groups = ssl->group; @@ -10031,10 +10893,11 @@ int TLSX_CKS_Set(WOLFSSL* ssl, TLSX** extensions) int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length, TLSX** extensions) { - (void) extensions; int ret; int i, j; + (void) extensions; + /* Validating the input. */ if (length == 0) return BUFFER_ERROR; @@ -10154,7 +11017,9 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, /* Use server's preference order. */ for (clientKSE = list; clientKSE != NULL; clientKSE = clientKSE->next) { - if (clientKSE->ke == NULL) + if ((clientKSE->ke == NULL) && + (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) && + (!WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group))) continue; #ifdef WOLFSSL_SM2 @@ -10174,11 +11039,12 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, if (!TLSX_SupportedGroups_Find(ssl, clientKSE->group, extensions)) continue; - if (!WOLFSSL_NAMED_GROUP_IS_FFHDE(clientKSE->group)) { + if (!WOLFSSL_NAMED_GROUP_IS_FFDHE(clientKSE->group)) { /* Check max value supported. */ if (clientKSE->group > WOLFSSL_ECC_MAX) { -#ifdef WOLFSSL_HAVE_KYBER - if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) +#ifdef WOLFSSL_HAVE_MLKEM + if (!WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) && + !WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)) #endif continue; } @@ -10233,7 +11099,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE) return BAD_FUNC_ARG; } - /* Generate a new key pair except in the case of OQS KEM because we + /* Generate a new key pair except in the case of PQC KEM because we * are going to encapsulate and that does not require us to generate a * key pair. */ @@ -10242,8 +11108,9 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE) return ret; if (clientKSE->key == NULL) { -#ifdef WOLFSSL_HAVE_KYBER - if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group)) { +#ifdef WOLFSSL_HAVE_MLKEM + if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) || + WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)) { /* Going to need the public key (AKA ciphertext). */ serverKSE->pubKey = clientKSE->pubKey; clientKSE->pubKey = NULL; @@ -12004,41 +12871,35 @@ static int TLSX_ECH_Use(WOLFSSL_EchConfig* echConfig, TLSX** extensions, { int ret = 0; int suiteIndex; + TLSX* echX; WOLFSSL_ECH* ech; - if (extensions == NULL) return BAD_FUNC_ARG; - + /* skip if we already have an ech extension, we will for hrr */ + echX = TLSX_Find(*extensions, TLSX_ECH); + if (echX != NULL) + return 0; /* find a supported cipher suite */ suiteIndex = EchConfigGetSupportedCipherSuite(echConfig); - if (suiteIndex < 0) return suiteIndex; - ech = (WOLFSSL_ECH*)XMALLOC(sizeof(WOLFSSL_ECH), heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ech == NULL) return MEMORY_E; - ForceZero(ech, sizeof(WOLFSSL_ECH)); - ech->state = ECH_WRITE_REAL; - ech->echConfig = echConfig; - /* 0 for outer */ ech->type = ECH_TYPE_OUTER; /* kemId */ ech->kemId = echConfig->kemId; - /* cipherSuite kdf */ ech->cipherSuite.kdfId = echConfig->cipherSuites[suiteIndex].kdfId; /* cipherSuite aead */ ech->cipherSuite.aeadId = echConfig->cipherSuites[suiteIndex].aeadId; /* configId */ ech->configId = echConfig->configId; - /* encLen */ switch (echConfig->kemId) { @@ -12058,30 +12919,23 @@ static int TLSX_ECH_Use(WOLFSSL_EchConfig* echConfig, TLSX** extensions, ech->encLen = DHKEM_X448_ENC_LEN; break; } - /* setup hpke */ ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ech->hpke == NULL) { XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } - ret = wc_HpkeInit(ech->hpke, ech->kemId, ech->cipherSuite.kdfId, ech->cipherSuite.aeadId, heap); - /* setup the ephemeralKey */ if (ret == 0) ret = wc_HpkeGenerateKeyPair(ech->hpke, &ech->ephemeralKey, rng); - if (ret == 0) ret = TLSX_Push(extensions, TLSX_ECH, ech, heap); - if (ret != 0) { XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); } - return ret; } @@ -12092,41 +12946,31 @@ static int TLSX_ServerECH_Use(TLSX** extensions, void* heap, int ret; WOLFSSL_ECH* ech; TLSX* echX; - if (extensions == NULL) return BAD_FUNC_ARG; - /* if we already have ech don't override it */ echX = TLSX_Find(*extensions, TLSX_ECH); if (echX != NULL) return 0; - ech = (WOLFSSL_ECH*)XMALLOC(sizeof(WOLFSSL_ECH), heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ech == NULL) return MEMORY_E; - ForceZero(ech, sizeof(WOLFSSL_ECH)); - ech->state = ECH_WRITE_NONE; - /* 0 for outer */ ech->type = ECH_TYPE_OUTER; - ech->echConfig = configs; - /* setup the rest of the settings when we receive ech from the client */ ret = TLSX_Push(extensions, TLSX_ECH, ech, heap); - if (ret != 0) XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } -/* return length after writing the ech */ -static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset) +/* return status after writing the ech and updating offset */ +static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf, + word16* offset) { int ret = 0; int rngRet = -1; @@ -12140,84 +12984,75 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset) Hpke hpke[1]; WC_RNG rng[1]; #endif - WOLFSSL_MSG("TLSX_ECH_Write"); - + if (msgType == hello_retry_request) { + /* reserve space to write the confirmation to */ + *offset += ECH_ACCEPT_CONFIRMATION_SZ; + /* set confBuf */ + ech->confBuf = writeBuf; + return 0; + } if (ech->state == ECH_WRITE_NONE || ech->state == ECH_PARSED_INTERNAL) return 0; - if (ech->state == ECH_WRITE_RETRY_CONFIGS) { /* get size then write */ ret = GetEchConfigsEx(ech->echConfig, NULL, &configsLen); - if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return ret; - ret = GetEchConfigsEx(ech->echConfig, writeBuf, &configsLen); - if (ret != WOLFSSL_SUCCESS) return ret; - *offset += configsLen; - return 0; } - -#ifdef WOLFSSL_SMALL_STACK - hpke = (Hpke*)XMALLOC(sizeof(Hpke), NULL, DYNAMIC_TYPE_TMP_BUFFER); - - if (hpke == NULL) - return MEMORY_E; - - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - - if (rng == NULL) { - XFREE(hpke, NULL, DYNAMIC_TYPE_RNG); - return MEMORY_E; - } -#endif - /* type */ *writeBuf_p = ech->type; writeBuf_p += sizeof(ech->type); - /* outer has body, inner does not */ if (ech->type == ECH_TYPE_OUTER) { /* kdfId */ c16toa(ech->cipherSuite.kdfId, writeBuf_p); writeBuf_p += sizeof(ech->cipherSuite.kdfId); - /* aeadId */ c16toa(ech->cipherSuite.aeadId, writeBuf_p); writeBuf_p += sizeof(ech->cipherSuite.aeadId); - /* configId */ *writeBuf_p = ech->configId; writeBuf_p += sizeof(ech->configId); - /* encLen */ - c16toa(ech->encLen, writeBuf_p); + if (ech->hpkeContext == NULL) { + c16toa(ech->encLen, writeBuf_p); + } + else { + /* set to 0 if this is clientInner 2 */ + c16toa(0, writeBuf_p); + } writeBuf_p += 2; - if (ech->state == ECH_WRITE_GREASE) { +#ifdef WOLFSSL_SMALL_STACK + hpke = (Hpke*)XMALLOC(sizeof(Hpke), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (hpke == NULL) + return MEMORY_E; + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + if (rng == NULL) { + XFREE(hpke, NULL, DYNAMIC_TYPE_RNG); + return MEMORY_E; + } +#endif /* hpke init */ ret = wc_HpkeInit(hpke, ech->kemId, ech->cipherSuite.kdfId, ech->cipherSuite.aeadId, NULL); - if (ret == 0) rngRet = ret = wc_InitRng(rng); - /* create the ephemeralKey */ if (ret == 0) ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng); - /* enc */ if (ret == 0) { ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, writeBuf_p, &ech->encLen); writeBuf_p += ech->encLen; } - if (ret == 0) { /* innerClientHelloLen */ c16toa(GREASE_ECH_SIZE + ((writeBuf_p + 2 - writeBuf) % 32), @@ -12229,45 +13064,40 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte* writeBuf, word16* offset) ((writeBuf_p - writeBuf) % 32)); writeBuf_p += GREASE_ECH_SIZE + ((writeBuf_p - writeBuf) % 32); } - if (rngRet == 0) wc_FreeRng(rng); - if (ephemeralKey != NULL) wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap); +#ifdef WOLFSSL_SMALL_STACK + XFREE(hpke, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); +#endif } else { - /* write enc to writeBuf_p */ - ret = wc_HpkeSerializePublicKey(ech->hpke, ech->ephemeralKey, - writeBuf_p, &ech->encLen); - writeBuf_p += ech->encLen; - + /* only write enc if this is our first ech, no hpke context */ + if (ech->hpkeContext == NULL) { + /* write enc to writeBuf_p */ + ret = wc_HpkeSerializePublicKey(ech->hpke, ech->ephemeralKey, + writeBuf_p, &ech->encLen); + writeBuf_p += ech->encLen; + } /* innerClientHelloLen */ c16toa(ech->innerClientHelloLen, writeBuf_p); writeBuf_p += 2; - /* set payload offset for when we finalize */ ech->outerClientPayload = writeBuf_p; - /* write zeros for payload */ XMEMSET(writeBuf_p, 0, ech->innerClientHelloLen); writeBuf_p += ech->innerClientHelloLen; } } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(hpke, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); -#endif - if (ret == 0) *offset += (writeBuf_p - writeBuf); - return ret; } /* return the size needed for the ech extension */ -static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech) +static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech, byte msgType) { int ret; word32 size; @@ -12279,6 +13109,9 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech) size += GREASE_ECH_SIZE + (size % 32); } + else if (msgType == hello_retry_request) { + size = ECH_ACCEPT_CONFIRMATION_SZ; + } else if (ech->state == ECH_WRITE_NONE || ech->state == ECH_PARSED_INTERNAL) { size = 0; @@ -12297,8 +13130,11 @@ static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech) else { size = sizeof(ech->type) + sizeof(ech->cipherSuite) + - sizeof(ech->configId) + sizeof(word16) + ech->encLen + - sizeof(word16) + ech->innerClientHelloLen; + sizeof(ech->configId) + sizeof(word16) + sizeof(word16) + + ech->innerClientHelloLen; + /* only set encLen if this is inner hello 1 */ + if (ech->hpkeContext == NULL) + size += ech->encLen; } return (int)size; @@ -12316,10 +13152,8 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig, word32 rawConfigLen = 0; byte* info = NULL; word32 infoLen = 0; - if (ech == NULL || echConfig == NULL || aad == NULL) return BAD_FUNC_ARG; - /* verify the kem and key len */ switch (echConfig->kemId) { @@ -12342,10 +13176,8 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig, expectedEncLen = 0; break; } - if (expectedEncLen != ech->encLen) return BAD_FUNC_ARG; - /* verify the cipher suite */ for (i = 0; i < echConfig->numCipherSuites; i++) { if (echConfig->cipherSuites[i].kdfId == ech->cipherSuite.kdfId && @@ -12353,54 +13185,69 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig, break; } } - if (i >= echConfig->numCipherSuites) { return BAD_FUNC_ARG; } - - ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER); - - if (ech->hpke == NULL) - return MEMORY_E; - - ret = wc_HpkeInit(ech->hpke, echConfig->kemId, ech->cipherSuite.kdfId, - ech->cipherSuite.aeadId, heap); - - /* get the rawConfigLen */ - if (ret == 0) - ret = GetEchConfig(echConfig, NULL, &rawConfigLen); - - if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) - ret = 0; - - /* create info */ - if (ret == 0) { - infoLen = TLS_INFO_CONST_STRING_SZ + 1 + rawConfigLen; - info = (byte*)XMALLOC(infoLen, heap, DYNAMIC_TYPE_TMP_BUFFER); - - if (info == NULL) + /* check if hpke already exists, may if HelloRetryRequest */ + if (ech->hpke == NULL) { + ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ech->hpke == NULL) ret = MEMORY_E; - else { - XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING, - TLS_INFO_CONST_STRING_SZ + 1); - ret = GetEchConfig(echConfig, info + - TLS_INFO_CONST_STRING_SZ + 1, &rawConfigLen); + /* init the hpke struct */ + if (ret == 0) { + ret = wc_HpkeInit(ech->hpke, echConfig->kemId, + ech->cipherSuite.kdfId, ech->cipherSuite.aeadId, heap); } - } + if (ret == 0) { + /* allocate hpkeContext */ + ech->hpkeContext = + (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext), + ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ech->hpkeContext == NULL) + ret = MEMORY_E; + } + /* get the rawConfigLen */ + if (ret == 0) + ret = GetEchConfig(echConfig, NULL, &rawConfigLen); + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + ret = 0; + /* create info */ + if (ret == 0) { + infoLen = TLS_INFO_CONST_STRING_SZ + 1 + rawConfigLen; + info = (byte*)XMALLOC(infoLen, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (info == NULL) + ret = MEMORY_E; + else { + XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING, + TLS_INFO_CONST_STRING_SZ + 1); + ret = GetEchConfig(echConfig, info + + TLS_INFO_CONST_STRING_SZ + 1, &rawConfigLen); + } + } + /* init the context for opening */ + if (ret == 0) { + ret = wc_HpkeInitOpenContext(ech->hpke, ech->hpkeContext, + echConfig->receiverPrivkey, ech->enc, ech->encLen, info, + infoLen); + } + } /* decrypt the ech payload */ - if (ret == 0) - ret = wc_HpkeOpenBase(ech->hpke, echConfig->receiverPrivkey, ech->enc, - ech->encLen, info, infoLen, aad, aadLen, ech->outerClientPayload, - ech->innerClientHelloLen, + if (ret == 0) { + ret = wc_HpkeContextOpenBase(ech->hpke, ech->hpkeContext, aad, aadLen, + ech->outerClientPayload, ech->innerClientHelloLen, ech->innerClientHello + HANDSHAKE_HEADER_SZ); - + } + /* free the hpke and context on failure */ if (ret != 0) { XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); ech->hpke = NULL; + XFREE(ech->hpkeContext, heap, DYNAMIC_TYPE_TMP_BUFFER); + ech->hpkeContext = NULL; } - XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (info != NULL) + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -12417,94 +13264,98 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, WOLFSSL_EchConfig* echConfig; byte* aadCopy; byte* readBuf_p = (byte*)readBuf; - WOLFSSL_MSG("TLSX_ECH_Parse"); - if (size == 0) return BAD_FUNC_ARG; - if (ssl->options.disableECH) { WOLFSSL_MSG("TLSX_ECH_Parse: ECH disabled. Ignoring."); return 0; } - + /* retry configs */ if (msgType == encrypted_extensions) { ret = wolfSSL_SetEchConfigs(ssl, readBuf, size); if (ret == WOLFSSL_SUCCESS) ret = 0; } + /* HRR with special confirmation */ + else if (msgType == hello_retry_request && ssl->options.useEch) { + /* length must be 8 */ + if (size != ECH_ACCEPT_CONFIRMATION_SZ) + return BAD_FUNC_ARG; + /* get extension */ + echX = TLSX_Find(ssl->extensions, TLSX_ECH); + if (echX == NULL) + return BAD_FUNC_ARG; + ech = (WOLFSSL_ECH*)echX->data; + ech->confBuf = (byte*)readBuf; + } else if (msgType == client_hello && ssl->ctx->echConfigs != NULL) { + /* get extension */ echX = TLSX_Find(ssl->extensions, TLSX_ECH); - if (echX == NULL) return BAD_FUNC_ARG; - ech = (WOLFSSL_ECH*)echX->data; - /* read the ech parameters before the payload */ ech->type = *readBuf_p; readBuf_p++; - if (ech->type == ECH_TYPE_INNER) { ech->state = ECH_PARSED_INTERNAL; return 0; } - /* technically the payload would only be 1 byte at this length */ if (size < 11 + ech->encLen) return BAD_FUNC_ARG; - + /* read kdfId */ ato16(readBuf_p, &ech->cipherSuite.kdfId); readBuf_p += 2; - + /* read aeadId */ ato16(readBuf_p, &ech->cipherSuite.aeadId); readBuf_p += 2; - + /* read configId */ ech->configId = *readBuf_p; readBuf_p++; - - ato16(readBuf_p, &ech->encLen); - readBuf_p += 2; - - if (ech->encLen > HPKE_Npk_MAX) - return BAD_FUNC_ARG; - - XMEMCPY(ech->enc, readBuf_p, ech->encLen); - readBuf_p += ech->encLen; - + /* only get enc if we don't already have the hpke context */ + if (ech->hpkeContext == NULL) { + /* read encLen */ + ato16(readBuf_p, &ech->encLen); + readBuf_p += 2; + if (ech->encLen > HPKE_Npk_MAX) + return BAD_FUNC_ARG; + /* read enc */ + XMEMCPY(ech->enc, readBuf_p, ech->encLen); + readBuf_p += ech->encLen; + } + else { + readBuf_p += 2; + } + /* read hello inner len */ ato16(readBuf_p, &ech->innerClientHelloLen); ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE; readBuf_p += 2; - ech->outerClientPayload = readBuf_p; - /* make a copy of the aad */ aadCopy = (byte*)XMALLOC(ech->aadLen, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (aadCopy == NULL) return MEMORY_E; - XMEMCPY(aadCopy, ech->aad, ech->aadLen); - /* set the ech payload of the copy to zeros */ XMEMSET(aadCopy + (readBuf_p - ech->aad), 0, ech->innerClientHelloLen + WC_AES_BLOCK_SIZE); - + /* free the old ech in case this is our second client hello */ + if (ech->innerClientHello != NULL) + XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); /* allocate the inner payload buffer */ ech->innerClientHello = (byte*)XMALLOC(ech->innerClientHelloLen + HANDSHAKE_HEADER_SZ, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ech->innerClientHello == NULL) { XFREE(aadCopy, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } - /* first check if the config id matches */ echConfig = ssl->ctx->echConfigs; - while (echConfig != NULL) { /* decrypt with this config */ if (echConfig->configId == ech->configId) { @@ -12512,26 +13363,20 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, ssl->heap); break; } - echConfig = echConfig->next; } - /* try to decrypt with all configs */ if (echConfig == NULL || ret != 0) { echConfig = ssl->ctx->echConfigs; - while (echConfig != NULL) { ret = TLSX_ExtractEch(ech, echConfig, aadCopy, ech->aadLen, ssl->heap); - if (ret== 0) break; - echConfig = echConfig->next; } } - - /* if we failed to extract */ + /* if we failed to extract, set state to retry configs */ if (ret != 0) { XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); ech->innerClientHello = NULL; @@ -12539,19 +13384,15 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, } else { i = 0; - /* decrement until before the padding */ while (ech->innerClientHello[ech->innerClientHelloLen + HANDSHAKE_HEADER_SZ - i - 1] != ECH_TYPE_INNER) { i++; } - /* subtract the length of the padding from the length */ ech->innerClientHelloLen -= i; } - XFREE(aadCopy, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - return 0; } @@ -12565,7 +13406,10 @@ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap) if (ech->ephemeralKey != NULL) wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey, ech->hpke->heap); - XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ech->hpke != NULL) + XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ech->hpkeContext != NULL) + XFREE(ech->hpkeContext, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; @@ -12575,58 +13419,65 @@ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap) * status */ int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen) { - int ret; + int ret = 0; void* receiverPubkey = NULL; - byte* info; - int infoLen; - byte* aadCopy; - - /* import the server public key */ - ret = wc_HpkeDeserializePublicKey(ech->hpke, &receiverPubkey, - ech->echConfig->receiverPubkey, ech->encLen); - - if (ret == 0) { - /* create info */ - infoLen = TLS_INFO_CONST_STRING_SZ + 1 + ech->echConfig->rawLen; - info = (byte*)XMALLOC(infoLen, ech->hpke->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (info == NULL) - ret = MEMORY_E; - + byte* info = NULL; + int infoLen = 0; + byte* aadCopy = NULL; + /* setup hpke context to seal, should be done at most once per connection */ + if (ech->hpkeContext == NULL) { + /* import the server public key */ + ret = wc_HpkeDeserializePublicKey(ech->hpke, &receiverPubkey, + ech->echConfig->receiverPubkey, ech->encLen); if (ret == 0) { - /* puts the null byte in for me */ - XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING, TLS_INFO_CONST_STRING_SZ - + 1); - XMEMCPY(info + TLS_INFO_CONST_STRING_SZ + 1, ech->echConfig->raw, - ech->echConfig->rawLen); - - /* make a copy of the aad since we overwrite it */ - aadCopy = (byte*)XMALLOC(aadLen, ech->hpke->heap, + /* allocate hpke context */ + ech->hpkeContext = + (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext), + ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ech->hpkeContext == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + /* create info */ + infoLen = TLS_INFO_CONST_STRING_SZ + 1 + ech->echConfig->rawLen; + info = (byte*)XMALLOC(infoLen, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (aadCopy == NULL) { - XFREE(info, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (info == NULL) ret = MEMORY_E; - } } - if (ret == 0) { - XMEMCPY(aadCopy, aad, aadLen); - - /* seal the payload */ - ret = wc_HpkeSealBase(ech->hpke, ech->ephemeralKey, receiverPubkey, - info, (word32)infoLen, aadCopy, aadLen, ech->innerClientHello, - ech->innerClientHelloLen - ech->hpke->Nt, - ech->outerClientPayload); - - XFREE(info, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(aadCopy, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); + /* puts the null byte in for me */ + XMEMCPY(info, (byte*)TLS_INFO_CONST_STRING, + TLS_INFO_CONST_STRING_SZ + 1); + XMEMCPY(info + TLS_INFO_CONST_STRING_SZ + 1, + ech->echConfig->raw, ech->echConfig->rawLen); + /* init the context for seal with info and keys */ + ret = wc_HpkeInitSealContext(ech->hpke, ech->hpkeContext, + ech->ephemeralKey, receiverPubkey, info, infoLen); } } - + if (ret == 0) { + /* make a copy of the aad since we overwrite it */ + aadCopy = (byte*)XMALLOC(aadLen, ech->hpke->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (aadCopy == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + XMEMCPY(aadCopy, aad, aadLen); + /* seal the payload with context */ + ret = wc_HpkeContextSealBase(ech->hpke, ech->hpkeContext, aadCopy, + aadLen, ech->innerClientHello, + ech->innerClientHelloLen - ech->hpke->Nt, ech->outerClientPayload); + } + if (info != NULL) + XFREE(info, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (aadCopy != NULL) + XFREE(aadCopy, ech->hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); if (receiverPubkey != NULL) wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, receiverPubkey, ech->hpke->heap); - return ret; } @@ -13014,7 +13865,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, #endif /* WOLFSSL_DTLS_CID */ #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) case TLSX_ECH: - length += ECH_GET_SIZE((WOLFSSL_ECH*)extension->data); + length += ECH_GET_SIZE((WOLFSSL_ECH*)extension->data, msgType); break; #endif default: @@ -13264,7 +14115,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) case TLSX_ECH: WOLFSSL_MSG("ECH extension to write"); - ret = ECH_WRITE((WOLFSSL_ECH*)extension->data, + ret = ECH_WRITE((WOLFSSL_ECH*)extension->data, msgType, output + offset, &offset); break; #endif @@ -13481,9 +14332,9 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #endif #endif -#ifdef WOLFSSL_HAVE_KYBER +#ifdef WOLFSSL_HAVE_MLKEM #ifndef WOLFSSL_NO_ML_KEM -#ifdef WOLFSSL_WC_KYBER +#ifdef WOLFSSL_WC_MLKEM #ifndef WOLFSSL_NO_ML_KEM_512 if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, @@ -13491,6 +14342,11 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512, ssl->heap); + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512, + ssl->heap); + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_768 if (ret == WOLFSSL_SUCCESS) @@ -13499,6 +14355,19 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768, + ssl->heap); + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768, + ssl->heap); + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768, + ssl->heap); + #endif #endif #ifndef WOLFSSL_NO_ML_KEM_1024 if (ret == WOLFSSL_SUCCESS) @@ -13507,6 +14376,9 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024, + ssl->heap); #endif #elif defined(HAVE_LIBOQS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap); @@ -13522,13 +14394,32 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768, + ssl->heap); if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024, + ssl->heap); + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768, + ssl->heap); + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768, + ssl->heap); + #endif #endif /* HAVE_LIBOQS */ #endif /* !WOLFSSL_NO_ML_KEM */ -#ifdef WOLFSSL_KYBER_ORIGINAL -#ifdef WOLFSSL_WC_KYBER +#ifdef WOLFSSL_MLKEM_KYBER +#ifdef WOLFSSL_WC_MLKEM #ifdef WOLFSSL_KYBER512 if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, @@ -13536,6 +14427,11 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1, ssl->heap); + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1, + ssl->heap); + #endif #endif #ifdef WOLFSSL_KYBER768 if (ret == WOLFSSL_SUCCESS) @@ -13544,6 +14440,19 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3, + ssl->heap); + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3, + ssl->heap); + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3, + ssl->heap); + #endif #endif #ifdef WOLFSSL_KYBER1024 if (ret == WOLFSSL_SUCCESS) @@ -13567,12 +14476,28 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3, + ssl->heap); if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, ssl->heap); + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3, + ssl->heap); + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + if (ret == WOLFSSL_SUCCESS) + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3, + ssl->heap); + #endif #endif /* HAVE_LIBOQS */ -#endif /* WOLFSSL_KYBER_ORIGINAL */ -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_MLKEM_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM */ (void)ssl; (void)extensions; @@ -14048,7 +14973,9 @@ static int TLSX_GetSizeWithEch(WOLFSSL* ssl, byte* semaphore, byte msgType, echX = TLSX_Find(ssl->ctx->extensions, TLSX_ECH); /* if type is outer change sni to public name */ - if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER) { + if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER && + (ssl->options.echAccepted || + ((WOLFSSL_ECH*)echX->data)->innerCount == 0)) { if (ssl->extensions) { serverNameX = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); @@ -14255,7 +15182,9 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore, } /* if type is outer change sni to public name */ - if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER) { + if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->type == ECH_TYPE_OUTER && + (ssl->options.echAccepted || + ((WOLFSSL_ECH*)echX->data)->innerCount == 0)) { if (ssl->extensions) { serverNameX = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); @@ -14315,31 +15244,36 @@ static int TLSX_WriteWithEch(WOLFSSL* ssl, byte* output, byte* semaphore, msgType, pOffset); } - if (echX != NULL) { - /* turn off and write it last */ - TURN_OFF(semaphore, TLSX_ToSemaphore(echX->type)); - } + /* only write if have a shot at acceptance */ + if (echX != NULL && + (ssl->options.echAccepted || + ((WOLFSSL_ECH*)echX->data)->innerCount == 0)) { + if (echX != NULL) { + /* turn off and write it last */ + TURN_OFF(semaphore, TLSX_ToSemaphore(echX->type)); + } - if (ret == 0 && ssl->extensions) { - ret = TLSX_Write(ssl->extensions, output + *pOffset, semaphore, - msgType, pOffset); - } + if (ret == 0 && ssl->extensions) { + ret = TLSX_Write(ssl->extensions, output + *pOffset, semaphore, + msgType, pOffset); + } - if (ret == 0 && ssl->ctx && ssl->ctx->extensions) { - ret = TLSX_Write(ssl->ctx->extensions, output + *pOffset, semaphore, - msgType, pOffset); - } + if (ret == 0 && ssl->ctx && ssl->ctx->extensions) { + ret = TLSX_Write(ssl->ctx->extensions, output + *pOffset, semaphore, + msgType, pOffset); + } - if (serverNameX != NULL) { - /* remove the public name SNI */ - TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap); + if (serverNameX != NULL) { + /* remove the public name SNI */ + TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap); - ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, tmpServerName, - XSTRLEN(tmpServerName), ssl->heap); + ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, tmpServerName, + XSTRLEN(tmpServerName), ssl->heap); - /* restore the inner server name */ - if (ret == WOLFSSL_SUCCESS) - ret = 0; + /* restore the inner server name */ + if (ret == WOLFSSL_SUCCESS) + ret = 0; + } } #ifdef WOLFSSL_SMALL_STACK @@ -14557,6 +15491,10 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #ifdef WOLFSSL_SEND_HRR_COOKIE TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_COOKIE)); #endif +#ifdef HAVE_ECH + /* send the special confirmation */ + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_ECH)); +#endif break; #endif @@ -14700,6 +15638,10 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); } #endif +#ifdef HAVE_ECH + /* send the special confirmation */ + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_ECH)); +#endif /* Cookie is written below as last extension. */ break; #endif diff --git a/src/src/tls13.c b/src/src/tls13.c index a1a1783..6efe446 100644 --- a/src/src/tls13.c +++ b/src/src/tls13.c @@ -1,6 +1,6 @@ /* tls13.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* * BUILD_GCM @@ -88,16 +89,7 @@ * Default behavior is to return a signed 64-bit value. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - -#ifdef WOLFSSL_TLS13 -#ifdef HAVE_SESSION_TICKET - #include -#endif +#if !defined(NO_TLS) && defined(WOLFSSL_TLS13) #ifndef WOLFCRYPT_ONLY @@ -180,11 +172,14 @@ static const byte dtls13ProtocolLabel[DTLS13_PROTOCOL_LABEL_SZ + 1] = "dtls13"; #endif /* WOLFSSL_DTLS13 */ #if defined(HAVE_ECH) -#define ECH_ACCEPT_CONFIRMATION_SZ 8 #define ECH_ACCEPT_CONFIRMATION_LABEL_SZ 23 +#define ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ 27 static const byte echAcceptConfirmationLabel[ECH_ACCEPT_CONFIRMATION_LABEL_SZ + 1] = "ech accept confirmation"; +static const byte + echHrrAcceptConfirmationLabel[ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ + 1] = + "hrr ech accept confirmation"; #endif #ifndef NO_CERTS @@ -1024,7 +1019,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, ret = Tls13HKDFExpandLabel(ssl, firstExpand, hashLen, ssl->arrays->exporterSecret, hashLen, protocol, protocolLen, (byte*)label, (word32)labelLen, - emptyHash, hashLen, hashType); + emptyHash, hashLen, (int)hashType); if (ret != 0) return ret; @@ -1035,7 +1030,7 @@ int Tls13_Exporter(WOLFSSL* ssl, unsigned char *out, size_t outLen, ret = Tls13HKDFExpandLabel(ssl, out, (word32)outLen, firstExpand, hashLen, protocol, protocolLen, exporterLabel, EXPORTER_LABEL_SZ, - hashOut, hashLen, hashType); + hashOut, hashLen, (int)hashType); return ret; } @@ -4166,7 +4161,8 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config) /* returns status after we hash the ech inner */ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) { - int ret; + int ret = 0; + word32 realSz; HS_Hashes* tmpHashes; #ifdef WOLFSSL_DTLS13 byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ]; @@ -4176,29 +4172,51 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) if (ssl == NULL || ech == NULL) return BAD_FUNC_ARG; - - /* switch hsHashes to the ech version */ - InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &ssl->hsHashesEch); - - /* swap hsHashes so the regular hash functions work */ + realSz = ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt; tmpHashes = ssl->hsHashes; - ssl->hsHashes = ssl->hsHashesEch; - - /* do the handshake header then the body */ - AddTls13HandShakeHeader(falseHeader, - ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt, 0, 0, - client_hello, ssl); - ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ); + ssl->hsHashes = NULL; + /* init the ech hashes */ + ret = InitHandshakeHashes(ssl); + if (ret == 0) { + ssl->hsHashesEch = ssl->hsHashes; + /* do the handshake header then the body */ + AddTls13HandShakeHeader(falseHeader, realSz, 0, 0, client_hello, ssl); + ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ); + /* hash with inner */ + if (ret == 0) { + /* init hsHashesEchInner */ + if (ech->innerCount == 0) { + ssl->hsHashes = ssl->hsHashesEchInner; + ret = InitHandshakeHashes(ssl); + if (ret == 0) { + ssl->hsHashesEchInner = ssl->hsHashes; + ech->innerCount = 1; + } + } + else { + /* switch back to hsHashes so we have hrr -> echInner2 */ + ssl->hsHashes = tmpHashes; + ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, + &ssl->hsHashesEchInner); + } + if (ret == 0) { + ssl->hsHashes = ssl->hsHashesEchInner; + ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ); + ssl->hsHashes = ssl->hsHashesEch; + } + } + } /* hash the body */ + if (ret == 0) + ret = HashRaw(ssl, ech->innerClientHello, realSz); + /* hash with inner */ if (ret == 0) { - ret = HashRaw(ssl, ech->innerClientHello, - (int)(ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt)); + ssl->hsHashes = ssl->hsHashesEchInner; + ret = HashRaw(ssl, ech->innerClientHello, realSz); } - /* swap hsHashes back */ ssl->hsHashes = tmpHashes; - return ret; } #endif @@ -4443,23 +4461,26 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (args->ech == NULL) return WOLFSSL_FATAL_ERROR; - /* set the type to inner */ - args->ech->type = ECH_TYPE_INNER; - args->preXLength = (int)args->length; + /* only prepare if we have a chance at acceptance */ + if (ssl->options.echAccepted || args->ech->innerCount == 0) { + /* set the type to inner */ + args->ech->type = ECH_TYPE_INNER; + args->preXLength = (int)args->length; - /* get size for inner */ - ret = TLSX_GetRequestSize(ssl, client_hello, &args->length); - if (ret != 0) - return ret; + /* get size for inner */ + ret = TLSX_GetRequestSize(ssl, client_hello, &args->length); + if (ret != 0) + return ret; - /* set the type to outer */ - args->ech->type = 0; - /* set innerClientHelloLen to ClientHelloInner + padding + tag */ - args->ech->paddingLen = 31 - ((args->length - 1) % 32); - args->ech->innerClientHelloLen = (word16)(args->length + - args->ech->paddingLen + args->ech->hpke->Nt); - /* set the length back to before we computed ClientHelloInner size */ - args->length = (word32)args->preXLength; + /* set the type to outer */ + args->ech->type = 0; + /* set innerClientHelloLen to ClientHelloInner + padding + tag */ + args->ech->paddingLen = 31 - ((args->length - 1) % 32); + args->ech->innerClientHelloLen = (word16)(args->length + + args->ech->paddingLen + args->ech->hpke->Nt); + /* set the length back to before we computed ClientHelloInner size */ + args->length = (word32)args->preXLength; + } } #endif @@ -4585,42 +4606,41 @@ int SendTls13ClientHello(WOLFSSL* ssl) #if defined(HAVE_ECH) /* write inner then outer */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH && + (ssl->options.echAccepted || args->ech->innerCount == 0)) { /* set the type to inner */ args->ech->type = ECH_TYPE_INNER; - + /* innerClientHello may already exist from hrr, free if it does */ + if (args->ech->innerClientHello != NULL) { + XFREE(args->ech->innerClientHello, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + } /* allocate the inner */ args->ech->innerClientHello = (byte*)XMALLOC(args->ech->innerClientHelloLen - args->ech->hpke->Nt, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (args->ech->innerClientHello == NULL) return MEMORY_E; - /* set the padding bytes to 0 */ XMEMSET(args->ech->innerClientHello + args->ech->innerClientHelloLen - args->ech->hpke->Nt - args->ech->paddingLen, 0, args->ech->paddingLen); - /* copy the client hello to the ech innerClientHello, exclude record */ /* and handshake headers */ XMEMCPY(args->ech->innerClientHello, args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ, args->idx - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ)); - /* copy the client random to inner */ XMEMCPY(ssl->arrays->clientRandomInner, ssl->arrays->clientRandom, RAN_LEN); - /* change the outer client random */ ret = wc_RNG_GenerateBlock(ssl->rng, args->output + args->clientRandomOffset, RAN_LEN); if (ret != 0) return ret; - /* copy the new client random */ XMEMCPY(ssl->arrays->clientRandom, args->output + args->clientRandomOffset, RAN_LEN); - /* write the extensions for inner */ args->length = 0; ret = TLSX_WriteRequest(ssl, args->ech->innerClientHello + args->idx - @@ -4628,7 +4648,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) &args->length); if (ret != 0) return ret; - /* set the type to outer */ args->ech->type = 0; } @@ -4645,7 +4664,8 @@ int SendTls13ClientHello(WOLFSSL* ssl) #if defined(HAVE_ECH) /* encrypt and pack the ech innerClientHello */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH && + (ssl->options.echAccepted || args->ech->innerCount == 0)) { ret = TLSX_FinalizeEch(args->ech, args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ, (word32)(args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ))); @@ -4675,7 +4695,8 @@ int SendTls13ClientHello(WOLFSSL* ssl) { #if defined(HAVE_ECH) /* compute the inner hash */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH) + if (ssl->options.useEch == 1 && !ssl->options.disableECH && + (ssl->options.echAccepted || args->ech->innerCount == 0)) ret = EchHashHelloInner(ssl, args->ech); #endif /* compute the outer hash */ @@ -4768,15 +4789,15 @@ static int Dtls13ClientDoDowngrade(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT*/ #if defined(HAVE_ECH) -/* check if the server accepted ech or not */ -static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, - int serverRandomOffset, int helloSz) +/* check if the server accepted ech or not, must be run after an hsHashes + * restart */ +static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, + const byte* input, int acceptOffset, int helloSz) { int ret = 0; int digestType = 0; int digestSize = 0; HS_Hashes* tmpHashes; - HS_Hashes* acceptHashes; byte zeros[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; @@ -4785,22 +4806,20 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation)); - /* copy ech hashes to accept */ - ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHashes); - /* swap hsHashes to acceptHashes */ + /* store so we can restore regardless of the outcome */ tmpHashes = ssl->hsHashes; - ssl->hsHashes = acceptHashes; + /* swap hsHashes to hsHashesEch */ + ssl->hsHashes = ssl->hsHashesEch; /* hash up to the last 8 bytes */ - if (ret == 0) - ret = HashRaw(ssl, input, serverRandomOffset + RAN_LEN - - ECH_ACCEPT_CONFIRMATION_SZ); + ret = HashRaw(ssl, input, acceptOffset); /* hash 8 zeros */ if (ret == 0) ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); /* hash the rest of the hello */ if (ret == 0) { - ret = HashRaw(ssl, input + serverRandomOffset + RAN_LEN, - helloSz + HANDSHAKE_HEADER_SZ - (serverRandomOffset + RAN_LEN)); + ret = HashRaw(ssl, input + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ, + helloSz + HANDSHAKE_HEADER_SZ - + (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ)); } /* get the modified transcript hash */ if (ret == 0) @@ -4856,97 +4875,83 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, /* tls expand with the confirmation label */ if (ret == 0) { PRIVATE_KEY_UNLOCK(); - ret = Tls13HKDFExpandKeyLabel(ssl, - acceptConfirmation, ECH_ACCEPT_CONFIRMATION_SZ, - expandLabelPrk, (word32)digestSize, - tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, - echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ, - transcriptEchConf, (word32)digestSize, digestType, WOLFSSL_SERVER_END); + ret = Tls13HKDFExpandKeyLabel(ssl, acceptConfirmation, + ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize, + tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz, + transcriptEchConf, (word32)digestSize, digestType, + WOLFSSL_SERVER_END); PRIVATE_KEY_LOCK(); } if (ret == 0) { /* last 8 bytes should match our expand output */ - ret = XMEMCMP(acceptConfirmation, - ssl->arrays->serverRandom + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ, + ret = XMEMCMP(acceptConfirmation, input + acceptOffset, ECH_ACCEPT_CONFIRMATION_SZ); /* ech accepted */ if (ret == 0) { - /* use the inner random for client random */ - XMEMCPY(ssl->arrays->clientRandom, ssl->arrays->clientRandomInner, - RAN_LEN); - /* switch back to original hsHashes to free */ + /* set echAccepted to 1 */ + ssl->options.echAccepted = 1; + /* free hsHashes and go with inner */ ssl->hsHashes = tmpHashes; - /* set the final hsHashes to the ech hashes */ - tmpHashes = ssl->hsHashesEch; + FreeHandshakeHashes(ssl); + ssl->hsHashes = ssl->hsHashesEch; + tmpHashes = ssl->hsHashesEchInner; + ssl->hsHashesEchInner = NULL; } /* ech rejected */ else { - /* switch to hsHashesEch to free */ - ssl->hsHashes = ssl->hsHashesEch; + /* set echAccepted to 0, needed in case HRR */ + ssl->options.echAccepted = 0; + /* free inner since we're continuing with outer */ + ssl->hsHashes = ssl->hsHashesEchInner; + FreeHandshakeHashes(ssl); + ssl->hsHashesEchInner = NULL; } - /* free hsHashes */ - FreeHandshakeHashes(ssl); - /* set hsHashesEch to NULL to avoid double free */ - ssl->hsHashesEch = NULL; /* continue with outer if we failed to verify ech was accepted */ ret = 0; } - /* switch to acceptHashes */ - ssl->hsHashes = acceptHashes; - /* free acceptHashes */ FreeHandshakeHashes(ssl); - /* swap to tmp, will ech if accepted, hsHashes if rejected */ + /* set hsHashesEch to NULL to avoid double free */ + ssl->hsHashesEch = NULL; + /* swap to tmp, will be inner if accepted, hsHashes if rejected */ ssl->hsHashes = tmpHashes; return ret; } -/* replace the last 8 bytes of the server random with the ech acceptance - * parameter, return status */ -static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, - int serverRandomOffset, int helloSz) +/* replace the last acceptance field for either sever hello or hrr with the ech + * acceptance parameter, return status */ +static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, + byte* output, int acceptOffset, int helloSz, byte msgType) { int ret = 0; int digestType = 0; int digestSize = 0; HS_Hashes* tmpHashes = NULL; - HS_Hashes* acceptHashes = NULL; byte zeros[WC_MAX_DIGEST_SIZE]; byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; XMEMSET(zeros, 0, sizeof(zeros)); XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); - - /* copy ech hashes to accept */ - ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, &acceptHashes); - - /* swap hsHashes to acceptHashes */ + /* store so we can restore regardless of the outcome */ tmpHashes = ssl->hsHashes; - ssl->hsHashes = acceptHashes; - - /* hash up to the last 8 bytes */ - if (ret == 0) - ret = HashRaw(ssl, output, serverRandomOffset + RAN_LEN - - ECH_ACCEPT_CONFIRMATION_SZ); - + ssl->hsHashes = ssl->hsHashesEch; + /* hash up to the acceptOffset */ + ret = HashRaw(ssl, output, acceptOffset); /* hash 8 zeros */ if (ret == 0) - ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); - + ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); /* hash the rest of the hello */ - if (ret == 0) - ret = HashRaw(ssl, output + serverRandomOffset + RAN_LEN, - helloSz - (serverRandomOffset + RAN_LEN)); - + if (ret == 0) { + ret = HashRaw(ssl, output + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ, + helloSz - (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ)); + } /* get the modified transcript hash */ if (ret == 0) ret = GetMsgHash(ssl, transcriptEchConf); - if (ret > 0) ret = 0; - /* pick the right type and size based on mac_algorithm */ - if (ret == 0) + if (ret == 0) { switch (ssl->specs.mac_algorithm) { #ifndef NO_SHA256 case sha256_mac: @@ -4976,7 +4981,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, ret = WOLFSSL_FATAL_ERROR; break; } - + } /* extract clientRandom with a key of all zeros */ if (ret == 0) { PRIVATE_KEY_UNLOCK(); @@ -4991,29 +4996,23 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, #endif PRIVATE_KEY_LOCK(); } - /* tls expand with the confirmation label */ if (ret == 0) { PRIVATE_KEY_UNLOCK(); - ret = Tls13HKDFExpandKeyLabel(ssl, - output + serverRandomOffset + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ, - ECH_ACCEPT_CONFIRMATION_SZ, - expandLabelPrk, (word32)digestSize, - tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, - echAcceptConfirmationLabel, ECH_ACCEPT_CONFIRMATION_LABEL_SZ, - transcriptEchConf, (word32)digestSize, digestType, WOLFSSL_SERVER_END); + ret = Tls13HKDFExpandKeyLabel(ssl, output + acceptOffset, + ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize, + tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz, + transcriptEchConf, (word32)digestSize, digestType, + WOLFSSL_SERVER_END); PRIVATE_KEY_LOCK(); } - - if (ret == 0) - XMEMCPY(ssl->arrays->serverRandom, output + serverRandomOffset, - RAN_LEN); - - /* free acceptHashes */ + /* mark that ech was accepted */ + if (ret == 0 && msgType != hello_retry_request) + ssl->options.echAccepted = 1; + /* free hsHashesEch, if this is an HRR we will start at client hello 2*/ FreeHandshakeHashes(ssl); - + ssl->hsHashesEch = NULL; ssl->hsHashes = tmpHashes; - return ret; } #endif @@ -5039,7 +5038,10 @@ typedef struct Dsh13Args { byte sessIdSz; byte extMsgType; #if defined(HAVE_ECH) - int serverRandomOffset; + TLSX* echX; + byte* acceptLabel; + word32 acceptOffset; + word16 acceptLabelSz; #endif } Dsh13Args; @@ -5196,7 +5198,8 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Server random - keep for debugging. */ XMEMCPY(ssl->arrays->serverRandom, input + args->idx, RAN_LEN); #if defined(HAVE_ECH) - args->serverRandomOffset = (int)args->idx; + /* last 8 bytes of server random */ + args->acceptOffset = args->idx + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ; #endif args->idx += RAN_LEN; @@ -5492,15 +5495,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ret != 0) return ret; -#if defined(HAVE_ECH) - /* check for acceptConfirmation and HashInput with 8 0 bytes */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH) { - ret = EchCheckAcceptance(ssl, input, args->serverRandomOffset, (int)helloSz); - if (ret != 0) - return ret; - } -#endif - #ifdef HAVE_NULL_CIPHER if (ssl->options.cipherSuite0 == ECC_BYTE && (ssl->options.cipherSuite == TLS_SHA256_SHA256 || @@ -5538,6 +5532,36 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return MATCH_SUITE_ERROR; } +#if defined(HAVE_ECH) + /* check for acceptConfirmation, must be done after hashes restart */ + if (ssl->options.useEch == 1) { + args->echX = TLSX_Find(ssl->extensions, TLSX_ECH); + /* account for hrr extension instead of server random */ + if (args->extMsgType == hello_retry_request) { + args->acceptOffset = + (word32)(((WOLFSSL_ECH*)args->echX->data)->confBuf - input); + args->acceptLabel = (byte*)echHrrAcceptConfirmationLabel; + args->acceptLabelSz = ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ; + } + else { + args->acceptLabel = (byte*)echAcceptConfirmationLabel; + args->acceptLabelSz = ECH_ACCEPT_CONFIRMATION_LABEL_SZ; + } + /* check acceptance */ + if (ret == 0) { + ret = EchCheckAcceptance(ssl, args->acceptLabel, + args->acceptLabelSz, input, args->acceptOffset, helloSz); + } + if (ret != 0) + return ret; + /* use the inner random for client random */ + if (args->extMsgType != hello_retry_request) { + XMEMCPY(ssl->arrays->clientRandom, ssl->arrays->clientRandomInner, + RAN_LEN); + } + } +#endif /* HAVE_ECH */ + if (*extMsgType == server_hello) { #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) PreSharedKey* psk = NULL; @@ -5556,6 +5580,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return ret; ssl->options.pskNegotiated = 1; } +#else + /* no resumption possible */ + ssl->options.resuming = 0; #endif /* sanity check on PSK / KSE */ @@ -6674,7 +6701,6 @@ static int DoTls13SupportedVersions(WOLFSSL* ssl, const byte* input, word32 i, typedef struct Dch13Args { ProtocolVersion pv; - Suites* clSuites; word32 idx; word32 begin; int usingPSK; @@ -6682,17 +6708,17 @@ typedef struct Dch13Args { static void FreeDch13Args(WOLFSSL* ssl, void* pArgs) { - Dch13Args* args = (Dch13Args*)pArgs; - - (void)ssl; - - if (args && args->clSuites) { - XFREE(args->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); - args->clSuites = NULL; + /* openssl compat builds hang on to the client suites until WOLFSSL object + * is destroyed */ +#ifndef OPENSSL_EXTRA + if (ssl->clSuites) { + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = NULL; } -#ifdef OPENSSL_EXTRA - ssl->clSuites = NULL; #endif + (void)ssl; + (void)pArgs; + } int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, @@ -6707,6 +6733,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif #if defined(HAVE_ECH) TLSX* echX = NULL; + HS_Hashes* tmpHashes; #endif WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); @@ -6902,28 +6929,31 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ - args->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, + XFREE(ssl->clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + ssl->clSuites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, DYNAMIC_TYPE_SUITES); - if (args->clSuites == NULL) { + if (ssl->clSuites == NULL) { ERROR_OUT(MEMORY_E, exit_dch); } /* Cipher suites */ if ((args->idx - args->begin) + OPAQUE16_LEN > helloSz) ERROR_OUT(BUFFER_ERROR, exit_dch); - ato16(&input[args->idx], &args->clSuites->suiteSz); + ato16(&input[args->idx], &ssl->clSuites->suiteSz); args->idx += OPAQUE16_LEN; - if ((args->clSuites->suiteSz % 2) != 0) { + if ((ssl->clSuites->suiteSz % 2) != 0) { ERROR_OUT(INVALID_PARAMETER, exit_dch); } /* suites and compression length check */ - if ((args->idx - args->begin) + args->clSuites->suiteSz + OPAQUE8_LEN > helloSz) + if ((args->idx - args->begin) + ssl->clSuites->suiteSz + OPAQUE8_LEN > + helloSz) { ERROR_OUT(BUFFER_ERROR, exit_dch); - if (args->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) + } + if (ssl->clSuites->suiteSz > WOLFSSL_MAX_SUITE_SZ) ERROR_OUT(BUFFER_ERROR, exit_dch); - XMEMCPY(args->clSuites->suites, input + args->idx, args->clSuites->suiteSz); - args->idx += args->clSuites->suiteSz; - args->clSuites->hashSigAlgoSz = 0; + XMEMCPY(ssl->clSuites->suites, input + args->idx, ssl->clSuites->suiteSz); + args->idx += ssl->clSuites->suiteSz; + ssl->clSuites->hashSigAlgoSz = 0; /* Compression */ b = input[args->idx++]; @@ -6960,7 +6990,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return WOLFSSL_FATAL_ERROR; + ERROR_OUT(WOLFSSL_FATAL_ERROR, exit_dch); ((WOLFSSL_ECH*)echX->data)->aad = input + HANDSHAKE_HEADER_SZ; ((WOLFSSL_ECH*)echX->data)->aadLen = helloSz; @@ -6969,7 +6999,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Parse extensions */ if ((ret = TLSX_Parse(ssl, input + args->idx, totalExtSz, client_hello, - args->clSuites))) { + ssl->clSuites))) { goto exit_dch; } @@ -7027,9 +7057,25 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif +#if defined(HAVE_ECH) + /* hash clientHelloInner to hsHashesEch independently since it can't include + * the HRR */ + if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) { + tmpHashes = ssl->hsHashes; + ssl->hsHashes = NULL; + ret = InitHandshakeHashes(ssl); + if (ret != 0) + goto exit_dch; + if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0) + goto exit_dch; + ssl->hsHashesEch = ssl->hsHashes; + ssl->hsHashes = tmpHashes; + } +#endif + #if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) && \ defined(HAVE_TLS_EXTENSIONS) - ret = CheckPreSharedKeys(ssl, input + args->begin, helloSz, args->clSuites, + ret = CheckPreSharedKeys(ssl, input + args->begin, helloSz, ssl->clSuites, &args->usingPSK); if (ret != 0) goto exit_dch; @@ -7053,7 +7099,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_MSG("Client did not send a KeyShare extension"); ERROR_OUT(INCOMPLETE_DATA, exit_dch); } - if (TLSX_Find(ssl->extensions, TLSX_SIGNATURE_ALGORITHMS) == NULL) { + /* Can't check ssl->extensions here as SigAlgs are unconditionally + set by TLSX_PopulateExtensions */ + if (ssl->clSuites->hashSigAlgoSz == 0) { WOLFSSL_MSG("Client did not send a SignatureAlgorithms extension"); ERROR_OUT(INCOMPLETE_DATA, exit_dch); } @@ -7079,13 +7127,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_DO: { #ifdef OPENSSL_EXTRA - ssl->clSuites = args->clSuites; if ((ret = CertSetupCbWrapper(ssl)) != 0) goto exit_dch; #endif #ifndef NO_CERTS if (!args->usingPSK) { - if ((ret = MatchSuite(ssl, args->clSuites)) < 0) { + if ((ret = MatchSuite(ssl, ssl->clSuites)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif @@ -7178,7 +7225,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ERROR_OUT(MATCH_SUITE_ERROR, exit_dch); } - #ifdef HAVE_SESSION_TICKET + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ssl->options.resuming) { ssl->options.resuming = 0; ssl->arrays->psk_keySz = 0; @@ -7306,7 +7353,9 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) int sendSz; #if defined(HAVE_ECH) TLSX* echX = NULL; - word32 serverRandomOffset; + byte* acceptLabel = (byte*)echAcceptConfirmationLabel; + word32 acceptOffset; + word16 acceptLabelSz = ECH_ACCEPT_CONFIRMATION_LABEL_SZ; #endif WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); @@ -7365,7 +7414,8 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) } #if defined(HAVE_ECH) - serverRandomOffset = idx; + /* last 8 bytes of server random */ + acceptOffset = idx + RAN_LEN - ECH_ACCEPT_CONFIRMATION_SZ; #endif /* Store in SSL for debugging. */ @@ -7429,18 +7479,37 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) #if defined(HAVE_ECH) if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) { echX = TLSX_Find(ssl->extensions, TLSX_ECH); - if (echX == NULL) return WOLFSSL_FATAL_ERROR; - + /* use hrr offset */ + if (extMsgType == hello_retry_request) { + acceptOffset = + (word32)(((WOLFSSL_ECH*)echX->data)->confBuf - output); + acceptLabel = (byte*)echHrrAcceptConfirmationLabel; + acceptLabelSz = ECH_HRR_ACCEPT_CONFIRMATION_LABEL_SZ; + } /* replace the last 8 bytes of server random with the accept */ if (((WOLFSSL_ECH*)echX->data)->state == ECH_PARSED_INTERNAL) { - ret = EchWriteAcceptance(ssl, output + RECORD_HEADER_SZ, - serverRandomOffset - RECORD_HEADER_SZ, - sendSz - RECORD_HEADER_SZ); - - /* remove ech so we don't keep sending it in write */ - TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); + if (ret == 0) { + ret = EchWriteAcceptance(ssl, acceptLabel, + acceptLabelSz, output + RECORD_HEADER_SZ, + acceptOffset - RECORD_HEADER_SZ, + sendSz - RECORD_HEADER_SZ, extMsgType); + } + if (extMsgType == hello_retry_request) { + /* reset the ech state for round 2 */ + ((WOLFSSL_ECH*)echX->data)->state = ECH_WRITE_NONE; + } + else { + if (ret == 0) { + /* update serverRandom on success */ + XMEMCPY(ssl->arrays->serverRandom, + output + acceptOffset - + (RAN_LEN -ECH_ACCEPT_CONFIRMATION_SZ), RAN_LEN); + } + /* remove ech so we don't keep sending it in write */ + TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); + } } } #endif @@ -8012,9 +8081,8 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, else ret = INVALID_PARAMETER; break; -#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - case PQC_SA_MAJOR: #if defined(HAVE_FALCON) + case FALCON_SA_MAJOR: if (input[1] == FALCON_LEVEL1_SA_MINOR) { *hsType = falcon_level1_sa_algo; /* Hash performed as part of sign/verify operation. */ @@ -8025,8 +8093,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, *hashAlgo = sha512_mac; } else + ret = INVALID_PARAMETER; + break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + case DILITHIUM_SA_MAJOR: if (input[1] == DILITHIUM_LEVEL2_SA_MINOR) { *hsType = dilithium_level2_sa_algo; /* Hash performed as part of sign/verify operation. */ @@ -8041,12 +8112,11 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo, *hashAlgo = sha512_mac; } else -#endif /* HAVE_DILITHIUM */ { ret = INVALID_PARAMETER; } break; -#endif +#endif /* HAVE_DILITHIUM */ default: *hashAlgo = input[0]; *hsType = input[1]; @@ -8466,7 +8536,7 @@ static word32 NextCert(byte* data, word32 length, word32* idx) * offset index offset * returns Total number of bytes written. */ -static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, +static int WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, word16* extSz, word16 extSz_num) { int ret = 0; @@ -8484,7 +8554,7 @@ static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, if (csr) { for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) { - tmpSz = TLSX_CSR_GetSize_ex(csr, 0, extIdx); + tmpSz = TLSX_CSR_GetSize_ex(csr, 0, (int)extIdx); if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) && certExts[extIdx] == NULL) { @@ -8519,7 +8589,7 @@ static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, /* chain cert empty extension size */ totalSz += OPAQUE16_LEN * extSz_num; } - return totalSz; + return (int)totalSz; } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ /* Add certificate data and empty extension to output up to the fragment size. @@ -8622,6 +8692,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) ssl->options.sendVerify = SEND_CERT; } wolfSSL_X509_free(x509); + x509 = NULL; wolfSSL_EVP_PKEY_free(pkey); } } @@ -9141,41 +9212,12 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif #if defined(HAVE_FALCON) else if (ssl->hsType == DYNAMIC_TYPE_FALCON) { - falcon_key* fkey = (falcon_key*)ssl->hsKey; - byte level = 0; - if (wc_falcon_get_level(fkey, &level) != 0) { - ERROR_OUT(ALGO_ID_E, exit_scv); - } - if (level == 1) { - args->sigAlgo = falcon_level1_sa_algo; - } - else if (level == 5) { - args->sigAlgo = falcon_level5_sa_algo; - } - else { - ERROR_OUT(ALGO_ID_E, exit_scv); - } + args->sigAlgo = ssl->buffers.keyType; } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { - dilithium_key* fkey = (dilithium_key*)ssl->hsKey; - byte level = 0; - if (wc_dilithium_get_level(fkey, &level) != 0) { - ERROR_OUT(ALGO_ID_E, exit_scv); - } - if (level == 2) { - args->sigAlgo = dilithium_level2_sa_algo; - } - else if (level == 3) { - args->sigAlgo = dilithium_level3_sa_algo; - } - else if (level == 5) { - args->sigAlgo = dilithium_level5_sa_algo; - } - else { - ERROR_OUT(ALGO_ID_E, exit_scv); - } + args->sigAlgo = ssl->buffers.keyType; } #endif /* HAVE_DILITHIUM */ else { @@ -9459,9 +9501,11 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) { - ret = wc_dilithium_sign_msg(args->sigData, args->sigDataSz, - sigOut, &args->sigLen, - (dilithium_key*)ssl->hsKey, ssl->rng); + ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->sigData, + args->sigDataSz, sigOut, + &args->sigLen, + (dilithium_key*)ssl->hsKey, + ssl->rng); args->length = (word16)args->sigLen; } #endif /* HAVE_DILITHIUM */ @@ -9553,11 +9597,9 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (ssl->hsAltType == DYNAMIC_TYPE_DILITHIUM) { - ret = wc_dilithium_sign_msg(args->altSigData, - args->altSigDataSz, sigOut, - &args->altSigLen, - (dilithium_key*)ssl->hsAltKey, - ssl->rng); + ret = wc_dilithium_sign_ctx_msg(NULL, 0, args->altSigData, + args->altSigDataSz, sigOut, &args->altSigLen, + (dilithium_key*)ssl->hsAltKey, ssl->rng); } #endif /* HAVE_DILITHIUM */ @@ -10147,13 +10189,13 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, #endif #ifdef HAVE_DILITHIUM case dilithium_level2_sa_algo: - ret = decodeDilithiumKey(ssl, 2); + ret = decodeDilithiumKey(ssl, WC_ML_DSA_44); break; case dilithium_level3_sa_algo: - ret = decodeDilithiumKey(ssl, 3); + ret = decodeDilithiumKey(ssl, WC_ML_DSA_65); break; case dilithium_level5_sa_algo: - ret = decodeDilithiumKey(ssl, 5); + ret = decodeDilithiumKey(ssl, WC_ML_DSA_87); break; #endif #ifdef HAVE_FALCON @@ -10542,6 +10584,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Falcon signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) @@ -10551,9 +10597,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (ssl->peerDilithiumKeyPresent)) { int res = 0; WOLFSSL_MSG("Doing Dilithium peer cert verify"); - ret = wc_dilithium_verify_msg(sig, args->sigSz, - args->sigData, args->sigDataSz, - &res, ssl->peerDilithiumKey); + ret = wc_dilithium_verify_ctx_msg(sig, args->sigSz, NULL, 0, + args->sigData, args->sigDataSz, + &res, ssl->peerDilithiumKey); if ((ret >= 0) && (res == 1)) { /* CLIENT/SERVER: data verified with public key from @@ -10564,6 +10610,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerDilithiumKey); ssl->peerDilithiumKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Dilithium signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_DILITHIUM */ @@ -10644,6 +10694,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Falcon signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) @@ -10653,9 +10707,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (ssl->peerDilithiumKeyPresent)) { int res = 0; WOLFSSL_MSG("Doing Dilithium peer cert alt verify"); - ret = wc_dilithium_verify_msg(sig, args->altSignatureSz, - args->altSigData, args->altSigDataSz, - &res, ssl->peerDilithiumKey); + ret = wc_dilithium_verify_ctx_msg(sig, args->altSignatureSz, + NULL, 0, args->altSigData, + args->altSigDataSz, &res, + ssl->peerDilithiumKey); if ((ret >= 0) && (res == 1)) { /* CLIENT/SERVER: data verified with public key from @@ -10666,6 +10721,10 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, (void**)&ssl->peerDilithiumKey); ssl->peerDilithiumKeyPresent = 0; } + else if ((ret >= 0) && (res == 0)) { + WOLFSSL_MSG("Dilithium signature verification failed"); + ret = SIG_VERIFY_E; + } } #endif /* HAVE_DILITHIUM */ @@ -12692,16 +12751,15 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) { - /* reset the inOutIdx to the outer start */ *inOutIdx = echInOutIdx; - /* call again with the inner hello */ - ret = DoTls13ClientHello(ssl, - ((WOLFSSL_ECH*)echX->data)->innerClientHello, - &echInOutIdx, - ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen); - + if (ret == 0) { + ret = DoTls13ClientHello(ssl, + ((WOLFSSL_ECH*)echX->data)->innerClientHello, + &echInOutIdx, + ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen); + } /* if the inner ech parsed successfully we have successfully * handled the hello and can skip the whole message */ if (ret == 0) @@ -13602,8 +13660,9 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group) } #endif -#if defined(WOLFSSL_HAVE_KYBER) - if (WOLFSSL_NAMED_GROUP_IS_PQC(group)) { +#if defined(WOLFSSL_HAVE_MLKEM) + if (WOLFSSL_NAMED_GROUP_IS_PQC(group) || + WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) { if (ssl->ctx != NULL && ssl->ctx->method != NULL && !IsAtLeastTLSv1_3(ssl->version)) { @@ -14884,7 +14943,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) return WOLFSSL_FATAL_ERROR; } if (ssl->options.handShakeState == SERVER_FINISHED_COMPLETE) { - ret = ReceiveData(ssl, (byte*)data, sz, FALSE); + ret = ReceiveData(ssl, (byte*)data, (size_t)sz, FALSE); if (ret > 0) *outSz = ret; if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) { @@ -15022,4 +15081,4 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret, #endif /* !WOLFCRYPT_ONLY */ -#endif /* WOLFSSL_TLS13 */ +#endif /* !NO_TLS && WOLFSSL_TLS13 */ diff --git a/src/src/wolfio.c b/src/src/wolfio.c index 5e62e9f..0809734 100644 --- a/src/src/wolfio.c +++ b/src/src/wolfio.c @@ -1,6 +1,6 @@ /* wolfio.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,11 +24,7 @@ #define WOLFSSL_STRERROR_BUFFER_SIZE 256 #endif -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef WOLFCRYPT_ONLY @@ -41,11 +37,6 @@ #include #endif -#ifdef _WIN32_WCE - /* On WinCE winsock2.h must be included before windows.h for socket stuff */ - #include -#endif - #include #include #include @@ -56,7 +47,9 @@ int Nucleus_Net_Errno; #endif #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) - #ifndef USE_WINDOWS_API + #ifdef USE_WINDOWS_API + #include + #else #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) #elif defined(ARDUINO) #elif defined(FREESCALE_MQX) @@ -229,7 +222,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) else return WOLFSSL_CBIO_ERR_TIMEOUT; } -#endif +#endif /* SOCKET_ETIMEDOUT */ else if (err == SOCKET_ECONNRESET) { WOLFSSL_MSG("\tConnection reset"); @@ -248,7 +241,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) return WOLFSSL_CBIO_ERR_CONN_CLOSE; } -#if defined(_WIN32) +#if defined(_WIN32) && !defined(__WATCOMC__) strcpy_s(errstr, sizeof(errstr), "\tGeneral error: "); errstr_offset = strlen(errstr); FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, @@ -766,7 +759,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) else #endif /* WOLFSSL_DTLS13 */ timeout.tv_sec = dtls_timeout; - #endif + #endif /* USE_WINDOWS_API */ if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, sizeof(timeout)) != 0) { WOLFSSL_MSG("setsockopt rcvtimeo failed"); @@ -863,22 +856,22 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #ifndef WOLFSSL_PEER_ADDRESS_CHANGES else { ret = 0; -#ifdef WOLFSSL_RW_THREADED + #ifdef WOLFSSL_RW_THREADED if (wc_LockRwLock_Rd(&ssl->buffers.dtlsCtx.peerLock) != 0) return WOLFSSL_CBIO_ERR_GENERAL; -#endif + #endif /* WOLFSSL_RW_THREADED */ if (!sockAddrEqual(peer, peerSz, (SOCKADDR_S*)dtlsCtx->peer.sa, dtlsCtx->peer.sz)) { ret = WOLFSSL_CBIO_ERR_GENERAL; } -#ifdef WOLFSSL_RW_THREADED + #ifdef WOLFSSL_RW_THREADED if (wc_UnLockRwLock(&ssl->buffers.dtlsCtx.peerLock) != 0) return WOLFSSL_CBIO_ERR_GENERAL; -#endif + #endif /* WOLFSSL_RW_THREADED */ if (ret != 0) return ret; } -#endif +#endif /* !WOLFSSL_PEER_ADDRESS_CHANGES */ } #ifndef NO_ASN_TIME ssl->dtls_start_timeout = 0; @@ -1095,7 +1088,7 @@ int EmbedGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx) return WOLFSSL_SUCCESS; } -#endif +#endif /* WOLFSSL_DTLS */ /* get the peer information in human readable form (ip, port, family) * default function assumes BSD sockets @@ -1254,6 +1247,9 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr ret = ioctlsocket(sockfd, FIONBIO, &blocking); if (ret == SOCKET_ERROR) ret = WOLFSSL_FATAL_ERROR; + #elif defined(__WATCOMC__) && defined(__OS2__) + if (ioctl(sockfd, FIONBIO, &non_blocking) == -1) + ret = WOLFSSL_FATAL_ERROR; #else ret = fcntl(sockfd, F_GETFL, 0); if (ret >= 0) { @@ -1293,9 +1289,9 @@ int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wr ret = select(nfds, &rfds, &wfds, NULL, &timeout); if (ret == 0) { - #ifdef DEBUG_HTTP + #ifdef DEBUG_HTTP fprintf(stderr, "Timeout: %d\n", ret); - #endif + #endif return HTTP_TIMEOUT; } else if (ret > 0) { @@ -1360,13 +1356,13 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #else HOSTENT *entry; #endif -#endif +#endif /* !WOLFSSL_USE_POPEN_HOST */ #ifdef WOLFSSL_IPV6 SOCKADDR_IN6 *sin; #else SOCKADDR_IN *sin; -#endif -#endif /* HAVE_SOCKADDR */ +#endif /* WOLFSSL_IPV6 */ +#endif /* HAVE_GETADDRINFO */ if (sockfd == NULL || ip == NULL) { return WOLFSSL_FATAL_ERROR; @@ -1377,8 +1373,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) sockaddr_len = sizeof(SOCKADDR_IN6); #else sockaddr_len = sizeof(SOCKADDR_IN); -#endif -#endif +#endif /* WOLFSSL_IPV6 */ +#endif /* !HAVE_GETADDRINFO */ XMEMSET(&addr, 0, sizeof(addr)); #ifdef WOLFIO_DEBUG @@ -1496,7 +1492,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) sin = (SOCKADDR_IN *)&addr; sin->sin_family = AF_INET; sin->sin_port = XHTONS(port); - XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], entry->h_length); + XMEMCPY(&sin->sin_addr.s_addr, entry->h_addr_list[0], + (size_t)entry->h_length); #endif } @@ -1530,7 +1527,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) } #else (void)to_sec; -#endif +#endif /* HAVE_IO_TIMEOUT */ ret = connect(*sockfd, (SOCKADDR *)&addr, sockaddr_len); #ifdef HAVE_IO_TIMEOUT @@ -1549,7 +1546,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) wolfIO_SetBlockingMode(*sockfd, 0); } } -#endif +#endif /* HAVE_IO_TIMEOUT */ if (ret != 0) { WOLFSSL_MSG("Responder tcp connect failed"); CloseSocket(*sockfd); @@ -2671,7 +2668,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) } } } - #endif + #endif /* WOLFSSL_DTLS */ ret = NetSock_RxData(sd, buf, sz, ssl->rflags, &err); if (ret < 0) { @@ -3423,7 +3420,7 @@ int wolfSSL_SetIO_LwIP(WOLFSSL* ssl, void* pcb, return ERR_OK; } -#endif +#endif /* WOLFSSL_LWIP_NATIVE */ #ifdef WOLFSSL_ISOTP static int isotp_send_single_frame(struct isotp_wolfssl_ctx *ctx, char *buf, @@ -3808,5 +3805,5 @@ int wolfSSL_SetIO_ISOTP(WOLFSSL *ssl, isotp_wolfssl_ctx *ctx, } return 0; } -#endif +#endif /* WOLFSSL_ISOTP */ #endif /* WOLFCRYPT_ONLY */ diff --git a/src/src/x509.c b/src/src/x509.c index d656815..62e3774 100644 --- a/src/src/x509.c +++ b/src/src/x509.c @@ -1,6 +1,6 @@ /* x509.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFSSL_X509_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -481,6 +476,24 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, return WOLFSSL_FATAL_ERROR; } + +int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a, WOLFSSL_X509 *obj) +{ + WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509"); + (void)a; + (void)obj; + return 0; +} + +int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a, + WOLFSSL_X509_CRL *obj) +{ + WOLFSSL_STUB("wolfSSL_X509_OBJECT_set1_X509_CRL"); + (void)a; + (void)obj; + return 0; +} + #endif /* OPENSSL_ALL || OPENSSL_EXTRA */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ @@ -1181,12 +1194,24 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } } - ext->obj->objSz = (unsigned int)objSz; if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || (ext->obj->obj == NULL)) { - ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj, - ext->obj->objSz, - NULL,DYNAMIC_TYPE_ASN1); + #ifdef WOLFSSL_NO_REALLOC + byte* tmp = NULL; + + tmp = (byte*)XMALLOC(objSz, NULL, DYNAMIC_TYPE_ASN1); + if (tmp != NULL && ext->obj->obj != NULL) { + XMEMCPY(tmp, ext->obj->obj, ext->obj->objSz); + XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1); + } + else if (tmp == NULL) { + ext->obj->obj = tmp; + } + ext->obj->obj = tmp; + #else + ext->obj->obj = (byte*)XREALLOC((byte*)ext->obj->obj, objSz, + NULL, DYNAMIC_TYPE_ASN1); + #endif if (ext->obj->obj == NULL) { wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); @@ -1201,6 +1226,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) else { ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; } + ext->obj->objSz = (unsigned int)objSz; + /* Get OID from input and copy to ASN1_OBJECT buffer */ XMEMCPY(oidBuf+2, input+idx, length); XMEMCPY((byte*)ext->obj->obj, oidBuf, ext->obj->objSz); @@ -1663,10 +1690,10 @@ int wolfSSL_X509_EXTENSION_set_critical(WOLFSSL_X509_EXTENSION* ex, int crit) * Returns NULL on error or pointer to the v3_ext_method populated with * extension type-specific X509V3_EXT_* function(s). * - * NOTE: WC_NID_subject_key_identifier is currently the only extension implementing - * the X509V3_EXT_* functions, as it is the only type called directly by QT. The - * other extension types return a pointer to a v3_ext_method struct that - * contains only the NID. + * NOTE: WC_NID_subject_key_identifier is currently the only extension + * implementing the X509V3_EXT_* functions, as it is the only type called + * directly by QT. The other extension types return a pointer to a + * v3_ext_method struct that contains only the NID. */ #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) @@ -1690,7 +1717,6 @@ WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex) WOLFSSL_MSG("Failed to get nid from passed extension object"); return NULL; } - XMEMSET(&method, 0, sizeof(WOLFSSL_v3_ext_method)); switch (nid) { case WC_NID_basic_constraints: break; @@ -2333,7 +2359,11 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, } dns = dns->next; - if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) { + /* Using wolfSSL_sk_insert to maintain backwards + * compatibility with earlier versions of _push API that + * pushed items to the start of the list instead of the + * end. */ + if (wolfSSL_sk_insert(sk, gn, 0) <= 0) { WOLFSSL_MSG("Error pushing ASN1 object onto stack"); goto err; } @@ -3569,9 +3599,8 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_MSG("Memory error"); return NULL; } - if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s, ", sn, buf)) - >= strSz) - { + strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s, ", sn, buf); + if ((strLen < 0) || (strLen >= strSz)) { WOLFSSL_MSG("buffer overrun"); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); return NULL; @@ -3587,8 +3616,8 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_MSG("Memory error"); return NULL; } - if ((strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, - buf)) >= strSz) { + strLen = XSNPRINTF(str, (size_t)strSz, "%s=%s", sn, buf); + if ((strLen < 0) || (strLen >= strSz)) { WOLFSSL_MSG("buffer overrun"); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); return NULL; @@ -4177,30 +4206,7 @@ int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, /* Return and remove the last x509 pushed on stack */ WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_X509* x509; - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - x509 = sk->data.x509; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.x509 = node->data.x509; - sk->next = node->next; - XFREE(node, NULL, DYNAMIC_TYPE_X509); - } - else { /* last x509 in stack */ - sk->data.x509 = NULL; - } - - if (sk->num > 0) { - sk->num--; - } - - return x509; + return (WOLFSSL_X509*)wolfSSL_sk_pop(sk); } /* Getter function for WOLFSSL_X509 pointer @@ -4227,38 +4233,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i) /* Return and remove the first x509 pushed on stack */ WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_X509* x509; - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - x509 = sk->data.x509; - - if (node != NULL) { - /* walk to end of stack to first node pushed, and remove it */ - WOLFSSL_STACK* prevNode = sk; - - while (node->next != NULL) { - prevNode = node; - node = node->next; - } - - x509 = node->data.x509; - prevNode->next = NULL; - XFREE(node, NULL, DYNAMIC_TYPE_X509); - } - else { /* only one x509 in stack */ - sk->data.x509 = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return x509; + return (WOLFSSL_X509*)wolfSSL_sk_pop_node(sk, 0); } #endif /* OPENSSL_EXTRA */ @@ -4528,7 +4503,8 @@ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_dup(WOLFSSL_GENERAL_NAME* gn) * WOLFSSL_SUCCESS otherwise. */ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, - WOLFSSL_ASN1_OBJECT* oid, WOLFSSL_ASN1_TYPE* value) + WOLFSSL_ASN1_OBJECT* oid, + WOLFSSL_ASN1_TYPE* value) { WOLFSSL_ASN1_OBJECT *x = NULL; @@ -4570,17 +4546,7 @@ int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk, */ WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int idx) { - WOLFSSL_STACK* ret; - - if (sk == NULL) { - return NULL; - } - - ret = wolfSSL_sk_get_node(sk, idx); - if (ret != NULL) { - return ret->data.gn; - } - return NULL; + return (WOLFSSL_GENERAL_NAME*)wolfSSL_sk_value(sk, idx); } /* Gets the number of nodes in the stack @@ -4593,11 +4559,7 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) { WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); - if (sk == NULL) { - return WOLFSSL_FATAL_ERROR; - } - - return (int)sk->num; + return wolfSSL_sk_num(sk); } /* Allocates an empty GENERAL NAME stack */ @@ -5268,7 +5230,8 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) #endif /* !NO_FILESYSTEM */ static WOLFSSL_X509* loadX509orX509REQFromBuffer( - const unsigned char* buf, int sz, int format, int type) + const unsigned char* buf, int sz, int format, int type, + wc_pem_password_cb *cb, void *u) { int ret = 0; @@ -5278,8 +5241,15 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer( WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex"); if (format == WOLFSSL_FILETYPE_PEM) { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + #ifdef WOLFSSL_ENCRYPTED_KEYS + info.passwd_cb = cb; + info.passwd_userdata = u; + #endif + #ifdef WOLFSSL_PEM_TO_DER - ret = PemToDer(buf, sz, type, &der, NULL, NULL, NULL); + ret = PemToDer(buf, sz, type, &der, NULL, &info, NULL); if (ret != 0) { FreeDer(&der); } @@ -5343,6 +5313,9 @@ static WOLFSSL_X509* loadX509orX509REQFromBuffer( WOLFSSL_ERROR(ret); } + /* unused parameter when built without WOLFSSL_ENCRYPTED_KEYS */ + (void)cb; + (void)u; return x509; } @@ -5350,7 +5323,7 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( const unsigned char* buf, int sz, int format) { return loadX509orX509REQFromBuffer(buf, sz, - format, CERT_TYPE); + format, CERT_TYPE, NULL, NULL); } #ifdef WOLFSSL_CERT_REQ @@ -5358,7 +5331,7 @@ WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( const unsigned char* buf, int sz, int format) { return loadX509orX509REQFromBuffer(buf, sz, - format, CERTREQ_TYPE); + format, CERTREQ_TYPE, NULL, NULL); } #endif @@ -6997,7 +6970,7 @@ static int X509PrintPubKey(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) case ECDSAk: len = XSNPRINTF(scratch, MAX_WIDTH, "%*sPublic Key Algorithm: EC\n", indent + 4, ""); - if (len >= MAX_WIDTH) + if ((len < 0) || (len >= MAX_WIDTH)) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(bio, scratch, len) <= 0) return WOLFSSL_FAILURE; @@ -7059,22 +7032,21 @@ static int X509PrintVersion(WOLFSSL_BIO* bio, int version, int indent) char scratch[MAX_WIDTH]; int scratchLen; - if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, - "%*s%s", indent, "", "Version:")) - >= MAX_WIDTH) - { + scratchLen = XSNPRINTF(scratch, MAX_WIDTH, "%*s%s", indent, "", "Version:"); + if ((scratchLen < 0) || (scratchLen >= MAX_WIDTH)) { return WOLFSSL_FAILURE; } + if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) { return WOLFSSL_FAILURE; } - if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, - " %d (0x%x)\n", version, (byte)version-1)) - >= MAX_WIDTH) - { + scratchLen = XSNPRINTF(scratch, MAX_WIDTH, " %d (0x%x)\n", + version, (byte)version-1); + if ((scratchLen < 0) || (scratchLen >= MAX_WIDTH)) { return WOLFSSL_FAILURE; } + if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) { return WOLFSSL_FAILURE; } @@ -8042,11 +8014,22 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) } #ifdef WOLFSSL_DUAL_ALG_CERTS +/* Generate a der preTBS from a decoded cert, and write + * to buffer. + * + * @param [in] cert The decoded cert to parse. + * @param [out] der The der buffer to write in. + * @param [in] derSz The der buffer size. + * + * @return preTBS der size on success. + * */ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { int ret = 0; WOLFSSL_X509 *x = NULL; byte certIsCSR = 0; + WOLFSSL_ENTER("wc_GeneratePreTBS"); + if ((cert == NULL) || (der == NULL) || (derSz <= 0)) { return BAD_FUNC_ARG; } @@ -8079,6 +8062,7 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { if (x != NULL) { wolfSSL_X509_free(x); + x = NULL; } return ret; @@ -10343,6 +10327,19 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } #endif +#if defined(OPENSSL_EXTRA) + +WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_sk_X509_OBJECT_deep_copy( + const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, + WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*), + void (*f)(WOLFSSL_X509_OBJECT*)) +{ + (void)f; /* free function */ + (void)c; /* copy function */ + return wolfSSL_sk_dup((WOLFSSL_STACK*)sk); +} +#endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name) { @@ -10607,7 +10604,10 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) cert->sigType = wolfSSL_X509_get_signature_type(x509); cert->keyType = x509->pubKeyOID; cert->isCA = wolfSSL_X509_get_isCA(x509); + cert->basicConstCrit = x509->basicConstCrit; cert->basicConstSet = x509->basicConstSet; + cert->pathLen = x509->pathLength; + cert->pathLenSet = x509->pathLengthSet; #ifdef WOLFSSL_CERT_EXT if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) { @@ -10674,10 +10674,13 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) /* We point to instance in x509 so DON'T need to be free'd. */ cert->sapkiDer = x509->sapkiDer; cert->sapkiLen = x509->sapkiLen; + cert->sapkiCrit = x509->sapkiCrit; cert->altSigAlgDer = x509->altSigAlgDer; - cert->altSigAlgLen = x509->altSigAlgLen; + cert->altSigAlgLen = x509->altSigAlgLen; + cert->altSigAlgCrit = x509->altSigAlgCrit; cert->altSigValDer = x509->altSigValDer; cert->altSigValLen = x509->altSigValLen; + cert->altSigValCrit = x509->altSigValCrit; #endif /* WOLFSSL_DUAL_ALG_CERTS */ #endif /* WOLFSSL_CERT_EXT */ @@ -11052,9 +11055,15 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) } #endif #if defined(HAVE_DILITHIUM) - if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) || - (x509->pubKeyOID == DILITHIUM_LEVEL3k) || - (x509->pubKeyOID == DILITHIUM_LEVEL5k)) { + if ((x509->pubKeyOID == ML_DSA_LEVEL2k) || + (x509->pubKeyOID == ML_DSA_LEVEL3k) || + (x509->pubKeyOID == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (x509->pubKeyOID == DILITHIUM_LEVEL2k) + || (x509->pubKeyOID == DILITHIUM_LEVEL3k) + || (x509->pubKeyOID == DILITHIUM_LEVEL5k) + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + ) { dilithium = (dilithium_key*)XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM); if (dilithium == NULL) { @@ -11070,18 +11079,32 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) return ret; } - if (x509->pubKeyOID == DILITHIUM_LEVEL2k) { + if (x509->pubKeyOID == ML_DSA_LEVEL2k) { + type = ML_DSA_LEVEL2_TYPE; + wc_dilithium_set_level(dilithium, WC_ML_DSA_44); + } + else if (x509->pubKeyOID == ML_DSA_LEVEL3k) { + type = ML_DSA_LEVEL3_TYPE; + wc_dilithium_set_level(dilithium, WC_ML_DSA_65); + } + else if (x509->pubKeyOID == ML_DSA_LEVEL5k) { + type = ML_DSA_LEVEL5_TYPE; + wc_dilithium_set_level(dilithium, WC_ML_DSA_87); + } + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if (x509->pubKeyOID == DILITHIUM_LEVEL2k) { type = DILITHIUM_LEVEL2_TYPE; - wc_dilithium_set_level(dilithium, 2); + wc_dilithium_set_level(dilithium, WC_ML_DSA_44_DRAFT); } else if (x509->pubKeyOID == DILITHIUM_LEVEL3k) { type = DILITHIUM_LEVEL3_TYPE; - wc_dilithium_set_level(dilithium, 3); + wc_dilithium_set_level(dilithium, WC_ML_DSA_65_DRAFT); } else if (x509->pubKeyOID == DILITHIUM_LEVEL5k) { type = DILITHIUM_LEVEL5_TYPE; - wc_dilithium_set_level(dilithium, 5); + wc_dilithium_set_level(dilithium, WC_ML_DSA_87_DRAFT); } + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ ret = wc_Dilithium_PublicKeyDecode(x509->pubKey.buffer, &idx, dilithium, x509->pubKey.length); @@ -11262,9 +11285,15 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) } #endif #if defined(HAVE_DILITHIUM) - if ((x509->pubKeyOID == DILITHIUM_LEVEL2k) || - (x509->pubKeyOID == DILITHIUM_LEVEL3k) || - (x509->pubKeyOID == DILITHIUM_LEVEL5k)) { + if ((x509->pubKeyOID == ML_DSA_LEVEL2k) || + (x509->pubKeyOID == ML_DSA_LEVEL3k) || + (x509->pubKeyOID == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (x509->pubKeyOID == DILITHIUM_LEVEL2k) + || (x509->pubKeyOID == DILITHIUM_LEVEL3k) + || (x509->pubKeyOID == DILITHIUM_LEVEL5k) + #endif + ) { wc_dilithium_free(dilithium); XFREE(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); } @@ -11941,12 +11970,12 @@ static WOLFSSL_X509 *loadX509orX509REQFromPemBio(WOLFSSL_BIO *bp, pemSz = (int)i; #ifdef WOLFSSL_CERT_REQ if (type == CERTREQ_TYPE) - x509 = wolfSSL_X509_REQ_load_certificate_buffer(pem, pemSz, - WOLFSSL_FILETYPE_PEM); + x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM, + CERTREQ_TYPE, cb, u); else #endif - x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz, - WOLFSSL_FILETYPE_PEM); + x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM, + CERT_TYPE, cb, u); } if (x != NULL) { @@ -12671,6 +12700,7 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, return ne; } + static void wolfssl_x509_name_entry_set(WOLFSSL_X509_NAME_ENTRY* ne, int nid, int type, const unsigned char *data, int dataSz) { @@ -13075,6 +13105,17 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef OPENSSL_EXTRA + int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne) + { + if (ne != NULL) { + return ne->set; + } + return 0; + } +#endif + + /* returns a pointer to the internal entry at location 'loc' on success, * a null pointer is returned in fail cases */ WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( @@ -13342,30 +13383,7 @@ WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value( WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop( WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_X509_NAME* name; - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - name = sk->data.name; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.name = node->data.name; - sk->next = node->next; - XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); - } - else { /* last x509 in stack */ - sk->data.name = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return name; + return (WOLFSSL_X509_NAME*)wolfSSL_sk_pop(sk); } void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, @@ -13516,30 +13534,7 @@ WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value( WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop( WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_X509_INFO* info; - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - info = sk->data.info; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.info = node->data.info; - sk->next = node->next; - wolfSSL_sk_free_node(node); - } - else { /* last x509 in stack */ - sk->data.info = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return info; + return (WOLFSSL_X509_INFO*)wolfSSL_sk_pop(sk); } #if defined(OPENSSL_ALL) @@ -13848,7 +13843,8 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, int tmpSz; /* reverse name order for RFC2253 and DN_REV */ - if ((flags & WOLFSSL_XN_FLAG_RFC2253) || (flags & WOLFSSL_XN_FLAG_DN_REV)) { + if ((flags & WOLFSSL_XN_FLAG_RFC2253) || + (flags & WOLFSSL_XN_FLAG_DN_REV)) { ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1); } else { @@ -13986,6 +13982,11 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj) if (obj->type == WOLFSSL_X509_LU_X509) { wolfSSL_X509_free(obj->data.x509); } + #ifdef HAVE_CRL + else if (obj->type == WOLFSSL_X509_LU_CRL) { + wolfSSL_X509_CRL_free(obj->data.crl); + } + #endif else { /* We don't free as this will point to * store->cm->crl which we don't own */ @@ -15190,7 +15191,10 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, } if ((req->reqAttributes != NULL) && (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) { - ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0 + /* Using wolfSSL_sk_insert to maintain backwards compatibility with + * earlier versions of _push API that pushed items to the start of + * the list instead of the end. */ + ret = wolfSSL_sk_insert(req->reqAttributes, attr, 0) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } else { @@ -15275,7 +15279,6 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, int nid, int lastpos) { - WOLFSSL_STACK* sk; int idx; WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID"); @@ -15286,26 +15289,14 @@ int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, } /* search through stack for first matching nid */ - idx = lastpos + 1; - do { - sk = wolfSSL_sk_get_node(req->reqAttributes, idx); - if (sk != NULL) { - WOLFSSL_X509_ATTRIBUTE* attr; - attr = (WOLFSSL_X509_ATTRIBUTE*)sk->data.generic; - if (nid == attr->object->nid) { - /* found a match */ - break; - } - } - idx++; - } while (sk != NULL); - - /* no matches found */ - if (sk == NULL) { - idx = WOLFSSL_FATAL_ERROR; + for (idx = lastpos + 1; idx < wolfSSL_sk_num(req->reqAttributes); idx++) { + WOLFSSL_X509_ATTRIBUTE* attr = + (WOLFSSL_X509_ATTRIBUTE*)wolfSSL_sk_value(req->reqAttributes, idx); + if (attr != NULL && attr->object != NULL && attr->object->nid == nid) + return idx; } - return idx; + return WOLFSSL_FATAL_ERROR; } WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void) @@ -15638,6 +15629,17 @@ int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } +/* Loads an x509 attribute certificate from buffer, and returns + * pointer to new WOLFSSL_X509_ACERT struct on success. + * + * @param [in] buf The acert buffer to load. + * @param [in] sz The size of the buffer. + * @param [in] format The format of the buffer data. + * @param [in] heap Dynamic memory allocation hint. + * + * @return pointer to WOLFSSL_X509_ACERT on success. + * @return NULL on error. + * */ WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( const unsigned char* buf, int sz, int format, void * heap) { diff --git a/src/src/x509_str.c b/src/src/x509_str.c index 894da16..fedf4a0 100644 --- a/src/src/x509_str.c +++ b/src/src/x509_str.c @@ -1,6 +1,6 @@ /* x509_str.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFSSL_X509_STORE_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -105,6 +100,7 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) if (ctx->current_issuer != NULL) { wolfSSL_X509_free(ctx->current_issuer); + ctx->current_issuer = NULL; } #endif @@ -114,8 +110,7 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) #ifdef OPENSSL_EXTRA -#if ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \ - defined(WOLFSSL_SIGNER_DER_CERT)) +#if defined(SESSION_CERTS) || defined(WOLFSSL_SIGNER_DER_CERT) /** * Find the issuing cert of the input cert. On a self-signed cert this @@ -809,10 +804,28 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) if (sk == NULL) return NULL; + for (i = 0; i < c->count; i++) { + WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i); + + if (x509 == NULL) { + WOLFSSL_MSG("Unable to get x509 from chain"); + error = 1; + break; + } + + if (wolfSSL_sk_X509_push(sk, x509) <= 0) { + WOLFSSL_MSG("Unable to load x509 into stack"); + wolfSSL_X509_free(x509); + x509 = NULL; + error = 1; + break; + } + } + #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) /* add CA used to verify top of chain to the list */ - if (c->count > 0) { + if (!error && c->count > 0) { WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); WOLFSSL_X509* issuer = NULL; if (x509 != NULL) { @@ -825,11 +838,14 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) if (wolfSSL_sk_X509_push(sk, issuer) <= 0) { WOLFSSL_MSG("Unable to load CA x509 into stack"); error = 1; + wolfSSL_X509_free(issuer); + issuer = NULL; } } else { WOLFSSL_MSG("Certificate is self signed"); wolfSSL_X509_free(issuer); + issuer = NULL; } } else { @@ -837,30 +853,9 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) } } wolfSSL_X509_free(x509); - if (error) { - wolfSSL_sk_X509_pop_free(sk, NULL); - wolfSSL_X509_free(issuer); - return NULL; - } + x509 = NULL; } #endif - - for (i = c->count - 1; i >= 0; i--) { - WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i); - - if (x509 == NULL) { - WOLFSSL_MSG("Unable to get x509 from chain"); - error = 1; - break; - } - - if (wolfSSL_sk_X509_push(sk, x509) <= 0) { - WOLFSSL_MSG("Unable to load x509 into stack"); - wolfSSL_X509_free(x509); - error = 1; - break; - } - } if (error) { wolfSSL_sk_X509_pop_free(sk, NULL); return NULL; @@ -978,6 +973,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( <= 0) { err = 1; wolfSSL_X509_free(filteredCert); + filteredCert = NULL; break; } } @@ -1415,6 +1411,7 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) else { result = WOLFSSL_FATAL_ERROR; wolfSSL_X509_free(x509); + x509 = NULL; } } } @@ -1430,6 +1427,7 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) else { result = WOLFSSL_FATAL_ERROR; wolfSSL_X509_free(x509); + x509 = NULL; } } } @@ -1474,18 +1472,10 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) return ret; } - -int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) -{ - (void)store; - return WOLFSSL_SUCCESS; -} - int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, byte *buf, word32 bufLen, int type) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_X509 *x509 = NULL; if (str == NULL || buf == NULL) { @@ -1494,21 +1484,26 @@ int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */ x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type); - if (str->owned != NULL) { - if (wolfSSL_sk_X509_push(str->owned, x509) <= 0) { + if (x509 != NULL) { + ret = wolfSSL_X509_STORE_add_cert(str, x509); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; } + if (ret == WOLFSSL_SUCCESS && str->owned != NULL) { + if (wolfSSL_sk_X509_push(str->owned, x509) <= 0) { + ret = WOLFSSL_FAILURE; + } + else { + x509 = NULL; + } + } + wolfSSL_X509_free(x509); + x509 = NULL; } - if (ret == WOLFSSL_SUCCESS) { - ret = wolfSSL_X509_STORE_add_cert(str, x509); - } - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Failed to load file"); + else { ret = WOLFSSL_FAILURE; } - if (ret != WOLFSSL_SUCCESS || str->owned == NULL) { - wolfSSL_X509_free(x509); - } return ret; } @@ -1560,6 +1555,8 @@ static int X509StoreLoadFile(WOLFSSL_X509_STORE *str, static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE); #endif + WOLFSSL_MSG_EX("X509StoreLoadFile: Loading file: %s", fname); + ret = X509StoreReadFile(fname, &content, &contentLen, &type); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); @@ -1681,6 +1678,27 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, return ret; } + +#if defined(XGETENV) && !defined(NO_GETENV) +int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE *str) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + char* certDir = NULL; + char* certFile = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_STORE_set_default_paths"); + + certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); + certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); + + ret = wolfSSL_X509_STORE_load_locations(str, certFile, certDir); + + XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif /* XGETENV && !NO_GETENV */ + #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) @@ -1778,6 +1796,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) if (wolfSSL_sk_X509_push(sk, x509) <= 0) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_X509_free(x509); + x509 = NULL; goto error; } } @@ -1893,6 +1912,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #ifdef HAVE_CRL if (store->cm->crl != NULL) { + int res; obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); @@ -1904,6 +1924,11 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( goto err_cleanup; } obj->type = WOLFSSL_X509_LU_CRL; + wolfSSL_RefInc(&store->cm->crl->ref, &res); + if (res != 0) { + WOLFSSL_MSG("Failed to lock crl mutex"); + goto err_cleanup; + } obj->data.crl = store->cm->crl; } #endif diff --git a/src/user_settings.h b/src/user_settings.h index 15bc03b..e2a0196 100644 --- a/src/user_settings.h +++ b/src/user_settings.h @@ -1,6 +1,6 @@ /* examples/configs/user_settings_arduino.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,7 +23,14 @@ */ /* Define a macro to display user settings version in example code: */ -#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.4" +#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.6" + +/* Disable wolfcrypt cryptographic security hardening. Comment out to enable: */ +/* #define WC_NO_HARDEN */ + +/* Instead, we harden ECC and RSA */ +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING /* Due to limited build control, we'll ignore file warnings. */ /* See https://github.com/arduino/arduino-cli/issues/631 */ @@ -37,6 +44,7 @@ #undef WOLFSSL_ESPIDF #define HAVE_ECC + #define WOLFSSL_SMALL_STACK /* #define WOLFSSL_SMALL_STACK_EXTRA */ /* #define WOLFSSL_SMALL_STACK_CIPHERS */ @@ -74,17 +82,27 @@ * WOLFSSL_CLIENT_EXAMPLE * WOLFSSL_SERVER_EXAMPLE */ + +/* The examples must be manually selected here: */ + #if defined(WOLFSSL_CLIENT_EXAMPLE) #define NO_WOLFSSL_SERVER #elif defined(WOLFSSL_SERVER_EXAMPLE) #define NO_WOLFSSL_CLIENT +#elif defined(WOLFSSL_TEMPLATE_EXAMPLE) + #define NO_WOLFSSL_SERVER + #define NO_WOLFSSL_CLIENT +#elif defined(WOLFSSL_AES_CTR_EXAMPLE) + #define NO_WOLFSSL_SERVER + #define NO_WOLFSSL_CLIENT + #define WOLFSSL_AES + #define WOLFSSL_AES_COUNTER #else /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */ #define NO_WOLFSSL_SERVER_CLIENT_MISSING - #warning "Define WOLFSSL_CLIENT_EXAMPLE or WOLFSSL_SERVER_EXAMPLE to" \ - " optimize memory for small embedded devices." - /* Both can be disabled in wolfssl test & benchmark */ + + /* By default all examples are enabled; no specific optimizations */ #endif @@ -112,8 +130,8 @@ /* #define HAVE_PKCS7 */ /* when you want to use AES counter mode */ -/* #define WOLFSSL_AES_DIRECT */ -/* #define WOLFSSL_AES_COUNTER */ +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_COUNTER /* esp32-wroom-32se specific definition */ #if defined(WOLFSSL_ESPWROOM32SE) @@ -352,7 +370,7 @@ */ /* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm -/* The section below defines macros used in typically all of the wolfSSL + * The section below defines macros used in typically all of the wolfSSL * examples such as the client and server for certs stored in header files. * * There are various certificate examples in this header file: diff --git a/src/wolfcrypt/src/aes.c b/src/wolfcrypt/src/aes.c index cf50064..6e7f104 100644 --- a/src/wolfcrypt/src/aes.c +++ b/src/wolfcrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,12 +28,8 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits 192-bits, and 256-bits of key sizes. */ -#ifdef HAVE_CONFIG_H - #include -#endif -#include -#include +#include #if !defined(NO_AES) @@ -97,8 +93,6 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #else -#include - #ifdef NO_INLINE #include #else @@ -239,7 +233,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #endif /* WOLFSSL_AES_DIRECT || HAVE_AESGCM || HAVE_AESCCM */ #ifdef HAVE_AES_DECRYPT - #if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) + #if defined(WOLFSSL_AES_DIRECT) static WARN_UNUSED_RESULT int wc_AesDecrypt( Aes* aes, const byte* inBlock, byte* outBlock) { @@ -346,13 +340,12 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits return ret; } - #endif /* WOLFSSL_AES_DIRECT || HAVE_AESCCM */ + #endif /* WOLFSSL_AES_DIRECT */ #endif /* HAVE_AES_DECRYPT */ #elif defined(HAVE_COLDFIRE_SEC) /* Freescale Coldfire SEC support for CBC mode. * NOTE: no support for AES-CTR/GCM/CCM/Direct */ - #include #include "sec.h" #include "mcf5475_sec.h" #include "mcf5475_siu.h" @@ -805,6 +798,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags); #ifdef HAVE_AESGCM aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags); + aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags); #endif } @@ -1966,8 +1960,8 @@ static word32 GetTable8_4(const byte* t, byte o0, byte o1, byte o2, byte o3) static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, word32 r) { - word32 s0, s1, s2, s3; - word32 t0, t1, t2, t3; + word32 s0 = 0, s1 = 0, s2 = 0, s3 = 0; + word32 t0 = 0, t1 = 0, t2 = 0, t3 = 0; const word32* rk; #ifdef WC_C_DYNAMIC_FALLBACK @@ -3015,8 +3009,8 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void) static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, word32 r) { - word32 s0, s1, s2, s3; - word32 t0, t1, t2, t3; + word32 s0 = 0, s1 = 0, s2 = 0, s3 = 0; + word32 t0 = 0, t1 = 0, t2 = 0, t3 = 0; const word32* rk; #ifdef WC_C_DYNAMIC_FALLBACK @@ -3762,7 +3756,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( ByteReverseWords(rk, rk, keylen); #endif #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -3843,7 +3838,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif @@ -3874,7 +3870,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif @@ -3926,7 +3923,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( return BAD_FUNC_ARG; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif @@ -4007,7 +4005,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( ret = nrf51_aes_set_key(userKey); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif @@ -4064,7 +4063,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -4557,7 +4557,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) aes->left = 0; #endif @@ -4574,12 +4575,53 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif /* WC_C_DYNAMIC_FALLBACK */ #ifdef WOLFSSL_AESNI - aes->use_aesni = 0; + + /* The dynamics for determining whether AES-NI will be used are tricky. + * + * First, we check for CPU support and cache the result -- if AES-NI is + * missing, we always shortcut to the AesSetKey_C() path. + * + * Second, if the CPU supports AES-NI, we confirm on a per-call basis + * that it's safe to use in the caller context, using + * SAVE_VECTOR_REGISTERS2(). This is an always-true no-op in user-space + * builds, but has substantive logic behind it in kernel module builds. + * + * The outcome when SAVE_VECTOR_REGISTERS2() fails depends on + * WC_C_DYNAMIC_FALLBACK -- if that's defined, we return immediately with + * success but with AES-NI disabled (the earlier AesSetKey_C() allows + * future encrypt/decrypt calls to succeed), otherwise we fail. + * + * Upon successful return, aes->use_aesni will have a zero value if + * AES-NI is disabled, and a nonzero value if it's enabled. + * + * An additional, optional semantic is available via + * WC_FLAG_DONT_USE_AESNI, and is used in some kernel module builds to + * let the caller inhibit AES-NI. When this macro is defined, + * wc_AesInit() before wc_AesSetKey() is imperative, to avoid a read of + * uninitialized data in aes->use_aesni. That's why support for + * WC_FLAG_DONT_USE_AESNI must remain optional -- wc_AesInit() was only + * added in release 3.11.0, so legacy applications inevitably call + * wc_AesSetKey() on uninitialized Aes contexts. This must continue to + * function correctly with default build settings. + */ + if (checkedAESNI == 0) { haveAESNI = Check_CPU_support_AES(); checkedAESNI = 1; } - if (haveAESNI) { + if (haveAESNI +#if defined(WC_FLAG_DONT_USE_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK) + && (aes->use_aesni != WC_FLAG_DONT_USE_AESNI) +#endif + ) + { +#if defined(WC_FLAG_DONT_USE_AESNI) + if (aes->use_aesni == WC_FLAG_DONT_USE_AESNI) { + aes->use_aesni = 0; + return 0; + } +#endif + aes->use_aesni = 0; #ifdef WOLFSSL_LINUXKM /* runtime alignment check */ if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) { @@ -4613,6 +4655,15 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif } } + else { + aes->use_aesni = 0; +#ifdef WC_C_DYNAMIC_FALLBACK + /* If WC_C_DYNAMIC_FALLBACK, we already called AesSetKey_C() + * above. + */ + return 0; +#endif + } #endif /* WOLFSSL_AESNI */ #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ @@ -4789,7 +4840,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE); #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) /* Clear any unused bytes from last cipher op. */ aes->left = 0; #endif @@ -6448,6 +6500,22 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #define AES_LASTGBLOCK(aes) ((aes)->streamData + 3 * WC_AES_BLOCK_SIZE) /* Access last encrypted block. */ #define AES_LASTBLOCK(aes) ((aes)->streamData + 4 * WC_AES_BLOCK_SIZE) + + #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + #define GHASH_ONE_BLOCK(aes, block) \ + do { \ + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { \ + GHASH_ONE_BLOCK_AARCH64(aes, block); \ + } \ + else { \ + GHASH_ONE_BLOCK_SW(aes, block); \ + } \ + } \ + while (0) + #else + #define GHASH_ONE_BLOCK GHASH_ONE_BLOCK_SW + #endif #endif #if defined(HAVE_COLDFIRE_SEC) @@ -6456,7 +6524,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #endif #if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) - /* implemented in wolfcrypt/src/port/arm/rmv8-aes.c */ + /* implemented in wolfcrypt/src/port/arm/armv8-aes.c */ #elif defined(WOLFSSL_RISCV_ASM) /* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ @@ -6616,6 +6684,25 @@ void GenerateM0(Gcm* gcm) #endif /* GCM_TABLE */ +#if defined(WOLFSSL_AESNI) && defined(USE_INTEL_SPEEDUP) + #define HAVE_INTEL_AVX1 + #define HAVE_INTEL_AVX2 +#endif + +#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT) && \ + defined(WC_C_DYNAMIC_FALLBACK) +void GCM_generate_m0_aesni(const unsigned char *h, unsigned char *m) + XASM_LINK("GCM_generate_m0_aesni"); +#ifdef HAVE_INTEL_AVX1 +void GCM_generate_m0_avx1(const unsigned char *h, unsigned char *m) + XASM_LINK("GCM_generate_m0_avx1"); +#endif +#ifdef HAVE_INTEL_AVX2 +void GCM_generate_m0_avx2(const unsigned char *h, unsigned char *m) + XASM_LINK("GCM_generate_m0_avx2"); +#endif +#endif /* WOLFSSL_AESNI && GCM_TABLE_4BIT && WC_C_DYNAMIC_FALLBACK */ + /* Software AES - GCM SetKey */ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) { @@ -6685,9 +6772,33 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) VECTOR_REGISTERS_POP; } if (ret == 0) { - #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) - GenerateM0(&aes->gcm); - #endif /* GCM_TABLE */ +#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) +#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT) + if (aes->use_aesni) { + #if defined(WC_C_DYNAMIC_FALLBACK) + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + GCM_generate_m0_avx2(aes->gcm.H, (byte*)aes->gcm.M0); + } + else + #endif + #if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + GCM_generate_m0_avx1(aes->gcm.H, (byte*)aes->gcm.M0); + } + else + #endif + { + GCM_generate_m0_aesni(aes->gcm.H, (byte*)aes->gcm.M0); + } + #endif + } + else +#endif + { + GenerateM0(&aes->gcm); + } +#endif /* GCM_TABLE || GCM_TABLE_4BIT */ } #endif /* FREESCALE_LTC_AES_GCM */ @@ -6710,11 +6821,6 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) #ifdef WOLFSSL_AESNI -#if defined(USE_INTEL_SPEEDUP) - #define HAVE_INTEL_AVX1 - #define HAVE_INTEL_AVX2 -#endif /* USE_INTEL_SPEEDUP */ - void AES_GCM_encrypt_aesni(const unsigned char *in, unsigned char *out, const unsigned char* addt, const unsigned char* ivec, unsigned char *tag, word32 nbytes, @@ -6866,10 +6972,10 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ do { \ - xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ - GMULT(AES_TAG(aes), aes->gcm.H); \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ + GMULT(AES_TAG(aes), (aes)->gcm.H); \ } \ while (0) #endif /* WOLFSSL_AESGCM_STREAM */ @@ -7099,9 +7205,9 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ do { \ - xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ GMULT(AES_TAG(aes), aes->gcm.M0); \ } \ while (0) @@ -7392,8 +7498,6 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_INIT_EXTRA(aes) WC_DO_NOTHING -#if !defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) /* GHASH one block of data.. * * XOR block into tag and GMULT with H using pre-computed table. @@ -7401,13 +7505,12 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ do { \ - xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ + xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ GMULT(AES_TAG(aes), (aes)->gcm.M0); \ } \ while (0) -#endif #endif /* WOLFSSL_AESGCM_STREAM */ #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) @@ -7574,17 +7677,17 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ - do { \ - word64* x = (word64*)AES_TAG(aes); \ - word64* h = (word64*)aes->gcm.H; \ - word64 block64[2]; \ - XMEMCPY(block64, block, WC_AES_BLOCK_SIZE); \ - ByteReverseWords64(block64, block64, WC_AES_BLOCK_SIZE); \ - x[0] ^= block64[0]; \ - x[1] ^= block64[1]; \ - GMULT(x, h); \ - } \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ + do { \ + word64* x = (word64*)AES_TAG(aes); \ + word64* h = (word64*)aes->gcm.H; \ + word64 block64[2]; \ + XMEMCPY(block64, block, WC_AES_BLOCK_SIZE); \ + ByteReverseWords64(block64, block64, WC_AES_BLOCK_SIZE); \ + x[0] ^= block64[0]; \ + x[1] ^= block64[1]; \ + GMULT(x, h); \ + } \ while (0) #ifdef OPENSSL_EXTRA @@ -7609,7 +7712,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, x[0] ^= len[0]; \ x[1] ^= len[1]; \ GMULT(x, h); \ - ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); \ + ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); \ } \ while (0) #else @@ -7632,7 +7735,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, x[0] ^= len[0]; \ x[1] ^= len[1]; \ GMULT(x, h); \ - ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); \ + ByteReverseWords64(x, x, WC_AES_BLOCK_SIZE); \ } \ while (0) #endif @@ -7652,7 +7755,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ do { \ word64* x = (word64*)AES_TAG(aes); \ word64* h = (word64*)aes->gcm.H; \ @@ -7884,19 +7987,19 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ - do { \ - word32* x = (word32*)AES_TAG(aes); \ - word32* h = (word32*)aes->gcm.H; \ - word32 bigEnd[4]; \ - XMEMCPY(bigEnd, block, WC_AES_BLOCK_SIZE); \ - ByteReverseWords(bigEnd, bigEnd, WC_AES_BLOCK_SIZE); \ - x[0] ^= bigEnd[0]; \ - x[1] ^= bigEnd[1]; \ - x[2] ^= bigEnd[2]; \ - x[3] ^= bigEnd[3]; \ - GMULT(x, h); \ - } \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ + do { \ + word32* x = (word32*)AES_TAG(aes); \ + word32* h = (word32*)aes->gcm.H; \ + word32 bigEnd[4]; \ + XMEMCPY(bigEnd, block, WC_AES_BLOCK_SIZE); \ + ByteReverseWords(bigEnd, bigEnd, WC_AES_BLOCK_SIZE); \ + x[0] ^= bigEnd[0]; \ + x[1] ^= bigEnd[1]; \ + x[2] ^= bigEnd[2]; \ + x[3] ^= bigEnd[3]; \ + GMULT(x, h); \ + } \ while (0) /* GHASH in AAD and cipher text lengths in bits. @@ -7919,7 +8022,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, x[2] ^= len[2]; \ x[3] ^= len[3]; \ GMULT(x, h); \ - ByteReverseWords(x, x, WC_AES_BLOCK_SIZE); \ + ByteReverseWords(x, x, WC_AES_BLOCK_SIZE); \ } \ while (0) #else @@ -7936,12 +8039,12 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ +#define GHASH_ONE_BLOCK_SW(aes, block) \ do { \ word32* x = (word32*)AES_TAG(aes); \ word32* h = (word32*)aes->gcm.H; \ word32 block32[4]; \ - XMEMCPY(block32, block, WC_AES_BLOCK_SIZE); \ + XMEMCPY(block32, block, WC_AES_BLOCK_SIZE); \ x[0] ^= block32[0]; \ x[1] ^= block32[1]; \ x[2] ^= block32[2]; \ @@ -7985,7 +8088,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_LEN_BLOCK(aes) \ do { \ - byte scratch[WC_AES_BLOCK_SIZE]; \ + byte scratch[WC_AES_BLOCK_SIZE]; \ FlattenSzInBits(&scratch[0], (aes)->aSz); \ FlattenSzInBits(&scratch[8], (aes)->cSz); \ GHASH_ONE_BLOCK(aes, scratch); \ @@ -8139,7 +8242,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) } if (over > 0) { /* Zeroize the unused part of the block. */ - XMEMSET(AES_LASTGBLOCK(aes) + over, 0, (size_t)WC_AES_BLOCK_SIZE - over); + XMEMSET(AES_LASTGBLOCK(aes) + over, 0, + (size_t)WC_AES_BLOCK_SIZE - over); /* Hash the last block of cipher text. */ GHASH_ONE_BLOCK(aes, AES_LASTGBLOCK(aes)); } @@ -8192,8 +8296,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, #ifdef STM32_CRYPTO_AES_GCM /* this function supports inline encrypt */ -/* define STM32_AESGCM_PARTIAL for STM HW that does not support authentication - * on byte multiples (see CRYP_HEADERWIDTHUNIT_BYTE) */ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -8279,12 +8381,11 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( /* for cases where hardware cannot be used for authTag calculate it */ /* if IV is not 12 calculate GHASH using software */ if (ivSz != GCM_NONCE_MID_SZ - #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13) + #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) /* or hardware that does not support partial block */ || sz == 0 || partial != 0 #endif - #if (!defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)) \ - && !defined(STM32_AESGCM_PARTIAL) + #if !defined(STM_CRYPT_HEADER_WIDTH) || STM_CRYPT_HEADER_WIDTH == 4 /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -8306,12 +8407,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; - #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(WOLFSSL_STM32MP13) - /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */ - hcryp.Init.HeaderSize = authInSz; - #else - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); - #endif + hcryp.Init.HeaderSize = authPadSz / STM_CRYPT_HEADER_WIDTH; #ifdef CRYP_KEYIVCONFIG_ONCE /* allows repeated calls to HAL_CRYP_Encrypt */ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; @@ -8809,12 +8905,11 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( /* for cases where hardware cannot be used for authTag calculate it */ /* if IV is not 12 calculate GHASH using software */ if (ivSz != GCM_NONCE_MID_SZ - #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13) + #if !defined(CRYP_HEADERWIDTHUNIT_BYTE) /* or hardware that does not support partial block */ || sz == 0 || partial != 0 #endif - #if (!defined(CRYP_HEADERWIDTHUNIT_BYTE) || defined(WOLFSSL_STM32MP13)) \ - && !defined(STM32_AESGCM_PARTIAL) + #if !defined(STM_CRYPT_HEADER_WIDTH) || STM_CRYPT_HEADER_WIDTH == 4 /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -8860,12 +8955,8 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; - #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && !defined(WOLFSSL_STM32MP13) - /* V2 with CRYP_HEADERWIDTHUNIT_BYTE uses byte size for header */ - hcryp.Init.HeaderSize = authInSz; - #else - hcryp.Init.HeaderSize = authPadSz/sizeof(word32); - #endif + hcryp.Init.HeaderSize = authPadSz / STM_CRYPT_HEADER_WIDTH; + #ifdef CRYP_KEYIVCONFIG_ONCE /* allows repeated calls to HAL_CRYP_Decrypt */ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; @@ -10189,7 +10280,7 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, else #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { AES_GCM_init_AARCH64(aes, iv, ivSz); /* Reset state fields. */ @@ -10328,7 +10419,7 @@ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, else #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { AES_GCM_crypt_update_AARCH64(aes, out, in, sz); GHASH_UPDATE_AARCH64(aes, authIn, authInSz, out, sz); } @@ -10388,7 +10479,7 @@ int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz) else #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { AES_GCM_final_AARCH64(aes, authTag, authTagSz); } else @@ -10477,7 +10568,7 @@ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, else #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { GHASH_UPDATE_AARCH64(aes, authIn, authInSz, in, sz); AES_GCM_crypt_update_AARCH64(aes, out, in, sz); } @@ -10535,7 +10626,7 @@ int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz) else #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE]; AES_GCM_final_AARCH64(aes, calcTag, authTagSz); /* Check calculated tag matches the one passed in. */ @@ -10771,7 +10862,7 @@ int wc_GmacVerify(const byte* key, word32 keySz, #endif /* WC_NO_RNG */ -WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) +int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { if (gmac == NULL || key == NULL) { return BAD_FUNC_ARG; @@ -10780,7 +10871,7 @@ WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) } -WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, +int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, const byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz) { @@ -10821,7 +10912,7 @@ int wc_AesCcmCheckTagSize(int sz) } #if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) - /* implemented in wolfcrypt/src/port/arm/rmv8-aes.c */ + /* implemented in wolfcrypt/src/port/arm/armv8-aes.c */ #elif defined(WOLFSSL_RISCV_ASM) /* implementation located in wolfcrypt/src/port/risc-v/riscv-64-aes.c */ @@ -11832,7 +11923,13 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt( #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) if (aes->use_aes_hw_crypto) { - AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds); + word32 i; + + for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { + AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds); + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + } } else #endif @@ -11890,7 +11987,13 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt( #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) if (aes->use_aes_hw_crypto) { - AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds); + word32 i; + + for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { + AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds); + in += WC_AES_BLOCK_SIZE; + out += WC_AES_BLOCK_SIZE; + } } else #endif @@ -12753,7 +12856,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir) } if ((len != (AES_128_KEY_SIZE*2)) && +#ifndef HAVE_FIPS + /* XTS-384 not allowed by FIPS and can not be treated like + * RSA-4096 bit keys back in the day, can not vendor affirm + * the use of 2 concatenated 192-bit keys (XTS-384) */ (len != (AES_192_KEY_SIZE*2)) && +#endif (len != (AES_256_KEY_SIZE*2))) { WOLFSSL_MSG("Unsupported key size"); @@ -12936,6 +13044,10 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz, #ifdef WOLFSSL_AESNI +#if defined(USE_INTEL_SPEEDUP_FOR_AES) && !defined(USE_INTEL_SPEEDUP) + #define USE_INTEL_SPEEDUP +#endif + #if defined(USE_INTEL_SPEEDUP) #define HAVE_INTEL_AVX1 #define HAVE_INTEL_AVX2 @@ -14799,4 +14911,276 @@ int wc_AesEaxFree(AesEax* eax) #endif /* WOLFSSL_AES_EAX */ +#ifdef WOLFSSL_AES_CTS + + +/* One-shot API */ +int wc_AesCtsEncrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv) +{ +#ifdef WOLFSSL_SMALL_STACK + Aes *aes = NULL; +#else + Aes aes[1]; +#endif + int ret = 0; + word32 outSz = inSz; + + if (key == NULL || out == NULL || in == NULL || iv == NULL) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_SMALL_STACK + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else + ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif + if (ret == 0) + ret = wc_AesSetKey(aes, key, keySz, iv, AES_ENCRYPTION); + if (ret == 0) + ret = wc_AesCtsEncryptUpdate(aes, out, &outSz, in, inSz); + if (ret == 0) { + out += outSz; + outSz = inSz - outSz; + ret = wc_AesCtsEncryptFinal(aes, out, &outSz); + } + +#ifdef WOLFSSL_SMALL_STACK + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); +#endif + return ret; +} + +int wc_AesCtsDecrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv) +{ +#ifdef WOLFSSL_SMALL_STACK + Aes *aes = NULL; +#else + Aes aes[1]; +#endif + int ret = 0; + word32 outSz = inSz; + + if (key == NULL || out == NULL || in == NULL || iv == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_SMALL_STACK + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else + ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif + if (ret == 0) + ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCtsDecryptUpdate(aes, out, &outSz, in, inSz); + if (ret == 0) { + out += outSz; + outSz = inSz - outSz; + ret = wc_AesCtsDecryptFinal(aes, out, &outSz); + } + +#ifdef WOLFSSL_SMALL_STACK + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); +#endif + return ret; +} + +static int AesCtsUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz, int enc) +{ + word32 blocks = 0; + int ret = 0; + word32 writtenSz = 0; + word32 tmpOutSz; + + if (aes == NULL || out == NULL || in == NULL || outSz == NULL) + return BAD_FUNC_ARG; + + /* Error out early for easy sanity check */ + if (*outSz < inSz) + return BUFFER_E; + tmpOutSz = *outSz; + + /* We need to store last two blocks of plaintext */ + if (aes->left > 0) { + word32 copySz = min(inSz, (WC_AES_BLOCK_SIZE * 2) - aes->left); + XMEMCPY(aes->ctsBlock + aes->left, in, copySz); + aes->left += copySz; + in += copySz; + inSz -= copySz; + + if (aes->left == WC_AES_BLOCK_SIZE * 2) { + if (inSz > WC_AES_BLOCK_SIZE) { + if (tmpOutSz < WC_AES_BLOCK_SIZE * 2) + return BUFFER_E; + if (enc) { + ret = wc_AesCbcEncrypt(aes, out, aes->ctsBlock, + WC_AES_BLOCK_SIZE * 2); + } + else { + ret = wc_AesCbcDecrypt(aes, out, aes->ctsBlock, + WC_AES_BLOCK_SIZE * 2); + } + if (ret != 0) + return ret; + out += WC_AES_BLOCK_SIZE * 2; + writtenSz += WC_AES_BLOCK_SIZE * 2; + tmpOutSz -= WC_AES_BLOCK_SIZE * 2; + aes->left = 0; + } + else if (inSz > 0) { + if (tmpOutSz < WC_AES_BLOCK_SIZE) + return BUFFER_E; + if (enc) { + ret = wc_AesCbcEncrypt(aes, out, aes->ctsBlock, + WC_AES_BLOCK_SIZE); + } + else { + ret = wc_AesCbcDecrypt(aes, out, aes->ctsBlock, + WC_AES_BLOCK_SIZE); + } + if (ret != 0) + return ret; + out += WC_AES_BLOCK_SIZE; + writtenSz += WC_AES_BLOCK_SIZE; + tmpOutSz -= WC_AES_BLOCK_SIZE; + /* Move the last block in ctsBlock to the beginning for + * next operation */ + XMEMCPY(aes->ctsBlock, aes->ctsBlock + WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE); + XMEMCPY(aes->ctsBlock + WC_AES_BLOCK_SIZE, in, inSz); + aes->left = WC_AES_BLOCK_SIZE + inSz; + *outSz = writtenSz; + return ret; /* Return the result of encryption */ + } + else { + /* Can't output data as we need > 1 block for Final call */ + *outSz = writtenSz; + return 0; + } + } + else { + /* All input has been absorbed into aes->ctsBlock */ + *outSz = 0; + return 0; + } + } + if (inSz > WC_AES_BLOCK_SIZE) { + /* We need to store the last two full or partial blocks */ + blocks = (inSz + (WC_AES_BLOCK_SIZE - 1)) / WC_AES_BLOCK_SIZE; + blocks -= 2; + } + if (tmpOutSz < blocks * WC_AES_BLOCK_SIZE) + return BUFFER_E; + if (enc) + ret = wc_AesCbcEncrypt(aes, out, in, blocks * WC_AES_BLOCK_SIZE); + else + ret = wc_AesCbcDecrypt(aes, out, in, blocks * WC_AES_BLOCK_SIZE); + in += blocks * WC_AES_BLOCK_SIZE; + inSz -= blocks * WC_AES_BLOCK_SIZE; + XMEMCPY(aes->ctsBlock, in, inSz); + aes->left = inSz; + writtenSz += blocks * WC_AES_BLOCK_SIZE; + *outSz = writtenSz; + return ret; +} + +/* Incremental API */ +int wc_AesCtsEncryptUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz) +{ + return AesCtsUpdate(aes, out, outSz, in, inSz, 1); +} + +int wc_AesCtsEncryptFinal(Aes* aes, byte* out, word32* outSz) +{ + int ret = 0; + + if (aes == NULL || out == NULL || outSz == NULL) + return BAD_FUNC_ARG; + if (*outSz < aes->left) + return BUFFER_E; + + /* Input must be at least two complete or partial blocks */ + if (aes->left <= WC_AES_BLOCK_SIZE) + return BAD_FUNC_ARG; + + /* Zero padding */ + XMEMSET(aes->ctsBlock + aes->left, 0, (WC_AES_BLOCK_SIZE * 2) - aes->left); + + ret = wc_AesCbcEncrypt(aes, aes->ctsBlock, aes->ctsBlock, + WC_AES_BLOCK_SIZE * 2); + if (ret != 0) + return ret; + + XMEMCPY(out, aes->ctsBlock + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + XMEMCPY(out + WC_AES_BLOCK_SIZE, aes->ctsBlock, + aes->left - WC_AES_BLOCK_SIZE); + *outSz = aes->left; + return ret; +} + +int wc_AesCtsDecryptUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz) +{ + return AesCtsUpdate(aes, out, outSz, in, inSz, 0); +} + +int wc_AesCtsDecryptFinal(Aes* aes, byte* out, word32* outSz) +{ + int ret = 0; + byte iv[WC_AES_BLOCK_SIZE]; + byte tmp[WC_AES_BLOCK_SIZE]; + word32 partialSz; + word32 padSz; + + if (aes == NULL || out == NULL || outSz == NULL) + return BAD_FUNC_ARG; + if (*outSz < aes->left) + return BUFFER_E; + + /* Input must be at least two complete or partial blocks */ + if (aes->left <= WC_AES_BLOCK_SIZE) + return BAD_FUNC_ARG; + + partialSz = aes->left - WC_AES_BLOCK_SIZE; + padSz = 2 * WC_AES_BLOCK_SIZE - aes->left; + /* Zero pad */ + XMEMSET(aes->ctsBlock + aes->left, 0, padSz); + + /* Store IV */ + XMEMCPY(iv, aes->reg, WC_AES_BLOCK_SIZE); + /* Load IV */ + XMEMCPY(aes->reg, aes->ctsBlock + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + + ret = wc_AesCbcDecrypt(aes, tmp, aes->ctsBlock, WC_AES_BLOCK_SIZE); + if (ret != 0) + return ret; + + /* Write out partial block */ + XMEMCPY(out + WC_AES_BLOCK_SIZE, tmp, partialSz); + /* Retrieve the padding */ + XMEMCPY(aes->ctsBlock + aes->left, tmp + partialSz, padSz); + /* Restore IV */ + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); + + ret = wc_AesCbcDecrypt(aes, out, aes->ctsBlock + WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE); + if (ret != 0) + return ret; + + *outSz = aes->left; + return ret; +} + +#endif /* WOLFSSL_AES_CTS */ + + #endif /* !NO_AES */ diff --git a/src/wolfcrypt/src/arc4.c b/src/wolfcrypt/src/arc4.c index 649d52f..a877d8b 100644 --- a/src/wolfcrypt/src/arc4.c +++ b/src/wolfcrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,16 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef NO_RC4 -#include #include diff --git a/src/wolfcrypt/src/ascon.c b/src/wolfcrypt/src/ascon.c new file mode 100644 index 0000000..248d06a --- /dev/null +++ b/src/wolfcrypt/src/ascon.c @@ -0,0 +1,521 @@ +/* ascon.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef HAVE_ASCON + +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +/* + * Implementation of the ASCON AEAD and HASH algorithms. Based on the NIST + * Initial Public Draft "NIST SP 800-232 ipd" and reference implementation found + * at https://github.com/ascon/ascon-c. + */ + +/* + * TODO + * - Add support for big-endian systems + * - Add support for 32-bit and smaller systems */ + +#ifndef WORD64_AVAILABLE + #error "Ascon implementation requires a 64-bit word" +#endif + +/* Data block size in bytes */ +#define ASCON_HASH256_RATE 8 +#define ASCON_HASH256_ROUNDS 12 +#define ASCON_HASH256_IV 0x0000080100CC0002ULL + +#define ASCON_AEAD128_ROUNDS_PA 12 +#define ASCON_AEAD128_ROUNDS_PB 8 +#define ASCON_AEAD128_IV 0x00001000808C0001ULL +#define ASCON_AEAD128_RATE 16 + +#define MAX_ROUNDS 12 + +#ifndef WOLFSSL_ASCON_UNROLL + +/* Table 5 */ +static const byte round_constants[MAX_ROUNDS] = { + 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87, 0x78, 0x69, 0x5a, 0x4b +}; + +static byte start_index(byte rounds) +{ + switch (rounds) { + case 8: + return 4; + case 12: + return 0; + default: + WOLFSSL_MSG("Something went wrong in wolfCrypt logic. Wrong ASCON " + "rounds value."); + return MAX_ROUNDS; + } +} + +static WC_INLINE void ascon_round(AsconState* a, byte round) +{ + word64 tmp0, tmp1, tmp2, tmp3, tmp4; + /* 3.2 Constant-Addition Layer */ + a->s64[2] ^= round_constants[round]; + /* 3.3 Substitution Layer */ + a->s64[0] ^= a->s64[4]; + a->s64[4] ^= a->s64[3]; + a->s64[2] ^= a->s64[1]; + tmp0 = a->s64[0] ^ (~a->s64[1] & a->s64[2]); + tmp2 = a->s64[2] ^ (~a->s64[3] & a->s64[4]); + tmp4 = a->s64[4] ^ (~a->s64[0] & a->s64[1]); + tmp1 = a->s64[1] ^ (~a->s64[2] & a->s64[3]); + tmp3 = a->s64[3] ^ (~a->s64[4] & a->s64[0]); + tmp1 ^= tmp0; + tmp3 ^= tmp2; + tmp0 ^= tmp4; + tmp2 = ~tmp2; + /* 3.4 Linear Diffusion Layer */ + a->s64[4] = tmp4 ^ rotrFixed64(tmp4, 7) ^ rotrFixed64(tmp4, 41); + a->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39); + a->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17); + a->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28); + a->s64[2] = tmp2 ^ rotrFixed64(tmp2, 1) ^ rotrFixed64(tmp2, 6); +} + +static void permutation(AsconState* a, byte rounds) +{ + byte i = start_index(rounds); + for (; i < MAX_ROUNDS; i++) { + ascon_round(a, i); + } +} + +#else + +#define p(a, c) do { \ + word64 tmp0, tmp1, tmp2, tmp3, tmp4; \ + /* 3.2 Constant-Addition Layer */ \ + (a)->s64[2] ^= c; \ + /* 3.3 Substitution Layer */ \ + (a)->s64[0] ^= (a)->s64[4]; \ + (a)->s64[4] ^= (a)->s64[3]; \ + (a)->s64[2] ^= (a)->s64[1]; \ + tmp0 = (a)->s64[0] ^ (~(a)->s64[1] & (a)->s64[2]); \ + tmp2 = (a)->s64[2] ^ (~(a)->s64[3] & (a)->s64[4]); \ + tmp4 = (a)->s64[4] ^ (~(a)->s64[0] & (a)->s64[1]); \ + tmp1 = (a)->s64[1] ^ (~(a)->s64[2] & (a)->s64[3]); \ + tmp3 = (a)->s64[3] ^ (~(a)->s64[4] & (a)->s64[0]); \ + tmp1 ^= tmp0; \ + tmp3 ^= tmp2; \ + tmp0 ^= tmp4; \ + tmp2 = ~tmp2; \ + /* 3.4 Linear Diffusion Layer */ \ + (a)->s64[4] = tmp4 ^ rotrFixed64(tmp4, 7) ^ rotrFixed64(tmp4, 41); \ + (a)->s64[1] = tmp1 ^ rotrFixed64(tmp1, 61) ^ rotrFixed64(tmp1, 39); \ + (a)->s64[3] = tmp3 ^ rotrFixed64(tmp3, 10) ^ rotrFixed64(tmp3, 17); \ + (a)->s64[0] = tmp0 ^ rotrFixed64(tmp0, 19) ^ rotrFixed64(tmp0, 28); \ + (a)->s64[2] = tmp2 ^ rotrFixed64(tmp2, 1) ^ rotrFixed64(tmp2, 6); \ +} while (0) + +#define p8(a) \ + p(a, 0xb4); \ + p(a, 0xa5); \ + p(a, 0x96); \ + p(a, 0x87); \ + p(a, 0x78); \ + p(a, 0x69); \ + p(a, 0x5a); \ + p(a, 0x4b) + +#define p12(a) \ + p(a, 0xf0); \ + p(a, 0xe1); \ + p(a, 0xd2); \ + p(a, 0xc3); \ + p8(a) + +/* Needed layer to evaluate the macro values */ +#define _permutation(a, rounds) \ + p ## rounds(a) + +#define permutation(a, rounds) \ + _permutation(a, rounds) + +#endif + +/* AsconHash API */ + +wc_AsconHash256* wc_AsconHash256_New(void) +{ + wc_AsconHash256* ret = (wc_AsconHash256*)XMALLOC(sizeof(wc_AsconHash256), + NULL, DYNAMIC_TYPE_ASCON); + if (ret != NULL) { + if (wc_AsconHash256_Init(ret) != 0) { + wc_AsconHash256_Free(ret); + ret = NULL; + } + } + return ret; +} + +void wc_AsconHash256_Free(wc_AsconHash256* a) +{ + if (a != NULL) { + wc_AsconHash256_Clear(a); + XFREE(a, NULL, DYNAMIC_TYPE_ASCON); + } +} + +int wc_AsconHash256_Init(wc_AsconHash256* a) +{ + if (a == NULL) + return BAD_FUNC_ARG; + + XMEMSET(a, 0, sizeof(*a)); + + a->state.s64[0] = ASCON_HASH256_IV; + permutation(&a->state, ASCON_HASH256_ROUNDS); + + return 0; +} + +void wc_AsconHash256_Clear(wc_AsconHash256* a) +{ + if (a != NULL) { + ForceZero(a, sizeof(*a)); + } +} + +int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, word32 dataSz) +{ + if (a == NULL || (data == NULL && dataSz != 0)) + return BAD_FUNC_ARG; + + if (dataSz == 0) + return 0; + + /* Process leftover block */ + if (a->lastBlkSz != 0) { + word32 toProcess = min(ASCON_HASH256_RATE - a->lastBlkSz, dataSz); + xorbuf(a->state.s8 + a->lastBlkSz, data, toProcess); + data += toProcess; + dataSz -= toProcess; + a->lastBlkSz += toProcess; + + if (a->lastBlkSz < ASCON_HASH256_RATE) + return 0; + + permutation(&a->state, ASCON_HASH256_ROUNDS); + /* Reset the counter */ + a->lastBlkSz = 0; + } + + while (dataSz >= ASCON_HASH256_RATE) { + /* Read in input as little endian numbers */ + xorbuf(a->state.s64, data, ASCON_HASH256_RATE); + permutation(&a->state, ASCON_HASH256_ROUNDS); + data += ASCON_HASH256_RATE; + dataSz -= ASCON_HASH256_RATE; + } + + xorbuf(a->state.s64, data, dataSz); + a->lastBlkSz = dataSz; + + return 0; +} + +int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash) +{ + byte i; + + if (a == NULL || hash == NULL) + return BAD_FUNC_ARG; + + /* Process last block */ + a->state.s8[a->lastBlkSz] ^= 1; + + for (i = 0; i < ASCON_HASH256_SZ; i += ASCON_HASH256_RATE) { + permutation(&a->state, ASCON_HASH256_ROUNDS); + XMEMCPY(hash, a->state.s64, ASCON_HASH256_RATE); + hash += ASCON_HASH256_RATE; + } + + /* Clear state as soon as possible */ + wc_AsconHash256_Clear(a); + return 0; +} + +/* AsconAEAD API */ + +wc_AsconAEAD128* wc_AsconAEAD128_New(void) +{ + wc_AsconAEAD128 *ret = (wc_AsconAEAD128*) XMALLOC(sizeof(wc_AsconAEAD128), + NULL, DYNAMIC_TYPE_ASCON); + if (ret != NULL) { + if (wc_AsconAEAD128_Init(ret) != 0) { + wc_AsconAEAD128_Free(ret); + ret = NULL; + } + } + return ret; +} + +void wc_AsconAEAD128_Free(wc_AsconAEAD128 *a) +{ + if (a != NULL) { + wc_AsconAEAD128_Clear(a); + XFREE(a, NULL, DYNAMIC_TYPE_ASCON); + } +} + +int wc_AsconAEAD128_Init(wc_AsconAEAD128 *a) +{ + if (a == NULL) + return BAD_FUNC_ARG; + + XMEMSET(a, 0, sizeof(*a)); + a->state.s64[0] = ASCON_AEAD128_IV; + + return 0; +} + +void wc_AsconAEAD128_Clear(wc_AsconAEAD128 *a) +{ + if (a != NULL) { + ForceZero(a, sizeof(*a)); + } +} + +int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key) +{ + if (a == NULL || key == NULL) + return BAD_FUNC_ARG; + if (a->keySet) + return BAD_STATE_E; + + XMEMCPY(a->key, key, ASCON_AEAD128_KEY_SZ); + a->state.s64[1] = a->key[0]; + a->state.s64[2] = a->key[1]; + a->keySet = 1; + + return 0; +} + +int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce) +{ + if (a == NULL || nonce == NULL) + return BAD_FUNC_ARG; + if (a->nonceSet) + return BAD_STATE_E; + + XMEMCPY(&a->state.s64[3], nonce, ASCON_AEAD128_NONCE_SZ); + a->nonceSet = 1; + + return 0; +} + +int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad, + word32 adSz) +{ + if (a == NULL || (ad == NULL && adSz > 0)) + return BAD_FUNC_ARG; + if (!a->keySet || !a->nonceSet) /* key and nonce must be set before */ + return BAD_STATE_E; + + permutation(&a->state, ASCON_AEAD128_ROUNDS_PA); + a->state.s64[3] ^= a->key[0]; + a->state.s64[4] ^= a->key[1]; + + if (adSz > 0) { + while (adSz >= ASCON_AEAD128_RATE) { + xorbuf(a->state.s64, ad, ASCON_AEAD128_RATE); + permutation(&a->state, ASCON_AEAD128_ROUNDS_PB); + ad += ASCON_AEAD128_RATE; + adSz -= ASCON_AEAD128_RATE; + } + xorbuf(a->state.s64, ad, adSz); + /* Pad the last block */ + a->state.s8[adSz] ^= 1; + permutation(&a->state, ASCON_AEAD128_ROUNDS_PB); + } + a->state.s64[4] ^= 1ULL << 63; + + a->adSet = 1; + return 0; +} + +int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out, + const byte* in, word32 inSz) +{ + if (a == NULL || (in == NULL && inSz > 0)) + return BAD_FUNC_ARG; + if (!a->keySet || !a->nonceSet || !a->adSet) + return BAD_STATE_E; + + if (a->op == ASCON_AEAD128_NOTSET) + a->op = ASCON_AEAD128_ENCRYPT; + else if (a->op != ASCON_AEAD128_ENCRYPT) + return BAD_STATE_E; + + /* Process leftover from last block */ + if (a->lastBlkSz != 0) { + word32 toProcess = min(ASCON_AEAD128_RATE - a->lastBlkSz, inSz); + xorbuf(&a->state.s8[a->lastBlkSz], in, toProcess); + XMEMCPY(out, &a->state.s8[a->lastBlkSz], toProcess); + a->lastBlkSz += toProcess; + in += toProcess; + out += toProcess; + inSz -= toProcess; + + if (a->lastBlkSz < ASCON_AEAD128_RATE) + return 0; + + permutation(&a->state, ASCON_AEAD128_ROUNDS_PB); + a->lastBlkSz = 0; + } + + while (inSz >= ASCON_AEAD128_RATE) { + xorbuf(a->state.s64, in, ASCON_AEAD128_RATE); + XMEMCPY(out, a->state.s64, ASCON_AEAD128_RATE); + permutation(&a->state, ASCON_AEAD128_ROUNDS_PB); + in += ASCON_AEAD128_RATE; + out += ASCON_AEAD128_RATE; + inSz -= ASCON_AEAD128_RATE; + } + /* Store leftover */ + xorbuf(a->state.s64, in, inSz); + XMEMCPY(out, a->state.s64, inSz); + a->lastBlkSz = inSz; + + return 0; +} + + +int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag) +{ + if (a == NULL || tag == NULL) + return BAD_FUNC_ARG; + if (!a->keySet || !a->nonceSet || !a->adSet) + return BAD_STATE_E; + + if (a->op != ASCON_AEAD128_ENCRYPT) + return BAD_STATE_E; + + /* Process leftover from last block */ + a->state.s8[a->lastBlkSz] ^= 1; + + a->state.s64[2] ^= a->key[0]; + a->state.s64[3] ^= a->key[1]; + permutation(&a->state, ASCON_AEAD128_ROUNDS_PA); + a->state.s64[3] ^= a->key[0]; + a->state.s64[4] ^= a->key[1]; + + XMEMCPY(tag, &a->state.s64[3], ASCON_AEAD128_TAG_SZ); + + /* Clear state as soon as possible */ + wc_AsconAEAD128_Clear(a); + + return 0; + +} + + +int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out, + const byte* in, word32 inSz) +{ + if (a == NULL || (in == NULL && inSz > 0)) + return BAD_FUNC_ARG; + if (!a->keySet || !a->nonceSet || !a->adSet) + return BAD_STATE_E; + + if (a->op == ASCON_AEAD128_NOTSET) + a->op = ASCON_AEAD128_DECRYPT; + else if (a->op != ASCON_AEAD128_DECRYPT) + return BAD_STATE_E; + + /* Process leftover block */ + if (a->lastBlkSz != 0) { + word32 toProcess = min(ASCON_AEAD128_RATE - a->lastBlkSz, inSz); + xorbufout(out, a->state.s8 + a->lastBlkSz, in, toProcess); + XMEMCPY(a->state.s8 + a->lastBlkSz, in, toProcess); + in += toProcess; + out += toProcess; + inSz -= toProcess; + a->lastBlkSz += toProcess; + + if (a->lastBlkSz < ASCON_AEAD128_RATE) + return 0; + + permutation(&a->state, ASCON_AEAD128_ROUNDS_PB); + a->lastBlkSz = 0; + } + + while (inSz >= ASCON_AEAD128_RATE) { + xorbufout(out, a->state.s64, in, ASCON_AEAD128_RATE); + XMEMCPY(a->state.s64, in, ASCON_AEAD128_RATE); + permutation(&a->state, ASCON_AEAD128_ROUNDS_PB); + in += ASCON_AEAD128_RATE; + out += ASCON_AEAD128_RATE; + inSz -= ASCON_AEAD128_RATE; + } + /* Store leftover */ + xorbufout(out, a->state.s64, in, inSz); + XMEMCPY(a->state.s64, in, inSz); + a->lastBlkSz = inSz; + + return 0; +} + +int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag) +{ + if (a == NULL || tag == NULL) + return BAD_FUNC_ARG; + if (!a->keySet || !a->nonceSet || !a->adSet) + return BAD_STATE_E; + + if (a->op != ASCON_AEAD128_DECRYPT) + return BAD_STATE_E; + + /* Pad last block */ + a->state.s8[a->lastBlkSz] ^= 1; + + a->state.s64[2] ^= a->key[0]; + a->state.s64[3] ^= a->key[1]; + permutation(&a->state, ASCON_AEAD128_ROUNDS_PA); + a->state.s64[3] ^= a->key[0]; + a->state.s64[4] ^= a->key[1]; + + if (ConstantCompare(tag, (const byte*)&a->state.s64[3], + ASCON_AEAD128_TAG_SZ) != 0) + return ASCON_AUTH_E; + + /* Clear state as soon as possible */ + wc_AsconAEAD128_Clear(a); + + return 0; +} + +#endif /* HAVE_ASCON */ diff --git a/src/wolfcrypt/src/asm.c b/src/wolfcrypt/src/asm.c index 2096ae9..a724114 100644 --- a/src/wolfcrypt/src/asm.c +++ b/src/wolfcrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include /* * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, diff --git a/src/wolfcrypt/src/asn.c b/src/wolfcrypt/src/asn.c index 6335df3..af74678 100644 --- a/src/wolfcrypt/src/asn.c +++ b/src/wolfcrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,11 +34,8 @@ * Provides routines to convert BER into DER. Replaces indefinite length * encoded items with explicit lengths. */ -#ifdef HAVE_CONFIG_H - #include -#endif -#include +#include /* ASN Options: @@ -109,7 +106,6 @@ ASN Options: * usage. */ -#include #ifndef NO_RSA #include #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) @@ -128,7 +124,6 @@ ASN Options: #include #include #include -#include #include #include @@ -1300,7 +1295,7 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data, WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len, *data->data.buffer.length); #endif - return ASN_PARSE_E; + return BUFFER_E; } /* Copy in data and record actual length seen. */ XMEMCPY(data->data.buffer.data, input + idx, (size_t)len); @@ -2451,8 +2446,9 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, ret = ASN_PARSE_E; } else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { - /* Last octet of a sub-identifier has bit 8 clear. Last octet must be - * last of a subidentifier. Ensure last octet hasn't got top bit set. */ + /* Last octet of a sub-identifier has bit 8 clear. Last octet must + * be last of a subidentifier. Ensure last octet hasn't got top bit + * set. */ WOLFSSL_MSG("OID last octet has top bit set"); ret = ASN_PARSE_E; } @@ -3629,8 +3625,8 @@ word32 SetIndefEnd(byte* output) /* Breaks an octet string up into chunks for use with streaming * returns 0 on success and updates idx */ -int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz, - word32* idx) +int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, + word32* outSz, word32* idx) { word32 i = 0; word32 outIdx = *idx; @@ -4495,16 +4491,295 @@ static const byte extAuthInfoCaIssuerOid[] = {43, 6, 1, 5, 5, 7, 48, 2}; /* certPolicyType */ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0}; +static const byte extCertPolicyIsrgDomainValid[] = + {43, 6, 1, 4, 1, 130, 223, 19, 1, 1, 1}; #ifdef WOLFSSL_FPKI #define CERT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num} + static const byte extCertPolicyFpkiHighAssuranceOid[] = + CERT_POLICY_TYPE_OID_BASE(4); + static const byte extCertPolicyFpkiCommonHardwareOid[] = + CERT_POLICY_TYPE_OID_BASE(7); + static const byte extCertPolicyFpkiMediumHardwareOid[] = + CERT_POLICY_TYPE_OID_BASE(12); static const byte extCertPolicyFpkiCommonAuthOid[] = CERT_POLICY_TYPE_OID_BASE(13); + static const byte extCertPolicyFpkiCommonHighOid[] = + CERT_POLICY_TYPE_OID_BASE(16); + static const byte extCertPolicyFpkiCommonDevicesHardwareOid[] = + CERT_POLICY_TYPE_OID_BASE(36); + static const byte extCertPolicyFpkiCommonPivContentSigningOid[] = + CERT_POLICY_TYPE_OID_BASE(39); static const byte extCertPolicyFpkiPivAuthOid[] = CERT_POLICY_TYPE_OID_BASE(40); static const byte extCertPolicyFpkiPivAuthHwOid[] = CERT_POLICY_TYPE_OID_BASE(41); static const byte extCertPolicyFpkiPiviAuthOid[] = CERT_POLICY_TYPE_OID_BASE(45); + + /* Federal PKI Test OIDs - 2.16.840.1.101.3.2.1.48.x */ + #define TEST_CERT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 48, num} + static const byte extCertPolicyFpkiAuthTestOid[] = + TEST_CERT_POLICY_TYPE_OID_BASE(11); + static const byte extCertPolicyFpkiCardauthTestOid[] = + TEST_CERT_POLICY_TYPE_OID_BASE(13); + static const byte extCertPolicyFpkiPivContentTestOid[] = + TEST_CERT_POLICY_TYPE_OID_BASE(86); + static const byte extCertPolicyFpkiAuthDerivedTestOid[] = + TEST_CERT_POLICY_TYPE_OID_BASE(109); + static const byte extCertPolicyFpkiAuthDerivedHwTestOid[] = + TEST_CERT_POLICY_TYPE_OID_BASE(110); + + /* DoD PKI OIDs - 2.16.840.1.101.2.1.11.X */ + #define DOD_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 2, 1, 11, num} + static const byte extCertPolicyDodMediumOid[] = + DOD_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyDodMediumHardwareOid[] = + DOD_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyDodPivAuthOid[] = + DOD_POLICY_TYPE_OID_BASE(10); + static const byte extCertPolicyDodMediumNpeOid[] = + DOD_POLICY_TYPE_OID_BASE(17); + static const byte extCertPolicyDodMedium2048Oid[] = + DOD_POLICY_TYPE_OID_BASE(18); + static const byte extCertPolicyDodMediumHardware2048Oid[] = + DOD_POLICY_TYPE_OID_BASE(19); + static const byte extCertPolicyDodPivAuth2048Oid[] = + DOD_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyDodPeerInteropOid[] = + DOD_POLICY_TYPE_OID_BASE(31); + static const byte extCertPolicyDodMediumNpe112Oid[] = + DOD_POLICY_TYPE_OID_BASE(36); + static const byte extCertPolicyDodMediumNpe128Oid[] = + DOD_POLICY_TYPE_OID_BASE(37); + static const byte extCertPolicyDodMediumNpe192Oid[] = + DOD_POLICY_TYPE_OID_BASE(38); + static const byte extCertPolicyDodMedium112Oid[] = + DOD_POLICY_TYPE_OID_BASE(39); + static const byte extCertPolicyDodMedium128Oid[] = + DOD_POLICY_TYPE_OID_BASE(40); + static const byte extCertPolicyDodMedium192Oid[] = + DOD_POLICY_TYPE_OID_BASE(41); + static const byte extCertPolicyDodMediumHardware112Oid[] = + DOD_POLICY_TYPE_OID_BASE(42); + static const byte extCertPolicyDodMediumHardware128Oid[] = + DOD_POLICY_TYPE_OID_BASE(43); + static const byte extCertPolicyDodMediumHardware192Oid[] = + DOD_POLICY_TYPE_OID_BASE(44); + static const byte extCertPolicyDodAdminOid[] = + DOD_POLICY_TYPE_OID_BASE(59); + static const byte extCertPolicyDodInternalNpe112Oid[] = + DOD_POLICY_TYPE_OID_BASE(60); + static const byte extCertPolicyDodInternalNpe128Oid[] = + DOD_POLICY_TYPE_OID_BASE(61); + static const byte extCertPolicyDodInternalNpe192Oid[] = + DOD_POLICY_TYPE_OID_BASE(62); + + /* ECA PKI OIDs - 2.16.840.1.101.3.2.1.12.X */ + #define ECA_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 12, num} + static const byte extCertPolicyEcaMediumOid[] = + ECA_POLICY_TYPE_OID_BASE(1); + static const byte extCertPolicyEcaMediumHardwareOid[] = + ECA_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyEcaMediumTokenOid[] = + ECA_POLICY_TYPE_OID_BASE(3); + static const byte extCertPolicyEcaMediumSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(4); + static const byte extCertPolicyEcaMediumTokenSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyEcaMediumHardwarePiviOid[] = + ECA_POLICY_TYPE_OID_BASE(6); + static const byte extCertPolicyEcaContentSigningPiviOid[] = + ECA_POLICY_TYPE_OID_BASE(8); + static const byte extCertPolicyEcaMediumDeviceSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyEcaMediumHardwareSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(10); + + /* Department of State PKI OIDs - 2.16.840.1.101.3.2.1.6.X */ + #define STATE_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 6, num} + static const byte extCertPolicyStateBasicOid[] = + STATE_POLICY_TYPE_OID_BASE(1); + static const byte extCertPolicyStateLowOid[] = + STATE_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyStateModerateOid[] = + STATE_POLICY_TYPE_OID_BASE(3); + static const byte extCertPolicyStateHighOid[] = + STATE_POLICY_TYPE_OID_BASE(4); + static const byte extCertPolicyStateMedHwOid[] = + STATE_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyStateMediumDeviceHardwareOid[] = + STATE_POLICY_TYPE_OID_BASE(38); + + /* U.S. Treasury SSP PKI OIDs - 2.16.840.1.101.3.2.1.5.X */ + #define TREASURY_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 5, num} + static const byte extCertPolicyTreasuryMediumHardwareOid[] = + TREASURY_POLICY_TYPE_OID_BASE(4); + static const byte extCertPolicyTreasuryHighOid[] = + TREASURY_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyTreasuryPiviHardwareOid[] = + TREASURY_POLICY_TYPE_OID_BASE(10); + static const byte extCertPolicyTreasuryPiviContentSigningOid[] = + TREASURY_POLICY_TYPE_OID_BASE(12); + + /* Boeing PKI OIDs - 1.3.6.1.4.1.73.15.3.1.X */ + #define BOEING_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 73, 15, 3, 1, num} + static const byte extCertPolicyBoeingMediumHardwareSha256Oid[] = + BOEING_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyBoeingMediumHardwareContentSigningSha256Oid[] = + BOEING_POLICY_TYPE_OID_BASE(17); + + /* Carillon Federal Services OIDs - 1.3.6.1.4.1.45606.3.1.X */ + #define CARILLON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 130, 228, 38, 3, 1, num} + static const byte extCertPolicyCarillonMediumhw256Oid[] = + CARILLON_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyCarillonAivhwOid[] = + CARILLON_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyCarillonAivcontentOid[] = + CARILLON_POLICY_TYPE_OID_BASE(22); + + /* Carillon Information Security OIDs - 1.3.6.1.4.1.25054.3.1.X */ + #define CIS_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 129, 195, 94, 3, 1, num} + static const byte extCertPolicyCisMediumhw256Oid[] = + CIS_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyCisMeddevhw256Oid[] = + CIS_POLICY_TYPE_OID_BASE(14); + static const byte extCertPolicyCisIcecapHwOid[] = + CIS_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyCisIcecapContentOid[] = + CIS_POLICY_TYPE_OID_BASE(22); + + /* CertiPath Bridge OIDs - 1.3.6.1.4.1.24019.1.1.1.X */ + #define CERTIPATH_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 129, 187, 83, 1, 1, 1, num} + static const byte extCertPolicyCertipathMediumhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyCertipathHighhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(3); + static const byte extCertPolicyCertipathIcecapHwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(7); + static const byte extCertPolicyCertipathIcecapContentOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyCertipathVarMediumhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(18); + static const byte extCertPolicyCertipathVarHighhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(19); + + /* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */ + #define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 130, 169, 83, 1, 1, 1, num} + static const byte extCertPolicyTscpMediumhwOid[] = + TSCP_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyTscpPiviOid[] = + TSCP_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyTscpPiviContentOid[] = + TSCP_POLICY_TYPE_OID_BASE(7); + + /* DigiCert NFI PKI OIDs - 2.16.840.1.113733.1.7.23.3.1.X */ + #define DIGICERT_NFI_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 134, 248, 69, 1, 7, 23, 3, 1, num} + static const byte extCertPolicyDigicertNfiMediumHardwareOid[] = + DIGICERT_NFI_POLICY_TYPE_OID_BASE(7); + static const byte extCertPolicyDigicertNfiAuthOid[] = + DIGICERT_NFI_POLICY_TYPE_OID_BASE(13); + static const byte extCertPolicyDigicertNfiPiviHardwareOid[] = + DIGICERT_NFI_POLICY_TYPE_OID_BASE(18); + static const byte extCertPolicyDigicertNfiPiviContentSigningOid[] = + DIGICERT_NFI_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyDigicertNfiMediumDevicesHardwareOid[] = + DIGICERT_NFI_POLICY_TYPE_OID_BASE(36); + + /* Entrust Managed Services NFI PKI OIDs - 2.16.840.1.114027.200.3.10.7.X */ + #define ENTRUST_NFI_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 134, 250, 107, 129, 72, 3, 10, 7, num} + static const byte extCertPolicyEntrustNfiMediumHardwareOid[] = + ENTRUST_NFI_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyEntrustNfiMediumAuthenticationOid[] = + ENTRUST_NFI_POLICY_TYPE_OID_BASE(4); + static const byte extCertPolicyEntrustNfiPiviHardwareOid[] = + ENTRUST_NFI_POLICY_TYPE_OID_BASE(6); + static const byte extCertPolicyEntrustNfiPiviContentSigningOid[] = + ENTRUST_NFI_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyEntrustNfiMediumDevicesHwOid[] = + ENTRUST_NFI_POLICY_TYPE_OID_BASE(16); + + /* Exostar LLC PKI OIDs - 1.3.6.1.4.1.13948.1.1.1.X */ + #define EXOSTAR_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 236, 124, 1, 1, 1, num} + static const byte extCertPolicyExostarMediumHardwareSha2Oid[] = + EXOSTAR_POLICY_TYPE_OID_BASE(6); + + /* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */ + #define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 134, 249, 47, 0, 100, num1, num2} + static const byte extCertPolicyIdentrustMediumhwSignOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(12, 1); + static const byte extCertPolicyIdentrustMediumhwEncOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(12, 2); + static const byte extCertPolicyIdentrustPiviHwIdOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 0); + static const byte extCertPolicyIdentrustPiviHwSignOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 1); + static const byte extCertPolicyIdentrustPiviHwEncOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 2); + static const byte extCertPolicyIdentrustPiviContentOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(20, 1); + + /* Lockheed Martin PKI OIDs - 1.3.6.1.4.1.103.100.1.1.3.X */ + #define LOCKHEED_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 103, 100, 1, 1, 3, num} + static const byte extCertPolicyLockheedMediumAssuranceHardwareOid[] = + LOCKHEED_POLICY_TYPE_OID_BASE(3); + + /* Northrop Grumman PKI OIDs - 1.3.6.1.4.1.16334.509.2.X */ + #define NORTHROP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 255, 78, 131, 125, 2, num} + static const byte extCertPolicyNorthropMediumAssurance256HardwareTokenOid[] = + NORTHROP_POLICY_TYPE_OID_BASE(8); + static const byte extCertPolicyNorthropPiviAssurance256HardwareTokenOid[] = + NORTHROP_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyNorthropPiviAssurance256ContentSigningOid[] = + NORTHROP_POLICY_TYPE_OID_BASE(11); + static const byte extCertPolicyNorthropMediumAssurance384HardwareTokenOid[] = + NORTHROP_POLICY_TYPE_OID_BASE(14); + + /* Raytheon PKI OIDs - 1.3.6.1.4.1.1569.10.1.X and 1.3.6.1.4.1.26769.10.1.X */ + #define RAYTHEON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 140, 33, 10, 1, num} + static const byte extCertPolicyRaytheonMediumHardwareOid[] = + RAYTHEON_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyRaytheonMediumDeviceHardwareOid[] = + RAYTHEON_POLICY_TYPE_OID_BASE(18); + + #define RAYTHEON_SHA2_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 129, 209, 17, 10, 1, num} + static const byte extCertPolicyRaytheonSha2MediumHardwareOid[] = + RAYTHEON_SHA2_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyRaytheonSha2MediumDeviceHardwareOid[] = + RAYTHEON_SHA2_POLICY_TYPE_OID_BASE(18); + + /* WidePoint NFI PKI OIDs - 1.3.6.1.4.1.3922.1.1.1.X */ + #define WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 158, 82, 1, 1, 1, num} + static const byte extCertPolicyWidepointNfiMediumHardwareOid[] = + WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyWidepointNfiPiviHardwareOid[] = + WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(18); + static const byte extCertPolicyWidepointNfiPiviContentSigningOid[] = + WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyWidepointNfiMediumDevicesHardwareOid[] = + WIDEPOINT_NFI_POLICY_TYPE_OID_BASE(38); + + /* Australian Defence Organisation PKI OIDs - 1.2.36.1.334.1.2.X.X */ + #define ADO_POLICY_TYPE_OID_BASE(type, num) {42, 36, 1, 130, 78, 1, 2, type, num} + static const byte extCertPolicyAdoIndividualMediumAssuranceOid[] = + ADO_POLICY_TYPE_OID_BASE(1, 2); + static const byte extCertPolicyAdoIndividualHighAssuranceOid[] = + ADO_POLICY_TYPE_OID_BASE(1, 3); + static const byte extCertPolicyAdoResourceMediumAssuranceOid[] = + ADO_POLICY_TYPE_OID_BASE(2, 2); + + /* Comodo Ltd PKI OID 1.3.6.1.4.1.6449.1.2.1.3.4 */ + #define COMODO_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 178, 49, 1, 2, 1, 3, num} + static const byte extCertPolicyComodoLtdOid[] = + COMODO_POLICY_TYPE_OID_BASE(4); + + /* Netherlands Ministry of Defence PKI OIDs - 2.16.528.1.1003.1.2.5.X */ + #define NL_MOD_POLICY_TYPE_OID_BASE(num) {96, 132, 16, 1, 135, 107, 1, 2, 5, num} + static const byte extCertPolicyNlModAuthenticityOid[] = + NL_MOD_POLICY_TYPE_OID_BASE(1); + static const byte extCertPolicyNlModIrrefutabilityOid[] = + NL_MOD_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyNlModConfidentialityOid[] = + NL_MOD_POLICY_TYPE_OID_BASE(3); #endif /* WOLFSSL_FPKI */ /* certAltNameType */ @@ -4619,6 +4894,11 @@ static const byte dcOid[] = {9, 146, 38, 137, 147, 242, 44, 100, 1, 25}; /* doma * * Use oidIgnoreType to autofail. * + * Note that while this function currently handles a large + * number of FPKI certificate policy OIDs, these OIDs are not + * currently being handled in the code, they are just recognized + * as valid OIDs. + * * @param [in] id OID id. * @param [in] type Type of OID (enum Oid_Types). * @param [out] oidSz Length of OID byte array returned. @@ -5295,7 +5575,35 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = extCertPolicyAnyOid; *oidSz = sizeof(extCertPolicyAnyOid); break; + case CP_ISRG_DOMAIN_VALID: + oid = extCertPolicyIsrgDomainValid; + *oidSz = sizeof(extCertPolicyIsrgDomainValid); + break; #if defined(WOLFSSL_FPKI) + case CP_FPKI_HIGH_ASSURANCE_OID: + oid = extCertPolicyFpkiHighAssuranceOid; + *oidSz = sizeof(extCertPolicyFpkiHighAssuranceOid); + break; + case CP_FPKI_COMMON_HARDWARE_OID: + oid = extCertPolicyFpkiCommonHardwareOid; + *oidSz = sizeof(extCertPolicyFpkiCommonHardwareOid); + break; + case CP_FPKI_MEDIUM_HARDWARE_OID: + oid = extCertPolicyFpkiMediumHardwareOid; + *oidSz = sizeof(extCertPolicyFpkiMediumHardwareOid); + break; + case CP_FPKI_COMMON_HIGH_OID: + oid = extCertPolicyFpkiCommonHighOid; + *oidSz = sizeof(extCertPolicyFpkiCommonHighOid); + break; + case CP_FPKI_COMMON_DEVICES_HARDWARE_OID: + oid = extCertPolicyFpkiCommonDevicesHardwareOid; + *oidSz = sizeof(extCertPolicyFpkiCommonDevicesHardwareOid); + break; + case CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID: + oid = extCertPolicyFpkiCommonPivContentSigningOid; + *oidSz = sizeof(extCertPolicyFpkiCommonPivContentSigningOid); + break; case CP_FPKI_COMMON_AUTH_OID: oid = extCertPolicyFpkiCommonAuthOid; *oidSz = sizeof(extCertPolicyFpkiCommonAuthOid); @@ -5312,6 +5620,441 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = extCertPolicyFpkiPiviAuthOid; *oidSz = sizeof(extCertPolicyFpkiPiviAuthOid); break; + case CP_FPKI_AUTH_TEST_OID: + oid = extCertPolicyFpkiAuthTestOid; + *oidSz = sizeof(extCertPolicyFpkiAuthTestOid); + break; + case CP_FPKI_CARDAUTH_TEST_OID: + oid = extCertPolicyFpkiCardauthTestOid; + *oidSz = sizeof(extCertPolicyFpkiCardauthTestOid); + break; + case CP_FPKI_PIV_CONTENT_TEST_OID: + oid = extCertPolicyFpkiPivContentTestOid; + *oidSz = sizeof(extCertPolicyFpkiPivContentTestOid); + break; + case CP_FPKI_PIV_AUTH_DERIVED_TEST_OID: + oid = extCertPolicyFpkiAuthDerivedTestOid; + *oidSz = sizeof(extCertPolicyFpkiAuthDerivedTestOid); + break; + case CP_FPKI_PIV_AUTH_DERIVED_HW_TEST_OID: + oid = extCertPolicyFpkiAuthDerivedHwTestOid; + *oidSz = sizeof(extCertPolicyFpkiAuthDerivedHwTestOid); + break; + case CP_DOD_MEDIUM_OID: + oid = extCertPolicyDodMediumOid; + *oidSz = sizeof(extCertPolicyDodMediumOid); + break; + case CP_DOD_MEDIUM_HARDWARE_OID: + oid = extCertPolicyDodMediumHardwareOid; + *oidSz = sizeof(extCertPolicyDodMediumHardwareOid); + break; + case CP_DOD_PIV_AUTH_OID: + oid = extCertPolicyDodPivAuthOid; + *oidSz = sizeof(extCertPolicyDodPivAuthOid); + break; + case CP_DOD_MEDIUM_NPE_OID: + oid = extCertPolicyDodMediumNpeOid; + *oidSz = sizeof(extCertPolicyDodMediumNpeOid); + break; + case CP_DOD_MEDIUM_2048_OID: + oid = extCertPolicyDodMedium2048Oid; + *oidSz = sizeof(extCertPolicyDodMedium2048Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_2048_OID: + oid = extCertPolicyDodMediumHardware2048Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware2048Oid); + break; + case CP_DOD_PIV_AUTH_2048_OID: + oid = extCertPolicyDodPivAuth2048Oid; + *oidSz = sizeof(extCertPolicyDodPivAuth2048Oid); + break; + case CP_DOD_PEER_INTEROP_OID: + oid = extCertPolicyDodPeerInteropOid; + *oidSz = sizeof(extCertPolicyDodPeerInteropOid); + break; + case CP_DOD_MEDIUM_NPE_112_OID: + oid = extCertPolicyDodMediumNpe112Oid; + *oidSz = sizeof(extCertPolicyDodMediumNpe112Oid); + break; + case CP_DOD_MEDIUM_NPE_128_OID: + oid = extCertPolicyDodMediumNpe128Oid; + *oidSz = sizeof(extCertPolicyDodMediumNpe128Oid); + break; + case CP_DOD_MEDIUM_NPE_192_OID: + oid = extCertPolicyDodMediumNpe192Oid; + *oidSz = sizeof(extCertPolicyDodMediumNpe192Oid); + break; + case CP_DOD_MEDIUM_112_OID: + oid = extCertPolicyDodMedium112Oid; + *oidSz = sizeof(extCertPolicyDodMedium112Oid); + break; + case CP_DOD_MEDIUM_128_OID: + oid = extCertPolicyDodMedium128Oid; + *oidSz = sizeof(extCertPolicyDodMedium128Oid); + break; + case CP_DOD_MEDIUM_192_OID: + oid = extCertPolicyDodMedium192Oid; + *oidSz = sizeof(extCertPolicyDodMedium192Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_112_OID: + oid = extCertPolicyDodMediumHardware112Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware112Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_128_OID: + oid = extCertPolicyDodMediumHardware128Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware128Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_192_OID: + oid = extCertPolicyDodMediumHardware192Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware192Oid); + break; + case CP_DOD_ADMIN_OID: + oid = extCertPolicyDodAdminOid; + *oidSz = sizeof(extCertPolicyDodAdminOid); + break; + case CP_DOD_INTERNAL_NPE_112_OID: + oid = extCertPolicyDodInternalNpe112Oid; + *oidSz = sizeof(extCertPolicyDodInternalNpe112Oid); + break; + case CP_DOD_INTERNAL_NPE_128_OID: + oid = extCertPolicyDodInternalNpe128Oid; + *oidSz = sizeof(extCertPolicyDodInternalNpe128Oid); + break; + case CP_DOD_INTERNAL_NPE_192_OID: + oid = extCertPolicyDodInternalNpe192Oid; + *oidSz = sizeof(extCertPolicyDodInternalNpe192Oid); + break; + case CP_ECA_MEDIUM_OID: + oid = extCertPolicyEcaMediumOid; + *oidSz = sizeof(extCertPolicyEcaMediumOid); + break; + case CP_ECA_MEDIUM_HARDWARE_OID: + oid = extCertPolicyEcaMediumHardwareOid; + *oidSz = sizeof(extCertPolicyEcaMediumHardwareOid); + break; + case CP_ECA_MEDIUM_TOKEN_OID: + oid = extCertPolicyEcaMediumTokenOid; + *oidSz = sizeof(extCertPolicyEcaMediumTokenOid); + break; + case CP_ECA_MEDIUM_SHA256_OID: + oid = extCertPolicyEcaMediumSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumSha256Oid); + break; + case CP_ECA_MEDIUM_TOKEN_SHA256_OID: + oid = extCertPolicyEcaMediumTokenSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumTokenSha256Oid); + break; + case CP_ECA_MEDIUM_HARDWARE_PIVI_OID: + oid = extCertPolicyEcaMediumHardwarePiviOid; + *oidSz = sizeof(extCertPolicyEcaMediumHardwarePiviOid); + break; + case CP_ECA_CONTENT_SIGNING_PIVI_OID: + oid = extCertPolicyEcaContentSigningPiviOid; + *oidSz = sizeof(extCertPolicyEcaContentSigningPiviOid); + break; + case CP_ECA_MEDIUM_DEVICE_SHA256_OID: + oid = extCertPolicyEcaMediumDeviceSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumDeviceSha256Oid); + break; + case CP_ECA_MEDIUM_HARDWARE_SHA256_OID: + oid = extCertPolicyEcaMediumHardwareSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumHardwareSha256Oid); + break; + + /* Department of State PKI OIDs */ + case CP_STATE_BASIC_OID: + oid = extCertPolicyStateBasicOid; + *oidSz = sizeof(extCertPolicyStateBasicOid); + break; + case CP_STATE_LOW_OID: + oid = extCertPolicyStateLowOid; + *oidSz = sizeof(extCertPolicyStateLowOid); + break; + case CP_STATE_MODERATE_OID: + oid = extCertPolicyStateModerateOid; + *oidSz = sizeof(extCertPolicyStateModerateOid); + break; + case CP_STATE_HIGH_OID: + oid = extCertPolicyStateHighOid; + *oidSz = sizeof(extCertPolicyStateHighOid); + break; + case CP_STATE_MEDHW_OID: + oid = extCertPolicyStateMedHwOid; + *oidSz = sizeof(extCertPolicyStateMedHwOid); + break; + case CP_STATE_MEDDEVHW_OID: + oid = extCertPolicyStateMediumDeviceHardwareOid; + *oidSz = sizeof(extCertPolicyStateMediumDeviceHardwareOid); + break; + + /* U.S. Treasury SSP PKI OIDs */ + case CP_TREAS_MEDIUMHW_OID: + oid = extCertPolicyTreasuryMediumHardwareOid; + *oidSz = sizeof(extCertPolicyTreasuryMediumHardwareOid); + break; + case CP_TREAS_HIGH_OID: + oid = extCertPolicyTreasuryHighOid; + *oidSz = sizeof(extCertPolicyTreasuryHighOid); + break; + case CP_TREAS_PIVI_HW_OID: + oid = extCertPolicyTreasuryPiviHardwareOid; + *oidSz = sizeof(extCertPolicyTreasuryPiviHardwareOid); + break; + case CP_TREAS_PIVI_CONTENT_OID: + oid = extCertPolicyTreasuryPiviContentSigningOid; + *oidSz = sizeof(extCertPolicyTreasuryPiviContentSigningOid); + break; + + /* Boeing PKI OIDs */ + case CP_BOEING_MEDIUMHW_SHA256_OID: + oid = extCertPolicyBoeingMediumHardwareSha256Oid; + *oidSz = sizeof(extCertPolicyBoeingMediumHardwareSha256Oid); + break; + case CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID: + oid = extCertPolicyBoeingMediumHardwareContentSigningSha256Oid; + *oidSz = sizeof(extCertPolicyBoeingMediumHardwareContentSigningSha256Oid); + break; + + /* DigiCert NFI PKI OIDs */ + case CP_DIGICERT_NFSSP_MEDIUMHW_OID: + oid = extCertPolicyDigicertNfiMediumHardwareOid; + *oidSz = sizeof(extCertPolicyDigicertNfiMediumHardwareOid); + break; + case CP_DIGICERT_NFSSP_AUTH_OID: + oid = extCertPolicyDigicertNfiAuthOid; + *oidSz = sizeof(extCertPolicyDigicertNfiAuthOid); + break; + case CP_DIGICERT_NFSSP_PIVI_HW_OID: + oid = extCertPolicyDigicertNfiPiviHardwareOid; + *oidSz = sizeof(extCertPolicyDigicertNfiPiviHardwareOid); + break; + case CP_DIGICERT_NFSSP_PIVI_CONTENT_OID: + oid = extCertPolicyDigicertNfiPiviContentSigningOid; + *oidSz = sizeof(extCertPolicyDigicertNfiPiviContentSigningOid); + break; + case CP_DIGICERT_NFSSP_MEDDEVHW_OID: + oid = extCertPolicyDigicertNfiMediumDevicesHardwareOid; + *oidSz = sizeof(extCertPolicyDigicertNfiMediumDevicesHardwareOid); + break; + + /* Entrust Managed Services NFI PKI OIDs */ + case CP_ENTRUST_NFSSP_MEDIUMHW_OID: + oid = extCertPolicyEntrustNfiMediumHardwareOid; + *oidSz = sizeof(extCertPolicyEntrustNfiMediumHardwareOid); + break; + case CP_ENTRUST_NFSSP_MEDAUTH_OID: + oid = extCertPolicyEntrustNfiMediumAuthenticationOid; + *oidSz = sizeof(extCertPolicyEntrustNfiMediumAuthenticationOid); + break; + case CP_ENTRUST_NFSSP_PIVI_HW_OID: + oid = extCertPolicyEntrustNfiPiviHardwareOid; + *oidSz = sizeof(extCertPolicyEntrustNfiPiviHardwareOid); + break; + case CP_ENTRUST_NFSSP_PIVI_CONTENT_OID: + oid = extCertPolicyEntrustNfiPiviContentSigningOid; + *oidSz = sizeof(extCertPolicyEntrustNfiPiviContentSigningOid); + break; + case CP_ENTRUST_NFSSP_MEDDEVHW_OID: + oid = extCertPolicyEntrustNfiMediumDevicesHwOid; + *oidSz = sizeof(extCertPolicyEntrustNfiMediumDevicesHwOid); + break; + + /* Exostar LLC PKI OIDs */ + case CP_EXOSTAR_MEDIUMHW_SHA2_OID: + oid = extCertPolicyExostarMediumHardwareSha2Oid; + *oidSz = sizeof(extCertPolicyExostarMediumHardwareSha2Oid); + break; + + /* Lockheed Martin PKI OIDs */ + case CP_LOCKHEED_MEDIUMHW_OID: + oid = extCertPolicyLockheedMediumAssuranceHardwareOid; + *oidSz = sizeof(extCertPolicyLockheedMediumAssuranceHardwareOid); + break; + + /* Northrop Grumman PKI OIDs */ + case CP_NORTHROP_MEDIUM_256_HW_OID: + oid = extCertPolicyNorthropMediumAssurance256HardwareTokenOid; + *oidSz = sizeof(extCertPolicyNorthropMediumAssurance256HardwareTokenOid); + break; + case CP_NORTHROP_PIVI_256_HW_OID: + oid = extCertPolicyNorthropPiviAssurance256HardwareTokenOid; + *oidSz = sizeof(extCertPolicyNorthropPiviAssurance256HardwareTokenOid); + break; + case CP_NORTHROP_PIVI_256_CONTENT_OID: + oid = extCertPolicyNorthropPiviAssurance256ContentSigningOid; + *oidSz = sizeof(extCertPolicyNorthropPiviAssurance256ContentSigningOid); + break; + case CP_NORTHROP_MEDIUM_384_HW_OID: + oid = extCertPolicyNorthropMediumAssurance384HardwareTokenOid; + *oidSz = sizeof(extCertPolicyNorthropMediumAssurance384HardwareTokenOid); + break; + + /* Raytheon PKI OIDs */ + case CP_RAYTHEON_MEDIUMHW_OID: + oid = extCertPolicyRaytheonMediumHardwareOid; + *oidSz = sizeof(extCertPolicyRaytheonMediumHardwareOid); + break; + case CP_RAYTHEON_MEDDEVHW_OID: + oid = extCertPolicyRaytheonMediumDeviceHardwareOid; + *oidSz = sizeof(extCertPolicyRaytheonMediumDeviceHardwareOid); + break; + case CP_RAYTHEON_SHA2_MEDIUMHW_OID: + oid = extCertPolicyRaytheonSha2MediumHardwareOid; + *oidSz = sizeof(extCertPolicyRaytheonSha2MediumHardwareOid); + break; + case CP_RAYTHEON_SHA2_MEDDEVHW_OID: + oid = extCertPolicyRaytheonSha2MediumDeviceHardwareOid; + *oidSz = sizeof(extCertPolicyRaytheonSha2MediumDeviceHardwareOid); + break; + + /* WidePoint NFI PKI OIDs */ + case CP_WIDEPOINT_MEDIUMHW_OID: + oid = extCertPolicyWidepointNfiMediumHardwareOid; + *oidSz = sizeof(extCertPolicyWidepointNfiMediumHardwareOid); + break; + case CP_WIDEPOINT_PIVI_HW_OID: + oid = extCertPolicyWidepointNfiPiviHardwareOid; + *oidSz = sizeof(extCertPolicyWidepointNfiPiviHardwareOid); + break; + case CP_WIDEPOINT_PIVI_CONTENT_OID: + oid = extCertPolicyWidepointNfiPiviContentSigningOid; + *oidSz = sizeof(extCertPolicyWidepointNfiPiviContentSigningOid); + break; + case CP_WIDEPOINT_MEDDEVHW_OID: + oid = extCertPolicyWidepointNfiMediumDevicesHardwareOid; + *oidSz = sizeof(extCertPolicyWidepointNfiMediumDevicesHardwareOid); + break; + + /* Australian Defence Organisation PKI OIDs */ + case CP_ADO_MEDIUM_OID: + oid = extCertPolicyAdoIndividualMediumAssuranceOid; + *oidSz = sizeof(extCertPolicyAdoIndividualMediumAssuranceOid); + break; + case CP_ADO_HIGH_OID: + oid = extCertPolicyAdoIndividualHighAssuranceOid; + *oidSz = sizeof(extCertPolicyAdoIndividualHighAssuranceOid); + break; + case CP_ADO_RESOURCE_MEDIUM_OID: + oid = extCertPolicyAdoResourceMediumAssuranceOid; + *oidSz = sizeof(extCertPolicyAdoResourceMediumAssuranceOid); + break; + + /* Netherlands Ministry of Defence PKI OIDs */ + case CP_NL_MOD_AUTH_OID: + oid = extCertPolicyNlModAuthenticityOid; + *oidSz = sizeof(extCertPolicyNlModAuthenticityOid); + break; + case CP_NL_MOD_IRREFUT_OID: + oid = extCertPolicyNlModIrrefutabilityOid; + *oidSz = sizeof(extCertPolicyNlModIrrefutabilityOid); + break; + case CP_NL_MOD_CONFID_OID: + oid = extCertPolicyNlModConfidentialityOid; + *oidSz = sizeof(extCertPolicyNlModConfidentialityOid); + break; + + /* IdenTrust NFI OIDs */ + case CP_IDENTRUST_MEDIUMHW_SIGN_OID: + oid = extCertPolicyIdentrustMediumhwSignOid; + *oidSz = sizeof(extCertPolicyIdentrustMediumhwSignOid); + break; + case CP_IDENTRUST_MEDIUMHW_ENC_OID: + oid = extCertPolicyIdentrustMediumhwEncOid; + *oidSz = sizeof(extCertPolicyIdentrustMediumhwEncOid); + break; + case CP_IDENTRUST_PIVI_HW_ID_OID: + oid = extCertPolicyIdentrustPiviHwIdOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviHwIdOid); + break; + case CP_IDENTRUST_PIVI_HW_SIGN_OID: + oid = extCertPolicyIdentrustPiviHwSignOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviHwSignOid); + break; + case CP_IDENTRUST_PIVI_HW_ENC_OID: + oid = extCertPolicyIdentrustPiviHwEncOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviHwEncOid); + break; + case CP_IDENTRUST_PIVI_CONTENT_OID: + oid = extCertPolicyIdentrustPiviContentOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviContentOid); + break; + + /* TSCP Bridge OIDs */ + case CP_TSCP_MEDIUMHW_OID: + oid = extCertPolicyTscpMediumhwOid; + *oidSz = sizeof(extCertPolicyTscpMediumhwOid); + break; + case CP_TSCP_PIVI_OID: + oid = extCertPolicyTscpPiviOid; + *oidSz = sizeof(extCertPolicyTscpPiviOid); + break; + case CP_TSCP_PIVI_CONTENT_OID: + oid = extCertPolicyTscpPiviContentOid; + *oidSz = sizeof(extCertPolicyTscpPiviContentOid); + break; + + /* Carillon Federal Services OIDs */ + case CP_CARILLON_MEDIUMHW_256_OID: + oid = extCertPolicyCarillonMediumhw256Oid; + *oidSz = sizeof(extCertPolicyCarillonMediumhw256Oid); + break; + case CP_CARILLON_AIVHW_OID: + oid = extCertPolicyCarillonAivhwOid; + *oidSz = sizeof(extCertPolicyCarillonAivhwOid); + break; + case CP_CARILLON_AIVCONTENT_OID: + oid = extCertPolicyCarillonAivcontentOid; + *oidSz = sizeof(extCertPolicyCarillonAivcontentOid); + break; + + /* Carillon Information Security OIDs */ + case CP_CIS_MEDIUMHW_256_OID: + oid = extCertPolicyCisMediumhw256Oid; + *oidSz = sizeof(extCertPolicyCisMediumhw256Oid); + break; + case CP_CIS_MEDDEVHW_256_OID: + oid = extCertPolicyCisMeddevhw256Oid; + *oidSz = sizeof(extCertPolicyCisMeddevhw256Oid); + break; + case CP_CIS_ICECAP_HW_OID: + oid = extCertPolicyCisIcecapHwOid; + *oidSz = sizeof(extCertPolicyCisIcecapHwOid); + break; + case CP_CIS_ICECAP_CONTENT_OID: + oid = extCertPolicyCisIcecapContentOid; + *oidSz = sizeof(extCertPolicyCisIcecapContentOid); + break; + + /* CertiPath Bridge OIDs */ + case CP_CERTIPATH_MEDIUMHW_OID: + oid = extCertPolicyCertipathMediumhwOid; + *oidSz = sizeof(extCertPolicyCertipathMediumhwOid); + break; + case CP_CERTIPATH_HIGHHW_OID: + oid = extCertPolicyCertipathHighhwOid; + *oidSz = sizeof(extCertPolicyCertipathHighhwOid); + break; + case CP_CERTIPATH_ICECAP_HW_OID: + oid = extCertPolicyCertipathIcecapHwOid; + *oidSz = sizeof(extCertPolicyCertipathIcecapHwOid); + break; + case CP_CERTIPATH_ICECAP_CONTENT_OID: + oid = extCertPolicyCertipathIcecapContentOid; + *oidSz = sizeof(extCertPolicyCertipathIcecapContentOid); + break; + case CP_CERTIPATH_VAR_MEDIUMHW_OID: + oid = extCertPolicyCertipathVarMediumhwOid; + *oidSz = sizeof(extCertPolicyCertipathVarMediumhwOid); + break; + case CP_CERTIPATH_VAR_HIGHHW_OID: + oid = extCertPolicyCertipathVarHighhwOid; + *oidSz = sizeof(extCertPolicyCertipathVarHighhwOid); + break; + case CP_COMODO_OID: + oid = extCertPolicyComodoLtdOid; + *oidSz = sizeof(extCertPolicyComodoLtdOid); + break; + /* FPKI OIDs */ #endif /* WOLFSSL_FPKI */ default: break; @@ -5927,6 +6670,169 @@ static int DumpOID(const byte* oidData, word32 oidSz, word32 oid, } #endif /* ASN_DUMP_OID */ +#ifdef WOLFSSL_FPKI +/* Handles the large number of collisions from FPKI certificate policy + * OID sums. Returns a special value (100000 + actual sum) if a + * collision is detected. + * @param [in] oid Buffer holding OID. + * @param [in] oidSz Length of OID data in buffer. + * @param [in] oidSum The sum of the OID being passed in. + */ +static word32 fpkiCertPolOid(const byte* oid, word32 oidSz, word32 oidSum) { + + switch (oidSum) { + case CP_ADO_MEDIUM_OID: + if ((word32)sizeof(extCertPolicyComodoLtdOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyComodoLtdOid, + sizeof(extCertPolicyComodoLtdOid)) == 0) + return CP_COMODO_OID; + break; + case CP_FPKI_HIGH_ASSURANCE_OID: + if ((word32)sizeof(extCertPolicyStateBasicOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyStateBasicOid, + sizeof(extCertPolicyStateBasicOid)) == 0) + return CP_STATE_BASIC_OID; + break; + case CP_FPKI_COMMON_DEVICES_HARDWARE_OID: + if ((word32)sizeof(extCertPolicyDodPeerInteropOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyDodPeerInteropOid, + sizeof(extCertPolicyDodPeerInteropOid)) == 0) + return CP_DOD_PEER_INTEROP_OID; + break; + case CP_FPKI_PIV_AUTH_HW_OID: + if ((word32)sizeof(extCertPolicyDodMediumNpe112Oid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyDodMediumNpe112Oid, + sizeof(extCertPolicyDodMediumNpe112Oid)) == 0) + return CP_DOD_MEDIUM_NPE_112_OID; + else if ((word32)sizeof(extCertPolicyStateMediumDeviceHardwareOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyStateMediumDeviceHardwareOid, + sizeof(extCertPolicyStateMediumDeviceHardwareOid)) == 0) + return CP_STATE_MEDDEVHW_OID; + break; + case CP_FPKI_PIVI_AUTH_OID: + if ((word32)sizeof(extCertPolicyDodMedium128Oid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyDodMedium128Oid, + sizeof(extCertPolicyDodMedium128Oid)) == 0) + return CP_DOD_MEDIUM_128_OID; + break; + case CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID: + if ((word32)sizeof(extCertPolicyDodMediumHardware112Oid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyDodMediumHardware112Oid, + sizeof(extCertPolicyDodMediumHardware112Oid)) == 0) + return CP_DOD_MEDIUM_HARDWARE_112_OID; + else if ((word32)sizeof(extCertPolicyCertipathHighhwOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyCertipathHighhwOid, + sizeof(extCertPolicyCertipathHighhwOid)) == 0) + return CP_CERTIPATH_HIGHHW_OID; + break; + case CP_DOD_MEDIUM_OID: + if ((word32)sizeof(extCertPolicyEcaMediumOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyEcaMediumOid, + sizeof(extCertPolicyEcaMediumOid)) == 0) + return CP_ECA_MEDIUM_OID; + break; + case CP_FPKI_COMMON_AUTH_OID: + if ((word32)sizeof(extCertPolicyEcaMediumSha256Oid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyEcaMediumSha256Oid, + sizeof(extCertPolicyEcaMediumSha256Oid)) == 0) + return CP_ECA_MEDIUM_SHA256_OID; + break; + case CP_FPKI_MEDIUM_HARDWARE_OID: + if ((word32)sizeof(extCertPolicyEcaMediumTokenOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyEcaMediumTokenOid, + sizeof(extCertPolicyEcaMediumTokenOid)) == 0) + return CP_ECA_MEDIUM_TOKEN_OID; + else if ((word32)sizeof(extCertPolicyTreasuryPiviHardwareOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyTreasuryPiviHardwareOid, + sizeof(extCertPolicyTreasuryPiviHardwareOid)) == 0) + return CP_TREAS_PIVI_HW_OID; + break; + case CP_DOD_MEDIUM_HARDWARE_OID: + if ((word32)sizeof(extCertPolicyEcaMediumTokenSha256Oid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyEcaMediumTokenSha256Oid, + sizeof(extCertPolicyEcaMediumTokenSha256Oid)) == 0) + return CP_ECA_MEDIUM_TOKEN_SHA256_OID; + else if ((word32)sizeof(extCertPolicyTreasuryPiviContentSigningOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyTreasuryPiviContentSigningOid, + sizeof(extCertPolicyTreasuryPiviContentSigningOid)) == 0) + return CP_TREAS_PIVI_CONTENT_OID; + break; + case CP_DOD_PIV_AUTH_OID: + if ((word32)sizeof(extCertPolicyEcaMediumHardwarePiviOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyEcaMediumHardwarePiviOid, + sizeof(extCertPolicyEcaMediumHardwarePiviOid)) == 0) + return CP_ECA_MEDIUM_HARDWARE_PIVI_OID; + else if ((word32)sizeof(extCertPolicyStateMedHwOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyStateMedHwOid, + sizeof(extCertPolicyStateMedHwOid)) == 0) + return CP_STATE_MEDHW_OID; + break; + case CP_FPKI_COMMON_HARDWARE_OID: + if ((word32)sizeof(extCertPolicyStateHighOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyStateHighOid, + sizeof(extCertPolicyStateHighOid)) == 0) + return CP_STATE_HIGH_OID; + else if ((word32)sizeof(extCertPolicyTreasuryHighOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyTreasuryHighOid, + sizeof(extCertPolicyTreasuryHighOid)) == 0) + return CP_TREAS_HIGH_OID; + break; + case CP_ECA_MEDIUM_HARDWARE_OID: + if ((word32)sizeof(extCertPolicyExostarMediumHardwareSha2Oid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyExostarMediumHardwareSha2Oid, + sizeof(extCertPolicyExostarMediumHardwareSha2Oid)) == 0) + return CP_EXOSTAR_MEDIUMHW_SHA2_OID; + break; + case CP_ADO_HIGH_OID: + if ((word32)sizeof(extCertPolicyAdoResourceMediumAssuranceOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyAdoResourceMediumAssuranceOid, + sizeof(extCertPolicyAdoResourceMediumAssuranceOid)) == 0) + return CP_ADO_RESOURCE_MEDIUM_OID; + break; + case CP_DOD_ADMIN_OID: + if ((word32)sizeof(extCertPolicyCarillonAivcontentOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyCarillonAivcontentOid, + sizeof(extCertPolicyCarillonAivcontentOid)) == 0) + return CP_CARILLON_AIVCONTENT_OID; + break; + case CP_TREAS_MEDIUMHW_OID: + if ((word32)sizeof(extCertPolicyStateModerateOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyStateModerateOid, + sizeof(extCertPolicyStateModerateOid)) == 0) + return CP_STATE_MODERATE_OID; + break; + case CP_CIS_ICECAP_HW_OID: + if ((word32)sizeof(extCertPolicyNlModIrrefutabilityOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyNlModIrrefutabilityOid, + sizeof(extCertPolicyNlModIrrefutabilityOid)) == 0) + return CP_NL_MOD_IRREFUT_OID; + break; + case CP_DOD_MEDIUM_192_OID: + if ((word32)sizeof(extCertPolicyCertipathMediumhwOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyCertipathMediumhwOid, + sizeof(extCertPolicyCertipathMediumhwOid)) == 0) + return CP_CERTIPATH_MEDIUMHW_OID; + break; + case CP_CARILLON_AIVHW_OID: + if ((word32)sizeof(extCertPolicyCertipathVarMediumhwOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyCertipathVarMediumhwOid, + sizeof(extCertPolicyCertipathVarMediumhwOid)) == 0) + return CP_CERTIPATH_VAR_MEDIUMHW_OID; + break; + case CP_ISRG_DOMAIN_VALID: + if ((word32)sizeof(extCertPolicyEcaContentSigningPiviOid) == (word32)oidSz && + XMEMCMP(oid, extCertPolicyEcaContentSigningPiviOid, + sizeof(extCertPolicyEcaContentSigningPiviOid)) == 0) + return CP_ECA_CONTENT_SIGNING_PIVI_OID; + break; + default: + break; + } + + return 0; +} +#endif + /* Get the OID data and verify it is of the type specified when compiled in. * * @param [in] input Buffer holding OID. @@ -5952,13 +6858,13 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, const byte* checkOid = NULL; word32 checkOidSz; #endif /* NO_VERIFY_OID */ -#if defined(HAVE_SPHINCS) +#if defined(HAVE_SPHINCS) || defined(WOLFSSL_FPKI) word32 found_collision = 0; #endif (void)oidType; *oid = 0; -#ifndef NO_VERIFY_OID +#if !defined(NO_VERIFY_OID) || defined(WOLFSSL_FPKI) /* Keep references to OID data and length for check. */ actualOid = &input[idx]; actualOidSz = (word32)length; @@ -5987,7 +6893,16 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, idx++; } -#ifdef HAVE_SPHINCS +#ifdef WOLFSSL_FPKI + /* Due to the large number of OIDs for FPKI certificate policy, there + are multiple collsisions. Handle them in a dedicated function, + if a collision is detected, the OID is adjusted. */ + if (oidType == oidCertPolicyType) { + found_collision = fpkiCertPolOid(actualOid, actualOidSz, *oid); + } +#endif + +#if defined(HAVE_SPHINCS) || defined(WOLFSSL_FPKI) if (found_collision) { *oid = found_collision; } @@ -6593,16 +7508,16 @@ static int DecodeRsaPssParams(const byte* params, word32 sz, defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050))) /* Byte offset of numbers in RSA key. */ size_t rsaIntOffset[] = { - OFFSETOF(RsaKey, n), - OFFSETOF(RsaKey, e), + WC_OFFSETOF(RsaKey, n), + WC_OFFSETOF(RsaKey, e), #ifndef WOLFSSL_RSA_PUBLIC_ONLY - OFFSETOF(RsaKey, d), - OFFSETOF(RsaKey, p), - OFFSETOF(RsaKey, q), + WC_OFFSETOF(RsaKey, d), + WC_OFFSETOF(RsaKey, p), + WC_OFFSETOF(RsaKey, q), #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) - OFFSETOF(RsaKey, dP), - OFFSETOF(RsaKey, dQ), - OFFSETOF(RsaKey, u) + WC_OFFSETOF(RsaKey, dP), + WC_OFFSETOF(RsaKey, dQ), + WC_OFFSETOF(RsaKey, u) #endif #endif }; @@ -7429,7 +8344,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, /* Get the size of the DER encoding. */ ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz); } - if (ret == 0) { + if ((ret == 0) || (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))) { /* Always return the calculated size. */ *outSz = (word32)sz; } @@ -8319,9 +9234,12 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, if (dilithium == NULL) return MEMORY_E; - if (wc_dilithium_init(dilithium) != 0) { - tmpIdx = 0; - if (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) { + /* wc_dilithium_init() returns 0 on success and a non-zero value on + * failure. */ + if (wc_dilithium_init(dilithium) == 0) { + if ((*algoID == 0) && + (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0)) { + tmpIdx = 0; if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, keySz) == 0) { *algoID = ML_DSA_LEVEL2k; @@ -8330,7 +9248,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, WOLFSSL_MSG("Not Dilithium Level 2 DER key"); } } - else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) { + if ((*algoID == 0) && + (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0)) { + tmpIdx = 0; if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, keySz) == 0) { *algoID = ML_DSA_LEVEL3k; @@ -8339,7 +9259,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, WOLFSSL_MSG("Not Dilithium Level 3 DER key"); } } - else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) { + if ((*algoID == 0) && + (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0)) { + tmpIdx = 0; if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, keySz) == 0) { *algoID = ML_DSA_LEVEL5k; @@ -9209,26 +10131,6 @@ int ToTraditionalEnc(byte* input, word32 sz, const char* password, #ifdef HAVE_PKCS12 -#define PKCS8_MIN_BLOCK_SIZE 8 -static int Pkcs8Pad(byte* buf, int sz, int blockSz) -{ - int padSz; - - /* calculate pad size */ - padSz = blockSz - (sz & (blockSz - 1)); - - /* pad with padSz value */ - if (buf) { - int i; - for (i = 0; i < padSz; i++) { - buf[sz+i] = (byte)(padSz & 0xFF); - } - } - - /* return adjusted length */ - return sz + padSz; -} - #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for PKCS #8 encrypted key with PBES1 parameters. * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo @@ -9338,7 +10240,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* calculate size */ /* size of constructed string at end */ - sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz); + sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); totalSz = ASN_TAG_SZ; totalSz += SetLength(sz, seq); totalSz += sz; @@ -9434,7 +10336,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; /* get pad size and verify buffer room */ - sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz); + sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); if (sz + inOutIdx > *outSz) { #ifdef WOLFSSL_SMALL_STACK XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -9445,7 +10347,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* copy input to output buffer and pad end */ XMEMCPY(out + inOutIdx, input, inputSz); - sz = (word32)Pkcs8Pad(out + inOutIdx, (int)inputSz, blockSz); + sz = wc_PkcsPad(out + inOutIdx, inputSz, (word32)blockSz); #ifdef WOLFSSL_SMALL_STACK cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (cbcIv == NULL) { @@ -9519,7 +10421,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, salt, saltSz); SetASN_Int16Bit(&dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_ITER], (word16)itt); - pkcs8Sz = (word32)Pkcs8Pad(NULL, (int)inputSz, blockSz); + pkcs8Sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); SetASN_Buffer(&dataASN[P8ENCPBES1ASN_IDX_ENCDATA], NULL, pkcs8Sz); /* Calculate size of encoding. */ @@ -9557,7 +10459,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, byte* pkcs8 = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data; XMEMCPY(pkcs8, input, inputSz); - Pkcs8Pad(pkcs8, (int)inputSz, blockSz); + (void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz); /* Encrypt PKCS#8 key inline. */ ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id, @@ -9577,6 +10479,36 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, #endif /* HAVE_PKCS12 */ #endif /* NO_PWDBASED */ +/* Block padding used for PKCS#5, PKCS#7, PKCS#8 and PKCS#12. + * + * The length of padding is the value of each padding byte. + * + * When buf is NULL, the padded size is returned. + * + * @param [in, out] buf Buffer of data to be padded. May be NULL. + * @param [in] sz Size of data in bytes. + * @param [in] blockSz Size of block, in bytes, which buffer size must be + * a multiple of. Assumed to be less than 256 and + * a power of 2. + * @return Size of padded buffer in bytes. + */ +word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz) +{ + /* Calculate number of padding bytes. */ + word32 padSz = blockSz - (sz & (blockSz - 1)); + + /* Pad with padSz byte. */ + if (buf != NULL) { + word32 i; + for (i = 0; i < padSz; i++) { + buf[sz+i] = (byte)(padSz & 0xFF); + } + } + + /* Return padded buffer size in bytes. */ + return sz + padSz; +} + #ifndef NO_RSA #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for an RSA public key. @@ -11477,8 +12409,8 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen) } /* This version of the function allows output to be NULL. In that case, the - DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required output buffer - size will be pointed to by inLen. */ + DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required + output buffer size will be pointed to by inLen. */ int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen) { if (!key || !inLen) @@ -13096,13 +14028,13 @@ static const CertNameData certNameSubject[] = { { "/CN=", 4, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectCN), - OFFSETOF(DecodedCert, subjectCNLen), - OFFSETOF(DecodedCert, subjectCNEnc), + WC_OFFSETOF(DecodedCert, subjectCN), + WC_OFFSETOF(DecodedCert, subjectCNLen), + WC_OFFSETOF(DecodedCert, subjectCNEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerCN), - OFFSETOF(DecodedCert, issuerCNLen), - OFFSETOF(DecodedCert, issuerCNEnc), + WC_OFFSETOF(DecodedCert, issuerCN), + WC_OFFSETOF(DecodedCert, issuerCNLen), + WC_OFFSETOF(DecodedCert, issuerCNEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13113,13 +14045,13 @@ static const CertNameData certNameSubject[] = { { "/SN=", 4, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectSN), - OFFSETOF(DecodedCert, subjectSNLen), - OFFSETOF(DecodedCert, subjectSNEnc), + WC_OFFSETOF(DecodedCert, subjectSN), + WC_OFFSETOF(DecodedCert, subjectSNLen), + WC_OFFSETOF(DecodedCert, subjectSNEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerSN), - OFFSETOF(DecodedCert, issuerSNLen), - OFFSETOF(DecodedCert, issuerSNEnc), + WC_OFFSETOF(DecodedCert, issuerSN), + WC_OFFSETOF(DecodedCert, issuerSNLen), + WC_OFFSETOF(DecodedCert, issuerSNEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13130,13 +14062,13 @@ static const CertNameData certNameSubject[] = { { "/serialNumber=", 14, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectSND), - OFFSETOF(DecodedCert, subjectSNDLen), - OFFSETOF(DecodedCert, subjectSNDEnc), + WC_OFFSETOF(DecodedCert, subjectSND), + WC_OFFSETOF(DecodedCert, subjectSNDLen), + WC_OFFSETOF(DecodedCert, subjectSNDEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerSND), - OFFSETOF(DecodedCert, issuerSNDLen), - OFFSETOF(DecodedCert, issuerSNDEnc), + WC_OFFSETOF(DecodedCert, issuerSND), + WC_OFFSETOF(DecodedCert, issuerSNDLen), + WC_OFFSETOF(DecodedCert, issuerSNDEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13147,13 +14079,13 @@ static const CertNameData certNameSubject[] = { { "/C=", 3, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectC), - OFFSETOF(DecodedCert, subjectCLen), - OFFSETOF(DecodedCert, subjectCEnc), + WC_OFFSETOF(DecodedCert, subjectC), + WC_OFFSETOF(DecodedCert, subjectCLen), + WC_OFFSETOF(DecodedCert, subjectCEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerC), - OFFSETOF(DecodedCert, issuerCLen), - OFFSETOF(DecodedCert, issuerCEnc), + WC_OFFSETOF(DecodedCert, issuerC), + WC_OFFSETOF(DecodedCert, issuerCLen), + WC_OFFSETOF(DecodedCert, issuerCEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13164,13 +14096,13 @@ static const CertNameData certNameSubject[] = { { "/L=", 3, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectL), - OFFSETOF(DecodedCert, subjectLLen), - OFFSETOF(DecodedCert, subjectLEnc), + WC_OFFSETOF(DecodedCert, subjectL), + WC_OFFSETOF(DecodedCert, subjectLLen), + WC_OFFSETOF(DecodedCert, subjectLEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerL), - OFFSETOF(DecodedCert, issuerLLen), - OFFSETOF(DecodedCert, issuerLEnc), + WC_OFFSETOF(DecodedCert, issuerL), + WC_OFFSETOF(DecodedCert, issuerLLen), + WC_OFFSETOF(DecodedCert, issuerLEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13181,13 +14113,13 @@ static const CertNameData certNameSubject[] = { { "/ST=", 4, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectST), - OFFSETOF(DecodedCert, subjectSTLen), - OFFSETOF(DecodedCert, subjectSTEnc), + WC_OFFSETOF(DecodedCert, subjectST), + WC_OFFSETOF(DecodedCert, subjectSTLen), + WC_OFFSETOF(DecodedCert, subjectSTEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerST), - OFFSETOF(DecodedCert, issuerSTLen), - OFFSETOF(DecodedCert, issuerSTEnc), + WC_OFFSETOF(DecodedCert, issuerST), + WC_OFFSETOF(DecodedCert, issuerSTLen), + WC_OFFSETOF(DecodedCert, issuerSTEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13198,9 +14130,9 @@ static const CertNameData certNameSubject[] = { { "/street=", 8, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectStreet), - OFFSETOF(DecodedCert, subjectStreetLen), - OFFSETOF(DecodedCert, subjectStreetEnc), + WC_OFFSETOF(DecodedCert, subjectStreet), + WC_OFFSETOF(DecodedCert, subjectStreetLen), + WC_OFFSETOF(DecodedCert, subjectStreetEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13215,13 +14147,13 @@ static const CertNameData certNameSubject[] = { { "/O=", 3, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectO), - OFFSETOF(DecodedCert, subjectOLen), - OFFSETOF(DecodedCert, subjectOEnc), + WC_OFFSETOF(DecodedCert, subjectO), + WC_OFFSETOF(DecodedCert, subjectOLen), + WC_OFFSETOF(DecodedCert, subjectOEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerO), - OFFSETOF(DecodedCert, issuerOLen), - OFFSETOF(DecodedCert, issuerOEnc), + WC_OFFSETOF(DecodedCert, issuerO), + WC_OFFSETOF(DecodedCert, issuerOLen), + WC_OFFSETOF(DecodedCert, issuerOEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13232,13 +14164,13 @@ static const CertNameData certNameSubject[] = { { "/OU=", 4, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectOU), - OFFSETOF(DecodedCert, subjectOULen), - OFFSETOF(DecodedCert, subjectOUEnc), + WC_OFFSETOF(DecodedCert, subjectOU), + WC_OFFSETOF(DecodedCert, subjectOULen), + WC_OFFSETOF(DecodedCert, subjectOUEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES - OFFSETOF(DecodedCert, issuerOU), - OFFSETOF(DecodedCert, issuerOULen), - OFFSETOF(DecodedCert, issuerOUEnc), + WC_OFFSETOF(DecodedCert, issuerOU), + WC_OFFSETOF(DecodedCert, issuerOULen), + WC_OFFSETOF(DecodedCert, issuerOUEnc), #endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -13300,9 +14232,9 @@ static const CertNameData certNameSubject[] = { { "/businessCategory=", 18, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectBC), - OFFSETOF(DecodedCert, subjectBCLen), - OFFSETOF(DecodedCert, subjectBCEnc), + WC_OFFSETOF(DecodedCert, subjectBC), + WC_OFFSETOF(DecodedCert, subjectBCLen), + WC_OFFSETOF(DecodedCert, subjectBCEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13334,9 +14266,9 @@ static const CertNameData certNameSubject[] = { { "/postalCode=", 12, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectPC), - OFFSETOF(DecodedCert, subjectPCLen), - OFFSETOF(DecodedCert, subjectPCEnc), + WC_OFFSETOF(DecodedCert, subjectPC), + WC_OFFSETOF(DecodedCert, subjectPCLen), + WC_OFFSETOF(DecodedCert, subjectPCEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13351,9 +14283,9 @@ static const CertNameData certNameSubject[] = { { "/userid=", 8, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectUID), - OFFSETOF(DecodedCert, subjectUIDLen), - OFFSETOF(DecodedCert, subjectUIDEnc), + WC_OFFSETOF(DecodedCert, subjectUID), + WC_OFFSETOF(DecodedCert, subjectUIDLen), + WC_OFFSETOF(DecodedCert, subjectUIDEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13369,9 +14301,9 @@ static const CertNameData certNameSubject[] = { { "/N=", 3, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectN), - OFFSETOF(DecodedCert, subjectNLen), - OFFSETOF(DecodedCert, subjectNEnc), + WC_OFFSETOF(DecodedCert, subjectN), + WC_OFFSETOF(DecodedCert, subjectNLen), + WC_OFFSETOF(DecodedCert, subjectNEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13386,9 +14318,9 @@ static const CertNameData certNameSubject[] = { { "/GN=", 4, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectGN), - OFFSETOF(DecodedCert, subjectGNLen), - OFFSETOF(DecodedCert, subjectGNEnc), + WC_OFFSETOF(DecodedCert, subjectGN), + WC_OFFSETOF(DecodedCert, subjectGNLen), + WC_OFFSETOF(DecodedCert, subjectGNEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13403,9 +14335,9 @@ static const CertNameData certNameSubject[] = { { "/initials=", 10, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectI), - OFFSETOF(DecodedCert, subjectILen), - OFFSETOF(DecodedCert, subjectIEnc), + WC_OFFSETOF(DecodedCert, subjectI), + WC_OFFSETOF(DecodedCert, subjectILen), + WC_OFFSETOF(DecodedCert, subjectIEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -13420,9 +14352,9 @@ static const CertNameData certNameSubject[] = { { "/dnQualifier=", 13, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - OFFSETOF(DecodedCert, subjectDNQ), - OFFSETOF(DecodedCert, subjectDNQLen), - OFFSETOF(DecodedCert, subjectDNQEnc), + WC_OFFSETOF(DecodedCert, subjectDNQ), + WC_OFFSETOF(DecodedCert, subjectDNQLen), + WC_OFFSETOF(DecodedCert, subjectDNQEnc), #ifdef WOLFSSL_HAVE_ISSUER_NAMES 0, 0, @@ -16265,7 +17197,8 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) * @return Encoded data size on success. * @return 0 when dynamic memory allocation fails. */ -static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams) +static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, + byte absentParams) { #ifndef WOLFSSL_ASN_TEMPLATE word32 tagSz, idSz, seqSz, algoSz = 0; @@ -16395,7 +17328,8 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE); } -word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams) +word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, + byte absentParams) { return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams); } @@ -16819,7 +17753,7 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, #endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */ /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */ -static int ConfirmSignature(SignatureCtx* sigCtx, +int ConfirmSignature(SignatureCtx* sigCtx, const byte* buf, word32 bufSz, const byte* key, word32 keySz, word32 keyOID, const byte* sig, word32 sigSz, word32 sigOID, @@ -17269,6 +18203,10 @@ static int ConfirmSignature(SignatureCtx* sigCtx, level = WC_ML_DSA_87_DRAFT; } #endif + else { + WOLFSSL_MSG("Invalid Dilithium key OID"); + goto exit_cs; + } sigCtx->verify = 0; sigCtx->key.dilithium = (dilithium_key*)XMALLOC( sizeof(dilithium_key), sigCtx->heap, @@ -17833,7 +18771,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: - #endif + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ case ML_DSA_LEVEL2k: case ML_DSA_LEVEL3k: case ML_DSA_LEVEL5k: @@ -17947,41 +18885,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx, return ret; } -#ifdef WOLFSSL_DUAL_ALG_CERTS -int wc_ConfirmAltSignature( - const byte* buf, word32 bufSz, - const byte* key, word32 keySz, word32 keyOID, - const byte* sig, word32 sigSz, word32 sigOID, - void *heap) -{ - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - SignatureCtx* sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, - DYNAMIC_TYPE_SIGNATURE); - if (sigCtx == NULL) { - ret = MEMORY_E; - } -#else - SignatureCtx sigCtx[1]; - (void)heap; -#endif - - if (ret == 0) { - InitSignatureCtx(sigCtx, heap, INVALID_DEVID); - - ret = ConfirmSignature(sigCtx, buf, bufSz, key, keySz, - keyOID, sig, sigSz, sigOID, NULL, 0, NULL); - - FreeSignatureCtx(sigCtx); - } - -#ifdef WOLFSSL_SMALL_STACK - XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); -#endif - return ret; -} -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - #ifndef IGNORE_NAME_CONSTRAINTS static int MatchBaseName(int type, const char* name, int nameSz, @@ -21254,11 +22157,12 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert) * like a traditional signature in the certificate. */ static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert) { - (void)cert; int ret = 0; word32 idx = 0; int len = 0; + (void)cert; + WOLFSSL_ENTER("DecodeAltSigVal"); if (ret == 0) { @@ -21527,16 +22431,19 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid, #ifdef WOLFSSL_DUAL_ALG_CERTS case SUBJ_ALT_PUB_KEY_INFO_OID: VERIFY_AND_SET_OID(cert->extSapkiSet); + cert->extSapkiCrit = critical ? 1 : 0; if (DecodeSubjAltPubKeyInfo(&input[idx], length, cert) < 0) return ASN_PARSE_E; break; case ALT_SIG_ALG_OID: VERIFY_AND_SET_OID(cert->extAltSigAlgSet); + cert->extAltSigAlgCrit = critical ? 1 : 0; if (DecodeAltSigAlg(&input[idx], length, cert) < 0) return ASN_PARSE_E; break; case ALT_SIG_VAL_OID: VERIFY_AND_SET_OID(cert->extAltSigValSet); + cert->extAltSigValCrit = critical ? 1 : 0; if (DecodeAltSigVal(&input[idx], length, cert) < 0) return ASN_PARSE_E; break; @@ -23666,6 +24573,19 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, return ret; } #endif +#ifdef HAVE_OCSP +Signer* findSignerByKeyHash(Signer *list, byte *hash) +{ + Signer *s; + for (s = list; s != NULL; s = s->next) { + if (XMEMCMP(s->subjectKeyHash, hash, KEYID_SIZE) == 0) { + return s; + } + } + return NULL; +} +#endif /* WOLFSSL_OCSP */ + Signer* findSignerByName(Signer *list, byte *hash) { Signer *s; @@ -23677,7 +24597,8 @@ Signer* findSignerByName(Signer *list, byte *hash) return NULL; } -int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer *extraCAList) +int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, + Signer *extraCAList) { int ret = 0; #ifndef WOLFSSL_ASN_TEMPLATE @@ -24611,7 +25532,8 @@ int SetSerialNumber(const byte* sn, word32 snSz, byte* output, #endif /* !NO_CERTS */ #if defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS12) || \ - (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) + (defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT)) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) int SetMyVersion(word32 version, byte* output, int header) { int i = 0; @@ -24777,6 +25699,8 @@ wcchar END_CERT = "-----END CERTIFICATE-----"; #endif wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; wcchar END_X509_CRL = "-----END X509 CRL-----"; +wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----"; +wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----"; wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----"; @@ -25073,6 +25997,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) if (footer) *footer = END_ENC_PRIV_KEY; ret = 0; break; + case TRUSTED_CERT_TYPE: + if (header) *header = BEGIN_TRUSTED_CERT; + if (footer) *footer = END_TRUSTED_CERT; + ret = 0; + break; default: ret = BAD_FUNC_ARG; break; @@ -25318,8 +26247,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, char header[MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE]; char footer[MAX_X509_HEADER_SZ]; #endif - int headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE; - int footerLen = MAX_X509_HEADER_SZ; + size_t headerLen = MAX_X509_HEADER_SZ + HEADER_ENCRYPTED_KEY_SIZE; + size_t footerLen = MAX_X509_HEADER_SZ; int i; int err; int outLen; /* return length or error */ @@ -25346,9 +26275,9 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, #endif /* build header and footer based on type */ - XSTRNCPY(header, headerStr, (size_t)headerLen - 1); + XSTRNCPY(header, headerStr, headerLen - 1); header[headerLen - 2] = 0; - XSTRNCPY(footer, footerStr, (size_t)footerLen - 1); + XSTRNCPY(footer, footerStr, footerLen - 1); footer[footerLen - 2] = 0; /* add new line to end */ @@ -25356,7 +26285,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, XSTRNCAT(footer, "\n", 2); #ifdef WOLFSSL_ENCRYPTED_KEYS - err = wc_EncryptedInfoAppend(header, headerLen, (char*)cipher_info); + err = wc_EncryptedInfoAppend(header, (int)headerLen, (char*)cipher_info); if (err != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -25366,8 +26295,8 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, } #endif - headerLen = (int)XSTRLEN(header); - footerLen = (int)XSTRLEN(footer); + headerLen = XSTRLEN(header); + footerLen = XSTRLEN(footer); /* if null output and 0 size passed in then return size needed */ if (!output && outSz == 0) { @@ -25381,7 +26310,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, WOLFSSL_ERROR_VERBOSE(err); return err; } - return headerLen + footerLen + outLen; + return (int)headerLen + (int)footerLen + outLen; } if (!der || !output) { @@ -25403,14 +26332,14 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, /* header */ XMEMCPY(output, header, (size_t)headerLen); - i = headerLen; + i = (int)headerLen; #ifdef WOLFSSL_SMALL_STACK XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif /* body */ - outLen = (int)outSz - (headerLen + footerLen); /* input to Base64_Encode */ + outLen = (int)outSz - (int)(headerLen + footerLen); /* input to Base64_Encode */ if ( (err = Base64_Encode(der, derSz, output + i, (word32*)&outLen)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -25421,7 +26350,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, i += outLen; /* footer */ - if ( (i + footerLen) > (int)outSz) { + if ( (i + (int)footerLen) > (int)outSz) { #ifdef WOLFSSL_SMALL_STACK XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -25433,7 +26362,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, XFREE(footer, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return outLen + headerLen + footerLen; + return outLen + (int)headerLen + (int)footerLen; } #endif /* WOLFSSL_DER_TO_PEM */ @@ -25709,10 +26638,27 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } der = *pDer; - if (Base64_Decode((byte*)headerEnd, (word32)neededSz, - der->buffer, &der->length) < 0) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; + switch (type) { + case PUBLICKEY_TYPE: + case ECC_PUBLICKEY_TYPE: + case RSA_PUBLICKEY_TYPE: + case CERT_TYPE: + case TRUSTED_CERT_TYPE: + case CRL_TYPE: + if (Base64_Decode_nonCT((byte*)headerEnd, (word32)neededSz, + der->buffer, &der->length) < 0) + { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; + } + break; + default: + if (Base64_Decode((byte*)headerEnd, (word32)neededSz, + der->buffer, &der->length) < 0) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; + } + break; } if ((header == BEGIN_PRIV_KEY @@ -25754,7 +26700,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } #ifdef WOLFSSL_SMALL_STACK - password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING); + password = (char*)XMALLOC((size_t)passwordSz, heap, DYNAMIC_TYPE_STRING); if (password == NULL) { return MEMORY_E; } @@ -28804,6 +29750,13 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) ret = 0; } + if (items == 0) { + /* if zero items, short-circuit return to avoid frivolous zero-size + * allocations. + */ + return 0; + } + /* Allocate dynamic data items. */ dataASN = (ASNSetData*)XMALLOC(items * sizeof(ASNSetData), heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -28972,6 +29925,7 @@ static const ASNItem static_certExtsASN[] = { /* Basic Constraints Extension - 4.2.1.9 */ /* BC_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* BC_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 }, +/* BC_CRIT */ { 1, ASN_BOOLEAN, 0, 0, 0 }, /* BC_STR */ { 1, ASN_OCTET_STRING, 0, 1, 0 }, /* BC_STR_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, /* cA */ @@ -29020,12 +29974,15 @@ static const ASNItem static_certExtsASN[] = { #ifdef WOLFSSL_DUAL_ALG_CERTS /* SAPKI_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* SAPKI_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 }, +/* SAPKI_CRIT */ { 1, ASN_BOOLEAN, 0, 0, 0 }, /* SAPKI_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, /* ALTSIGALG_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* ALTSIGALG_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALTSIGALG_CRIT*/ { 1, ASN_BOOLEAN, 0, 0, 0 }, /* ALTSIGALG_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, /* ALTSIGVAL_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* ALTSIGVAL_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALTSIGVAL_CRIT*/ { 1, ASN_BOOLEAN, 0, 0, 0 }, /* ALTSIGVAL_STR */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, #endif /* WOLFSSL_DUAL_ALG_CERTS */ /* CUSTOM_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, @@ -29035,6 +29992,7 @@ static const ASNItem static_certExtsASN[] = { enum { CERTEXTSASN_IDX_BC_SEQ = 0, CERTEXTSASN_IDX_BC_OID, + CERTEXTSASN_IDX_BC_CRIT, CERTEXTSASN_IDX_BC_STR, CERTEXTSASN_IDX_BC_STR_SEQ, CERTEXTSASN_IDX_BC_CA, @@ -29074,12 +30032,15 @@ enum { #ifdef WOLFSSL_DUAL_ALG_CERTS CERTEXTSASN_IDX_SAPKI_SEQ, CERTEXTSASN_IDX_SAPKI_OID, + CERTEXTSASN_IDX_SAPKI_CRIT, CERTEXTSASN_IDX_SAPKI_STR, CERTEXTSASN_IDX_ALTSIGALG_SEQ, CERTEXTSASN_IDX_ALTSIGALG_OID, + CERTEXTSASN_IDX_ALTSIGALG_CRIT, CERTEXTSASN_IDX_ALTSIGALG_STR, CERTEXTSASN_IDX_ALTSIGVAL_SEQ, CERTEXTSASN_IDX_ALTSIGVAL_OID, + CERTEXTSASN_IDX_ALTSIGVAL_CRIT, CERTEXTSASN_IDX_ALTSIGVAL_STR, #endif /* WOLFSSL_DUAL_ALG_CERTS */ CERTEXTSASN_IDX_CUSTOM_SEQ, @@ -29171,6 +30132,12 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, /* Set Basic Constraints to be a Certificate Authority. */ SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 1); SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID)); + if (cert->basicConstCrit) { + SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CRIT], 1); + } + else { + dataASN[CERTEXTSASN_IDX_BC_CRIT].noOut = 1; + } if (cert->pathLenSet #ifdef WOLFSSL_CERT_EXT && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage)) @@ -29187,12 +30154,24 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, else if (cert->isCaSet) { SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CA], 0); SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID)); + if (cert->basicConstCrit) { + SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CRIT], 1); + } + else { + dataASN[CERTEXTSASN_IDX_BC_CRIT].noOut = 1; + } dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1; } #endif else if (cert->basicConstSet) { /* Set Basic Constraints to be a non Certificate Authority. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_BC_OID], bcOID, sizeof(bcOID)); + if (cert->basicConstCrit) { + SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_BC_CRIT], 1); + } + else { + dataASN[CERTEXTSASN_IDX_BC_CRIT].noOut = 1; + } dataASN[CERTEXTSASN_IDX_BC_CA].noOut = 1; dataASN[CERTEXTSASN_IDX_BC_PATHLEN].noOut = 1; } @@ -29359,9 +30338,16 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, #ifdef WOLFSSL_DUAL_ALG_CERTS if (cert->sapkiDer != NULL) { - /* Set subject alternative public key info OID and data. */ + /* Set subject alternative public key info OID, criticality and + * data. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_OID], sapkiOID, sizeof(sapkiOID)); + if (cert->sapkiCrit) { + SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_SAPKI_CRIT], 1); + } + else { + dataASN[CERTEXTSASN_IDX_SAPKI_CRIT].noOut = 1; + } SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAPKI_STR], cert->sapkiDer, cert->sapkiLen); } @@ -29372,9 +30358,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, } if (cert->altSigAlgDer != NULL) { - /* Set alternative signature algorithm OID and data. */ + /* Set alternative signature algorithm OID, criticality and data. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_OID], altSigAlgOID, sizeof(altSigAlgOID)); + if (cert->altSigAlgCrit) { + SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_CRIT], 1); + } + else { + dataASN[CERTEXTSASN_IDX_ALTSIGALG_CRIT].noOut = 1; + } SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGALG_STR], cert->altSigAlgDer, cert->altSigAlgLen); } @@ -29385,9 +30377,15 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz, } if (cert->altSigValDer != NULL) { - /* Set alternative signature value OID and data. */ + /* Set alternative signature value OID, criticality and data. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_OID], altSigValOID, sizeof(altSigValOID)); + if (cert->altSigValCrit) { + SetASN_Boolean(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_CRIT], 1); + } + else { + dataASN[CERTEXTSASN_IDX_ALTSIGVAL_CRIT].noOut = 1; + } SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_ALTSIGVAL_STR], cert->altSigValDer, cert->altSigValLen); } @@ -30976,8 +31974,18 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, #endif } - -/* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ +/* Make an x509 Certificate v3 from cert input using any + * key type, and write to buffer. + * + * @param [in, out] cert Certificate object. + * @param [out] derBuffer Buffer to write der in. + * @param [in] derSz Der buffer size. + * @param [in] keyType The type of key. + * @param [in] key Key data. + * @param [in] rng Random number generator. + * @return Size of encoded data in bytes on success. + * @return < 0 on error + * */ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key, WC_RNG* rng) { @@ -32145,6 +33153,21 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz, } #ifdef WOLFSSL_DUAL_ALG_CERTS +/* Generate a signature from input buffer using + * any key type. + * + * @param [out] sig The signature buffer to write in. + * @param [out] sigsz The signature buffer size. + * @param [in] sType The signature type. + * @param [in] buf The input buf to sign. + * @param [in] bufSz The buffer size + * @param [in] keyType The key type. + * @param [in] key Key data. + * @param [in] rng Random number generator. + * + * @return Size of signature on success. + * @return < 0 on error. + * */ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, word32 bufSz, int keyType, void* key, WC_RNG* rng) { @@ -32155,13 +33178,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, falcon_key* falconKey = NULL; dilithium_key* dilithiumKey = NULL; sphincs_key* sphincsKey = NULL; - int ret = 0; int headerSz; void* heap = NULL; CertSignCtx certSignCtx_lcl; CertSignCtx* certSignCtx = &certSignCtx_lcl; + WOLFSSL_ENTER("wc_MakeSigWithBitStr"); + if ((sig == NULL) || (sigSz <= 0)) { return BAD_FUNC_ARG; } @@ -32271,6 +33295,20 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, } #endif /* WOLFSSL_DUAL_ALG_CERTS */ +/* Sign an x509 Certificate v3 from cert input using any + * key type, and write to buffer. + * + * @param [in] requestSz Size of requested data to sign. + * @param [in] sType The signature type. + * @param [in,out] buf Der buffer to sign. + * @param [in] buffSz Der buffer size. + * @param [in] keyType The type of key. + * @param [in] key Key data. + * @param [in] rng Random number generator. + * + * @return Size of signature on success. + * @return < 0 on error + * */ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz, int keyType, void* key, WC_RNG* rng) { @@ -33779,8 +34817,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, ret = GetASNInt(sig, &idx, &len, sigLen); if (ret != 0) return ret; - if (rLen) - *rLen = (word32)len; + if (rLen) { + if (*rLen >= (word32)len) + *rLen = (word32)len; + else { + /* Buffer too small to hold r value */ + return BUFFER_E; + } + } if (r) XMEMCPY(r, (byte*)sig + idx, (size_t)len); idx += (word32)len; @@ -33788,8 +34832,14 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, ret = GetASNInt(sig, &idx, &len, sigLen); if (ret != 0) return ret; - if (sLen) - *sLen = (word32)len; + if (sLen) { + if (*sLen >= (word32)len) + *sLen = (word32)len; + else { + /* Buffer too small to hold s value */ + return BUFFER_E; + } + } if (s) XMEMCPY(s, (byte*)sig + idx, (size_t)len); @@ -34171,23 +35221,26 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz, } #endif /* WOLFSSL_ECC_CURVE_STATIC */ + if ((ret == 0) && (curveSz)) { + *curveSz = curve->size; + } + if (key) { /* Store parameter set in key. */ - if ((ret == 0) && (wc_ecc_set_custom_curve(key, curve) < 0)) { - ret = ASN_PARSE_E; - } if (ret == 0) { - /* The parameter set was allocated.. */ - key->deallocSet = 1; + if (wc_ecc_set_custom_curve(key, curve) < 0) { + ret = ASN_PARSE_E; + } + else { + /* The parameter set was allocated.. */ + key->deallocSet = 1; + /* Don't deallocate below. */ + curve = NULL; + } } } - if ((ret == 0) && (curveSz)) { - *curveSz = curve->size; - } - - if ((ret != 0) && (curve != NULL)) { - /* Failed to set parameters so free parameter set. */ + if (curve != NULL) { /* NOLINT(clang-analyzer-unix.Malloc) */ wc_ecc_free_curve(curve, heap); } @@ -34343,7 +35396,8 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, ret = BUFFER_E; else { #ifdef WOLFSSL_SMALL_STACK - pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte*)XMALLOC(pubSz, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) ret = MEMORY_E; else @@ -35718,6 +36772,9 @@ int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx, return BAD_FUNC_ARG; } + /* init pubKey */ + XMEMSET(pubKey, 0, sizeof(pubKey)); + ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, pubKey, &pubKeyLen, ED25519k); if (ret == 0) { @@ -35758,6 +36815,9 @@ int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx, return BAD_FUNC_ARG; } + /* init pubKey */ + XMEMSET(pubKey, 0, sizeof(pubKey)); + ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, pubKey, &pubKeyLen, X25519k); if (ret == 0) { @@ -35983,7 +37043,8 @@ int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, word32 inLen) #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) /* Write only private Curve25519 key to DER format, * length on success else < 0 */ -int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, word32 inLen) +int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, + word32 inLen) { int ret; byte privKey[CURVE25519_KEYSIZE]; @@ -36025,7 +37086,8 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, /* Export Curve25519 key to DER format - handles private only, public only, * or private+public key pairs based on what's set in the key structure. * Returns length written on success, negative on error */ -int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, int withAlg) +int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, + int withAlg) { int ret; byte privKey[CURVE25519_KEYSIZE]; @@ -36158,6 +37220,9 @@ int wc_Curve448PublicKeyDecode(const byte* input, word32* inOutIdx, return BAD_FUNC_ARG; } + /* init pubKey */ + XMEMSET(pubKey, 0, sizeof(pubKey)); + ret = DecodeAsymKeyPublic(input, inOutIdx, inSz, pubKey, &pubKeyLen, X448k); if (ret == 0) { @@ -36305,17 +37370,7 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value, static const ASNItem singleResponseASN[] = { /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* certId */ -/* CID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, - /* hashAlgorithm */ -/* CID_HASHALGO_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, -/* CID_HASHALGO_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 }, -/* CID_HASHALGO_NULL */ { 3, ASN_TAG_NULL, 0, 0, 1 }, - /* issuerNameHash */ -/* CID_ISSUERHASH */ { 2, ASN_OCTET_STRING, 0, 0, 0 }, - /* issuerKeyHash */ -/* CID_ISSUERKEYHASH */ { 2, ASN_OCTET_STRING, 0, 0, 0 }, - /* serialNumber */ -/* CID_SERIAL */ { 2, ASN_INTEGER, 0, 0, 0 }, +/* CID_SEQ */ { 1, ASN_SEQUENCE, 1, 0, 0 }, /* certStatus - CHOICE */ /* good [0] IMPLICIT NULL */ /* CS_GOOD */ { 1, ASN_CONTEXT_SPECIFIC | 0, 0, 0, 2 }, @@ -36341,12 +37396,6 @@ static const ASNItem singleResponseASN[] = { enum { SINGLERESPONSEASN_IDX_SEQ = 0, SINGLERESPONSEASN_IDX_CID_SEQ, - SINGLERESPONSEASN_IDX_CID_HASHALGO_SEQ, - SINGLERESPONSEASN_IDX_CID_HASHALGO_OID, - SINGLERESPONSEASN_IDX_CID_HASHALGO_NULL, - SINGLERESPONSEASN_IDX_CID_ISSUERHASH, - SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH, - SINGLERESPONSEASN_IDX_CID_SERIAL, SINGLERESPONSEASN_IDX_CS_GOOD, SINGLERESPONSEASN_IDX_CS_REVOKED, SINGLERESPONSEASN_IDX_CS_REVOKED_TIME, @@ -36361,13 +37410,139 @@ enum { /* Number of items in ASN.1 template for OCSP single response. */ #define singleResponseASN_Length (sizeof(singleResponseASN) / sizeof(ASNItem)) + +static const ASNItem certIDASNItems[] = { + /* hashAlgorithm */ +/* CID_HASHALGO_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, +/* CID_HASHALGO_OID */ { 1, ASN_OBJECT_ID, 0, 0, 0 }, +/* CID_HASHALGO_NULL */ { 1, ASN_TAG_NULL, 0, 0, 1 }, + /* issuerNameHash */ +/* CID_ISSUERHASH */ { 0, ASN_OCTET_STRING, 0, 0, 0 }, + /* issuerKeyHash */ +/* CID_ISSUERKEYHASH */ { 0, ASN_OCTET_STRING, 0, 0, 0 }, + /* serialNumber */ +/* CID_SERIAL */ { 0, ASN_INTEGER, 0, 0, 0 }, +}; + +enum { + CERTIDASN_IDX_CID_HASHALGO_SEQ, + CERTIDASN_IDX_CID_HASHALGO_OID, + CERTIDASN_IDX_CID_HASHALGO_NULL, + CERTIDASN_IDX_CID_ISSUERHASH, + CERTIDASN_IDX_CID_ISSUERKEYHASH, + CERTIDASN_IDX_CID_SERIAL, +}; + +#define certidasn_Length (sizeof(certIDASNItems) / sizeof(ASNItem)) +#endif + +#ifndef WOLFSSL_ASN_TEMPLATE +static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz, + OcspEntry* entry) +{ + int length; + word32 oid; + int ret; + /* Hash algorithm */ + ret = GetAlgoId(input, inOutIdx, &oid, oidHashType, inSz); + if (ret < 0) + return ret; + entry->hashAlgoOID = oid; + /* Save reference to the hash of CN */ + ret = GetOctetString(input, inOutIdx, &length, inSz); + if (ret < 0) + return ret; + if (length != OCSP_DIGEST_SIZE) + return ASN_PARSE_E; + XMEMCPY(entry->issuerHash, input + *inOutIdx, length); + *inOutIdx += length; + /* Save reference to the hash of the issuer public key */ + ret = GetOctetString(input, inOutIdx, &length, inSz); + if (ret < 0) + return ret; + if (length != OCSP_DIGEST_SIZE) + return ASN_PARSE_E; + XMEMCPY(entry->issuerKeyHash, input + *inOutIdx, length); + *inOutIdx += length; + + /* Get serial number */ + if (wc_GetSerialNumber(input, inOutIdx, entry->status->serial, + &entry->status->serialSz, inSz) < 0) + return ASN_PARSE_E; + return 0; +} +#else +static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz, + OcspEntry* entry) +{ + DECL_ASNGETDATA(dataASN, certidasn_Length); + word32 issuerKeyHashLen = OCSP_DIGEST_SIZE; + word32 issuerHashLen = OCSP_DIGEST_SIZE; + word32 serialSz = EXTERNAL_SERIAL_SIZE; + word32 digestSz; + int ret = 0; + + WOLFSSL_ENTER("DecodeCertIdTemplate"); + CALLOC_ASNGETDATA(dataASN, certidasn_Length, ret, NULL); + if (ret != 0) + return ret; + + GetASN_OID(&dataASN[CERTIDASN_IDX_CID_HASHALGO_OID], oidHashType); + GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERHASH], entry->issuerHash, + &issuerHashLen); + GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERKEYHASH], + entry->issuerKeyHash, &issuerKeyHashLen); + GetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_SERIAL], entry->status->serial, + &serialSz); + ret = GetASN_Items(certIDASNItems, dataASN, certidasn_Length, + 1, input, inOutIdx, inSz); + if (ret != 0) { + goto out; + } + entry->status->serialSz = serialSz; + entry->hashAlgoOID = + dataASN[CERTIDASN_IDX_CID_HASHALGO_OID].data.oid.sum; + digestSz = wc_HashGetDigestSize(wc_OidGetHash(entry->hashAlgoOID)); + if (issuerKeyHashLen != digestSz || issuerHashLen != digestSz) { + ret = ASN_PARSE_E; + goto out; + } +out: + FREE_ASNGETDATA(dataASN, NULL); + return ret; +} #endif +int OcspDecodeCertID(const byte *input, word32 *inOutIdx, word32 inSz, + OcspEntry *entry) +{ + word32 seqIdx = 0; + int len = inSz; + int ret; + +#ifndef WOLFSSL_ASN_TEMPLATE + ret = GetSequence(input, inOutIdx, &len, inSz); +#else + ret = GetASN_Sequence(input, inOutIdx, &len, inSz, 0); +#endif + if (ret < 0) + return ASN_PARSE_E; + ret = OcspDecodeCertIDInt(input + *inOutIdx, &seqIdx, len, entry); + if (ret < 0) + return ASN_PARSE_E; + if (seqIdx != (word32)len) + return ASN_PARSE_E; + *inOutIdx += len; + + return 0; +} + + static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, int wrapperSz, OcspEntry* single) { #ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = *ioIndex, prevIndex, oid, localIdx, certIdIdx; + word32 idx = *ioIndex, prevIndex, localIdx, certIdIdx; int length; int ret; byte tag; @@ -36385,31 +37560,8 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, if (GetSequence(source, &idx, &length, size) < 0) return ASN_PARSE_E; single->rawCertId = source + certIdIdx; - /* Hash algorithm */ - ret = GetAlgoId(source, &idx, &oid, oidIgnoreType, size); - if (ret < 0) - return ret; - single->hashAlgoOID = oid; - /* Save reference to the hash of CN */ - ret = GetOctetString(source, &idx, &length, size); - if (ret < 0) - return ret; - if (length > (int)sizeof(single->issuerHash)) - return BUFFER_E; - XMEMCPY(single->issuerHash, source + idx, length); - idx += length; - /* Save reference to the hash of the issuer public key */ - ret = GetOctetString(source, &idx, &length, size); + ret = OcspDecodeCertIDInt(source, &idx, size, single); if (ret < 0) - return ret; - if (length > (int)sizeof(single->issuerKeyHash)) - return BUFFER_E; - XMEMCPY(single->issuerKeyHash, source + idx, length); - idx += length; - - /* Get serial number */ - if (wc_GetSerialNumber(source, &idx, single->status->serial, - &single->status->serialSz, size) < 0) return ASN_PARSE_E; single->rawCertIdSize = idx - certIdIdx; @@ -36456,12 +37608,13 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, single->status->thisDateParsed.length); #endif if (GetBasicDate(source, &idx, single->status->thisDate, - &single->status->thisDateFormat, size) < 0) + &single->status->thisDateFormat, size) < 0) return ASN_PARSE_E; #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) + if (!XVALIDATE_DATE(single->status->thisDate, + single->status->thisDateFormat, ASN_BEFORE)) return ASN_BEFORE_DATE_E; #endif #endif @@ -36492,7 +37645,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, single->status->nextDateParsed.length); #endif if (GetBasicDate(source, &idx, single->status->nextDate, - &single->status->nextDateFormat, size) < 0) + &single->status->nextDateFormat, size) < 0) return ASN_PARSE_E; #ifndef NO_ASN_TIME_CHECK @@ -36521,13 +37674,10 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #else /* WOLFSSL_ASN_TEMPLATE */ DECL_ASNGETDATA(dataASN, singleResponseASN_Length); int ret = 0; - word32 ocspDigestSize = OCSP_DIGEST_SIZE; CertStatus* cs = NULL; - word32 serialSz; - word32 issuerHashLen; - word32 issuerKeyHashLen; word32 thisDateLen; word32 nextDateLen; + word32 certIdSeqIdx; (void)wrapperSz; @@ -36536,25 +37686,12 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, CALLOC_ASNGETDATA(dataASN, singleResponseASN_Length, ret, NULL); if (ret == 0) { - /* Certificate Status field. */ cs = single->status; - /* Set maximum lengths for data. */ - issuerHashLen = OCSP_DIGEST_SIZE; - issuerKeyHashLen = OCSP_DIGEST_SIZE; - serialSz = EXTERNAL_SERIAL_SIZE; thisDateLen = MAX_DATE_SIZE; nextDateLen = MAX_DATE_SIZE; /* Set OID type, buffers to hold data and variables to hold size. */ - GetASN_OID(&dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID], - oidHashType); - GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERHASH], - single->issuerHash, &issuerHashLen); - GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_ISSUERKEYHASH], - single->issuerKeyHash, &issuerKeyHashLen); - GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_SERIAL], cs->serial, - &serialSz); GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], cs->thisDate, &thisDateLen); GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], @@ -36565,27 +37702,11 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, 1, source, ioIndex, size); } if (ret == 0) { - single->hashAlgoOID = - dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum; - ocspDigestSize = (word32)wc_HashGetDigestSize( - wc_OidGetHash((int)single->hashAlgoOID)); - } - /* Validate the issuer hash length is the size required. */ - if ((ret == 0) && (issuerHashLen != ocspDigestSize)) { - ret = ASN_PARSE_E; - } - /* Validate the issuer key hash length is the size required. */ - if (ret == 0) { - if (issuerKeyHashLen != ocspDigestSize) { - ret = ASN_PARSE_E; - } + certIdSeqIdx = 0; + ret = OcspDecodeCertIDInt(dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.ref.data, + &certIdSeqIdx, dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.ref.length, single); } if (ret == 0) { - /* Store serial size. */ - cs->serialSz = (int)serialSz; - /* Set the hash algorithm OID */ - single->hashAlgoOID = - dataASN[SINGLERESPONSEASN_IDX_CID_HASHALGO_OID].data.oid.sum; /* Determine status by which item was found. */ if (dataASN[SINGLERESPONSEASN_IDX_CS_GOOD].tag != 0) { @@ -36821,7 +37942,8 @@ static const ASNItem ocspRespDataASN[] = { /* byName */ /* BYNAME */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 }, /* byKey */ -/* BYKEY */ { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 2 }, +/* BYKEY */ { 1, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 2 }, +/* BYKEY_OCT */ { 2, ASN_OCTET_STRING, 0, 0, 0 }, /* producedAt */ /* PA */ { 1, ASN_GENERALIZED_TIME, 0, 0, 0, }, /* responses */ @@ -36835,6 +37957,7 @@ enum { OCSPRESPDATAASN_IDX_VER, OCSPRESPDATAASN_IDX_BYNAME, OCSPRESPDATAASN_IDX_BYKEY, + OCSPRESPDATAASN_IDX_BYKEY_OCT, OCSPRESPDATAASN_IDX_PA, OCSPRESPDATAASN_IDX_RESP, OCSPRESPDATAASN_IDX_RESPEXT, @@ -36879,16 +38002,40 @@ static int DecodeResponseData(byte* source, word32* ioIndex, version = 0; localIdx = idx; - if (GetASNTag(source, &localIdx, &tag, size) == 0 && - ( tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) || - tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2) )) + if (GetASNTag(source, &localIdx, &tag, size) != 0) + return ASN_PARSE_E; + + resp->responderIdType = OCSP_RESPONDER_ID_INVALID; + /* parse byName */ + if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { idx++; /* advance past ASN tag */ if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; + /* compute the hash of the name */ + resp->responderIdType = OCSP_RESPONDER_ID_NAME; + ret = CalcHashId_ex(source + idx, length, + resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE); + if (ret != 0) + return ret; idx += length; } - else + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) + { + idx++; /* advance past ASN tag */ + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + if (GetOctetString(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + if (length != OCSP_RESPONDER_ID_KEY_SZ) + return ASN_PARSE_E; + resp->responderIdType = OCSP_RESPONDER_ID_KEY; + XMEMCPY(resp->responderId.keyHash, source + idx, length); + idx += length; + } + if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID) return ASN_PARSE_E; /* save pointer to the producedAt time */ @@ -36924,6 +38071,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex, XMEMSET(single->next->status, 0, sizeof(CertStatus)); single->next->isDynamic = 1; + single->next->ownStatus = 1; single = single->next; } @@ -36944,6 +38092,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex, int ret = 0; byte version; word32 dateSz = 0; + word32 responderByKeySz = OCSP_RESPONDER_ID_KEY_SZ; word32 idx = *ioIndex; OcspEntry* single = NULL; @@ -36962,6 +38111,8 @@ static int DecodeResponseData(byte* source, word32* ioIndex, GetASN_Int8Bit(&dataASN[OCSPRESPDATAASN_IDX_VER], &version); GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_PA], resp->producedDate, &dateSz); + GetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT], + resp->responderId.keyHash, &responderByKeySz); /* Decode the ResponseData. */ ret = GetASN_Items(ocspRespDataASN, dataASN, ocspRespDataASN_Length, 1, source, ioIndex, size); @@ -36979,7 +38130,23 @@ static int DecodeResponseData(byte* source, word32* ioIndex, } } if (ret == 0) { - /* TODO: use byName/byKey fields. */ + if (dataASN[OCSPRESPDATAASN_IDX_BYNAME].tag != 0) { + resp->responderIdType = OCSP_RESPONDER_ID_NAME; + ret = CalcHashId_ex( + dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.data, + dataASN[OCSPRESPDATAASN_IDX_BYNAME].data.ref.length, + resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE); + } else { + resp->responderIdType = OCSP_RESPONDER_ID_KEY; + if (dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT].length + != OCSP_RESPONDER_ID_KEY_SZ) { + ret = ASN_PARSE_E; + } else { + resp->responderIdType = OCSP_RESPONDER_ID_KEY; + } + } + } + if (ret == 0) { /* Store size of response. */ resp->responseSz = *ioIndex - idx; /* Store date format/tag. */ @@ -37013,6 +38180,7 @@ static int DecodeResponseData(byte* source, word32* ioIndex, /* Entry to be freed. */ single->next->isDynamic = 1; + single->next->ownStatus = 1; /* used will be 0 (false) */ single = single->next; @@ -37121,8 +38289,139 @@ enum { #define ocspBasicRespASN_Length (sizeof(ocspBasicRespASN) / sizeof(ASNItem)) #endif /* WOLFSSL_ASN_TEMPLATE */ +static int OcspRespIdMatch(OcspResponse *resp, const byte *NameHash, + const byte *keyHash) +{ + if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID) + return 0; + if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) + return XMEMCMP(NameHash, resp->responderId.nameHash, + SIGNER_DIGEST_SIZE) == 0; + /* OCSP_RESPONDER_ID_KEY */ + return ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) && + XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0; +} + +#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK +static int OcspRespCheck(OcspResponse *resp, Signer *responder) +{ + OcspEntry *s; + + s = resp->single; + if (s == NULL) + return -1; + + /* singles responses must have the same issuer */ + for (; s != NULL; s = s->next) { + if (XMEMCMP(s->issuerKeyHash, responder->subjectKeyHash, + KEYID_SIZE) != 0) + return -1; + } + + return 0; +} +#endif + +static Signer *OcspFindSigner(OcspResponse *resp, WOLFSSL_CERT_MANAGER *cm) +{ + Signer *s; + + if (cm == NULL) + return NULL; + + if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) { +#ifndef NO_SKID + s = GetCAByName(cm, resp->responderId.nameHash); +#else + s = GetCA(cm, resp->responderId.nameHash); +#endif + if (s) + return s; + } + else if ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) { + s = GetCAByKeyHash(cm, resp->responderId.keyHash); + if (s) + return s; + } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (resp->pendingCAs == NULL) + return NULL; + + if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) { + s = findSignerByName(resp->pendingCAs, resp->responderId.nameHash); + if (s) + return s; + } + else { + s = findSignerByKeyHash(resp->pendingCAs, resp->responderId.keyHash); + if (s) + return s; + } +#endif + return NULL; +} + +static int OcspCheckCert(OcspResponse *resp, int noVerify, + int noVerifySignature, WOLFSSL_CERT_MANAGER *cm, void *heap) +{ + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; +#else + DecodedCert cert[1]; +#endif + + InitDecodedCert(cert, resp->cert, resp->certSz, heap); + ret = ParseCertRelative(cert, CERT_TYPE, + noVerify ? NO_VERIFY : VERIFY_OCSP_CERT, + cm, resp->pendingCAs); + if (ret < 0) { + WOLFSSL_MSG("\tOCSP Responder certificate parsing failed"); + } + + if (ret == 0 && + OcspRespIdMatch(resp, + cert->subjectHash, cert->subjectKeyHash) == 0) { + WOLFSSL_MSG("\tInternal check doesn't match responder ID, ignoring\n"); + ret = BAD_OCSP_RESPONDER; + goto err; + } + +#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK + if (ret == 0 && !noVerify) { + ret = CheckOcspResponder(resp, cert, cm); + if (ret != 0) { + WOLFSSL_MSG("\tOCSP Responder certificate issuer check failed"); + goto err; + } + } +#endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */ + if (ret == 0 && !noVerifySignature) { + ret = ConfirmSignature( + &cert->sigCtx, + resp->response, resp->responseSz, + cert->publicKey, cert->pubKeySize, cert->keyOID, + resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, + resp->sigParamsSz, NULL); + } +err: + FreeDecodedCert(cert); + +#ifdef WOLFSSL_SMALL_STACK + if (cert != NULL) { + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + + return ret; +} + static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, - OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify) + OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify, + int noVerifySignature) { #ifndef WOLFSSL_ASN_TEMPLATE int length; @@ -37132,8 +38431,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, #endif int ret; int sigLength; - const byte* sigParams = NULL; - word32 sigParamsSz = 0; + int sigValid = 0; WOLFSSL_ENTER("DecodeBasicOcspResponse"); (void)heap; @@ -37157,16 +38455,16 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, else if (resp->sigOID == CTC_RSASSAPSS) { word32 sz; int len; - const byte* params; + byte* params; sz = idx; params = source + idx; if (GetSequence(source, &idx, &len, size) < 0) - ret = ASN_PARSE_E; + return ASN_PARSE_E; if (ret == 0) { idx += len; - sigParams = params; - sigParamsSz = idx - sz; + resp->sigParams = params; + resp->sigParamsSz = idx - sz; } } #endif @@ -37186,107 +38484,44 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS if (idx < end_index) { - int cert_inited = 0; -#ifdef WOLFSSL_SMALL_STACK - DecodedCert *cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (cert == NULL) - return MEMORY_E; -#else - DecodedCert cert[1]; -#endif - - do { - if (DecodeCerts(source, &idx, resp, size) < 0) { - ret = ASN_PARSE_E; - break; - } - - InitDecodedCert(cert, resp->cert, resp->certSz, heap); - cert_inited = 1; - - /* Don't verify if we don't have access to Cert Manager. */ - ret = ParseCertRelative(cert, CERT_TYPE, - noVerify ? NO_VERIFY : VERIFY_OCSP_CERT, - cm, resp->pendingCAs); - if (ret < 0) { - WOLFSSL_MSG("\tOCSP Responder certificate parsing failed"); - break; - } - -#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK - if ((cert->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { - if (XMEMCMP(cert->subjectHash, - resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) { - WOLFSSL_MSG("\tOCSP Response signed by issuer"); - } - else { - WOLFSSL_MSG("\tOCSP Responder key usage check failed"); - #ifdef OPENSSL_EXTRA - resp->verifyError = OCSP_BAD_ISSUER; - #else - ret = BAD_OCSP_RESPONDER; - break; - #endif - } - } -#endif - - /* ConfirmSignature is blocking here */ - ret = ConfirmSignature( - &cert->sigCtx, - resp->response, resp->responseSz, - cert->publicKey, cert->pubKeySize, cert->keyOID, - resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz, - NULL); - - if (ret != 0) { - WOLFSSL_MSG("\tOCSP Confirm signature failed"); - ret = ASN_OCSP_CONFIRM_E; - break; - } - } while(0); - - if (cert_inited) - FreeDecodedCert(cert); -#ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + if (DecodeCerts(source, &idx, resp, size) < 0) + return ASN_PARSE_E; - if (ret != 0) - return ret; + ret = OcspCheckCert(resp, noVerify, noVerifySignature, + (WOLFSSL_CERT_MANAGER*)cm, heap); + if (ret == 0) { + sigValid = 1; + } + else { + WOLFSSL_MSG("OCSP Internal cert can't verify the response\n"); + /* try to verify the OCSP response with CA certs */ + ret = 0; + } } else #endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ - { + if (!noVerifySignature && !sigValid) { Signer* ca; - int sigValid = -1; + SignatureCtx sigCtx; + ca = OcspFindSigner(resp, (WOLFSSL_CERT_MANAGER*)cm); + if (ca == NULL) + return ASN_NO_SIGNER_E; - #ifndef NO_SKID - ca = GetCAByKeyHash(cm, resp->single->issuerKeyHash); - #else - ca = GetCA(cm, resp->single->issuerHash); - #endif -#if defined(HAVE_CERTIFICATE_STATUS_V2) - if (ca == NULL && resp->pendingCAs != NULL) { - ca = findSignerByName(resp->pendingCAs, resp->single->issuerHash); - } +#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK + if (OcspRespCheck(resp, ca) != 0) + return BAD_OCSP_RESPONDER; #endif - if (ca) { - SignatureCtx sigCtx; - InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); + InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); - /* ConfirmSignature is blocking here */ - sigValid = ConfirmSignature(&sigCtx, resp->response, - resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, - resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz, - NULL); - } - if (ca == NULL || sigValid != 0) { + /* ConfirmSignature is blocking here */ + sigValid = ConfirmSignature(&sigCtx, resp->response, + resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, + resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, + resp->sigParamsSz, NULL); + if (sigValid != 0) { WOLFSSL_MSG("\tOCSP Confirm signature failed"); return ASN_OCSP_CONFIRM_E; } - (void)noVerify; } @@ -37296,16 +38531,8 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, DECL_ASNGETDATA(dataASN, ocspBasicRespASN_Length); int ret = 0; word32 idx = *ioIndex; - const byte* sigParams = NULL; - word32 sigParamsSz = 0; -#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS - #ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; - #else - DecodedCert cert[1]; - #endif - int certInit = 0; -#endif + Signer* ca = NULL; + int sigValid = 0; WOLFSSL_ENTER("DecodeBasicOcspResponse"); (void)heap; @@ -37330,10 +38557,10 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, } #ifdef WC_RSA_PSS if (ret == 0 && (dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS].tag != 0)) { - sigParams = GetASNItem_Addr( + resp->sigParams = GetASNItem_Addr( dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS], source); - sigParamsSz = + resp->sigParamsSz = GetASNItem_Length(dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS], source); } @@ -37344,6 +38571,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE], &resp->sig, &resp->sigSz); } + resp->certSz = 0; #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS if ((ret == 0) && (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) { @@ -37351,106 +38579,52 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, /* Store reference to certificate BER data. */ GetASN_GetRef(&dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ], &resp->cert, &resp->certSz); + } - /* Allocate a certificate object to decode cert into. */ - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (cert == NULL) { - ret = MEMORY_E; + if ((ret == 0) && resp->certSz > 0) { + ret = OcspCheckCert(resp, noVerify, noVerifySignature, + (WOLFSSL_CERT_MANAGER*)cm, heap); + if (ret == 0) { + sigValid = 1; } + ret = 0; /* try to verify the OCSP response with CA certs */ } - if ((ret == 0) && - (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) { - #endif - /* Initialize the certificate object. */ - InitDecodedCert(cert, resp->cert, resp->certSz, heap); - certInit = 1; - /* Parse the certificate and don't verify if we don't have access to - * Cert Manager. */ - ret = ParseCertRelative(cert, CERT_TYPE, noVerify ? NO_VERIFY : VERIFY, - cm, resp->pendingCAs); - if (ret < 0) { - WOLFSSL_MSG("\tOCSP Responder certificate parsing failed"); - } +#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ + /* try to verify using cm certs */ + if (ret == 0 && !noVerifySignature && !sigValid) + { + ca = OcspFindSigner(resp, (WOLFSSL_CERT_MANAGER*)cm); + if (ca == NULL) + ret = ASN_NO_SIGNER_E; } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK - if ((ret == 0) && - (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL) && - !noVerify) { - ret = CheckOcspResponder(resp, cert, cm); - } -#endif /* WOLFSSL_NO_OCSP_ISSUER_CHECK */ - if ((ret == 0) && - (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data != NULL)) { - /* TODO: ConfirmSignature is blocking here */ - /* Check the signature of the response. */ - ret = ConfirmSignature(&cert->sigCtx, resp->response, resp->responseSz, - cert->publicKey, cert->pubKeySize, cert->keyOID, resp->sig, - resp->sigSz, resp->sigOID, NULL, 0, NULL); - if (ret != 0) { - WOLFSSL_MSG("\tOCSP Confirm signature failed"); - ret = ASN_OCSP_CONFIRM_E; + if (ret == 0 && !noVerifySignature && !sigValid) { + if (OcspRespCheck(resp, ca) != 0) { + ret = BAD_OCSP_RESPONDER; } } - if ((ret == 0) && - (dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ].data.ref.data == NULL)) -#else - if (ret == 0) -#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ - { - Signer* ca; - int sigValid = -1; - - /* Response didn't have a certificate - lookup CA. */ - #ifndef NO_SKID - ca = GetCAByKeyHash(cm, resp->single->issuerKeyHash); - #else - ca = GetCA(cm, resp->single->issuerHash); - #endif - - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - if (ca == NULL && resp->pendingCAs != NULL) { - ca = findSignerByName(resp->pendingCAs, resp->single->issuerHash); - } - #endif - - if (ca) { - SignatureCtx sigCtx; - - /* Initialize he signature context. */ - InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); +#endif + if (ret == 0 && !noVerifySignature && !sigValid) { + SignatureCtx sigCtx; + /* Initialize the signature context. */ + InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); - /* TODO: ConfirmSignature is blocking here */ - /* Check the signature of the response CA public key. */ - sigValid = ConfirmSignature(&sigCtx, resp->response, - resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, - resp->sig, resp->sigSz, resp->sigOID, sigParams, sigParamsSz, - NULL); - } - if ((ca == NULL) || (sigValid != 0)) { - /* Didn't find certificate or signature verificate failed. */ + /* TODO: ConfirmSignature is blocking here */ + /* Check the signature of the response CA public key. */ + sigValid = ConfirmSignature(&sigCtx, resp->response, + resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, + resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, + resp->sigParamsSz, NULL); + if (sigValid != 0) { WOLFSSL_MSG("\tOCSP Confirm signature failed"); ret = ASN_OCSP_CONFIRM_E; } } - if (ret == 0) { /* Update the position to after response data. */ *ioIndex = idx; } -#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS - if (certInit) { - FreeDecodedCert(cert); - } - #ifdef WOLFSSL_SMALL_STACK - if (cert != NULL) { - /* Dispose of certificate object. */ - XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER); - } - #endif -#endif FREE_ASNGETDATA(dataASN, heap); return ret; #endif /* WOLFSSL_ASN_TEMPLATE */ @@ -37473,6 +38647,9 @@ void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, resp->maxIdx = inSz; resp->heap = heap; resp->pendingCAs = NULL; + resp->sigParams = NULL; + resp->sigParamsSz = 0; + resp->responderIdType = OCSP_RESPONDER_ID_INVALID; } void FreeOcspResponse(OcspResponse* resp) @@ -37526,7 +38703,8 @@ enum { #define ocspResponseASN_Length (sizeof(ocspResponseASN) / sizeof(ASNItem)) #endif /* WOLFSSL_ASN_TEMPLATE */ -int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify) +int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, + int noVerifyCert, int noVerifySignature) { #ifndef WOLFSSL_ASN_TEMPLATE int ret; @@ -37595,7 +38773,8 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify) return ret; } - ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, noVerify); + ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, + noVerifyCert, noVerifySignature); if (ret < 0) { WOLFSSL_LEAVE("OcspResponseDecode", ret); return ret; @@ -37635,7 +38814,7 @@ int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerify) idx = 0; /* Decode BasicOCSPResponse. */ ret = DecodeBasicOcspResponse(basic, &idx, resp, basicSz, cm, heap, - noVerify); + noVerifyCert, noVerifySignature); } /* Only support BasicOCSPResponse. */ else { @@ -38653,7 +39832,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; @@ -39758,8 +40937,8 @@ int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end) } /***************************************************************************** -* wc_MIME_find_header_name - Searches through all given headers until a header with -* a name matching the provided name is found. +* wc_MIME_find_header_name - Searches through all given headers until a header +* with a name matching the provided name is found. * * RETURNS: * returns a pointer to the found header, if no match was found, returns NULL. @@ -39837,8 +41016,8 @@ char* wc_MIME_single_canonicalize(const char* line, word32* len) } /***************************************************************************** -* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from -* the provided header pointer. +* wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting +* from the provided header pointer. * * RETURNS: * returns zero on success, non-zero on error. @@ -40694,9 +41873,9 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */ #if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE) -/* Initialize decoded certificate object with buffer of DER encoding. +/* Initialize decoded attribute certificate object with buffer of DER encoding. * - * @param [in, out] cert Decoded certificate object. + * @param [in, out] acert Decoded attribute certificate object. * @param [in] source Buffer containing DER encoded certificate. * @param [in] inSz Size of DER data in buffer in bytes. * @param [in] heap Dynamic memory hint. @@ -40723,7 +41902,7 @@ void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, /* Free the decoded attribute cert object's dynamic data. * - * @param [in, out] acert Attribute Decoded certificate object. + * @param [in, out] acert Decoded attribute certificate object. */ void FreeDecodedAcert(DecodedAcert * acert) { @@ -40760,7 +41939,7 @@ void FreeDecodedAcert(DecodedAcert * acert) * @param [in, out] inOutIdx On in, the index of the start of the OtherName. * On out, index after OtherName. * @param [in] len Length of data in buffer. - * @param [in] cert Decoded attribute certificate object. + * @param [in] acert Decoded attribute certificate object. * @param [in, out] entries Linked list of DNS name entries. * * @return 0 on success. @@ -40901,7 +42080,7 @@ static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx, * @param [in] input Buffer holding encoded data. * @param [in] sz Size of encoded data in bytes. * @param [in] tag ASN.1 tag value expected in header. - * @param [in, out] cert Decoded certificate object. + * @param [in, out] acert Decoded attribute certificate object. * @param [in, out] entries Linked list of DNS name entries. * * @return 0 on success. @@ -41027,11 +42206,10 @@ enum { #define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem)) /* Decode the Holder field of an x509 attribute certificate. - * * * @param [in] input Buffer containing encoded Holder field. * @param [in] len Length of Holder field. - * @param [in] cert Decoded certificate object. + * @param [in, out] acert Decoded attribute certificate object. * * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -41195,7 +42373,7 @@ enum { * * @param [in] input Buffer containing encoded AttCertIssuer field. * @param [in] len Length of Holder field. - * @param [in] cert Decoded certificate object. + * @param [in,out] acert Decoded attribute certificate object. * * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -41371,8 +42549,10 @@ enum { * - extensions * - attributes * - * Returns 0 on success. - * Returns negative error code on error/failure. + * @param [in, out] acert Decoded attribute certificate object. + * @param [in] verify Whether to verify dates. + * @return 0 on success. + * @return negative error code on error/fail. * */ int ParseX509Acert(DecodedAcert* acert, int verify) { @@ -41582,7 +42762,6 @@ int ParseX509Acert(DecodedAcert* acert, int verify) } /* Given the parsed attribute cert info, verify the signature. - * * The sigCtx is alloced and freed here. * * @param [in] acinfo the parsed acinfo sequence @@ -41673,7 +42852,7 @@ int VerifyX509Acert(const byte* der, word32 derSz, const byte * sigParams = NULL; word32 sigParamsSz = 0; - WOLFSSL_MSG("ParseX509Acert"); + WOLFSSL_MSG("VerifyX509Acert"); if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) { WOLFSSL_MSG("error: VerifyX509Acert: bad args"); @@ -41762,6 +42941,10 @@ int VerifyX509Acert(const byte* der, word32 derSz, return ret; } +/** + * Wrapper API to expose Acert ASN functions. See Acert ASN functions + * for comments. + * */ void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, void* heap) { diff --git a/src/wolfcrypt/src/bio.c b/src/wolfcrypt/src/bio.c index b265456..0b52a6c 100644 --- a/src/wolfcrypt/src/bio.c +++ b/src/wolfcrypt/src/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#include #if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */ #define _GNU_SOURCE 1 @@ -142,7 +139,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } - XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); + XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, (size_t)sz); bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { @@ -167,14 +164,14 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, - bio->wrSz - bio->rdIdx); + (long unsigned int)bio->wrSz - (size_t)bio->rdIdx); bio->wrSz -= bio->rdIdx; bio->rdIdx = 0; /* Resize down to WOLFSSL_BIO_RESIZE_THRESHOLD for fewer * allocations. */ if (wolfSSL_BUF_MEM_resize(bio->mem_buf, - bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? bio->wrSz : - WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { + bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? + (size_t)bio->wrSz : WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error"); return WOLFSSL_BIO_ERROR; } @@ -389,6 +386,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif break; + case WOLFSSL_BIO_NULL: + ret = 0; + break; + } /* switch */ } @@ -564,7 +565,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite"); return sz1; } - XMEMCPY(buf, data, sz1); + XMEMCPY(buf, data, (size_t)sz1); data = (char*)data + sz1; len -= sz1; @@ -572,7 +573,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, /* try again to see if maybe we wrapped around the ring buffer */ sz2 = wolfSSL_BIO_nwrite(bio, &buf, len); if (sz2 > 0) { - XMEMCPY(buf, data, sz2); + XMEMCPY(buf, data, (size_t)sz2); sz1 += sz2; if (len > sz2) bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY; @@ -610,8 +611,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, if (len == 0) return WOLFSSL_SUCCESS; /* Return early to make logic simpler */ - if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, bio->wrSz + len, 0) - == 0) { + if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) + + ((size_t)len), 0) == 0) { WOLFSSL_MSG("Error growing memory area"); return WOLFSSL_FAILURE; } @@ -621,7 +622,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, return WOLFSSL_FAILURE; } - XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); + XMEMCPY(bio->mem_buf->data + bio->wrSz, data, (size_t)len); bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->num.length = bio->mem_buf->max; bio->wrSz += len; @@ -813,6 +814,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif break; + case WOLFSSL_BIO_NULL: + ret = len; + break; + } /* switch */ } @@ -1138,7 +1143,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) ret = wolfSSL_BIO_nread(bio, &c, cSz); if (ret > 0 && ret < sz) { - XMEMCPY(buf, c, ret); + XMEMCPY(buf, c, (size_t)ret); } break; } @@ -1161,6 +1166,10 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) break; #endif /* WOLFCRYPT_ONLY */ + case WOLFSSL_BIO_NULL: + ret = 0; + break; + default: WOLFSSL_MSG("BIO type not supported yet with wolfSSL_BIO_gets"); } @@ -1256,13 +1265,13 @@ size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio) return 0; if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz; + return (size_t)bio->wrSz; } /* type BIO_BIO then check paired buffer */ if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) { WOLFSSL_BIO* pair = bio->pair; - return pair->wrIdx; + return (size_t)pair->wrIdx; } return 0; @@ -1308,12 +1317,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) #ifndef WOLFCRYPT_ONLY if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { - return (long)wolfSSL_pending(bio->ptr.ssl); + return (size_t)wolfSSL_pending(bio->ptr.ssl); } #endif if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz - bio->rdIdx; + return (size_t)(bio->wrSz - bio->rdIdx); } /* type BIO_BIO then check paired buffer */ @@ -1322,11 +1331,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) { /* in wrap around state where beginning of buffer is being * overwritten */ - return pair->wrSz - pair->rdIdx + pair->wrIdx; + return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) + + ((size_t)pair->wrIdx); } else { /* simple case where has not wrapped around */ - return pair->wrIdx - pair->rdIdx; + return (size_t)(pair->wrIdx - pair->rdIdx); } } return 0; @@ -1423,7 +1433,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + bio->ptr.mem_buf_data = (byte*)XMALLOC((size_t)size, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); @@ -1439,7 +1449,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num.length = size; + bio->num.length = (size_t)size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1908,7 +1918,7 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio) { - int len; + int len = 0; #ifndef NO_FILESYSTEM long memSz = 0; XFILE file; @@ -2309,6 +2319,15 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return &meth; } + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_NULL); + + WOLFSSL_ENTER("wolfSSL_BIO_s_null"); + + return &meth; + } WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) { @@ -2353,7 +2372,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); if (bio) { - bio->type = WOLFSSL_BIO_DGRAM; bio->shutdown = (byte)closeF; bio->num.fd = (SOCKET_T)fd; } @@ -2381,10 +2399,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else port = str + XSTRLEN(str); /* point to null terminator */ - bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */ + bio->ip = (char*)XMALLOC( + (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ip != NULL) { - XMEMCPY(bio->ip, str, port - str); + XMEMCPY(bio->ip, str, (size_t)(port - str)); bio->ip[port - str] = '\0'; bio->type = WOLFSSL_BIO_SOCKET; } @@ -2770,9 +2789,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else { size_t currLen = XSTRLEN(b->ip); + #ifdef WOLFSSL_NO_REALLOC + char* tmp = NULL; + #endif + if (currLen != newLen) { + #ifdef WOLFSSL_NO_REALLOC + tmp = b->ip; + b->ip = (char*)XMALLOC(newLen+1, b->heap, DYNAMIC_TYPE_OPENSSL); + if (b->ip != NULL && tmp != NULL) { + XMEMCPY(b->ip, tmp, newLen); + XFREE(tmp, b->heap, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; + } + #else b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap, DYNAMIC_TYPE_OPENSSL); + #endif if (b->ip == NULL) { WOLFSSL_MSG("Hostname realloc failed."); return WOLFSSL_FAILURE; @@ -2926,7 +2959,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->wrSz = len; bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { - XMEMCPY(bio->ptr.mem_buf_data, buf, len); + XMEMCPY(bio->ptr.mem_buf_data, buf, (size_t)len); bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -3295,11 +3328,11 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) count = XVSNPRINTF(NULL, 0, format, args); if (count >= 0) { - pt = (char*)XMALLOC(count + 1, bio->heap, + pt = (char*)XMALLOC((size_t)count + 1, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt != NULL) { - count = XVSNPRINTF(pt, count + 1, format, copy); + count = XVSNPRINTF(pt, (size_t)count + 1, format, copy); if (count >= 0) { ret = wolfSSL_BIO_write(bio, pt, count); @@ -3369,18 +3402,20 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%02x ", (unsigned char)buf[i]); else - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), + " "); if (i == 7) - (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); + (void)XSNPRINTF(line + o + 2, (size_t)((int)sizeof(line) - + (o + 2)), "-"); o += 3; } - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/wolfcrypt/src/blake2b.c b/src/wolfcrypt/src/blake2b.c index bce74b3..c1f3e7a 100644 --- a/src/wolfcrypt/src/blake2b.c +++ b/src/wolfcrypt/src/blake2b.c @@ -12,7 +12,7 @@ */ /* blake2b.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,20 +31,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_BLAKE2 #include #include -#include - static const word64 blake2b_IV[8] = { @@ -491,6 +483,16 @@ int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word3 /* Blake2b Update */ int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz) { + if (b2b == NULL){ + return BAD_FUNC_ARG; + } + if (data == NULL && sz != 0){ + return BAD_FUNC_ARG; + } + if (sz == 0){ + return 0; + } + return blake2b_update(b2b->S, data, sz); } @@ -498,7 +500,16 @@ int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz) /* Blake2b Final, if pass in zero size we use init digestSz */ int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz) { - word32 sz = requestSz ? requestSz : b2b->digestSz; + word32 sz; + + if (b2b == NULL){ + return BAD_FUNC_ARG; + } + if (final == NULL){ + return BAD_FUNC_ARG; + } + + sz = requestSz ? requestSz : b2b->digestSz; return blake2b_final(b2b->S, final, (byte)sz); } diff --git a/src/wolfcrypt/src/blake2s.c b/src/wolfcrypt/src/blake2s.c index 7e36d6e..7f9d3ff 100644 --- a/src/wolfcrypt/src/blake2s.c +++ b/src/wolfcrypt/src/blake2s.c @@ -12,7 +12,7 @@ */ /* blake2s.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,20 +31,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_BLAKE2S #include #include -#include - static const word32 blake2s_IV[8] = { @@ -487,6 +479,16 @@ int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz, const byte *key, word3 /* Blake2s Update */ int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz) { + if (b2s == NULL){ + return BAD_FUNC_ARG; + } + if (data == NULL && sz != 0){ + return BAD_FUNC_ARG; + } + if (sz == 0){ + return 0; + } + return blake2s_update(b2s->S, data, sz); } @@ -494,7 +496,16 @@ int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz) /* Blake2s Final, if pass in zero size we use init digestSz */ int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz) { - word32 sz = requestSz ? requestSz : b2s->digestSz; + word32 sz; + + if (b2s == NULL){ + return BAD_FUNC_ARG; + } + if (final == NULL){ + return BAD_FUNC_ARG; + } + + sz = requestSz ? requestSz : b2s->digestSz; return blake2s_final(b2s->S, final, (byte)sz); } diff --git a/src/wolfcrypt/src/camellia.c b/src/wolfcrypt/src/camellia.c index bd9ae1b..c1ff47e 100644 --- a/src/wolfcrypt/src/camellia.c +++ b/src/wolfcrypt/src/camellia.c @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,18 +52,11 @@ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_CAMELLIA #include -#include -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/chacha.c b/src/wolfcrypt/src/chacha.c index ba9aa53..1a1d676 100644 --- a/src/wolfcrypt/src/chacha.c +++ b/src/wolfcrypt/src/chacha.c @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,15 +29,10 @@ Public domain. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_CHACHA #include - #include #ifdef NO_INLINE #include @@ -72,10 +67,10 @@ Public domain. #endif /* HAVE_CHACHA */ -#if defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) && !defined(NO_CHACHA_ASM) /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */ -#elif defined(WOLFSSL_RISCV_ASM) +#elif defined(WOLFSSL_RISCV_ASM) && !defined(NO_CHACHA_ASM) /* implementation located in wolfcrypt/src/port/riscv/riscv-64-chacha.c */ #else @@ -83,7 +78,6 @@ Public domain. /* BEGIN ChaCha C implementation */ #if defined(HAVE_CHACHA) -#include #include #ifdef CHACHA_AEAD_TEST diff --git a/src/wolfcrypt/src/chacha20_poly1305.c b/src/wolfcrypt/src/chacha20_poly1305.c index a29a18f..09d522d 100644 --- a/src/wolfcrypt/src/chacha20_poly1305.c +++ b/src/wolfcrypt/src/chacha20_poly1305.c @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,17 +27,11 @@ or Authenticated Encryption with Additional Data (AEAD) algorithm. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include -#include -#include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/cmac.c b/src/wolfcrypt/src/cmac.c index 2f5d5d4..b83214c 100644 --- a/src/wolfcrypt/src/cmac.c +++ b/src/wolfcrypt/src/cmac.c @@ -1,6 +1,6 @@ /* cmac.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #ifdef WOLFSSL_QNX_CAAM #include #endif @@ -51,7 +47,6 @@ #include #endif -#include #include #include @@ -212,7 +207,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) #endif { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, - NULL, NULL, cmac->type, NULL); + NULL, NULL, (int)cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -294,8 +289,8 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) if (cmac->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, - NULL); + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, + (int)cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; diff --git a/src/wolfcrypt/src/coding.c b/src/wolfcrypt/src/coding.c index 7071796..739fde5 100644 --- a/src/wolfcrypt/src/coding.c +++ b/src/wolfcrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,18 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef NO_CODING #include -#include -#include #ifndef NO_ASN #include /* For PEM_LINE_SZ */ #endif @@ -59,23 +52,33 @@ enum { #ifdef WOLFSSL_BASE64_DECODE -#ifdef BASE64_NO_TABLE -static WC_INLINE byte Base64_Char2Val(byte c) +static WC_INLINE byte Base64_Char2Val_CT(byte c) { - word16 v = 0x0000; + int v; + int smallEnd = (int)c - 0x7b; + int smallStart = (int)c - 0x61; + int bigEnd = (int)c - 0x5b; + int bigStart = (int)c - 0x41; + int numEnd = (int)c - 0x3a; + int numStart = (int)c - 0x30; + int slashEnd = (int)c - 0x30; + int slashStart = (int)c - 0x2f; + int plusEnd = (int)c - 0x2c; + int plusStart = (int)c - 0x2b; + + v = ((smallStart >> 8) ^ (smallEnd >> 8)) & (smallStart + 26 + 1); + v |= ((bigStart >> 8) ^ (bigEnd >> 8)) & (bigStart + 0 + 1); + v |= ((numStart >> 8) ^ (numEnd >> 8)) & (numStart + 52 + 1); + v |= ((slashStart >> 8) ^ (slashEnd >> 8)) & (slashStart + 63 + 1); + v |= ((plusStart >> 8) ^ (plusEnd >> 8)) & (plusStart + 62 + 1); + + return (byte)(v - 1); +} - v |= 0xff3E & ctMask16Eq(c, 0x2b); - v |= 0xff3F & ctMask16Eq(c, 0x2f); - v |= (c + 0xff04) & ctMask16GTE(c, 0x30) & ctMask16LTE(c, 0x39); - v |= (0xff00 + c - 0x41) & ctMask16GTE(c, 0x41) & ctMask16LTE(c, 0x5a); - v |= (0xff00 + c - 0x47) & ctMask16GTE(c, 0x61) & ctMask16LTE(c, 0x7a); - v |= ~(v >> 8); +#ifndef BASE64_NO_TABLE - return (byte)v; -} -#else static -ALIGN64 const byte base64Decode[] = { /* + starts at 0x2B */ +ALIGN64 const byte base64Decode_table[] = { /* + starts at 0x2B */ /* 0x28: + , - . / */ 62, BAD, BAD, BAD, 63, /* 0x30: 0 1 2 3 4 5 6 7 */ 52, 53, 54, 55, 56, 57, 58, 59, /* 0x38: 8 9 : ; < = > ? */ 60, 61, BAD, BAD, BAD, BAD, BAD, BAD, @@ -88,11 +91,11 @@ ALIGN64 const byte base64Decode[] = { /* + starts at 0x2B */ /* 0x70: p q r s t u v w */ 41, 42, 43, 44, 45, 46, 47, 48, /* 0x78: x y z */ 49, 50, 51 }; -#define BASE64DECODE_SZ (byte)(sizeof(base64Decode)) +#define BASE64DECODE_TABLE_SZ (byte)(sizeof(base64Decode_table)) -static WC_INLINE byte Base64_Char2Val(byte c) +static WC_INLINE byte Base64_Char2Val_by_table(byte c) { -#ifndef WC_NO_CACHE_RESISTANT +#ifdef WC_CACHE_RESISTANT_BASE64_TABLE /* 80 characters in table. * 64 bytes in a cache line - first line has 64, second has 16 */ @@ -102,16 +105,17 @@ static WC_INLINE byte Base64_Char2Val(byte c) c = (byte)(c - BASE64_MIN); mask = (byte)((((byte)(0x3f - c)) >> 7) - 1); /* Load a value from the first cache line and use when mask set. */ - v = (byte)(base64Decode[ c & 0x3f ] & mask); + v = (byte)(base64Decode_table[ c & 0x3f ] & mask); /* Load a value from the second cache line and use when mask not set. */ - v |= (byte)(base64Decode[(c & 0x0f) | 0x40] & (~mask)); + v |= (byte)(base64Decode_table[(c & 0x0f) | 0x40] & (~mask)); return v; #else - return base64Decode[c - BASE64_MIN]; + return base64Decode_table[c - BASE64_MIN]; #endif } -#endif + +#endif /* !BASE64_NO_TABLE */ int Base64_SkipNewline(const byte* in, word32 *inLen, word32 *outJ) @@ -161,15 +165,15 @@ int Base64_SkipNewline(const byte* in, word32 *inLen, return 0; } -int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) +#ifndef BASE64_NO_TABLE + +int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen) { word32 i = 0; word32 j = 0; word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ ); int ret; -#ifndef BASE64_NO_TABLE - const byte maxIdx = BASE64DECODE_SZ + BASE64_MIN - 1; -#endif + const byte maxIdx = BASE64DECODE_TABLE_SZ + BASE64_MIN - 1; plainSz = (plainSz * 3 + 3) / 4; if (plainSz > *outLen) return BAD_FUNC_ARG; @@ -216,7 +220,6 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) if (pad3 && !pad4) return ASN_INPUT_E; -#ifndef BASE64_NO_TABLE if (e1 < BASE64_MIN || e2 < BASE64_MIN || e3 < BASE64_MIN || e4 < BASE64_MIN) { WOLFSSL_MSG("Bad Base64 Decode data, too small"); @@ -227,17 +230,16 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) WOLFSSL_MSG("Bad Base64 Decode data, too big"); return ASN_INPUT_E; } -#endif if (i + 1 + !pad3 + !pad4 > *outLen) { WOLFSSL_MSG("Bad Base64 Decode out buffer, too small"); return BAD_FUNC_ARG; } - e1 = Base64_Char2Val(e1); - e2 = Base64_Char2Val(e2); - e3 = (byte)((e3 == PAD) ? 0 : Base64_Char2Val(e3)); - e4 = (byte)((e4 == PAD) ? 0 : Base64_Char2Val(e4)); + e1 = Base64_Char2Val_by_table(e1); + e2 = Base64_Char2Val_by_table(e2); + e3 = (byte)((e3 == PAD) ? 0 : Base64_Char2Val_by_table(e3)); + e4 = (byte)((e4 == PAD) ? 0 : Base64_Char2Val_by_table(e4)); if (e1 == BAD || e2 == BAD || e3 == BAD || e4 == BAD) { WOLFSSL_MSG("Bad Base64 Decode bad character"); @@ -256,7 +258,8 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) else break; } -/* If the output buffer has a room for an extra byte, add a null terminator */ + + /* If the output buffer has a room for an extra byte, add a null terminator */ if (out && *outLen > i) out[i]= '\0'; @@ -265,6 +268,103 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return 0; } +#endif /* !BASE64_NO_TABLE */ + +int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) +{ + word32 i = 0; + word32 j = 0; + word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ ); + int ret; + + plainSz = (plainSz * 3 + 3) / 4; + if (plainSz > *outLen) return BAD_FUNC_ARG; + + while (inLen > 3) { + int pad3 = 0; + int pad4 = 0; + byte b1, b2, b3; + byte e1, e2, e3, e4; + + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) { + /* Running out of buffer here is not an error */ + break; + } + return ret; + } + e1 = in[j++]; + if (e1 == '\0') { + break; + } + inLen--; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + return ret; + } + e2 = in[j++]; + inLen--; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + return ret; + } + e3 = in[j++]; + inLen--; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + return ret; + } + e4 = in[j++]; + inLen--; + + if (e3 == PAD) + pad3 = 1; + if (e4 == PAD) + pad4 = 1; + + if (pad3 && !pad4) + return ASN_INPUT_E; + + if (i + 1 + !pad3 + !pad4 > *outLen) { + WOLFSSL_MSG("Bad Base64 Decode out buffer, too small"); + return BAD_FUNC_ARG; + } + + e1 = Base64_Char2Val_CT(e1); + e2 = Base64_Char2Val_CT(e2); + e3 = (byte)((e3 == PAD) ? 0 : Base64_Char2Val_CT(e3)); + e4 = (byte)((e4 == PAD) ? 0 : Base64_Char2Val_CT(e4)); + + if (e1 == BAD || e2 == BAD || e3 == BAD || e4 == BAD) { + WOLFSSL_MSG("Bad Base64 Decode bad character"); + return ASN_INPUT_E; + } + + b1 = (byte)((e1 << 2) | (e2 >> 4)); + b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2)); + b3 = (byte)(((e3 & 0x3) << 6) | e4); + + out[i++] = b1; + if (!pad3) + out[i++] = b2; + if (!pad4) + out[i++] = b3; + else + break; + } + + /* If the output buffer has a room for an extra byte, add a null terminator */ + if (out && *outLen > i) + out[i]= '\0'; + + *outLen = i; + + return 0; +} + +#ifdef BASE64_NO_TABLE +int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen) { + return Base64_Decode(in, inLen, out, outLen); +} +#endif /* BASE64_NO_TABLE */ + #endif /* WOLFSSL_BASE64_DECODE */ #if defined(WOLFSSL_BASE64_ENCODE) @@ -490,7 +590,7 @@ int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen) #ifdef WOLFSSL_BASE16 static -const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, +const ALIGN64 byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, BAD, BAD, BAD, BAD, BAD, BAD, BAD, 10, 11, 12, 13, 14, 15, /* upper case A-F */ BAD, BAD, BAD, BAD, BAD, BAD, BAD, BAD, @@ -556,6 +656,11 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return 0; } +static +const ALIGN64 byte hexEncode[] = { '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' +}; + int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) { word32 outIdx = 0; @@ -571,15 +676,8 @@ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) byte hb = in[i] >> 4; byte lb = in[i] & 0x0f; - /* ASCII value */ - hb = (byte)(hb + '0'); - if (hb > '9') - hb = (byte)(hb + 7U); - - /* ASCII value */ - lb = (byte)(lb + '0'); - if (lb>'9') - lb = (byte)(lb + 7U); + hb = hexEncode[hb]; + lb = hexEncode[lb]; out[outIdx++] = hb; out[outIdx++] = lb; diff --git a/src/wolfcrypt/src/compress.c b/src/wolfcrypt/src/compress.c index 941596e..e3c42cc 100644 --- a/src/wolfcrypt/src/compress.c +++ b/src/wolfcrypt/src/compress.c @@ -1,6 +1,6 @@ /* compress.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,20 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_LIBZ #include -#include -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/cpuid.c b/src/wolfcrypt/src/cpuid.c index a9f1533..37fe855 100644 --- a/src/wolfcrypt/src/cpuid.c +++ b/src/wolfcrypt/src/cpuid.c @@ -1,6 +1,6 @@ /* cpuid.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #include @@ -60,7 +55,8 @@ int got_intel_cpu = 0; int got_amd_cpu = 0; unsigned int reg[5]; - reg[4] = '\0'; + + XMEMSET(reg, '\0', sizeof(reg)); cpuid(reg, 0, 0); /* check for Intel cpu */ @@ -163,23 +159,36 @@ if (!cpuid_check) { word64 hwcaps = getauxval(AT_HWCAP); + #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO if (hwcaps & HWCAP_AES) cpuid_flags |= CPUID_AES; if (hwcaps & HWCAP_PMULL) cpuid_flags |= CPUID_PMULL; if (hwcaps & HWCAP_SHA2) cpuid_flags |= CPUID_SHA256; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512 if (hwcaps & HWCAP_SHA512) cpuid_flags |= CPUID_SHA512; + #endif + #if defined(HWCAP_ASIMDRDM) && !defined(WOLFSSL_AARCH64_NO_SQRDMLSH) if (hwcaps & HWCAP_ASIMDRDM) cpuid_flags |= CPUID_RDM; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 if (hwcaps & HWCAP_SHA3) cpuid_flags |= CPUID_SHA3; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SM3 if (hwcaps & HWCAP_SM3) cpuid_flags |= CPUID_SM3; + #endif + #ifdef WOLFSSL_ARMASM_CRYPTO_SM4 if (hwcaps & HWCAP_SM4) cpuid_flags |= CPUID_SM4; + #endif + (void)hwcaps; cpuid_check = 1; } } @@ -259,8 +268,10 @@ if (features & CPUID_AARCH64_FEAT_AES) cpuid_flags |= CPUID_AES; - if (features & CPUID_AARCH64_FEAT_PMULL) + if (features & CPUID_AARCH64_FEAT_AES_PMULL) { + cpuid_flags |= CPUID_AES; cpuid_flags |= CPUID_PMULL; + } if (features & CPUID_AARCH64_FEAT_SHA256) cpuid_flags |= CPUID_SHA256; if (features & CPUID_AARCH64_FEAT_SHA256_512) @@ -289,7 +300,7 @@ #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512 cpuid_flags |= CPUID_SHA512; #endif - #ifndef WOLFSSL_AARCH64_NO_SQRMLSH + #ifndef WOLFSSL_AARCH64_NO_SQRDMLSH cpuid_flags |= CPUID_RDM; #endif #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 diff --git a/src/wolfcrypt/src/cryptocb.c b/src/wolfcrypt/src/cryptocb.c index 973b4f9..a83e529 100644 --- a/src/wolfcrypt/src/cryptocb.c +++ b/src/wolfcrypt/src/cryptocb.c @@ -1,6 +1,6 @@ /* cryptocb.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,17 +36,11 @@ * DEBUG_CRYPTOCB */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLF_CRYPTO_CB #include -#include -#include #ifdef HAVE_ARIA #include @@ -207,6 +201,8 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) info->cipher.type, info->cipher.ctx); } #endif /* !NO_AES || !NO_DES3 */ +#if !defined(NO_SHA) || !defined(NO_SHA256) || \ + defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA3) else if (info->algo_type == WC_ALGO_TYPE_HASH) { printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), @@ -214,6 +210,8 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) info->hash.type, info->hash.ctx, (info->hash.in != NULL) ? "Update" : "Final"); } +#endif +#ifndef NO_HMAC else if (info->algo_type == WC_ALGO_TYPE_HMAC) { printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), @@ -221,6 +219,7 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) info->hmac.macType, info->hmac.hmac, (info->hmac.in != NULL) ? "Update" : "Final"); } +#endif #ifdef WOLFSSL_CMAC else if (info->algo_type == WC_ALGO_TYPE_CMAC) { printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n", @@ -865,7 +864,7 @@ int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, } #endif /* HAVE_ED25519 */ -#if defined(WOLFSSL_HAVE_KYBER) +#if defined(WOLFSSL_HAVE_MLKEM) int wc_CryptoCb_PqcKemGetDevId(int type, void* key) { int devId = INVALID_DEVID; @@ -984,7 +983,7 @@ int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM */ #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) int wc_CryptoCb_PqcSigGetDevId(int type, void* key) @@ -1043,7 +1042,8 @@ int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, } int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, - WC_RNG* rng, int type, void* key) + const byte* context, byte contextLen, word32 preHashType, WC_RNG* rng, + int type, void* key) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; @@ -1068,6 +1068,9 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, cryptoInfo.pk.pqc_sign.inlen = inlen; cryptoInfo.pk.pqc_sign.out = out; cryptoInfo.pk.pqc_sign.outlen = outlen; + cryptoInfo.pk.pqc_sign.context = context; + cryptoInfo.pk.pqc_sign.contextLen = contextLen; + cryptoInfo.pk.pqc_sign.preHashType = preHashType; cryptoInfo.pk.pqc_sign.rng = rng; cryptoInfo.pk.pqc_sign.key = key; cryptoInfo.pk.pqc_sign.type = type; @@ -1079,7 +1082,8 @@ int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, word32 *outlen, } int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, - word32 msglen, int* res, int type, void* key) + word32 msglen, const byte* context, byte contextLen, word32 preHashType, + int* res, int type, void* key) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); int devId = INVALID_DEVID; @@ -1104,6 +1108,9 @@ int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, const byte* msg, cryptoInfo.pk.pqc_verify.siglen = siglen; cryptoInfo.pk.pqc_verify.msg = msg; cryptoInfo.pk.pqc_verify.msglen = msglen; + cryptoInfo.pk.pqc_verify.context = context; + cryptoInfo.pk.pqc_verify.contextLen = contextLen; + cryptoInfo.pk.pqc_verify.preHashType = preHashType; cryptoInfo.pk.pqc_verify.res = res; cryptoInfo.pk.pqc_verify.key = key; cryptoInfo.pk.pqc_verify.type = type; @@ -1874,6 +1881,12 @@ int wc_CryptoCb_DefaultDevID(void) { int ret; +/* Explicitly disable the "default devId" behavior. Ensures that any devId + * will only be used if explicitly passed as an argument to crypto functions, + * and never automatically selected. */ +#ifdef WC_NO_DEFAULT_DEVID + ret = INVALID_DEVID; +#else /* conditional macro selection based on build */ #ifdef WOLFSSL_CAAM_DEVID ret = WOLFSSL_CAAM_DEVID; @@ -1885,6 +1898,7 @@ int wc_CryptoCb_DefaultDevID(void) /* try first available */ ret = wc_CryptoCb_GetDevIdAtIndex(0); #endif +#endif /* WC_NO_DEFAULT_DEVID */ return ret; } diff --git a/src/wolfcrypt/src/curve25519.c b/src/wolfcrypt/src/curve25519.c index 8f409da..ae2a6b4 100644 --- a/src/wolfcrypt/src/curve25519.c +++ b/src/wolfcrypt/src/curve25519.c @@ -1,6 +1,6 @@ /* curve25519.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,17 +22,11 @@ /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_CURVE25519 #include -#include #ifdef NO_INLINE #include #else @@ -51,6 +45,14 @@ #include #endif +#if defined(WOLFSSL_CURVE25519_BLINDING) + #if defined(CURVE25519_SMALL) + #error "Blinding not needed nor available for small implementation" + #elif defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM) + #error "Blinding not needed nor available for assembly implementation" + #endif +#endif + #if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS @@ -143,6 +145,7 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE); } #else +#ifndef WOLFSSL_CURVE25519_BLINDING fe_init(); SAVE_VECTOR_REGISTERS(return _svr_ret;); @@ -150,10 +153,119 @@ int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, ret = curve25519(pub, priv, (byte*)kCurve25519BasePoint); RESTORE_VECTOR_REGISTERS(); +#else + { + WC_RNG rng; + + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_curve25519_make_pub_blind(public_size, pub, private_size, + priv, &rng); + + wc_FreeRng(&rng); + } + } +#endif /* !WOLFSSL_CURVE25519_BLINDING */ +#endif /* FREESCALE_LTC_ECC */ + + return ret; +} + +#ifdef WOLFSSL_CURVE25519_BLINDING +#ifndef FREESCALE_LTC_ECC +#ifndef WOLFSSL_CURVE25519_BLINDING_RAND_CNT + #define WOLFSSL_CURVE25519_BLINDING_RAND_CNT 10 +#endif +static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p, + WC_RNG* rng) +{ + int ret; + byte a[CURVE25519_KEYSIZE]; + byte n_a[CURVE25519_KEYSIZE]; + byte rz[CURVE25519_KEYSIZE]; + int i; + int cnt; + + SAVE_VECTOR_REGISTERS(return _svr_ret;); + + /* Generate random z. */ + for (cnt = 0; cnt < WOLFSSL_CURVE25519_BLINDING_RAND_CNT; cnt++) { + ret = wc_RNG_GenerateBlock(rng, rz, sizeof(rz)); + if (ret < 0) { + return ret; + } + for (i = CURVE25519_KEYSIZE; i > 0; i--) { + if (rz[i] != 0xff) + break; + } + if ((i != 0) || (rz[0] <= 0xec)) { + break; + } + } + if (cnt == WOLFSSL_CURVE25519_BLINDING_RAND_CNT) { + return RNG_FAILURE_E; + } + + /* Generate 253 random bits. */ + ret = wc_RNG_GenerateBlock(rng, a, sizeof(a)); + if (ret != 0) + return ret; + a[CURVE25519_KEYSIZE-1] &= 0x7f; + /* k' = k ^ 2k ^ a */ + n_a[0] = n[0] ^ (n[0] << 1) ^ a[0]; + for (i = 1; i < CURVE25519_KEYSIZE; i++) { + byte b1, b2, b3; + b1 = n[i] ^ a[i]; + b2 = (n[i] << 1) ^ a[i]; + b3 = (n[i-1] >> 7) ^ a[i]; + n_a[i] = b1 ^ b2 ^ b3; + } + /* Scalar multiple blinded scalar with blinding value. */ + ret = curve25519_blind(rp, n_a, a, p, rz); + + RESTORE_VECTOR_REGISTERS(); + + return ret; +} +#endif + +int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size, + const byte* priv, WC_RNG* rng) +{ + int ret; +#ifdef FREESCALE_LTC_ECC + const ECPoint* basepoint = nxp_ltc_curve25519_GetBasePoint(); + ECPoint wc_pub; +#endif + + if ( (public_size != CURVE25519_KEYSIZE) || + (private_size != CURVE25519_KEYSIZE)) { + return ECC_BAD_ARG_E; + } + if ((pub == NULL) || (priv == NULL)) { + return ECC_BAD_ARG_E; + } + + /* check clamping */ + ret = curve25519_priv_clamp_check(priv); + if (ret != 0) + return ret; + +#ifdef FREESCALE_LTC_ECC + /* input basepoint on Weierstrass curve */ + ret = nxp_ltc_curve25519(&wc_pub, priv, basepoint, kLTC_Weierstrass); + if (ret == 0) { + XMEMCPY(pub, wc_pub.point, CURVE25519_KEYSIZE); + } +#else + fe_init(); + + ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng); #endif return ret; } +#endif /* compute the public key from an existing private key, with supplied basepoint, * using bare vectors. @@ -170,6 +282,7 @@ int wc_curve25519_generic(int public_size, byte* pub, * nxp_ltc_curve25519_GetBasePoint() */ return WC_HW_E; #else +#ifndef WOLFSSL_CURVE25519_BLINDING int ret; if ((public_size != CURVE25519_KEYSIZE) || @@ -194,9 +307,64 @@ int wc_curve25519_generic(int public_size, byte* pub, RESTORE_VECTOR_REGISTERS(); return ret; +#else + WC_RNG rng; + int ret; + + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_curve25519_generic_blind(public_size, pub, private_size, priv, + basepoint_size, basepoint, &rng); + + wc_FreeRng(&rng); + } + + return ret; +#endif #endif /* FREESCALE_LTC_ECC */ } +#ifdef WOLFSSL_CURVE25519_BLINDING +/* compute the public key from an existing private key, with supplied basepoint, + * using bare vectors. + * + * return value is propagated from curve25519() (0 on success), + * and the byte vectors are little endian. + */ +int wc_curve25519_generic_blind(int public_size, byte* pub, + int private_size, const byte* priv, + int basepoint_size, const byte* basepoint, + WC_RNG* rng) +{ +#ifdef FREESCALE_LTC_ECC + /* unsupported with NXP LTC, only supports single basepoint with + * nxp_ltc_curve25519_GetBasePoint() */ + return WC_HW_E; +#else + int ret; + + if ((public_size != CURVE25519_KEYSIZE) || + (private_size != CURVE25519_KEYSIZE) || + (basepoint_size != CURVE25519_KEYSIZE)) { + return ECC_BAD_ARG_E; + } + if ((pub == NULL) || (priv == NULL) || (basepoint == NULL)) + return ECC_BAD_ARG_E; + + /* check clamping */ + ret = curve25519_priv_clamp_check(priv); + if (ret != 0) + return ret; + + fe_init(); + + ret = curve25519_smul_blind(pub, priv, basepoint, rng); + + return ret; +#endif /* FREESCALE_LTC_ECC */ +} +#endif + /* generate a new private key, as a bare vector. * * return value is propagated from wc_RNG_GenerateBlock(() (0 on success), @@ -250,8 +418,14 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) ret = wc_curve25519_make_priv(rng, keysize, key->k); if (ret == 0) { key->privSet = 1; +#ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point), + key->p.point, (int)sizeof(key->k), + key->k, rng); +#else ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point, (int)sizeof(key->k), key->k); +#endif key->pubSet = (ret == 0); } #endif @@ -320,11 +494,16 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, else #endif { +#ifndef WOLFSSL_CURVE25519_BLINDING SAVE_VECTOR_REGISTERS(return _svr_ret;); ret = curve25519(o.point, private_key->k, public_key->p.point); RESTORE_VECTOR_REGISTERS(); +#else + ret = curve25519_smul_blind(o.point, private_key->k, public_key->p.point, + private_key->rng); +#endif } #endif #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO @@ -379,8 +558,14 @@ int wc_curve25519_export_public_ex(curve25519_key* key, byte* out, /* calculate public if missing */ if (!key->pubSet) { +#ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point), + key->p.point, (int)sizeof(key->k), + key->k, key->rng); +#else ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point, (int)sizeof(key->k), key->k); +#endif key->pubSet = (ret == 0); } /* export public point with endianness */ @@ -639,6 +824,9 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, } #ifdef WOLFSSL_SE050 +#ifdef WOLFSSL_SE050_AUTO_ERASE + wc_se050_erase_object(key->keyId); +#endif /* release NXP resources if set */ se050_curve25519_free_key(key); #endif @@ -739,6 +927,16 @@ void wc_curve25519_free(curve25519_key* key) #endif } +#ifdef WOLFSSL_CURVE25519_BLINDING +int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng) +{ + if (key == NULL) + return BAD_FUNC_ARG; + key->rng = rng; + return 0; +} +#endif + /* get key size */ int wc_curve25519_size(curve25519_key* key) { diff --git a/src/wolfcrypt/src/curve448.c b/src/wolfcrypt/src/curve448.c index 3cbf577..f3cf9f3 100644 --- a/src/wolfcrypt/src/curve448.c +++ b/src/wolfcrypt/src/curve448.c @@ -1,6 +1,6 @@ /* curve448.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,16 +25,11 @@ * Reworked for curve448 by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_CURVE448 #include -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/des3.c b/src/wolfcrypt/src/des3.c index d6c3923..7a9ba3b 100644 --- a/src/wolfcrypt/src/des3.c +++ b/src/wolfcrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include - +#include #ifndef NO_DES3 @@ -448,8 +440,6 @@ #elif defined(HAVE_COLDFIRE_SEC) - #include - #include "sec.h" #include "mcf5475_sec.h" #include "mcf5475_siu.h" diff --git a/src/wolfcrypt/src/dh.c b/src/wolfcrypt/src/dh.c index 5258e82..8869c03 100644 --- a/src/wolfcrypt/src/dh.c +++ b/src/wolfcrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef NO_DH @@ -41,8 +36,6 @@ #endif #include -#include -#include #ifdef WOLFSSL_HAVE_SP_DH #include @@ -2036,19 +2029,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #ifndef WOLFSSL_SP_NO_2048 if (mp_count_bits(&key->p) == 2048) { if (mp_init(y) != MP_OKAY) - return MP_INIT_E; + ret = MP_INIT_E; - SAVE_VECTOR_REGISTERS(ret = _svr_ret;); + if (ret == 0) { + SAVE_VECTOR_REGISTERS(ret = _svr_ret;); - if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) - ret = MP_READ_E; + if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) + ret = MP_READ_E; - if (ret == 0) - ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz); + if (ret == 0) + ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz); - mp_clear(y); + mp_clear(y); - RESTORE_VECTOR_REGISTERS(); + RESTORE_VECTOR_REGISTERS(); + } /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */ if ((ret == 0) && @@ -2070,19 +2065,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #ifndef WOLFSSL_SP_NO_3072 if (mp_count_bits(&key->p) == 3072) { if (mp_init(y) != MP_OKAY) - return MP_INIT_E; + ret = MP_INIT_E; - SAVE_VECTOR_REGISTERS(ret = _svr_ret;); + if (ret == 0) { + SAVE_VECTOR_REGISTERS(ret = _svr_ret;); - if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) - ret = MP_READ_E; + if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) + ret = MP_READ_E; - if (ret == 0) - ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz); + if (ret == 0) + ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz); - mp_clear(y); + mp_clear(y); - RESTORE_VECTOR_REGISTERS(); + RESTORE_VECTOR_REGISTERS(); + } /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */ if ((ret == 0) && @@ -2104,19 +2101,21 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #ifdef WOLFSSL_SP_4096 if (mp_count_bits(&key->p) == 4096) { if (mp_init(y) != MP_OKAY) - return MP_INIT_E; + ret = MP_INIT_E; - SAVE_VECTOR_REGISTERS(ret = _svr_ret;); + if (ret == 0) { + SAVE_VECTOR_REGISTERS(ret = _svr_ret;); - if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) - ret = MP_READ_E; + if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) + ret = MP_READ_E; - if (ret == 0) - ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz); + if (ret == 0) + ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz); - mp_clear(y); + mp_clear(y); - RESTORE_VECTOR_REGISTERS(); + RESTORE_VECTOR_REGISTERS(); + } /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */ if ((ret == 0) && @@ -2544,10 +2543,56 @@ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, if (ret == 0 && !trusted) { int isPrime = 0; - if (rng != NULL) - ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng); + + /* Short-circuit the primality check for p if it is one of the named + * public moduli (known primes) from RFC 7919. + */ + #ifdef HAVE_FFDHE_2048 + if ((pSz == sizeof(dh_ffdhe2048_p)) && + (XMEMCMP(p, dh_ffdhe2048_p, sizeof(dh_ffdhe2048_p)) == 0)) + { + isPrime = 1; + } + else + #endif + #ifdef HAVE_FFDHE_3072 + if ((pSz == sizeof(dh_ffdhe3072_p)) && + (XMEMCMP(p, dh_ffdhe3072_p, sizeof(dh_ffdhe3072_p)) == 0)) + { + isPrime = 1; + } + else + #endif + #ifdef HAVE_FFDHE_4096 + if ((pSz == sizeof(dh_ffdhe4096_p)) && + (XMEMCMP(p, dh_ffdhe4096_p, sizeof(dh_ffdhe4096_p)) == 0)) + { + isPrime = 1; + } + else + #endif + #ifdef HAVE_FFDHE_6144 + if ((pSz == sizeof(dh_ffdhe6144_p)) && + (XMEMCMP(p, dh_ffdhe6144_p, sizeof(dh_ffdhe6144_p)) == 0)) + { + isPrime = 1; + } else - ret = mp_prime_is_prime(keyP, 8, &isPrime); + #endif + #ifdef HAVE_FFDHE_8192 + if ((pSz == sizeof(dh_ffdhe8192_p)) && + (XMEMCMP(p, dh_ffdhe8192_p, sizeof(dh_ffdhe8192_p)) == 0)) + { + isPrime = 1; + } + else + #endif + { + if (rng != NULL) + ret = mp_prime_is_prime_ex(keyP, 8, &isPrime, rng); + else + ret = mp_prime_is_prime(keyP, 8, &isPrime); + } if (ret == 0 && isPrime == 0) ret = DH_CHECK_PUB_E; diff --git a/src/wolfcrypt/src/dilithium.c b/src/wolfcrypt/src/dilithium.c index 6391da4..1aa2750 100644 --- a/src/wolfcrypt/src/dilithium.c +++ b/src/wolfcrypt/src/dilithium.c @@ -1,6 +1,6 @@ /* dilithium.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -130,13 +130,7 @@ * shift equivalent. */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -/* in case user set HAVE_PQC there */ -#include +#include #ifndef WOLFSSL_DILITHIUM_NO_ASN1 #include @@ -151,7 +145,6 @@ #include #include #include -#include #ifdef NO_INLINE #include #else @@ -2195,7 +2188,7 @@ static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a, static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, void* heap) { - int ret; + int ret = 0; #if defined(WOLFSSL_SMALL_STACK) byte* h = NULL; #else @@ -2212,7 +2205,8 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } #endif - ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h); + if (ret == 0) + ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h); #if defined(WOLFSSL_SMALL_STACK) XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM); @@ -6076,6 +6070,7 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, ret = MEMORY_E; } else { + XMEMSET(key->s1, 0, params->aSz); key->s2 = key->s1 + params->s1Sz / sizeof(*s1); key->t0 = key->s2 + params->s2Sz / sizeof(*s2); } @@ -7223,6 +7218,9 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, if (key->a == NULL) { ret = MEMORY_E; } + else { + XMEMSET(key->a, 0, params->aSz); + } } #endif if (ret == 0) { @@ -7237,6 +7235,9 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, if (key->t1 == NULL) { ret = MEMORY_E; } + else { + XMEMSET(key->t1, 0, params->s2Sz); + } } #endif if (ret == 0) { @@ -7259,6 +7260,7 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, ret = MEMORY_E; } else { + XMEMSET(z, 0, allocSz); c = z + params->s1Sz / sizeof(*z); w = c + DILITHIUM_N; #ifndef WC_DILITHIUM_CACHE_PUB_VECTORS @@ -7387,6 +7389,7 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu, ret = MEMORY_E; } else { + XMEMSET(z, 0, allocSz); c = z + params->s1Sz / sizeof(*t1); w = c + DILITHIUM_N; t1 = w + DILITHIUM_N; @@ -8014,8 +8017,8 @@ int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, ctx, ctxLen, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -8065,8 +8068,8 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, NULL, 0, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -8117,6 +8120,22 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcSign(hash, hashLen, sig, sigLen, ctx, ctxLen, + hashAlg, rng, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Sign message. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8291,6 +8310,22 @@ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, ctx, ctxLen, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Verify message with signature. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8329,21 +8364,21 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, ret = BAD_FUNC_ARG; } - #ifdef WOLF_CRYPTO_CB +#ifdef WOLF_CRYPTO_CB if (ret == 0) { - #ifndef WOLF_CRYPTO_CB_FIND + #ifndef WOLF_CRYPTO_CB_FIND if (key->devId != INVALID_DEVID) - #endif + #endif { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_DILITHIUM, key); + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_DILITHIUM, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ ret = 0; } } - #endif +#endif if (ret == 0) { /* Verify message with signature. */ @@ -8387,6 +8422,22 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, ret = BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcVerify(sig, sigLen, hash, hashLen, ctx, ctxLen, + hashAlg, res, WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + if (ret == 0) { /* Verify message with signature. */ #ifdef WOLFSSL_WC_DILITHIUM @@ -8892,9 +8943,10 @@ int wc_dilithium_check_key(dilithium_key* key) */ if (ret == 0) { - params = key->params; unsigned int allocSz; + params = key->params; + /* s1-L, s2-K, t0-K, t-K, t1-K */ allocSz = params->s1Sz + 4 * params->s2Sz; #if !defined(WC_DILITHIUM_CACHE_MATRIX_A) @@ -8908,6 +8960,7 @@ int wc_dilithium_check_key(dilithium_key* key) ret = MEMORY_E; } else { + XMEMSET(s1, 0, allocSz); s2 = s1 + params->s1Sz / sizeof(*s1); t0 = s2 + params->s2Sz / sizeof(*s2); t = t0 + params->s2Sz / sizeof(*t0); @@ -9197,6 +9250,9 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) if (key->t1 == NULL) { ret = MEMORY_E; } + else { + XMEMSET(key->t1, 0, key->params->s2Sz); + } } #endif } @@ -9213,6 +9269,9 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) if (key->a == NULL) { ret = MEMORY_E; } + else { + XMEMSET(key->a, 0, key->params->aSz); + } } #endif } @@ -9282,6 +9341,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz, if (key->a == NULL) { ret = MEMORY_E; } + else { + XMEMSET(key->a, 0, params->aSz); + } } } #endif @@ -9303,6 +9365,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz, if (key->s1 == NULL) { ret = MEMORY_E; } + else { + XMEMSET(key->s1, 0, params->s1Sz + params->s2Sz + params->s2Sz); + } if (ret == 0) { /* Set pointers into allocated memory. */ key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1); @@ -9524,6 +9589,42 @@ static int mapOidToSecLevel(word32 oid) } } +/* Get OID sum from dilithium key */ +int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) { + int ret = 0; + + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { + *keyFormat = DILITHIUM_LEVEL2k; + } + else if (key->params->level == WC_ML_DSA_65_DRAFT) { + *keyFormat = DILITHIUM_LEVEL3k; + } + else if (key->params->level == WC_ML_DSA_87_DRAFT) { + *keyFormat = DILITHIUM_LEVEL5k; + } + else + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + if (key->level == WC_ML_DSA_44) { + *keyFormat = ML_DSA_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + *keyFormat = ML_DSA_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + *keyFormat = ML_DSA_LEVEL5k; + } + else { + /* Level is not set */ + ret = ALGO_ID_E; + } + + return ret; +} + #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) /* Decode the DER encoded Dilithium key. @@ -9563,8 +9664,13 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Get OID sum for level. */ + if (key->level == 0) { /* Check first, because key->params will be NULL + * when key->level = 0 */ + /* Level not set by caller, decode from DER */ + keytype = ANONk; + } #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) - if (key->params == NULL) { + else if (key->params == NULL) { ret = BAD_FUNC_ARG; } else if (key->params->level == WC_ML_DSA_44_DRAFT) { @@ -9576,9 +9682,8 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; } - else #endif - if (key->level == WC_ML_DSA_44) { + else if (key->level == WC_ML_DSA_44) { keytype = ML_DSA_LEVEL2k; } else if (key->level == WC_ML_DSA_65) { @@ -9588,8 +9693,7 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, keytype = ML_DSA_LEVEL5k; } else { - /* Level not set by caller, decode from DER */ - keytype = ANONk; /* 0, not a valid key type in this situation*/ + ret = BAD_FUNC_ARG; } } diff --git a/src/wolfcrypt/src/dsa.c b/src/wolfcrypt/src/dsa.c index 7fb7945..5be431a 100644 --- a/src/wolfcrypt/src/dsa.c +++ b/src/wolfcrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,19 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef NO_DSA #include #include -#include -#include #include #include diff --git a/src/wolfcrypt/src/ecc.c b/src/wolfcrypt/src/ecc.c index f010568..6d4cd4d 100644 --- a/src/wolfcrypt/src/ecc.c +++ b/src/wolfcrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -/* in case user set HAVE_ECC there */ -#include +#include #ifdef WOLFSSL_ECC_NO_SMALL_STACK #undef WOLFSSL_SMALL_STACK @@ -161,9 +154,6 @@ ECC Curve Sizes: #include #include -#include -#include -#include #ifdef WOLFSSL_HAVE_SP_ECC #include @@ -257,12 +247,12 @@ ECC Curve Sizes: /* macro guard for ecc_check_pubkey_order functionality */ -#if !defined(WOLFSSL_SP_MATH) && \ - !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ - !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA) && \ - (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_IMXRT1170_CAAM) || \ - defined(WOLFSSL_QNX_CAAM)) +#if (!defined(NO_ECC_CHECK_PUBKEY_ORDER) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLFSSL_SE050) && !defined(WOLFSSL_STM32_PKA)) || \ + defined(WOLFSSL_IMXRT1170_CAAM) || defined(WOLFSSL_QNX_CAAM) /* CAAM builds use public key validation as a means to check if an * imported private key is an encrypted black key or not */ @@ -1441,7 +1431,7 @@ size_t wc_ecc_get_sets_count(void) { #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT) static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen); #endif -#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER +#if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH) static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order); #endif @@ -1576,7 +1566,7 @@ static int xil_mpi_import(mp_int *mpi, #endif #define DECLARE_CURVE_SPECS(intcount) ecc_curve_spec* curve = NULL - #define ALLOC_CURVE_SPECS(intcount, err) WC_DO_NOTHING + #define ALLOC_CURVE_SPECS(intcount, err) (err) = MP_OKAY #define FREE_CURVE_SPECS() WC_DO_NOTHING #elif defined(WOLFSSL_SMALL_STACK) #ifdef WOLFSSL_SP_MATH_ALL @@ -1588,13 +1578,17 @@ static int xil_mpi_import(mp_int *mpi, curve->spec_count = intcount #define ALLOC_CURVE_SPECS(intcount, err) \ + do { \ spec_ints = (unsigned char*)XMALLOC(MP_INT_SIZEOF(MP_BITS_CNT( \ MAX_ECC_BITS_USE)) * (intcount), NULL, \ DYNAMIC_TYPE_ECC); \ if (spec_ints == NULL) \ (err) = MEMORY_E; \ - else \ - curve->spec_ints = spec_ints + else { \ + curve->spec_ints = spec_ints; \ + (err) = MP_OKAY; \ + } \ + } while (0) #else #define DECLARE_CURVE_SPECS(intcount) \ mp_int* spec_ints = NULL; \ @@ -1604,12 +1598,16 @@ static int xil_mpi_import(mp_int *mpi, curve->spec_count = intcount #define ALLOC_CURVE_SPECS(intcount, err) \ + do { \ spec_ints = (mp_int*)XMALLOC(sizeof(mp_int) * (intcount), NULL, \ DYNAMIC_TYPE_ECC); \ if (spec_ints == NULL) \ (err) = MEMORY_E; \ - else \ - curve->spec_ints = spec_ints + else { \ + curve->spec_ints = spec_ints; \ + (err) = MP_OKAY; \ + } \ + } while (0) #endif #define FREE_CURVE_SPECS() \ XFREE(spec_ints, NULL, DYNAMIC_TYPE_ECC) @@ -1632,7 +1630,7 @@ static int xil_mpi_import(mp_int *mpi, curve->spec_ints = spec_ints; \ curve->spec_count = (intcount) #endif - #define ALLOC_CURVE_SPECS(intcount, err) WC_DO_NOTHING + #define ALLOC_CURVE_SPECS(intcount, err) (err) = MP_OKAY #define FREE_CURVE_SPECS() WC_DO_NOTHING #endif /* ECC_CACHE_CURVE */ @@ -6653,6 +6651,10 @@ static int wc_ecc_sign_hash_async(const byte* in, word32 inlen, byte* out, #if !defined(WOLFSSL_ASYNC_CRYPT_SW) && defined(HAVE_ECC_CDH) DECLARE_CURVE_SPECS(1); ALLOC_CURVE_SPECS(1, err); + if (err != MP_OKAY) { + WOLFSSL_MSG("ALLOC_CURVE_SPECS failed"); + break; + } /* get curve order */ err = wc_ecc_curve_load(key->dp, &curve, ECC_CURVE_FIELD_ORDER); @@ -7508,7 +7510,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz, ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID); if (ret == 0) - ret = wc_HmacSetKey(&hmac, hashType, K, KSz); + ret = wc_HmacSetKey(&hmac, (int)hashType, K, KSz); if (ret == 0) ret = wc_HmacUpdate(&hmac, V, VSz); @@ -7938,6 +7940,9 @@ int wc_ecc_free(ecc_key* key) #endif #ifdef WOLFSSL_SE050 +#ifdef WOLFSSL_SE050_AUTO_ERASE + wc_se050_erase_object(key->keyId); +#endif se050_ecc_free_key(key); #endif @@ -9213,6 +9218,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL) byte sigRS[ECC_MAX_CRYPTO_HW_SIZE * 2]; byte hashcopy[ECC_MAX_CRYPTO_HW_SIZE] = {0}; +#elif defined(WOLFSSL_SE050) #else int curveLoaded = 0; DECLARE_CURVE_SPECS(ECC_CURVE_FIELD_COUNT); @@ -9380,7 +9386,6 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #if !defined(WOLFSSL_SP_MATH) || defined(FREESCALE_LTC_ECC) if (!curveLoaded) { - err = 0; /* potential for NOT_COMPILED_IN error from SP attempt */ ALLOC_CURVE_SPECS(ECC_CURVE_FIELD_COUNT, err); if (err != 0) { return err; @@ -9929,11 +9934,7 @@ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, #endif /* HAVE_ECC_KEY_EXPORT */ -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \ - !defined(WOLFSSL_STM32_PKA) && \ - (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \ - defined(WOLFSSL_IMXRT1170_CAAM)) +#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER /* is ecc point on curve described by dp ? */ static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) @@ -10134,6 +10135,10 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) return BAD_FUNC_ARG; ALLOC_CURVE_SPECS(3, err); + if (err != MP_OKAY) { + WOLFSSL_MSG("ALLOC_CURVE_SPECS failed"); + return err; + } #ifdef WOLFSSL_NO_MALLOC res = &lcl_res; @@ -10275,7 +10280,6 @@ static int ecc_check_privkey_gen_helper(ecc_key* key) /* Hardware based private key, so this operation is not supported */ err = MP_OKAY; /* just report success */ #else - err = MP_OKAY; ALLOC_CURVE_SPECS(2, err); /* load curve info */ @@ -10367,9 +10371,10 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng) return err; } -#endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) &&!WOLFSSL_KCAPI_ECC */ +#endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) && \ + !WOLFSSL_KCAPI_ECC */ -#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER +#ifndef WOLFSSL_SP_MATH /* validate order * pubkey = point at infinity, 0 on success */ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order) @@ -10442,12 +10447,8 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, return err; } #endif /* !WOLFSSL_SP_MATH */ +#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */ -#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && - !WOLFSSL_CRYPTOCELL && !WOLFSSL_SE050 && !WOLFSSL_STM32_PKA && - (!WOLF_CRYPTO_CB_ONLY_ECC || WOLFSSL_QNX_CAAM || - WOLFSSL_IMXRT1170_CAAM) - */ #ifdef OPENSSL_EXTRA int wc_ecc_get_generator(ecc_point* ecp, int curve_idx) @@ -10475,7 +10476,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx) return err; } -#endif /* OPENSSLALL */ +#endif /* OPENSSL_EXTRA */ /* Validate the public key per SP 800-56Ar3 section 5.6.2.3.3, @@ -10487,7 +10488,7 @@ int wc_ecc_get_generator(ecc_point* ecp, int curve_idx) static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) { int err = MP_OKAY; -#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER +#if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH) mp_int* b = NULL; #ifdef USE_ECC_B_PARAM DECLARE_CURVE_SPECS(4); @@ -10497,13 +10498,23 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #endif DECLARE_CURVE_SPECS(3); #endif /* USE_ECC_B_PARAM */ -#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */ +#endif ASSERT_SAVED_VECTOR_REGISTERS(); if (key == NULL) return BAD_FUNC_ARG; +#ifndef HAVE_ECC_CHECK_PUBKEY_ORDER + /* consider key check success on HW crypto + * ex: ATECC508/608A, CryptoCell and Silabs + * + * consider key check success on most Crypt Cb only builds + */ + err = MP_OKAY; + +#else + #ifdef WOLFSSL_HAVE_SP_ECC #ifndef WOLFSSL_SP_NO_256 if (key->idx != ECC_CUSTOM_IDX && ecc_sets[key->idx].id == ECC_SECP256R1) { @@ -10538,15 +10549,6 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #endif #ifndef WOLFSSL_SP_MATH -#ifndef HAVE_ECC_CHECK_PUBKEY_ORDER - /* consider key check success on HW crypto - * ex: ATECC508/608A, CryptoCell and Silabs - * - * consider key check success on most Crypt Cb only builds - */ - err = MP_OKAY; - -#else #ifdef USE_ECC_B_PARAM ALLOC_CURVE_SPECS(4, err); #else @@ -10670,11 +10672,13 @@ static int _ecc_validate_public_key(ecc_key* key, int partial, int priv) #endif FREE_CURVE_SPECS(); -#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */ #else + /* The single precision math curve is not available */ err = WC_KEY_SIZE_E; #endif /* !WOLFSSL_SP_MATH */ +#endif /* HAVE_ECC_CHECK_PUBKEY_ORDER */ + (void)partial; (void)priv; return err; @@ -11352,7 +11356,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, #endif #ifdef WOLFSSL_MAXQ10XX_CRYPTO - if (ret == 0) { + if ((ret == 0) && (key->devId != INVALID_DEVID)) { ret = wc_MAXQ10XX_EccSetKey(key, key->dp->size); } #elif defined(WOLFSSL_SILABS_SE_ACCEL) diff --git a/src/wolfcrypt/src/eccsi.c b/src/wolfcrypt/src/eccsi.c index 79b7a65..537e64c 100644 --- a/src/wolfcrypt/src/eccsi.c +++ b/src/wolfcrypt/src/eccsi.c @@ -1,6 +1,6 @@ /* eccsi.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef NO_INLINE #include @@ -36,7 +30,6 @@ #ifdef WOLFCRYPT_HAVE_ECCSI -#include #include #include #ifdef WOLFSSL_HAVE_SP_ECC diff --git a/src/wolfcrypt/src/ed25519.c b/src/wolfcrypt/src/ed25519.c index fd80f86..85f7f8a 100644 --- a/src/wolfcrypt/src/ed25519.c +++ b/src/wolfcrypt/src/ed25519.c @@ -1,6 +1,6 @@ /* ed25519.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,12 +28,7 @@ * Check that the private key didn't change during the signing operations. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -/* in case user set HAVE_ED25519 there */ -#include +#include #ifdef HAVE_ED25519 #if FIPS_VERSION3_GE(6,0,0) @@ -48,8 +43,6 @@ #include #include -#include -#include #include #ifdef NO_INLINE #include @@ -1104,6 +1097,9 @@ void wc_ed25519_free(ed25519_key* key) #endif #ifdef WOLFSSL_SE050 +#ifdef WOLFSSL_SE050_AUTO_ERASE + wc_se050_erase_object(key->keyId); +#endif se050_ed25519_free_key(key); #endif diff --git a/src/wolfcrypt/src/ed448.c b/src/wolfcrypt/src/ed448.c index 1598c9c..a5e63a1 100644 --- a/src/wolfcrypt/src/ed448.c +++ b/src/wolfcrypt/src/ed448.c @@ -1,6 +1,6 @@ /* ed448.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,12 +30,7 @@ * Check that the private key didn't change during the signing operations. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -/* in case user set HAVE_ED448 there */ -#include +#include #ifdef HAVE_ED448 #if FIPS_VERSION3_GE(6,0,0) @@ -49,7 +44,6 @@ #endif #include -#include #include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/error.c b/src/wolfcrypt/src/error.c index 0deb668..af5ba36 100644 --- a/src/wolfcrypt/src/error.c +++ b/src/wolfcrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - -#include +#include #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */ @@ -645,9 +638,15 @@ const char* wc_GetErrorString(int error) case PBKDF2_KAT_FIPS_E: return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure"; + case WC_KEY_MISMATCH_E: + return "key values mismatch"; + case DEADLOCK_AVERTED_E: return "Deadlock averted -- retry the call"; + case ASCON_AUTH_E: + return "ASCON Authentication check fail"; + case MAX_CODE_E: case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: diff --git a/src/wolfcrypt/src/evp.c b/src/wolfcrypt/src/evp.c index c3eb12e..7054f80 100644 --- a/src/wolfcrypt/src/evp.c +++ b/src/wolfcrypt/src/evp.c @@ -1,6 +1,6 @@ /* evp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFSSL_EVP_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -52,67 +47,67 @@ static const struct s_ent { const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, WC_NID_md4, "MD4"}, + {WC_HASH_TYPE_MD4, WC_NID_md4, WC_SN_md4}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, WC_NID_md5, "MD5"}, + {WC_HASH_TYPE_MD5, WC_NID_md5, WC_SN_md5}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA1"}, + {WC_HASH_TYPE_SHA, WC_NID_sha1, WC_SN_sha1}, {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */ #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, WC_NID_sha224, "SHA224"}, + {WC_HASH_TYPE_SHA224, WC_NID_sha224, WC_SN_sha224}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, WC_NID_sha256, "SHA256"}, + {WC_HASH_TYPE_SHA256, WC_NID_sha256, WC_SN_sha256}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, WC_NID_sha384, "SHA384"}, + {WC_HASH_TYPE_SHA384, WC_NID_sha384, WC_SN_sha384}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, WC_NID_sha512, "SHA512"}, + {WC_HASH_TYPE_SHA512, WC_NID_sha512, WC_SN_sha512}, #endif /* WOLFSSL_SHA512 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, "SHA512_224"}, + {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, WC_SN_sha512_224}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, "SHA512_256"}, + {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, WC_SN_sha512_256}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, WC_SN_sha3_224}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, WC_SN_sha3_256}, #endif #ifndef WOLFSSL_NOSHA3_384 - {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, WC_SN_sha3_384}, #endif #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, WC_SN_sha3_512}, #endif #ifdef WOLFSSL_SM3 - {WC_HASH_TYPE_SM3, WC_NID_sm3, "SM3"}, + {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3}, #endif /* WOLFSSL_SHA512 */ #ifdef HAVE_BLAKE2 - {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, "BLAKE2B512"}, + {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512}, #endif #ifdef HAVE_BLAKE2S - {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, "BLAKE2S256"}, + {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, WC_SN_blake2s256}, #endif #ifdef WOLFSSL_SHAKE128 - {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, "SHAKE128"}, + {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, WC_SN_shake128}, #endif #ifdef WOLFSSL_SHAKE256 - {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, "SHAKE256"}, + {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, WC_SN_shake256}, #endif {WC_HASH_TYPE_NONE, 0, NULL} }; @@ -1059,6 +1054,14 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, } switch (ctx->cipherType) { + case WC_NULL_CIPHER_TYPE: + if (out == NULL) { + WOLFSSL_MSG("Bad argument"); + return WOLFSSL_FAILURE; + } + XMEMMOVE(out, in, inl); + *outl = inl; + return WOLFSSL_SUCCESS; #if !defined(NO_AES) && defined(HAVE_AESGCM) case WC_AES_128_GCM_TYPE: case WC_AES_192_GCM_TYPE: @@ -2046,6 +2049,165 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) else return 0; } +/* Getter function for cipher type string + * + * cipherType cipherType enum value to get string for + * + * Returns string representation of the cipher type or NULL if not found + */ +const char* wolfSSL_EVP_CIPHER_type_string(unsigned int cipherType) +{ + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_type_string"); + + switch (cipherType) { +#ifndef NO_DES3 + case WC_DES_CBC_TYPE: return EVP_DES_CBC; + case WC_DES_EDE3_CBC_TYPE: return EVP_DES_EDE3_CBC; + case WC_DES_ECB_TYPE: return EVP_DES_ECB; + case WC_DES_EDE3_ECB_TYPE: return EVP_DES_EDE3_ECB; +#endif +#if !defined(NO_AES) + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CBC_TYPE: return EVP_AES_128_CBC; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CBC_TYPE: return EVP_AES_192_CBC; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CBC_TYPE: return EVP_AES_256_CBC; + #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ + #if defined(WOLFSSL_AES_CFB) + #ifndef WOLFSSL_NO_AES_CFB_1_8 + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CFB1_TYPE: return EVP_AES_128_CFB1; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CFB1_TYPE: return EVP_AES_192_CFB1; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CFB1_TYPE: return EVP_AES_256_CFB1; + #endif + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CFB8_TYPE: return EVP_AES_128_CFB8; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CFB8_TYPE: return EVP_AES_192_CFB8; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CFB8_TYPE: return EVP_AES_256_CFB8; + #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CFB128_TYPE: return EVP_AES_128_CFB128; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CFB128_TYPE: return EVP_AES_192_CFB128; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CFB128_TYPE: return EVP_AES_256_CFB128; + #endif + #endif /* WOLFSSL_AES_CFB */ + #if defined(WOLFSSL_AES_OFB) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_OFB_TYPE: return EVP_AES_128_OFB; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_OFB_TYPE: return EVP_AES_192_OFB; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_OFB_TYPE: return EVP_AES_256_OFB; + #endif + #endif /* WOLFSSL_AES_OFB */ + #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_XTS_TYPE: return EVP_AES_128_XTS; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_XTS_TYPE: return EVP_AES_256_XTS; + #endif + #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ + #if defined(HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_GCM_TYPE: return EVP_AES_128_GCM; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_GCM_TYPE: return EVP_AES_192_GCM; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_GCM_TYPE: return EVP_AES_256_GCM; + #endif + #endif /* HAVE_AESGCM */ + #if defined(HAVE_AESCCM) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CCM_TYPE: return EVP_AES_128_CCM; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CCM_TYPE: return EVP_AES_192_CCM; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CCM_TYPE: return EVP_AES_256_CCM; + #endif + #endif /* HAVE_AESCCM */ + #if defined(WOLFSSL_AES_COUNTER) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CTR_TYPE: return EVP_AES_128_CTR; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CTR_TYPE: return EVP_AES_192_CTR; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CTR_TYPE: return EVP_AES_256_CTR; + #endif + #endif /* WOLFSSL_AES_COUNTER */ + #if defined(HAVE_AES_ECB) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_ECB_TYPE: return EVP_AES_128_ECB; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_ECB_TYPE: return EVP_AES_192_ECB; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_ECB_TYPE: return EVP_AES_256_ECB; + #endif + #endif /* HAVE_AES_ECB */ +#endif /* !NO_AES */ +#if defined(HAVE_ARIA) + case WC_ARIA_128_GCM_TYPE: return EVP_ARIA_128_GCM; + case WC_ARIA_192_GCM_TYPE: return EVP_ARIA_192_GCM; + case WC_ARIA_256_GCM_TYPE: return EVP_ARIA_256_GCM; +#endif /* HAVE_ARIA */ +#ifndef NO_RC4 + case WC_ARC4_TYPE: return EVP_ARC4; +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + case WC_CHACHA20_POLY1305_TYPE: return EVP_CHACHA20_POLY1305; +#endif +#ifdef HAVE_CHACHA + case WC_CHACHA20_TYPE: return EVP_CHACHA20; +#endif +#ifdef WOLFSSL_SM4_ECB + case WC_SM4_ECB_TYPE: return EVP_SM4_ECB; +#endif +#ifdef WOLFSSL_SM4_CBC + case WC_SM4_CBC_TYPE: return EVP_SM4_CBC; +#endif +#ifdef WOLFSSL_SM4_CTR + case WC_SM4_CTR_TYPE: return EVP_SM4_CTR; +#endif +#ifdef WOLFSSL_SM4_GCM + case WC_SM4_GCM_TYPE: return EVP_SM4_GCM; +#endif +#ifdef WOLFSSL_SM4_CCM + case WC_SM4_CCM_TYPE: return EVP_SM4_CCM; +#endif + case WC_NULL_CIPHER_TYPE: return EVP_NULL; + default: + return NULL; + } +} + int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) @@ -2633,7 +2795,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_FAILURE; } if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { - if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, + if (wc_HKDF((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, (word32)*keylen) != 0) { @@ -2642,7 +2804,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ } } else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { - if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt, + if (wc_HKDF_Extract((int)hkdfHashType, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, key) != 0) { WOLFSSL_MSG("wc_HKDF_Extract failed."); @@ -2659,7 +2821,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ } } else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { - if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey, + if (wc_HKDF_Expand((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, (word32)*keylen) != 0) { @@ -3316,14 +3478,44 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, */ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey) { - int bytes; + int ret = 0; - if (pkey == NULL) return 0; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits"); - if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0; - if (bytes < 0) + if (pkey == NULL) return 0; - return bytes*8; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits"); + + switch (pkey->type) { +#ifndef NO_RSA + case WC_EVP_PKEY_RSA: + ret = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); + break; +#endif /* !NO_RSA */ + +#ifndef NO_DSA + case WC_EVP_PKEY_DSA: + if (pkey->dsa == NULL || + (!pkey->dsa->exSet && + SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS)) + break; + ret = wolfSSL_BN_num_bytes(pkey->dsa->p); + break; +#endif + +#ifdef HAVE_ECC + case WC_EVP_PKEY_EC: + if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { + WOLFSSL_MSG("No ECC key has been set"); + break; + } + ret = wc_ecc_size((ecc_key*)(pkey->ecc->internal)); + break; +#endif /* HAVE_ECC */ + + default: + break; + } + return ret > 0 ? ret * 8 : 0; } @@ -3530,12 +3722,11 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, return ret; } -/* Get the size in bytes for WOLFSSL_EVP_PKEY key +/* Get the maximum suitable size for the operations that can be done with pkey * * pkey WOLFSSL_EVP_PKEY structure to get key size of * - * returns the size of a key on success which is the maximum size of a - * signature + * returns the recommended size of buffers */ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) { @@ -3563,7 +3754,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) WOLFSSL_MSG("No ECC key has been set"); break; } - return wc_ecc_size((ecc_key*)(pkey->ecc->internal)); + return wc_ecc_sig_size((ecc_key*)(pkey->ecc->internal)); #endif /* HAVE_ECC */ default: @@ -3732,7 +3923,6 @@ int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) { int ret = -1; /* failure */ - int a_sz = 0, b_sz = 0; if (a == NULL || b == NULL) return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); @@ -3745,40 +3935,47 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) switch (a->type) { #ifndef NO_RSA case WC_EVP_PKEY_RSA: - a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)); - b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)); + if (wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)) <= 0 || + wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)) <= 0) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } + + if (mp_cmp(&((RsaKey*)a->rsa->internal)->n, + &((RsaKey*)b->rsa->internal)->n) != MP_EQ) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } + + if (mp_cmp(&((RsaKey*)a->rsa->internal)->e, + &((RsaKey*)b->rsa->internal)->e) != MP_EQ) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } break; #endif /* !NO_RSA */ #ifdef HAVE_ECC case WC_EVP_PKEY_EC: if (a->ecc == NULL || a->ecc->internal == NULL || - b->ecc == NULL || b->ecc->internal == NULL) { + b->ecc == NULL || b->ecc->internal == NULL || + wc_ecc_size((ecc_key*)a->ecc->internal) <= 0 || + wc_ecc_size((ecc_key*)b->ecc->internal) <= 0 || + a->ecc->group == NULL || b->ecc->group == NULL) { return ret; } - a_sz = wc_ecc_size((ecc_key*)(a->ecc->internal)); - b_sz = wc_ecc_size((ecc_key*)(b->ecc->internal)); + + /* check curve */ + if (a->ecc->group->curve_idx != b->ecc->group->curve_idx) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } + + if (wc_ecc_cmp_point(&((ecc_key*)a->ecc->internal)->pubkey, + &((ecc_key*)b->ecc->internal)->pubkey) != 0) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } break; #endif /* HAVE_ECC */ default: return WS_RETURN_CODE(ret, -2); } /* switch (a->type) */ - /* check size */ - if (a_sz <= 0 || b_sz <= 0 || a_sz != b_sz) { - return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); - } - - /* check public key size */ - if (a->pkey_sz > 0 && b->pkey_sz > 0 && a->pkey_sz != b->pkey_sz) { - return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); - } - - /* check public key */ - if (a->pkey.ptr && b->pkey.ptr) { - if (XMEMCMP(a->pkey.ptr, b->pkey.ptr, (size_t)a->pkey_sz) != 0) { - return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); - } - } #if defined(WOLFSSL_ERROR_CODE_OPENSSL) ret = 1; /* the keys match */ #else @@ -3795,18 +3992,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) static int DH_param_check(WOLFSSL_DH* dh_key) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_BN_CTX* ctx = NULL; WOLFSSL_BIGNUM *num1 = NULL; WOLFSSL_BIGNUM *num2 = NULL; WOLFSSL_ENTER("DH_param_check"); - ctx = wolfSSL_BN_CTX_new(); - if (ctx == NULL) { - WOLFSSL_MSG("failed to allocate memory"); - return WOLFSSL_FAILURE; - } - num1 = wolfSSL_BN_new(); num2 = wolfSSL_BN_new(); if (num1 == NULL || num2 == NULL) { @@ -3840,7 +4030,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) dh_key->q != NULL) { if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) + wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("BN_mod_exp failed"); @@ -3855,7 +4045,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /* test if the number q is prime. */ if (ret == WOLFSSL_SUCCESS && - (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) { + (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) { WOLFSSL_MSG("dh_key->q is not prime or error during check."); ret = WOLFSSL_FAILURE; } /* else TODO check q div q - 1. need BN_div */ @@ -3863,7 +4053,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key) } /* clean up */ - wolfSSL_BN_CTX_free(ctx); wolfSSL_BN_free(num1); wolfSSL_BN_free(num2); @@ -4043,9 +4232,13 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, pkey->ecc); if (ecdsaSig == NULL) return WOLFSSL_FAILURE; + /* get signature length only */ ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL); - if (ret <= 0 || ret > (int)*siglen) + if (ret <= 0 || ret > (int)*siglen) { + wolfSSL_ECDSA_SIG_free(ecdsaSig); return WOLFSSL_FAILURE; + } + /* perform validation of signature */ ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret); wolfSSL_ECDSA_SIG_free(ecdsaSig); if (ret <= 0 || ret > (int)*siglen) @@ -4262,69 +4455,69 @@ static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type, int ret = 0; #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { *hashType = WC_SHA256; } else #endif #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { *hashType = WC_SHA; } else #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { *hashType = WC_SHA224; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { *hashType = WC_SHA384; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { *hashType = WC_SHA512; } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { *hashType = WC_SHA3_224; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { *hashType = WC_SHA3_256; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { *hashType = WC_SHA3_384; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { *hashType = WC_SHA3_512; } else #endif #endif #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { *hashType = WC_SM3; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { *hashType = WC_MD5; } else @@ -4644,7 +4837,9 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, ctx->pctx->pkey->ecc); if (ecdsaSig == NULL) break; - len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig); + len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL); + if (len > 0 && (size_t)len <= *siglen) + len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig); wolfSSL_ECDSA_SIG_free(ecdsaSig); if (len == 0) break; @@ -4867,6 +5062,7 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, { const char *nostring = ""; int ret = 0; + enum wc_HashType pbkdf2HashType; if (pass == NULL) { passlen = 0; @@ -4875,8 +5071,10 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, passlen = (int)XSTRLEN(pass); } + pbkdf2HashType = EvpMd2MacType(digest); + ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, EvpMd2MacType(digest)); + iter, keylen, pbkdf2HashType); if (ret == 0) return WOLFSSL_SUCCESS; else @@ -6299,14 +6497,16 @@ void wolfSSL_EVP_init(void) case WC_AES_256_OFB_TYPE: #endif wc_AesFree(&ctx->cipher.aes); - ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; + ctx->flags &= + (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) case WC_AES_128_XTS_TYPE: case WC_AES_256_XTS_TYPE: wc_AesXtsFree(&ctx->cipher.xts); - ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; + ctx->flags &= + (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #endif #endif /* AES */ @@ -6875,7 +7075,7 @@ void wolfSSL_EVP_init(void) ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY); break; default: - WOLFSSL_MSG("Not implemented cipherType"); + WOLFSSL_MSG("Unimplemented cipherType"); return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */ } if (ret != 0) { @@ -8258,9 +8458,9 @@ void wolfSSL_EVP_init(void) } #endif /* !NO_AES || !NO_DES3 */ - static int IsCipherTypeAEAD(unsigned char cipherType) + static int IsCipherTypeAEAD(unsigned int type) { - switch (cipherType) { + switch (type) { case WC_AES_128_GCM_TYPE: case WC_AES_192_GCM_TYPE: case WC_AES_256_GCM_TYPE: @@ -9367,22 +9567,22 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); if (type != NULL) { - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { ret = WC_NID_md5WithRSAEncryption; } - else if (XSTRCMP(type, "SHA1") == 0) { + else if (XSTRCMP(type, WC_SN_sha1) == 0) { ret = WC_NID_sha1WithRSAEncryption; } - else if (XSTRCMP(type, "SHA224") == 0) { + else if (XSTRCMP(type, WC_SN_sha224) == 0) { ret = WC_NID_sha224WithRSAEncryption; } - else if (XSTRCMP(type, "SHA256") == 0) { + else if (XSTRCMP(type, WC_SN_sha256) == 0) { ret = WC_NID_sha256WithRSAEncryption; } - else if (XSTRCMP(type, "SHA384") == 0) { + else if (XSTRCMP(type, WC_SN_sha384) == 0) { ret = WC_NID_sha384WithRSAEncryption; } - else if (XSTRCMP(type, "SHA512") == 0) { + else if (XSTRCMP(type, WC_SN_sha512) == 0) { ret = WC_NID_sha512WithRSAEncryption; } } @@ -9936,54 +10136,44 @@ static const struct alias { const char *alias; } digest_alias_tbl[] = { - {"MD4", "md4"}, - {"MD5", "md5"}, - {"SHA1", "sha1"}, - {"SHA1", "SHA"}, - {"SHA224", "sha224"}, - {"SHA256", "sha256"}, - {"SHA384", "sha384"}, - {"SHA512", "sha512"}, - {"SHA512_224", "sha512_224"}, - {"SHA3_224", "sha3_224"}, - {"SHA3_256", "sha3_256"}, - {"SHA3_384", "sha3_384"}, - {"SHA3_512", "sha3_512"}, - {"SM3", "sm3"}, - {"BLAKE2B512", "blake2b512"}, - {"BLAKE2S256", "blake2s256"}, - {"SHAKE128", "shake128"}, - {"SHAKE256", "shake256"}, + {WC_SN_md4, "md4"}, + {WC_SN_md5, "md5"}, + {WC_SN_sha1, "sha1"}, + {WC_SN_sha1, "SHA"}, + {WC_SN_sha224, "sha224"}, + {WC_SN_sha256, "sha256"}, + {WC_SN_sha384, "sha384"}, + {WC_SN_sha512, "sha512"}, + {WC_SN_sha512_224, "sha512_224"}, + {WC_SN_sha3_224, "sha3_224"}, + {WC_SN_sha3_256, "sha3_256"}, + {WC_SN_sha3_384, "sha3_384"}, + {WC_SN_sha3_512, "sha3_512"}, + {WC_SN_sm3, "sm3"}, + {WC_SN_blake2b512, "blake2b512"}, + {WC_SN_blake2s256, "blake2s256"}, + {WC_SN_shake128, "shake128"}, + {WC_SN_shake256, "shake256"}, { NULL, NULL} }; const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) { - char nameUpper[15]; /* 15 bytes should be enough for any name */ - size_t i; - const struct alias *al; const struct s_ent *ent; - for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { - nameUpper[i] = (char)XTOUPPER((unsigned char) name[i]); - } - if (i < sizeof(nameUpper)) - nameUpper[i] = '\0'; - else - return NULL; - - name = nameUpper; - for (al = digest_alias_tbl; al->name != NULL; al++) + for (al = digest_alias_tbl; al->name != NULL; al++) { if(XSTRCMP(name, al->alias) == 0) { name = al->name; break; } + } - for (ent = md_tbl; ent->name != NULL; ent++) + for (ent = md_tbl; ent->name != NULL; ent++) { if(XSTRCMP(name, ent->name) == 0) { return (WOLFSSL_EVP_MD *)ent->name; } + } return NULL; } @@ -10017,7 +10207,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) { WOLFSSL_ENTER("EVP_md4"); - return wolfSSL_EVP_get_digestbyname("MD4"); + return wolfSSL_EVP_get_digestbyname(WC_SN_md4); } #endif /* !NO_MD4 */ @@ -10028,7 +10218,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { WOLFSSL_ENTER("EVP_md5"); - return wolfSSL_EVP_get_digestbyname("MD5"); + return wolfSSL_EVP_get_digestbyname(WC_SN_md5); } #endif /* !NO_MD5 */ @@ -10040,8 +10230,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) */ const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void) { - WOLFSSL_ENTER("EVP_blake2b512"); - return wolfSSL_EVP_get_digestbyname("BLAKE2b512"); + WOLFSSL_ENTER("wolfSSL_EVP_blake2b512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_blake2b512); } #endif @@ -10080,7 +10270,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { WOLFSSL_ENTER("EVP_sha1"); - return wolfSSL_EVP_get_digestbyname("SHA1"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha1); } #endif /* NO_SHA */ @@ -10089,7 +10279,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { WOLFSSL_ENTER("EVP_sha224"); - return wolfSSL_EVP_get_digestbyname("SHA224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha224); } #endif /* WOLFSSL_SHA224 */ @@ -10098,7 +10288,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) { WOLFSSL_ENTER("EVP_sha256"); - return wolfSSL_EVP_get_digestbyname("SHA256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha256); } #ifdef WOLFSSL_SHA384 @@ -10106,7 +10296,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { WOLFSSL_ENTER("EVP_sha384"); - return wolfSSL_EVP_get_digestbyname("SHA384"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha384); } #endif /* WOLFSSL_SHA384 */ @@ -10116,7 +10306,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { WOLFSSL_ENTER("EVP_sha512"); - return wolfSSL_EVP_get_digestbyname("SHA512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512); } #ifndef WOLFSSL_NOSHA512_224 @@ -10124,7 +10314,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void) { WOLFSSL_ENTER("EVP_sha512_224"); - return wolfSSL_EVP_get_digestbyname("SHA512_224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_224); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10133,7 +10323,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void) { WOLFSSL_ENTER("EVP_sha512_256"); - return wolfSSL_EVP_get_digestbyname("SHA512_256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_256); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10145,7 +10335,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) { WOLFSSL_ENTER("EVP_sha3_224"); - return wolfSSL_EVP_get_digestbyname("SHA3_224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_224); } #endif /* WOLFSSL_NOSHA3_224 */ @@ -10154,7 +10344,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) { WOLFSSL_ENTER("EVP_sha3_256"); - return wolfSSL_EVP_get_digestbyname("SHA3_256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_256); } #endif /* WOLFSSL_NOSHA3_256 */ @@ -10162,7 +10352,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) { WOLFSSL_ENTER("EVP_sha3_384"); - return wolfSSL_EVP_get_digestbyname("SHA3_384"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_384); } #endif /* WOLFSSL_NOSHA3_384 */ @@ -10170,7 +10360,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) { WOLFSSL_ENTER("EVP_sha3_512"); - return wolfSSL_EVP_get_digestbyname("SHA3_512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_512); } #endif /* WOLFSSL_NOSHA3_512 */ @@ -10196,7 +10386,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void) { WOLFSSL_ENTER("EVP_sm3"); - return wolfSSL_EVP_get_digestbyname("SM3"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sm3); } #endif /* WOLFSSL_SM3 */ @@ -10482,17 +10672,21 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) /* Not an error since an unused struct could be free'd or * reset. */ break; - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + wc_Shake128_Free(&ctx->hash.digest.shake); + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + wc_Shake256_Free(&ctx->hash.digest.shake); + break; #endif + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: default: ret = WOLFSSL_FAILURE; break; @@ -10526,76 +10720,92 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher)); } else #ifndef NO_SHA - if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, "SHA1") == 0)) { + if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, WC_SN_sha1) == 0)) { ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); } else #endif #ifndef NO_SHA256 - if (XSTRCMP(md, "SHA256") == 0) { + if (XSTRCMP(md, WC_SN_sha256) == 0) { ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(md, "SHA224") == 0) { + if (XSTRCMP(md, WC_SN_sha224) == 0) { ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(md, "SHA384") == 0) { + if (XSTRCMP(md, WC_SN_sha384) == 0) { ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); } else #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - if (XSTRCMP(md, "SHA512_224") == 0) { + if (XSTRCMP(md, WC_SN_sha512_224) == 0) { ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512)); } else #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - if (XSTRCMP(md, "SHA512_256") == 0) { + if (XSTRCMP(md, WC_SN_sha512_256) == 0) { ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512)); } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(md, "SHA512") == 0) { + if (XSTRCMP(md, WC_SN_sha512) == 0) { ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); } else #endif #ifndef NO_MD4 - if (XSTRCMP(md, "MD4") == 0) { + if (XSTRCMP(md, WC_SN_md4) == 0) { wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); } else #endif #ifndef NO_MD5 - if (XSTRCMP(md, "MD5") == 0) { + if (XSTRCMP(md, WC_SN_md5) == 0) { ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(md, "SHA3_224") == 0) { + if (XSTRCMP(md, WC_SN_sha3_224) == 0) { ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(md, "SHA3_256") == 0) { + if (XSTRCMP(md, WC_SN_sha3_256) == 0) { ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(md, "SHA3_384") == 0) { + if (XSTRCMP(md, WC_SN_sha3_384) == 0) { ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(md, "SHA3_512") == 0) { + if (XSTRCMP(md, WC_SN_sha3_512) == 0) { ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); } else #endif + #ifdef WOLFSSL_SHAKE128 + if (XSTRCMP(md, WC_SN_shake128) == 0) { + if (wc_InitShake128(&(ctx->hash.digest.shake), NULL, + INVALID_DEVID) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif + #ifdef WOLFSSL_SHAKE256 + if (XSTRCMP(md, WC_SN_shake256) == 0) { + if (wc_InitShake256(&(ctx->hash.digest.shake), NULL, + INVALID_DEVID) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif #endif #ifdef WOLFSSL_SM3 - if (XSTRCMP(md, "SM3") == 0) { + if (XSTRCMP(md, WC_SN_sm3) == 0) { ret = wc_InitSm3(&ctx->hash.digest.sm3, NULL, INVALID_DEVID); if (ret == 0) { ret = WOLFSSL_SUCCESS; @@ -10723,17 +10933,28 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } break; #endif - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + if (wc_Shake128_Update(&ctx->hash.digest.shake, + (const byte*)data, (word32)sz) == 0) { + + ret = WOLFSSL_SUCCESS; + } + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + if (wc_Shake256_Update(&ctx->hash.digest.shake, + (const byte*)data, (word32)sz) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; #endif + case WC_HASH_TYPE_NONE: + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: default: return WOLFSSL_FAILURE; } @@ -10742,14 +10963,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) + static int wolfSSL_EVP_DigestFinal_Common(WOLFSSL_EVP_MD_CTX* ctx, + unsigned char* md, unsigned int* s, enum wc_HashType macType) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - enum wc_HashType macType; - WOLFSSL_ENTER("EVP_DigestFinal"); - macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); switch (macType) { case WC_HASH_TYPE_MD4: #ifndef NO_MD4 @@ -10847,23 +11065,84 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } if (s) *s = WC_SM3_DIGEST_SIZE; break; + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + case WC_HASH_TYPE_SHAKE128: + if (wc_Shake128_Final(&ctx->hash.digest.shake, md, *s) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + case WC_HASH_TYPE_SHAKE256: + if (wc_Shake256_Final(&ctx->hash.digest.shake, md, *s) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + default: + return WOLFSSL_FAILURE; + } + + return ret; + } + + int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, + unsigned int* s) + { + enum wc_HashType macType; + + WOLFSSL_ENTER("wolfSSL_EVP_DigestFinal"); + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); + switch (macType) { + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5: + case WC_HASH_TYPE_SHA: + case WC_HASH_TYPE_SHA224: + case WC_HASH_TYPE_SHA256: + case WC_HASH_TYPE_SHA384: + case WC_HASH_TYPE_SHA512: + #ifndef WOLFSSL_NOSHA512_224 + case WC_HASH_TYPE_SHA512_224: + #endif /* !WOLFSSL_NOSHA512_224 */ + #ifndef WOLFSSL_NOSHA512_256 + case WC_HASH_TYPE_SHA512_256: + #endif /* !WOLFSSL_NOSHA512_256 */ + case WC_HASH_TYPE_SHA3_224: + case WC_HASH_TYPE_SHA3_256: + case WC_HASH_TYPE_SHA3_384: + case WC_HASH_TYPE_SHA3_512: + #ifdef WOLFSSL_SM3 + case WC_HASH_TYPE_SM3: + #endif + case WC_HASH_TYPE_NONE: + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + break; + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + *s = 16; /* if mixing up XOF with plain digest 128 bit is + * default for SHAKE128 */ + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + *s = 32; /* if mixing up XOF with plain digest 256 bit is + * default for SHAKE256 */ + break; #endif default: return WOLFSSL_FAILURE; } - - return ret; + return wolfSSL_EVP_DigestFinal_Common(ctx, md, s, macType); } /* WOLFSSL_SUCCESS on ok */ @@ -10874,6 +11153,46 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return wolfSSL_EVP_DigestFinal(ctx, md, s); } + + /* XOF stands for extendable-output functions. This is used for algos such + * as SHAKE256. + * + * returns 1 (WOLFSSL_SUCCESS) on success and 0 (WOLFSSL_FAILURE) on fail */ + int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *md, + size_t sz) + { + unsigned int len; + enum wc_HashType macType; + + WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF"); + len = (unsigned int)sz; + + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); + return wolfSSL_EVP_DigestFinal_Common(ctx, md, &len, macType); + } + + + unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md) + { + enum wc_HashType macType; + + macType = EvpMd2MacType(md); + switch ((int)macType) { + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + case WC_HASH_TYPE_SHAKE128: + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + case WC_HASH_TYPE_SHAKE256: + #endif + return WOLFSSL_EVP_MD_FLAG_XOF; + default: + return 0; + } + } + + void wolfSSL_EVP_cleanup(void) { /* nothing to do here */ @@ -10884,6 +11203,10 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) WOLFSSL_MSG("wolfSSL_get_digestbynid"); switch(id) { +#ifndef NO_MD4 + case WC_NID_md4: + return wolfSSL_EVP_md4(); +#endif #ifndef NO_MD5 case WC_NID_md5: return wolfSSL_EVP_md5(); @@ -10928,64 +11251,64 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) } #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { return WC_SHA_BLOCK_SIZE; } else #endif #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { return WC_SHA256_BLOCK_SIZE; } else #endif #ifndef NO_MD4 - if (XSTRCMP(type, "MD4") == 0) { + if (XSTRCMP(type, WC_SN_md4) == 0) { return WC_MD4_BLOCK_SIZE; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { return WC_MD5_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { return WC_SHA224_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { return WC_SHA384_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { return WC_SHA512_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { return WC_SHA3_224_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { return WC_SHA3_256_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { return WC_SHA3_384_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { return WC_SHA3_512_BLOCK_SIZE; - } + } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { return WC_SM3_BLOCK_SIZE; } else #endif @@ -11003,74 +11326,74 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) } #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { return WC_SHA_DIGEST_SIZE; } else #endif #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { return WC_SHA256_DIGEST_SIZE; } else #endif #ifndef NO_MD4 - if (XSTRCMP(type, "MD4") == 0) { + if (XSTRCMP(type, WC_SN_md4) == 0) { return WC_MD4_DIGEST_SIZE; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { return WC_MD5_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { return WC_SHA224_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { return WC_SHA384_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { return WC_SHA512_DIGEST_SIZE; } else #ifndef WOLFSSL_NOSHA512_224 - if (XSTRCMP(type, "SHA512_224") == 0) { + if (XSTRCMP(type, WC_SN_sha512_224) == 0) { return WC_SHA512_224_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA512_256 - if (XSTRCMP(type, "SHA512_256") == 0) { + if (XSTRCMP(type, WC_SN_sha512_256) == 0) { return WC_SHA512_256_DIGEST_SIZE; } else #endif #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { return WC_SHA3_224_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { return WC_SHA3_256_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { return WC_SHA3_384_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { return WC_SHA3_512_DIGEST_SIZE; } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { return WC_SM3_DIGEST_SIZE; } #endif @@ -12182,7 +12505,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_RSA: #if !defined(NO_RSA) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyRSA( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12198,7 +12521,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_EC: #if defined(HAVE_ECC) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyEC( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12214,7 +12537,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_DSA: #if !defined(NO_DSA) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyDSA( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12230,7 +12553,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_DH: #if defined(WOLFSSL_DH_EXTRA) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyDH( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12263,64 +12586,64 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, } #ifndef NO_SHA - if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP("SHA1", evp) == 0)) { + if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP(WC_SN_sha1, evp) == 0)) { hash = WC_HASH_TYPE_SHA; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP("SHA224", evp) == 0) { + if (XSTRCMP(WC_SN_sha224, evp) == 0) { hash = WC_HASH_TYPE_SHA224; } else #endif #ifndef NO_SHA256 - if (XSTRCMP("SHA256", evp) == 0) { + if (XSTRCMP(WC_SN_sha256, evp) == 0) { hash = WC_HASH_TYPE_SHA256; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP("SHA384", evp) == 0) { + if (XSTRCMP(WC_SN_sha384, evp) == 0) { hash = WC_HASH_TYPE_SHA384; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP("SHA512", evp) == 0) { + if (XSTRCMP(WC_SN_sha512, evp) == 0) { hash = WC_HASH_TYPE_SHA512; } else #ifndef WOLFSSL_NOSHA512_224 - if (XSTRCMP("SHA512_224", evp) == 0) { + if (XSTRCMP(WC_SN_sha512_224, evp) == 0) { hash = WC_HASH_TYPE_SHA512_224; } else #endif #ifndef WOLFSSL_NOSHA512_256 - if (XSTRCMP("SHA512_256", evp) == 0) { + if (XSTRCMP(WC_SN_sha512_256, evp) == 0) { hash = WC_HASH_TYPE_SHA512_256; } else #endif #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP("SHA3_224", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_224, evp) == 0) { hash = WC_HASH_TYPE_SHA3_224; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP("SHA3_256", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_256, evp) == 0) { hash = WC_HASH_TYPE_SHA3_256; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP("SHA3_384", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_384, evp) == 0) { hash = WC_HASH_TYPE_SHA3_384; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP("SHA3_512", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_512, evp) == 0) { hash = WC_HASH_TYPE_SHA3_512; } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP("SM3", evp) == 0) { + if (XSTRCMP(WC_SN_sm3, evp) == 0) { hash = WC_HASH_TYPE_SM3; } else #endif @@ -12330,12 +12653,12 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, } else #endif #ifndef NO_MD4 - if (XSTRCMP("MD4", evp) == 0) { + if (XSTRCMP(WC_SN_md4, evp) == 0) { hash = WC_HASH_TYPE_MD4; } else #endif #ifndef NO_MD5 - if (XSTRCMP("MD5", evp) == 0) { + if (XSTRCMP(WC_SN_md5, evp) == 0) { hash = WC_HASH_TYPE_MD5; } else #endif diff --git a/src/wolfcrypt/src/ext_lms.c b/src/wolfcrypt/src/ext_lms.c index 70dfa5b..00a3e55 100644 --- a/src/wolfcrypt/src/ext_lms.c +++ b/src/wolfcrypt/src/ext_lms.c @@ -1,6 +1,6 @@ /* ext_lms.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include +#include #if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) @@ -1049,4 +1043,12 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, return 0; } +const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) +{ + if ((priv == NULL) || (privSz < 16)) { + return NULL; + } + return priv - 16; +} + #endif /* WOLFSSL_HAVE_LMS && HAVE_LIBLMS */ diff --git a/src/wolfcrypt/src/ext_mlkem.c b/src/wolfcrypt/src/ext_mlkem.c new file mode 100644 index 0000000..3a9ccee --- /dev/null +++ b/src/wolfcrypt/src/ext_mlkem.c @@ -0,0 +1,762 @@ +/* ext_mlkem.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_WC_MLKEM) +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined (HAVE_LIBOQS) + +#include + +static const char* OQS_ID2name(int id) { + switch (id) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: return OQS_KEM_alg_ml_kem_512; + case WC_ML_KEM_768: return OQS_KEM_alg_ml_kem_768; + case WC_ML_KEM_1024: return OQS_KEM_alg_ml_kem_1024; + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case KYBER_LEVEL1: return OQS_KEM_alg_kyber_512; + case KYBER_LEVEL3: return OQS_KEM_alg_kyber_768; + case KYBER_LEVEL5: return OQS_KEM_alg_kyber_1024; + #endif + default: break; + } + return NULL; +} + +int ext_mlkem_enabled(int id) +{ + const char * name = OQS_ID2name(id); + return OQS_KEM_alg_is_enabled(name); +} +#endif + +/******************************************************************************/ +/* Initializer and cleanup functions. */ + +/** + * Initialize the Kyber key. + * + * @param [out] key Kyber key object to initialize. + * @param [in] type Type of key: KYBER512, KYBER768, KYBER1024. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL or type is unrecognized. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, int devId) +{ + int ret = 0; + + /* Validate key. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Validate type. */ + switch (type) { +#ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + #ifdef HAVE_LIBOQS + case WC_ML_KEM_768: + case WC_ML_KEM_1024: + #endif /* HAVE_LIBOQS */ +#endif +#ifdef WOLFSSL_MLKEM_KYBER + case KYBER_LEVEL1: + #ifdef HAVE_LIBOQS + case KYBER_LEVEL3: + case KYBER_LEVEL5: + #endif /* HAVE_LIBOQS */ +#endif + break; + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; + break; + } + } + if (ret == 0) { + /* Zero out all data. */ + XMEMSET(key, 0, sizeof(*key)); + + /* Keep type for parameters. */ + key->type = type; + +#ifdef WOLF_CRYPTO_CB + key->devCtx = NULL; + key->devId = devId; +#endif + } + + (void)heap; + (void)devId; + + return ret; +} + +/** + * Free the Kyber key object. + * + * @param [in, out] key Kyber key object to dispose of. + */ +int wc_MlKemKey_Free(MlKemKey* key) +{ + if (key != NULL) { + /* Ensure all private data is zeroed. */ + ForceZero(key, sizeof(*key)); + } + + return 0; +} + +/******************************************************************************/ +/* Data size getters. */ + +/** + * Get the size in bytes of encoded private key for the key. + * + * @param [in] key Kyber key object. + * @param [out] len Length of encoded private key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + +#ifdef HAVE_LIBOQS + /* NOTE: SHAKE and AES variants have the same length private key. */ + if (ret == 0) { + switch (key->type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + *len = OQS_KEM_ml_kem_512_length_secret_key; + break; + case WC_ML_KEM_768: + *len = OQS_KEM_ml_kem_768_length_secret_key; + break; + case WC_ML_KEM_1024: + *len = OQS_KEM_ml_kem_1024_length_secret_key; + break; + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_secret_key; + break; + case KYBER_LEVEL3: + *len = OQS_KEM_kyber_768_length_secret_key; + break; + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_secret_key; + break; + #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; + break; + } + } +#endif /* HAVE_LIBOQS */ + + return ret; +} + +/** + * Get the size in bytes of encoded public key for the key. + * + * @param [in] key Kyber key object. + * @param [out] len Length of encoded public key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + +#ifdef HAVE_LIBOQS + /* NOTE: SHAKE and AES variants have the same length public key. */ + if (ret == 0) { + switch (key->type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + *len = OQS_KEM_ml_kem_512_length_public_key; + break; + case WC_ML_KEM_768: + *len = OQS_KEM_ml_kem_768_length_public_key; + break; + case WC_ML_KEM_1024: + *len = OQS_KEM_ml_kem_1024_length_public_key; + break; + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_public_key; + break; + case KYBER_LEVEL3: + *len = OQS_KEM_kyber_768_length_public_key; + break; + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_public_key; + break; + #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; + break; + } + } +#endif /* HAVE_LIBOQS */ + + return ret; +} + +/** + * Get the size in bytes of cipher text for key. + * + * @param [in] key Kyber key object. + * @param [out] len Length of cipher text in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + +#ifdef HAVE_LIBOQS + /* NOTE: SHAKE and AES variants have the same length ciphertext. */ + if (ret == 0) { + switch (key->type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + *len = OQS_KEM_ml_kem_512_length_ciphertext; + break; + case WC_ML_KEM_768: + *len = OQS_KEM_ml_kem_768_length_ciphertext; + break; + case WC_ML_KEM_1024: + *len = OQS_KEM_ml_kem_1024_length_ciphertext; + break; + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case KYBER_LEVEL1: + *len = OQS_KEM_kyber_512_length_ciphertext; + break; + case KYBER_LEVEL3: + *len = OQS_KEM_kyber_768_length_ciphertext; + break; + case KYBER_LEVEL5: + *len = OQS_KEM_kyber_1024_length_ciphertext; + break; + #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; + break; + } + } +#endif /* HAVE_LIBOQS */ + + return ret; +} + +/** + * Size of a shared secret in bytes. Always KYBER_SS_SZ. + * + * @param [in] key Kyber key object. Not used. + * @param [out] Size of the shared secret created with a Kyber key. + * @return 0 on success. + * @return 0 to indicate success. + */ +int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len) +{ + (void)key; + /* Validate parameters. */ + if (len == NULL) { + return BAD_FUNC_ARG; + } + + *len = KYBER_SS_SZ; + + return 0; +} + +/******************************************************************************/ +/* Cryptographic operations. */ + +/** + * Make a Kyber key object using a random number generator. + * + * NOTE: rng is ignored. OQS doesn't use our RNG. + * + * @param [in, out] key Kyber key ovject. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or rng is NULL. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng) +{ + int ret = 0; +#ifdef HAVE_LIBOQS + const char* algName = NULL; + OQS_KEM *kem = NULL; +#endif + + /* Validate parameter. */ + if (key == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLF_CRYPTO_CB + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_MakePqcKemKey(rng, WC_PQC_KEM_TYPE_KYBER, + key->type, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } +#endif + +#ifdef HAVE_LIBOQS + if (ret == 0) { + algName = OQS_ID2name(key->type); + if (algName == NULL) { + ret = BAD_FUNC_ARG; + } + } + + if (ret == 0) { + kem = OQS_KEM_new(algName); + if (kem == NULL) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + ret = wolfSSL_liboqsRngMutexLock(rng); + } + if (ret == 0) { + if (OQS_KEM_keypair(kem, key->pub, key->priv) != + OQS_SUCCESS) { + ret = BAD_FUNC_ARG; + } + } + wolfSSL_liboqsRngMutexUnlock(); + OQS_KEM_free(kem); +#endif /* HAVE_LIBOQS */ + + if (ret != 0) { + ForceZero(key, sizeof(*key)); + } + + return ret; +} + +/** + * Make a Kyber key object using random data. + * + * @param [in, out] key Kyber key ovject. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or rand is NULL. + * @return BUFFER_E when length is not KYBER_MAKEKEY_RAND_SZ. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand, + int len) +{ + (void)rand; + (void)len; + /* OQS doesn't support external randomness. */ + return wc_MlKemKey_MakeKey(key, NULL); +} + +/** + * Encapsulate with random number generator and derive secret. + * + * @param [in] key Kyber key object. + * @param [out] ct Cipher text. + * @param [out] ss Shared secret generated. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, ct, ss or RNG is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* ct, unsigned char* ss, + WC_RNG* rng) +{ + int ret = 0; +#ifdef WOLF_CRYPTO_CB + word32 ctlen = 0; +#endif +#ifdef HAVE_LIBOQS + const char * algName = NULL; + OQS_KEM *kem = NULL; +#endif + + (void)rng; + + /* Validate parameters. */ + if ((key == NULL) || (ct == NULL) || (ss == NULL)) { + ret = BAD_FUNC_ARG; + } + +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + ret = wc_MlKemKey_CipherTextSize(key, &ctlen); + } + if ((ret == 0) + #ifndef WOLF_CRYPTO_CB_FIND + && (key->devId != INVALID_DEVID) + #endif + ) { + ret = wc_CryptoCb_PqcEncapsulate(ct, ctlen, ss, KYBER_SS_SZ, rng, + WC_PQC_KEM_TYPE_KYBER, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } +#endif + +#ifdef HAVE_LIBOQS + if (ret == 0) { + algName = OQS_ID2name(key->type); + if (algName == NULL) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + kem = OQS_KEM_new(algName); + if (kem == NULL) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + ret = wolfSSL_liboqsRngMutexLock(rng); + } + if (ret == 0) { + if (OQS_KEM_encaps(kem, ct, ss, key->pub) != OQS_SUCCESS) { + ret = BAD_FUNC_ARG; + } + } + wolfSSL_liboqsRngMutexUnlock(); + OQS_KEM_free(kem); +#endif /* HAVE_LIBOQS */ + + return ret; +} + +/** + * Encapsulate with random data and derive secret. + * + * @param [out] ct Cipher text. + * @param [out] ss Shared secret generated. + * @param [in] rand Random data. + * @param [in] len Random data. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, ct, ss or RNG is NULL. + * @return BUFFER_E when len is not KYBER_ENC_RAND_SZ. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key, unsigned char* ct, + unsigned char* ss, const unsigned char* rand, int len) +{ + (void)rand; + (void)len; + /* OQS doesn't support external randomness. */ + return wc_MlKemKey_Encapsulate(key, ct, ss, NULL); +} + +/** + * Decapsulate the cipher text to calculate the shared secret. + * + * Validates the cipher text by encapsulating and comparing with data passed in. + * + * @param [in] key Kyber key object. + * @param [out] ss Shared secret. + * @param [in] ct Cipher text. + * @param [in] len Length of cipher text. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, ss or cr are NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return BUFFER_E when len is not the length of cipher text for the key type. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss, + const unsigned char* ct, word32 len) +{ + int ret = 0; + word32 ctlen = 0; +#ifdef HAVE_LIBOQS + const char * algName = NULL; + OQS_KEM *kem = NULL; +#endif + + /* Validate parameters. */ + if ((key == NULL) || (ss == NULL) || (ct == NULL)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + ret = wc_MlKemKey_CipherTextSize(key, &ctlen); + } + if ((ret == 0) && (len != ctlen)) { + ret = BUFFER_E; + } + +#ifdef WOLF_CRYPTO_CB + if ((ret == 0) + #ifndef WOLF_CRYPTO_CB_FIND + && (key->devId != INVALID_DEVID) + #endif + ) { + ret = wc_CryptoCb_PqcDecapsulate(ct, ctlen, ss, KYBER_SS_SZ, + WC_PQC_KEM_TYPE_KYBER, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } +#endif + +#ifdef HAVE_LIBOQS + if (ret == 0) { + algName = OQS_ID2name(key->type); + if (algName == NULL) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + kem = OQS_KEM_new(algName); + if (kem == NULL) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + if (OQS_KEM_decaps(kem, ss, ct, key->priv) != OQS_SUCCESS) { + ret = BAD_FUNC_ARG; + } + } + + OQS_KEM_free(kem); +#endif /* HAVE_LIBOQS */ + + return ret; + +} + +/******************************************************************************/ +/* Encoding and decoding functions. */ + +/** + * Decode the private key. + * + * We store the whole thing in the private key buffer. Note this means we cannot + * do the encapsulation operation with the private key. But generally speaking + * this is never done. + * + * @param [in, out] key Kyber key object. + * @param [in] in Buffer holding encoded key. + * @param [in] len Length of data in buffer. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or in is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return BUFFER_E when len is not the correct size. + */ +int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, const unsigned char* in, + word32 len) +{ + int ret = 0; + word32 privLen = 0; + + /* Validate parameters. */ + if ((key == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ret = wc_MlKemKey_PrivateKeySize(key, &privLen); + } + + /* Ensure the data is the correct length for the key type. */ + if ((ret == 0) && (len != privLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + XMEMCPY(key->priv, in, privLen); + } + + return ret; +} + +/** + * Decode public key. + * + * We store the whole thing in the public key buffer. + * + * @param [in, out] key Kyber key object. + * @param [in] in Buffer holding encoded key. + * @param [in] len Length of data in buffer. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or in is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return BUFFER_E when len is not the correct size. + */ +int wc_MlKemKey_DecodePublicKey(MlKemKey* key, const unsigned char* in, + word32 len) +{ + int ret = 0; + word32 pubLen = 0; + + /* Validate parameters. */ + if ((key == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ret = wc_MlKemKey_PublicKeySize(key, &pubLen); + } + + /* Ensure the data is the correct length for the key type. */ + if ((ret == 0) && (len != pubLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + XMEMCPY(key->pub, in, pubLen); + } + + return ret; +} + +/** + * Encode the private key. + * + * We stored it as a blob so we can just copy it over. + * + * @param [in] key Kyber key object. + * @param [out] out Buffer to hold data. + * @param [in] len Size of buffer in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or out is NULL or private/public key not + * available. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out, word32 len) +{ + int ret = 0; + unsigned int privLen = 0; + + if ((key == NULL) || (out == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ret = wc_MlKemKey_PrivateKeySize(key, &privLen); + } + + /* Check buffer is big enough for encoding. */ + if ((ret == 0) && (len != privLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + XMEMCPY(out, key->priv, privLen); + } + + return ret; +} + +/** + * Encode the public key. + * + * We stored it as a blob so we can just copy it over. + * + * @param [in] key Kyber key object. + * @param [out] out Buffer to hold data. + * @param [in] len Size of buffer in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or out is NULL or public key not available. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out, word32 len) +{ + int ret = 0; + unsigned int pubLen = 0; + + if ((key == NULL) || (out == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + ret = wc_MlKemKey_PublicKeySize(key, &pubLen); + } + + /* Check buffer is big enough for encoding. */ + if ((ret == 0) && (len != pubLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + XMEMCPY(out, key->pub, pubLen); + } + + return ret; +} + +#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_WC_MLKEM */ diff --git a/src/wolfcrypt/src/ext_xmss.c b/src/wolfcrypt/src/ext_xmss.c index 938d513..48912a3 100644 --- a/src/wolfcrypt/src/ext_xmss.c +++ b/src/wolfcrypt/src/ext_xmss.c @@ -1,6 +1,6 @@ /* ext_xmss.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#include -#include -#include #include #if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) diff --git a/src/wolfcrypt/src/falcon.c b/src/wolfcrypt/src/falcon.c index b1aabb1..6562a80 100644 --- a/src/wolfcrypt/src/falcon.c +++ b/src/wolfcrypt/src/falcon.c @@ -1,6 +1,6 @@ /* falcon.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,25 +19,19 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* Based on ed448.c and Reworked for Falcon by Anthony Hu. */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif +/* Based on ed448.c and Reworked for Falcon by Anthony Hu. */ -/* in case user set HAVE_PQC there */ -#include +#if defined(HAVE_PQC) && defined(HAVE_FALCON) #include -#if defined(HAVE_PQC) && defined(HAVE_FALCON) - #ifdef HAVE_LIBOQS #include #endif #include -#include #ifdef NO_INLINE #include #else @@ -62,6 +56,10 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, falcon_key* key, WC_RNG* rng) { int ret = 0; +#ifdef HAVE_LIBOQS + OQS_SIG *oqssig = NULL; + size_t localOutLen = 0; +#endif /* sanity check on arguments */ if ((in == NULL) || (out == NULL) || (outLen == NULL) || (key == NULL)) { @@ -73,8 +71,8 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, rng, - WC_PQC_SIG_TYPE_FALCON, key); + ret = wc_CryptoCb_PqcSign(in, inLen, out, outLen, NULL, 0, + WC_HASH_TYPE_NONE, rng, WC_PQC_SIG_TYPE_FALCON, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -83,9 +81,6 @@ int wc_falcon_sign_msg(const byte* in, word32 inLen, #endif #ifdef HAVE_LIBOQS - OQS_SIG *oqssig = NULL; - size_t localOutLen = 0; - if ((ret == 0) && (!key->prvKeySet)) { ret = BAD_FUNC_ARG; } @@ -161,6 +156,9 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, falcon_key* key) { int ret = 0; +#ifdef HAVE_LIBOQS + OQS_SIG *oqssig = NULL; +#endif if (key == NULL || sig == NULL || msg == NULL || res == NULL) { return BAD_FUNC_ARG; @@ -171,8 +169,8 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, if (key->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, res, - WC_PQC_SIG_TYPE_FALCON, key); + ret = wc_CryptoCb_PqcVerify(sig, sigLen, msg, msgLen, NULL, 0, + WC_HASH_TYPE_NONE, res, WC_PQC_SIG_TYPE_FALCON, key); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -181,8 +179,6 @@ int wc_falcon_verify_msg(const byte* sig, word32 sigLen, const byte* msg, #endif #ifdef HAVE_LIBOQS - OQS_SIG *oqssig = NULL; - if ((ret == 0) && (!key->pubKeySet)) { ret = BAD_FUNC_ARG; } @@ -708,12 +704,12 @@ int wc_falcon_export_key(falcon_key* key, byte* priv, word32 *privSz, */ int wc_falcon_check_key(falcon_key* key) { + int ret = 0; + if (key == NULL) { return BAD_FUNC_ARG; } - int ret = 0; - /* The public key is also decoded and stored within the private key buffer * behind the private key. Hence, we can compare both stored public keys. */ if (key->level == 1) { diff --git a/src/wolfcrypt/src/fe_448.c b/src/wolfcrypt/src/fe_448.c index bbf31f6..8cf0245 100644 --- a/src/wolfcrypt/src/fe_448.c +++ b/src/wolfcrypt/src/fe_448.c @@ -1,6 +1,6 @@ /* fe_448.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,11 +24,7 @@ * Reworked for curve448 by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(HAVE_CURVE448) || defined(HAVE_ED448) @@ -1437,56 +1433,56 @@ void fe448_to_bytes(unsigned char* b, const sword32* a) b[ 0] = (byte)(in0 >> 0); b[ 1] = (byte)(in0 >> 8); b[ 2] = (byte)(in0 >> 16); - b[ 3] = (byte)(in0 >> 24) + (byte)((in1 >> 0) << 4); + b[ 3] = (byte)((byte)(in0 >> 24) + (byte)((in1 >> 0) << 4)); b[ 4] = (byte)(in1 >> 4); b[ 5] = (byte)(in1 >> 12); b[ 6] = (byte)(in1 >> 20); b[ 7] = (byte)(in2 >> 0); b[ 8] = (byte)(in2 >> 8); b[ 9] = (byte)(in2 >> 16); - b[10] = (byte)(in2 >> 24) + (byte)((in3 >> 0) << 4); + b[10] = (byte)((byte)(in2 >> 24) + (byte)((in3 >> 0) << 4)); b[11] = (byte)(in3 >> 4); b[12] = (byte)(in3 >> 12); b[13] = (byte)(in3 >> 20); b[14] = (byte)(in4 >> 0); b[15] = (byte)(in4 >> 8); b[16] = (byte)(in4 >> 16); - b[17] = (byte)(in4 >> 24) + (byte)((in5 >> 0) << 4); + b[17] = (byte)((byte)(in4 >> 24) + (byte)((in5 >> 0) << 4)); b[18] = (byte)(in5 >> 4); b[19] = (byte)(in5 >> 12); b[20] = (byte)(in5 >> 20); b[21] = (byte)(in6 >> 0); b[22] = (byte)(in6 >> 8); b[23] = (byte)(in6 >> 16); - b[24] = (byte)(in6 >> 24) + (byte)((in7 >> 0) << 4); + b[24] = (byte)((byte)(in6 >> 24) + (byte)((in7 >> 0) << 4)); b[25] = (byte)(in7 >> 4); b[26] = (byte)(in7 >> 12); b[27] = (byte)(in7 >> 20); b[28] = (byte)(in8 >> 0); b[29] = (byte)(in8 >> 8); b[30] = (byte)(in8 >> 16); - b[31] = (byte)(in8 >> 24) + (byte)((in9 >> 0) << 4); + b[31] = (byte)((byte)(in8 >> 24) + (byte)((in9 >> 0) << 4)); b[32] = (byte)(in9 >> 4); b[33] = (byte)(in9 >> 12); b[34] = (byte)(in9 >> 20); b[35] = (byte)(in10 >> 0); b[36] = (byte)(in10 >> 8); b[37] = (byte)(in10 >> 16); - b[38] = (byte)(in10 >> 24) + (byte)((in11 >> 0) << 4); + b[38] = (byte)((byte)(in10 >> 24) + (byte)((in11 >> 0) << 4)); b[39] = (byte)(in11 >> 4); b[40] = (byte)(in11 >> 12); b[41] = (byte)(in11 >> 20); b[42] = (byte)(in12 >> 0); b[43] = (byte)(in12 >> 8); b[44] = (byte)(in12 >> 16); - b[45] = (byte)(in12 >> 24) + (byte)((in13 >> 0) << 4); + b[45] = (byte)((byte)(in12 >> 24) + (byte)((in13 >> 0) << 4)); b[46] = (byte)(in13 >> 4); b[47] = (byte)(in13 >> 12); b[48] = (byte)(in13 >> 20); b[49] = (byte)(in14 >> 0); b[50] = (byte)(in14 >> 8); b[51] = (byte)(in14 >> 16); - b[52] = (byte)(in14 >> 24) + (byte)((in15 >> 0) << 4); + b[52] = (byte)((byte)(in14 >> 24) + (byte)((in15 >> 0) << 4)); b[53] = (byte)(in15 >> 4); b[54] = (byte)(in15 >> 12); b[55] = (byte)(in15 >> 20); diff --git a/src/wolfcrypt/src/fe_low_mem.c b/src/wolfcrypt/src/fe_low_mem.c index ad10a0e..febc123 100644 --- a/src/wolfcrypt/src/fe_low_mem.c +++ b/src/wolfcrypt/src/fe_low_mem.c @@ -1,6 +1,6 @@ /* fe_low_mem.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* Based from Daniel Beer's public domain work. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) /* use slower code that takes less memory */ diff --git a/src/wolfcrypt/src/fe_operations.c b/src/wolfcrypt/src/fe_operations.c index 2910151..135d703 100644 --- a/src/wolfcrypt/src/fe_operations.c +++ b/src/wolfcrypt/src/fe_operations.c @@ -1,6 +1,6 @@ /* fe_operations.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519) #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) /* run when not defined to use small memory math */ @@ -128,11 +123,9 @@ void fe_init(void) #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \ !defined(FREESCALE_LTC_ECC) +#ifndef WOLFSSL_CURVE25519_BLINDING int curve25519(byte* q, const byte* n, const byte* p) { -#if 0 - unsigned char e[32]; -#endif fe x1 = {0}; fe x2 = {0}; fe z2 = {0}; @@ -143,17 +136,6 @@ int curve25519(byte* q, const byte* n, const byte* p) int pos = 0; unsigned int swap = 0; - /* Clamp already done during key generation and import */ -#if 0 - { - unsigned int i; - for (i = 0;i < 32;++i) e[i] = n[i]; - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - } -#endif - fe_frombytes(x1,p); fe_1(x2); fe_0(z2); @@ -163,11 +145,7 @@ int curve25519(byte* q, const byte* n, const byte* p) swap = 0; for (pos = 254;pos >= 0;--pos) { unsigned int b; -#if 0 - b = e[pos / 8] >> (pos & 7); -#else - b = n[pos / 8] >> (pos & 7); -#endif + b = (unsigned int)(n[pos / 8]) >> (pos & 7); b &= 1; swap ^= b; fe_cswap(x2,x3,(int)swap); @@ -203,6 +181,74 @@ int curve25519(byte* q, const byte* n, const byte* p) return 0; } +#else +int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p, + const byte* rz) +{ + fe x1 = {0}; + fe x2 = {0}; + fe z2 = {0}; + fe x3 = {0}; + fe z3 = {0}; + fe tmp0 = {0}; + fe tmp1 = {0}; + int pos = 0; + unsigned int b; + + fe_frombytes(x1,p); + fe_1(x2); + fe_0(z2); + fe_copy(x3,x1); + fe_frombytes(z3, rz); + fe_mul(x3, x3, z3); + + /* mask_bits[252] */ + b = mask[31] >> 7; + b &= 1; + fe_cswap(x2,x3,(int)b); + fe_cswap(z2,z3,(int)b); + for (pos = 255;pos >= 1;--pos) { + b = n[pos / 8] >> (pos & 7); + b &= 1; + fe_cswap(x2,x3,(int)b); + fe_cswap(z2,z3,(int)b); + + /* montgomery */ + fe_sub(tmp0,x3,z3); + fe_sub(tmp1,x2,z2); + fe_add(x2,x2,z2); + fe_add(z2,x3,z3); + fe_mul(z3,tmp0,x2); + fe_mul(z2,z2,tmp1); + fe_sq(tmp0,tmp1); + fe_sq(tmp1,x2); + fe_add(x3,z3,z2); + fe_sub(z2,z3,z2); + fe_mul(x2,tmp1,tmp0); + fe_sub(tmp1,tmp1,tmp0); + fe_sq(z2,z2); + fe_mul121666(z3,tmp1); + fe_sq(x3,x3); + fe_add(tmp0,tmp0,z3); + fe_mul(z3,x1,z2); + fe_mul(z2,tmp1,tmp0); + + b = mask[(pos-1) / 8] >> ((pos-1) & 7); + b &= 1; + fe_cswap(x2,x3,(int)b); + fe_cswap(z2,z3,(int)b); + } + b = n[0] & 1; + fe_cswap(x2,x3,(int)b); + fe_cswap(z2,z3,(int)b); + + fe_invert(z2,z2); + fe_mul(x2,x2,z2); + fe_tobytes(q,x2); + + return 0; +} +#endif #endif /* HAVE_CURVE25519 && !CURVE25519_SMALL && !FREESCALE_LTC_ECC */ diff --git a/src/wolfcrypt/src/ge_448.c b/src/wolfcrypt/src/ge_448.c index 81f9c57..a09a92d 100644 --- a/src/wolfcrypt/src/ge_448.c +++ b/src/wolfcrypt/src/ge_448.c @@ -1,6 +1,6 @@ /* ge_448.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,17 +24,12 @@ * Reworked for ed448 by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_ED448 #include #include -#include #ifdef NO_INLINE #include #else @@ -369,7 +364,7 @@ int ge448_scalarmult_base(ge448_p2* h, const byte* a) return 0; } -/* Perform a scalar multplication of the base point and public point. +/* Perform a scalar multiplication of the base point and public point. * r = a * p + b * base * Uses a sliding window of 5 bits. * Not constant time. @@ -919,70 +914,70 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) | (word64)((sword64) (d[55]) << 48); /* a * b + d */ - t[ 0] = (word128)dd[ 0] + (word128)((sword128)ad[ 0] * bd[ 0]); - t[ 1] = (word128)dd[ 1] + (word128)((sword128)ad[ 0] * bd[ 1] - + (sword128)ad[ 1] * bd[ 0]); - t[ 2] = (word128)dd[ 2] + (word128)((sword128)ad[ 0] * bd[ 2] - + (sword128)ad[ 1] * bd[ 1] - + (sword128)ad[ 2] * bd[ 0]); - t[ 3] = (word128)dd[ 3] + (word128)((sword128)ad[ 0] * bd[ 3] - + (sword128)ad[ 1] * bd[ 2] - + (sword128)ad[ 2] * bd[ 1] - + (sword128)ad[ 3] * bd[ 0]); - t[ 4] = (word128)dd[ 4] + (word128)((sword128)ad[ 0] * bd[ 4] - + (sword128)ad[ 1] * bd[ 3] - + (sword128)ad[ 2] * bd[ 2] - + (sword128)ad[ 3] * bd[ 1] - + (sword128)ad[ 4] * bd[ 0]); - t[ 5] = (word128)dd[ 5] + (word128)((sword128)ad[ 0] * bd[ 5] - + (sword128)ad[ 1] * bd[ 4] - + (sword128)ad[ 2] * bd[ 3] - + (sword128)ad[ 3] * bd[ 2] - + (sword128)ad[ 4] * bd[ 1] - + (sword128)ad[ 5] * bd[ 0]); - t[ 6] = (word128)dd[ 6] + (word128)((sword128)ad[ 0] * bd[ 6] - + (sword128)ad[ 1] * bd[ 5] - + (sword128)ad[ 2] * bd[ 4] - + (sword128)ad[ 3] * bd[ 3] - + (sword128)ad[ 4] * bd[ 2] - + (sword128)ad[ 5] * bd[ 1] - + (sword128)ad[ 6] * bd[ 0]); - t[ 7] = (word128)dd[ 7] + (word128)((sword128)ad[ 0] * bd[ 7] - + (sword128)ad[ 1] * bd[ 6] - + (sword128)ad[ 2] * bd[ 5] - + (sword128)ad[ 3] * bd[ 4] - + (sword128)ad[ 4] * bd[ 3] - + (sword128)ad[ 5] * bd[ 2] - + (sword128)ad[ 6] * bd[ 1] - + (sword128)ad[ 7] * bd[ 0]); - t[ 8] = (word128) ((sword128)ad[ 1] * bd[ 7] - + (sword128)ad[ 2] * bd[ 6] - + (sword128)ad[ 3] * bd[ 5] - + (sword128)ad[ 4] * bd[ 4] - + (sword128)ad[ 5] * bd[ 3] - + (sword128)ad[ 6] * bd[ 2] - + (sword128)ad[ 7] * bd[ 1]); - t[ 9] = (word128) ((sword128)ad[ 2] * bd[ 7] - + (sword128)ad[ 3] * bd[ 6] - + (sword128)ad[ 4] * bd[ 5] - + (sword128)ad[ 5] * bd[ 4] - + (sword128)ad[ 6] * bd[ 3] - + (sword128)ad[ 7] * bd[ 2]); - t[10] = (word128) ((sword128)ad[ 3] * bd[ 7] - + (sword128)ad[ 4] * bd[ 6] - + (sword128)ad[ 5] * bd[ 5] - + (sword128)ad[ 6] * bd[ 4] - + (sword128)ad[ 7] * bd[ 3]); - t[11] = (word128) ((sword128)ad[ 4] * bd[ 7] - + (sword128)ad[ 5] * bd[ 6] - + (sword128)ad[ 6] * bd[ 5] - + (sword128)ad[ 7] * bd[ 4]); - t[12] = (word128) ((sword128)ad[ 5] * bd[ 7] - + (sword128)ad[ 6] * bd[ 6] - + (sword128)ad[ 7] * bd[ 5]); - t[13] = (word128) ((sword128)ad[ 6] * bd[ 7] - + (sword128)ad[ 7] * bd[ 6]); - t[14] = (word128) (sword128)ad[ 7] * bd[ 7]; + t[ 0] = (word128)(dd[ 0] + (word128)((sword128)ad[ 0] * bd[ 0])); + t[ 1] = (word128)(dd[ 1] + (word128)((sword128)ad[ 0] * bd[ 1] + + (sword128)ad[ 1] * bd[ 0])); + t[ 2] = (word128)(dd[ 2] + (word128)((sword128)ad[ 0] * bd[ 2] + + (sword128)ad[ 1] * bd[ 1] + + (sword128)ad[ 2] * bd[ 0])); + t[ 3] = (word128)(dd[ 3] + (word128)((sword128)ad[ 0] * bd[ 3] + + (sword128)ad[ 1] * bd[ 2] + + (sword128)ad[ 2] * bd[ 1] + + (sword128)ad[ 3] * bd[ 0])); + t[ 4] = (word128)(dd[ 4] + (word128)((sword128)ad[ 0] * bd[ 4] + + (sword128)ad[ 1] * bd[ 3] + + (sword128)ad[ 2] * bd[ 2] + + (sword128)ad[ 3] * bd[ 1] + + (sword128)ad[ 4] * bd[ 0])); + t[ 5] = (word128)(dd[ 5] + (word128)((sword128)ad[ 0] * bd[ 5] + + (sword128)ad[ 1] * bd[ 4] + + (sword128)ad[ 2] * bd[ 3] + + (sword128)ad[ 3] * bd[ 2] + + (sword128)ad[ 4] * bd[ 1] + + (sword128)ad[ 5] * bd[ 0])); + t[ 6] = (word128)(dd[ 6] + (word128)((sword128)ad[ 0] * bd[ 6] + + (sword128)ad[ 1] * bd[ 5] + + (sword128)ad[ 2] * bd[ 4] + + (sword128)ad[ 3] * bd[ 3] + + (sword128)ad[ 4] * bd[ 2] + + (sword128)ad[ 5] * bd[ 1] + + (sword128)ad[ 6] * bd[ 0])); + t[ 7] = (word128)(dd[ 7] + (word128)((sword128)ad[ 0] * bd[ 7] + + (sword128)ad[ 1] * bd[ 6] + + (sword128)ad[ 2] * bd[ 5] + + (sword128)ad[ 3] * bd[ 4] + + (sword128)ad[ 4] * bd[ 3] + + (sword128)ad[ 5] * bd[ 2] + + (sword128)ad[ 6] * bd[ 1] + + (sword128)ad[ 7] * bd[ 0])); + t[ 8] = (word128)( (sword128)ad[ 1] * bd[ 7] + + (sword128)ad[ 2] * bd[ 6] + + (sword128)ad[ 3] * bd[ 5] + + (sword128)ad[ 4] * bd[ 4] + + (sword128)ad[ 5] * bd[ 3] + + (sword128)ad[ 6] * bd[ 2] + + (sword128)ad[ 7] * bd[ 1]); + t[ 9] = (word128)( (sword128)ad[ 2] * bd[ 7] + + (sword128)ad[ 3] * bd[ 6] + + (sword128)ad[ 4] * bd[ 5] + + (sword128)ad[ 5] * bd[ 4] + + (sword128)ad[ 6] * bd[ 3] + + (sword128)ad[ 7] * bd[ 2]); + t[10] = (word128)( (sword128)ad[ 3] * bd[ 7] + + (sword128)ad[ 4] * bd[ 6] + + (sword128)ad[ 5] * bd[ 5] + + (sword128)ad[ 6] * bd[ 4] + + (sword128)ad[ 7] * bd[ 3]); + t[11] = (word128)( (sword128)ad[ 4] * bd[ 7] + + (sword128)ad[ 5] * bd[ 6] + + (sword128)ad[ 6] * bd[ 5] + + (sword128)ad[ 7] * bd[ 4]); + t[12] = (word128)( (sword128)ad[ 5] * bd[ 7] + + (sword128)ad[ 6] * bd[ 6] + + (sword128)ad[ 7] * bd[ 5]); + t[13] = (word128)( (sword128)ad[ 6] * bd[ 7] + + (sword128)ad[ 7] * bd[ 6]); + t[14] = (word128)( (sword128)ad[ 7] * bd[ 7]); t[15] = 0; /* Mod curve order */ @@ -5143,136 +5138,169 @@ void sc448_reduce(byte* b) word32 o; /* Load from bytes */ - t[ 0] = (((sword32)((b[ 0] ) >> 0)) << 0) + t[ 0] = (word64)( + (((sword32)((b[ 0] ) >> 0)) << 0) | (((sword32)((b[ 1] ) >> 0)) << 8) | (((sword32)((b[ 2] ) >> 0)) << 16) - | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24); - t[ 1] = (((sword32)((b[ 3] ) >> 4)) << 0) + | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24)); + t[ 1] = (word64)( + (((sword32)((b[ 3] ) >> 4)) << 0) | (((sword32)((b[ 4] ) >> 0)) << 4) | (((sword32)((b[ 5] ) >> 0)) << 12) - | (((sword32)((b[ 6] ) >> 0)) << 20); - t[ 2] = (((sword32)((b[ 7] ) >> 0)) << 0) + | (((sword32)((b[ 6] ) >> 0)) << 20)); + t[ 2] = (word64)( + (((sword32)((b[ 7] ) >> 0)) << 0) | (((sword32)((b[ 8] ) >> 0)) << 8) | (((sword32)((b[ 9] ) >> 0)) << 16) - | ((((sword32)((b[10] & 0xf )) >> 0)) << 24); - t[ 3] = (((sword32)((b[10] ) >> 4)) << 0) + | ((((sword32)((b[10] & 0xf )) >> 0)) << 24)); + t[ 3] = (word64)( + (((sword32)((b[10] ) >> 4)) << 0) | (((sword32)((b[11] ) >> 0)) << 4) | (((sword32)((b[12] ) >> 0)) << 12) - | (((sword32)((b[13] ) >> 0)) << 20); - t[ 4] = (((sword32)((b[14] ) >> 0)) << 0) + | (((sword32)((b[13] ) >> 0)) << 20)); + t[ 4] = (word64)( + (((sword32)((b[14] ) >> 0)) << 0) | (((sword32)((b[15] ) >> 0)) << 8) | (((sword32)((b[16] ) >> 0)) << 16) - | ((((sword32)((b[17] & 0xf )) >> 0)) << 24); - t[ 5] = (((sword32)((b[17] ) >> 4)) << 0) + | ((((sword32)((b[17] & 0xf )) >> 0)) << 24)); + t[ 5] = (word64)( + (((sword32)((b[17] ) >> 4)) << 0) | (((sword32)((b[18] ) >> 0)) << 4) | (((sword32)((b[19] ) >> 0)) << 12) - | (((sword32)((b[20] ) >> 0)) << 20); - t[ 6] = (((sword32)((b[21] ) >> 0)) << 0) + | (((sword32)((b[20] ) >> 0)) << 20)); + t[ 6] = (word64)( + (((sword32)((b[21] ) >> 0)) << 0) | (((sword32)((b[22] ) >> 0)) << 8) | (((sword32)((b[23] ) >> 0)) << 16) - | ((((sword32)((b[24] & 0xf )) >> 0)) << 24); - t[ 7] = (((sword32)((b[24] ) >> 4)) << 0) + | ((((sword32)((b[24] & 0xf )) >> 0)) << 24)); + t[ 7] = (word64)( + (((sword32)((b[24] ) >> 4)) << 0) | (((sword32)((b[25] ) >> 0)) << 4) | (((sword32)((b[26] ) >> 0)) << 12) - | (((sword32)((b[27] ) >> 0)) << 20); - t[ 8] = (((sword32)((b[28] ) >> 0)) << 0) + | (((sword32)((b[27] ) >> 0)) << 20)); + t[ 8] = (word64)( + (((sword32)((b[28] ) >> 0)) << 0) | (((sword32)((b[29] ) >> 0)) << 8) | (((sword32)((b[30] ) >> 0)) << 16) - | ((((sword32)((b[31] & 0xf )) >> 0)) << 24); - t[ 9] = (((sword32)((b[31] ) >> 4)) << 0) + | ((((sword32)((b[31] & 0xf )) >> 0)) << 24)); + t[ 9] = (word64)( + (((sword32)((b[31] ) >> 4)) << 0) | (((sword32)((b[32] ) >> 0)) << 4) | (((sword32)((b[33] ) >> 0)) << 12) - | (((sword32)((b[34] ) >> 0)) << 20); - t[10] = (((sword32)((b[35] ) >> 0)) << 0) + | (((sword32)((b[34] ) >> 0)) << 20)); + t[10] = (word64)( + (((sword32)((b[35] ) >> 0)) << 0) | (((sword32)((b[36] ) >> 0)) << 8) | (((sword32)((b[37] ) >> 0)) << 16) - | ((((sword32)((b[38] & 0xf )) >> 0)) << 24); - t[11] = (((sword32)((b[38] ) >> 4)) << 0) + | ((((sword32)((b[38] & 0xf )) >> 0)) << 24)); + t[11] = (word64)( + (((sword32)((b[38] ) >> 4)) << 0) | (((sword32)((b[39] ) >> 0)) << 4) | (((sword32)((b[40] ) >> 0)) << 12) - | (((sword32)((b[41] ) >> 0)) << 20); - t[12] = (((sword32)((b[42] ) >> 0)) << 0) + | (((sword32)((b[41] ) >> 0)) << 20)); + t[12] = (word64)( + (((sword32)((b[42] ) >> 0)) << 0) | (((sword32)((b[43] ) >> 0)) << 8) | (((sword32)((b[44] ) >> 0)) << 16) - | ((((sword32)((b[45] & 0xf )) >> 0)) << 24); - t[13] = (((sword32)((b[45] ) >> 4)) << 0) + | ((((sword32)((b[45] & 0xf )) >> 0)) << 24)); + t[13] = (word64)( + (((sword32)((b[45] ) >> 4)) << 0) | (((sword32)((b[46] ) >> 0)) << 4) | (((sword32)((b[47] ) >> 0)) << 12) - | (((sword32)((b[48] ) >> 0)) << 20); - t[14] = (((sword32)((b[49] ) >> 0)) << 0) + | (((sword32)((b[48] ) >> 0)) << 20)); + t[14] = (word64)( + (((sword32)((b[49] ) >> 0)) << 0) | (((sword32)((b[50] ) >> 0)) << 8) | (((sword32)((b[51] ) >> 0)) << 16) - | ((((sword32)((b[52] & 0xf )) >> 0)) << 24); - t[15] = (((sword32)((b[52] ) >> 4)) << 0) + | ((((sword32)((b[52] & 0xf )) >> 0)) << 24)); + t[15] = (word64)( + (((sword32)((b[52] ) >> 4)) << 0) | (((sword32)((b[53] ) >> 0)) << 4) | (((sword32)((b[54] ) >> 0)) << 12) - | (((sword32)((b[55] ) >> 0)) << 20); - t[16] = (((sword32)((b[56] ) >> 0)) << 0) + | (((sword32)((b[55] ) >> 0)) << 20)); + t[16] = (word64)( + (((sword32)((b[56] ) >> 0)) << 0) | (((sword32)((b[57] ) >> 0)) << 8) | (((sword32)((b[58] ) >> 0)) << 16) - | ((((sword32)((b[59] & 0xf )) >> 0)) << 24); - t[17] = (((sword32)((b[59] ) >> 4)) << 0) + | ((((sword32)((b[59] & 0xf )) >> 0)) << 24)); + t[17] = (word64)( + (((sword32)((b[59] ) >> 4)) << 0) | (((sword32)((b[60] ) >> 0)) << 4) | (((sword32)((b[61] ) >> 0)) << 12) - | (((sword32)((b[62] ) >> 0)) << 20); - t[18] = (((sword32)((b[63] ) >> 0)) << 0) + | (((sword32)((b[62] ) >> 0)) << 20)); + t[18] = (word64)( + (((sword32)((b[63] ) >> 0)) << 0) | (((sword32)((b[64] ) >> 0)) << 8) | (((sword32)((b[65] ) >> 0)) << 16) - | ((((sword32)((b[66] & 0xf )) >> 0)) << 24); - t[19] = (((sword32)((b[66] ) >> 4)) << 0) + | ((((sword32)((b[66] & 0xf )) >> 0)) << 24)); + t[19] = (word64)( + (((sword32)((b[66] ) >> 4)) << 0) | (((sword32)((b[67] ) >> 0)) << 4) | (((sword32)((b[68] ) >> 0)) << 12) - | (((sword32)((b[69] ) >> 0)) << 20); - t[20] = (((sword32)((b[70] ) >> 0)) << 0) + | (((sword32)((b[69] ) >> 0)) << 20)); + t[20] = (word64)( + (((sword32)((b[70] ) >> 0)) << 0) | (((sword32)((b[71] ) >> 0)) << 8) | (((sword32)((b[72] ) >> 0)) << 16) - | ((((sword32)((b[73] & 0xf )) >> 0)) << 24); - t[21] = (((sword32)((b[73] ) >> 4)) << 0) + | ((((sword32)((b[73] & 0xf )) >> 0)) << 24)); + t[21] = (word64)( + (((sword32)((b[73] ) >> 4)) << 0) | (((sword32)((b[74] ) >> 0)) << 4) | (((sword32)((b[75] ) >> 0)) << 12) - | (((sword32)((b[76] ) >> 0)) << 20); - t[22] = (((sword32)((b[77] ) >> 0)) << 0) + | (((sword32)((b[76] ) >> 0)) << 20)); + t[22] = (word64)( + (((sword32)((b[77] ) >> 0)) << 0) | (((sword32)((b[78] ) >> 0)) << 8) | (((sword32)((b[79] ) >> 0)) << 16) - | ((((sword32)((b[80] & 0xf )) >> 0)) << 24); - t[23] = (((sword32)((b[80] ) >> 4)) << 0) + | ((((sword32)((b[80] & 0xf )) >> 0)) << 24)); + t[23] = (word64)( + (((sword32)((b[80] ) >> 4)) << 0) | (((sword32)((b[81] ) >> 0)) << 4) | (((sword32)((b[82] ) >> 0)) << 12) - | (((sword32)((b[83] ) >> 0)) << 20); - t[24] = (((sword32)((b[84] ) >> 0)) << 0) + | (((sword32)((b[83] ) >> 0)) << 20)); + t[24] = (word64)( + (((sword32)((b[84] ) >> 0)) << 0) | (((sword32)((b[85] ) >> 0)) << 8) | (((sword32)((b[86] ) >> 0)) << 16) - | ((((sword32)((b[87] & 0xf )) >> 0)) << 24); - t[25] = (((sword32)((b[87] ) >> 4)) << 0) + | ((((sword32)((b[87] & 0xf )) >> 0)) << 24)); + t[25] = (word64)( + (((sword32)((b[87] ) >> 4)) << 0) | (((sword32)((b[88] ) >> 0)) << 4) | (((sword32)((b[89] ) >> 0)) << 12) - | (((sword32)((b[90] ) >> 0)) << 20); - t[26] = (((sword32)((b[91] ) >> 0)) << 0) + | (((sword32)((b[90] ) >> 0)) << 20)); + t[26] = (word64)( + (((sword32)((b[91] ) >> 0)) << 0) | (((sword32)((b[92] ) >> 0)) << 8) | (((sword32)((b[93] ) >> 0)) << 16) - | ((((sword32)((b[94] & 0xf )) >> 0)) << 24); - t[27] = (((sword32)((b[94] ) >> 4)) << 0) + | ((((sword32)((b[94] & 0xf )) >> 0)) << 24)); + t[27] = (word64)( + (((sword32)((b[94] ) >> 4)) << 0) | (((sword32)((b[95] ) >> 0)) << 4) | (((sword32)((b[96] ) >> 0)) << 12) - | (((sword32)((b[97] ) >> 0)) << 20); - t[28] = (((sword32)((b[98] ) >> 0)) << 0) + | (((sword32)((b[97] ) >> 0)) << 20)); + t[28] = (word64)( + (((sword32)((b[98] ) >> 0)) << 0) | (((sword32)((b[99] ) >> 0)) << 8) | (((sword32)((b[100] ) >> 0)) << 16) - | ((((sword32)((b[101] & 0xf )) >> 0)) << 24); - t[29] = (((sword32)((b[101] ) >> 4)) << 0) + | ((((sword32)((b[101] & 0xf )) >> 0)) << 24)); + t[29] = (word64)( + (((sword32)((b[101] ) >> 4)) << 0) | (((sword32)((b[102] ) >> 0)) << 4) | (((sword32)((b[103] ) >> 0)) << 12) - | (((sword32)((b[104] ) >> 0)) << 20); - t[30] = (((sword32)((b[105] ) >> 0)) << 0) + | (((sword32)((b[104] ) >> 0)) << 20)); + t[30] = (word64)( + (((sword32)((b[105] ) >> 0)) << 0) | (((sword32)((b[106] ) >> 0)) << 8) | (((sword32)((b[107] ) >> 0)) << 16) - | ((((sword32)((b[108] & 0xf )) >> 0)) << 24); - t[31] = (((sword32)((b[108] ) >> 4)) << 0) + | ((((sword32)((b[108] & 0xf )) >> 0)) << 24)); + t[31] = (word64)( + (((sword32)((b[108] ) >> 4)) << 0) | (((sword32)((b[109] ) >> 0)) << 4) | (((sword32)((b[110] ) >> 0)) << 12) - | (((sword32)((b[111] ) >> 0)) << 20); - t[32] = (((sword32)((b[112] ) >> 0)) << 0) - | (((sword32)((b[113] ) >> 0)) << 8); + | (((sword32)((b[111] ) >> 0)) << 20)); + t[32] = (word64)( + (((sword32)((b[112] ) >> 0)) << 0) + | (((sword32)((b[113] ) >> 0)) << 8)); /* Mod curve order */ /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */ @@ -5514,56 +5542,56 @@ void sc448_reduce(byte* b) b[ 0] = (byte)(d[0 ] >> 0); b[ 1] = (byte)(d[0 ] >> 8); b[ 2] = (byte)(d[0 ] >> 16); - b[ 3] = (byte)(d[0 ] >> 24) + (byte)((d[1 ] >> 0) << 4); + b[ 3] = (byte)((byte)(d[0 ] >> 24) + (byte)((d[1 ] >> 0) << 4)); b[ 4] = (byte)(d[1 ] >> 4); b[ 5] = (byte)(d[1 ] >> 12); b[ 6] = (byte)(d[1 ] >> 20); b[ 7] = (byte)(d[2 ] >> 0); b[ 8] = (byte)(d[2 ] >> 8); b[ 9] = (byte)(d[2 ] >> 16); - b[10] = (byte)(d[2 ] >> 24) + (byte)((d[3 ] >> 0) << 4); + b[10] = (byte)((byte)(d[2 ] >> 24) + (byte)((d[3 ] >> 0) << 4)); b[11] = (byte)(d[3 ] >> 4); b[12] = (byte)(d[3 ] >> 12); b[13] = (byte)(d[3 ] >> 20); b[14] = (byte)(d[4 ] >> 0); b[15] = (byte)(d[4 ] >> 8); b[16] = (byte)(d[4 ] >> 16); - b[17] = (byte)(d[4 ] >> 24) + (byte)((d[5 ] >> 0) << 4); + b[17] = (byte)((byte)(d[4 ] >> 24) + (byte)((d[5 ] >> 0) << 4)); b[18] = (byte)(d[5 ] >> 4); b[19] = (byte)(d[5 ] >> 12); b[20] = (byte)(d[5 ] >> 20); b[21] = (byte)(d[6 ] >> 0); b[22] = (byte)(d[6 ] >> 8); b[23] = (byte)(d[6 ] >> 16); - b[24] = (byte)(d[6 ] >> 24) + (byte)((d[7 ] >> 0) << 4); + b[24] = (byte)((byte)(d[6 ] >> 24) + (byte)((d[7 ] >> 0) << 4)); b[25] = (byte)(d[7 ] >> 4); b[26] = (byte)(d[7 ] >> 12); b[27] = (byte)(d[7 ] >> 20); b[28] = (byte)(d[8 ] >> 0); b[29] = (byte)(d[8 ] >> 8); b[30] = (byte)(d[8 ] >> 16); - b[31] = (byte)(d[8 ] >> 24) + (byte)((d[9 ] >> 0) << 4); + b[31] = (byte)((byte)(d[8 ] >> 24) + (byte)((d[9 ] >> 0) << 4)); b[32] = (byte)(d[9 ] >> 4); b[33] = (byte)(d[9 ] >> 12); b[34] = (byte)(d[9 ] >> 20); b[35] = (byte)(d[10] >> 0); b[36] = (byte)(d[10] >> 8); b[37] = (byte)(d[10] >> 16); - b[38] = (byte)(d[10] >> 24) + (byte)((d[11] >> 0) << 4); + b[38] = (byte)((byte)(d[10] >> 24) + (byte)((d[11] >> 0) << 4)); b[39] = (byte)(d[11] >> 4); b[40] = (byte)(d[11] >> 12); b[41] = (byte)(d[11] >> 20); b[42] = (byte)(d[12] >> 0); b[43] = (byte)(d[12] >> 8); b[44] = (byte)(d[12] >> 16); - b[45] = (byte)(d[12] >> 24) + (byte)((d[13] >> 0) << 4); + b[45] = (byte)((byte)(d[12] >> 24) + (byte)((d[13] >> 0) << 4)); b[46] = (byte)(d[13] >> 4); b[47] = (byte)(d[13] >> 12); b[48] = (byte)(d[13] >> 20); b[49] = (byte)(d[14] >> 0); b[50] = (byte)(d[14] >> 8); b[51] = (byte)(d[14] >> 16); - b[52] = (byte)(d[14] >> 24) + (byte)((d[15] >> 0) << 4); + b[52] = (byte)((byte)(d[14] >> 24) + (byte)((d[15] >> 0) << 4)); b[53] = (byte)(d[15] >> 4); b[54] = (byte)(d[15] >> 12); b[55] = (byte)(d[15] >> 20); @@ -5586,458 +5614,506 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) sword32 u; /* Load from bytes */ - ad[ 0] = (((sword32)((a[ 0] ) >> 0)) << 0) + ad[ 0] = (word32)( + (((sword32)((a[ 0] ) >> 0)) << 0) | (((sword32)((a[ 1] ) >> 0)) << 8) | (((sword32)((a[ 2] ) >> 0)) << 16) - | ((((sword32)((a[ 3] & 0xf )) >> 0)) << 24); - ad[ 1] = (((sword32)((a[ 3] ) >> 4)) << 0) + | ((((sword32)((a[ 3] & 0xf )) >> 0)) << 24)); + ad[ 1] = (word32)( + (((sword32)((a[ 3] ) >> 4)) << 0) | (((sword32)((a[ 4] ) >> 0)) << 4) | (((sword32)((a[ 5] ) >> 0)) << 12) - | (((sword32)((a[ 6] ) >> 0)) << 20); - ad[ 2] = (((sword32)((a[ 7] ) >> 0)) << 0) + | (((sword32)((a[ 6] ) >> 0)) << 20)); + ad[ 2] = (word32)( + (((sword32)((a[ 7] ) >> 0)) << 0) | (((sword32)((a[ 8] ) >> 0)) << 8) | (((sword32)((a[ 9] ) >> 0)) << 16) - | ((((sword32)((a[10] & 0xf )) >> 0)) << 24); - ad[ 3] = (((sword32)((a[10] ) >> 4)) << 0) + | ((((sword32)((a[10] & 0xf )) >> 0)) << 24)); + ad[ 3] = (word32)( + (((sword32)((a[10] ) >> 4)) << 0) | (((sword32)((a[11] ) >> 0)) << 4) | (((sword32)((a[12] ) >> 0)) << 12) - | (((sword32)((a[13] ) >> 0)) << 20); - ad[ 4] = (((sword32)((a[14] ) >> 0)) << 0) + | (((sword32)((a[13] ) >> 0)) << 20)); + ad[ 4] = (word32)( + (((sword32)((a[14] ) >> 0)) << 0) | (((sword32)((a[15] ) >> 0)) << 8) | (((sword32)((a[16] ) >> 0)) << 16) - | ((((sword32)((a[17] & 0xf )) >> 0)) << 24); - ad[ 5] = (((sword32)((a[17] ) >> 4)) << 0) + | ((((sword32)((a[17] & 0xf )) >> 0)) << 24)); + ad[ 5] = (word32)( + (((sword32)((a[17] ) >> 4)) << 0) | (((sword32)((a[18] ) >> 0)) << 4) | (((sword32)((a[19] ) >> 0)) << 12) - | (((sword32)((a[20] ) >> 0)) << 20); - ad[ 6] = (((sword32)((a[21] ) >> 0)) << 0) + | (((sword32)((a[20] ) >> 0)) << 20)); + ad[ 6] = (word32)( + (((sword32)((a[21] ) >> 0)) << 0) | (((sword32)((a[22] ) >> 0)) << 8) | (((sword32)((a[23] ) >> 0)) << 16) - | ((((sword32)((a[24] & 0xf )) >> 0)) << 24); - ad[ 7] = (((sword32)((a[24] ) >> 4)) << 0) + | ((((sword32)((a[24] & 0xf )) >> 0)) << 24)); + ad[ 7] = (word32)( + (((sword32)((a[24] ) >> 4)) << 0) | (((sword32)((a[25] ) >> 0)) << 4) | (((sword32)((a[26] ) >> 0)) << 12) - | (((sword32)((a[27] ) >> 0)) << 20); - ad[ 8] = (((sword32)((a[28] ) >> 0)) << 0) + | (((sword32)((a[27] ) >> 0)) << 20)); + ad[ 8] = (word32)( + (((sword32)((a[28] ) >> 0)) << 0) | (((sword32)((a[29] ) >> 0)) << 8) | (((sword32)((a[30] ) >> 0)) << 16) - | ((((sword32)((a[31] & 0xf )) >> 0)) << 24); - ad[ 9] = (((sword32)((a[31] ) >> 4)) << 0) + | ((((sword32)((a[31] & 0xf )) >> 0)) << 24)); + ad[ 9] = (word32)( + (((sword32)((a[31] ) >> 4)) << 0) | (((sword32)((a[32] ) >> 0)) << 4) | (((sword32)((a[33] ) >> 0)) << 12) - | (((sword32)((a[34] ) >> 0)) << 20); - ad[10] = (((sword32)((a[35] ) >> 0)) << 0) + | (((sword32)((a[34] ) >> 0)) << 20)); + ad[10] = (word32)( + (((sword32)((a[35] ) >> 0)) << 0) | (((sword32)((a[36] ) >> 0)) << 8) | (((sword32)((a[37] ) >> 0)) << 16) - | ((((sword32)((a[38] & 0xf )) >> 0)) << 24); - ad[11] = (((sword32)((a[38] ) >> 4)) << 0) + | ((((sword32)((a[38] & 0xf )) >> 0)) << 24)); + ad[11] = (word32)( + (((sword32)((a[38] ) >> 4)) << 0) | (((sword32)((a[39] ) >> 0)) << 4) | (((sword32)((a[40] ) >> 0)) << 12) - | (((sword32)((a[41] ) >> 0)) << 20); - ad[12] = (((sword32)((a[42] ) >> 0)) << 0) + | (((sword32)((a[41] ) >> 0)) << 20)); + ad[12] = (word32)( + (((sword32)((a[42] ) >> 0)) << 0) | (((sword32)((a[43] ) >> 0)) << 8) | (((sword32)((a[44] ) >> 0)) << 16) - | ((((sword32)((a[45] & 0xf )) >> 0)) << 24); - ad[13] = (((sword32)((a[45] ) >> 4)) << 0) + | ((((sword32)((a[45] & 0xf )) >> 0)) << 24)); + ad[13] = (word32)( + (((sword32)((a[45] ) >> 4)) << 0) | (((sword32)((a[46] ) >> 0)) << 4) | (((sword32)((a[47] ) >> 0)) << 12) - | (((sword32)((a[48] ) >> 0)) << 20); - ad[14] = (((sword32)((a[49] ) >> 0)) << 0) + | (((sword32)((a[48] ) >> 0)) << 20)); + ad[14] = (word32)( + (((sword32)((a[49] ) >> 0)) << 0) | (((sword32)((a[50] ) >> 0)) << 8) | (((sword32)((a[51] ) >> 0)) << 16) - | ((((sword32)((a[52] & 0xf )) >> 0)) << 24); - ad[15] = (((sword32)((a[52] ) >> 4)) << 0) + | ((((sword32)((a[52] & 0xf )) >> 0)) << 24)); + ad[15] = (word32)( + (((sword32)((a[52] ) >> 4)) << 0) | (((sword32)((a[53] ) >> 0)) << 4) | (((sword32)((a[54] ) >> 0)) << 12) - | (((sword32)((a[55] ) >> 0)) << 20); + | (((sword32)((a[55] ) >> 0)) << 20)); /* Load from bytes */ - bd[ 0] = (((sword32)((b[ 0] ) >> 0)) << 0) + bd[ 0] = (word32)( + (((sword32)((b[ 0] ) >> 0)) << 0) | (((sword32)((b[ 1] ) >> 0)) << 8) | (((sword32)((b[ 2] ) >> 0)) << 16) - | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24); - bd[ 1] = (((sword32)((b[ 3] ) >> 4)) << 0) + | ((((sword32)((b[ 3] & 0xf )) >> 0)) << 24)); + bd[ 1] = (word32)( + (((sword32)((b[ 3] ) >> 4)) << 0) | (((sword32)((b[ 4] ) >> 0)) << 4) | (((sword32)((b[ 5] ) >> 0)) << 12) - | (((sword32)((b[ 6] ) >> 0)) << 20); - bd[ 2] = (((sword32)((b[ 7] ) >> 0)) << 0) + | (((sword32)((b[ 6] ) >> 0)) << 20)); + bd[ 2] = (word32)( + (((sword32)((b[ 7] ) >> 0)) << 0) | (((sword32)((b[ 8] ) >> 0)) << 8) | (((sword32)((b[ 9] ) >> 0)) << 16) - | ((((sword32)((b[10] & 0xf )) >> 0)) << 24); - bd[ 3] = (((sword32)((b[10] ) >> 4)) << 0) + | ((((sword32)((b[10] & 0xf )) >> 0)) << 24)); + bd[ 3] = (word32)( + (((sword32)((b[10] ) >> 4)) << 0) | (((sword32)((b[11] ) >> 0)) << 4) | (((sword32)((b[12] ) >> 0)) << 12) - | (((sword32)((b[13] ) >> 0)) << 20); - bd[ 4] = (((sword32)((b[14] ) >> 0)) << 0) + | (((sword32)((b[13] ) >> 0)) << 20)); + bd[ 4] = (word32)( + (((sword32)((b[14] ) >> 0)) << 0) | (((sword32)((b[15] ) >> 0)) << 8) | (((sword32)((b[16] ) >> 0)) << 16) - | ((((sword32)((b[17] & 0xf )) >> 0)) << 24); - bd[ 5] = (((sword32)((b[17] ) >> 4)) << 0) + | ((((sword32)((b[17] & 0xf )) >> 0)) << 24)); + bd[ 5] = (word32)( + (((sword32)((b[17] ) >> 4)) << 0) | (((sword32)((b[18] ) >> 0)) << 4) | (((sword32)((b[19] ) >> 0)) << 12) - | (((sword32)((b[20] ) >> 0)) << 20); - bd[ 6] = (((sword32)((b[21] ) >> 0)) << 0) + | (((sword32)((b[20] ) >> 0)) << 20)); + bd[ 6] = (word32)( + (((sword32)((b[21] ) >> 0)) << 0) | (((sword32)((b[22] ) >> 0)) << 8) | (((sword32)((b[23] ) >> 0)) << 16) - | ((((sword32)((b[24] & 0xf )) >> 0)) << 24); - bd[ 7] = (((sword32)((b[24] ) >> 4)) << 0) + | ((((sword32)((b[24] & 0xf )) >> 0)) << 24)); + bd[ 7] = (word32)( + (((sword32)((b[24] ) >> 4)) << 0) | (((sword32)((b[25] ) >> 0)) << 4) | (((sword32)((b[26] ) >> 0)) << 12) - | (((sword32)((b[27] ) >> 0)) << 20); - bd[ 8] = (((sword32)((b[28] ) >> 0)) << 0) + | (((sword32)((b[27] ) >> 0)) << 20)); + bd[ 8] = (word32)( + (((sword32)((b[28] ) >> 0)) << 0) | (((sword32)((b[29] ) >> 0)) << 8) | (((sword32)((b[30] ) >> 0)) << 16) - | ((((sword32)((b[31] & 0xf )) >> 0)) << 24); - bd[ 9] = (((sword32)((b[31] ) >> 4)) << 0) + | ((((sword32)((b[31] & 0xf )) >> 0)) << 24)); + bd[ 9] = (word32)( + (((sword32)((b[31] ) >> 4)) << 0) | (((sword32)((b[32] ) >> 0)) << 4) | (((sword32)((b[33] ) >> 0)) << 12) - | (((sword32)((b[34] ) >> 0)) << 20); - bd[10] = (((sword32)((b[35] ) >> 0)) << 0) + | (((sword32)((b[34] ) >> 0)) << 20)); + bd[10] = (word32)( + (((sword32)((b[35] ) >> 0)) << 0) | (((sword32)((b[36] ) >> 0)) << 8) | (((sword32)((b[37] ) >> 0)) << 16) - | ((((sword32)((b[38] & 0xf )) >> 0)) << 24); - bd[11] = (((sword32)((b[38] ) >> 4)) << 0) + | ((((sword32)((b[38] & 0xf )) >> 0)) << 24)); + bd[11] = (word32)( + (((sword32)((b[38] ) >> 4)) << 0) | (((sword32)((b[39] ) >> 0)) << 4) | (((sword32)((b[40] ) >> 0)) << 12) - | (((sword32)((b[41] ) >> 0)) << 20); - bd[12] = (((sword32)((b[42] ) >> 0)) << 0) + | (((sword32)((b[41] ) >> 0)) << 20)); + bd[12] = (word32)( + (((sword32)((b[42] ) >> 0)) << 0) | (((sword32)((b[43] ) >> 0)) << 8) | (((sword32)((b[44] ) >> 0)) << 16) - | ((((sword32)((b[45] & 0xf )) >> 0)) << 24); - bd[13] = (((sword32)((b[45] ) >> 4)) << 0) + | ((((sword32)((b[45] & 0xf )) >> 0)) << 24)); + bd[13] = (word32)( + (((sword32)((b[45] ) >> 4)) << 0) | (((sword32)((b[46] ) >> 0)) << 4) | (((sword32)((b[47] ) >> 0)) << 12) - | (((sword32)((b[48] ) >> 0)) << 20); - bd[14] = (((sword32)((b[49] ) >> 0)) << 0) + | (((sword32)((b[48] ) >> 0)) << 20)); + bd[14] = (word32)( + (((sword32)((b[49] ) >> 0)) << 0) | (((sword32)((b[50] ) >> 0)) << 8) | (((sword32)((b[51] ) >> 0)) << 16) - | ((((sword32)((b[52] & 0xf )) >> 0)) << 24); - bd[15] = (((sword32)((b[52] ) >> 4)) << 0) + | ((((sword32)((b[52] & 0xf )) >> 0)) << 24)); + bd[15] = (word32)( + (((sword32)((b[52] ) >> 4)) << 0) | (((sword32)((b[53] ) >> 0)) << 4) | (((sword32)((b[54] ) >> 0)) << 12) - | (((sword32)((b[55] ) >> 0)) << 20); + | (((sword32)((b[55] ) >> 0)) << 20)); /* Load from bytes */ - dd[ 0] = (((sword32)((d[ 0] ) >> 0)) << 0) + dd[ 0] = (word32)( + (((sword32)((d[ 0] ) >> 0)) << 0) | (((sword32)((d[ 1] ) >> 0)) << 8) | (((sword32)((d[ 2] ) >> 0)) << 16) - | ((((sword32)((d[ 3] & 0xf )) >> 0)) << 24); - dd[ 1] = (((sword32)((d[ 3] ) >> 4)) << 0) + | ((((sword32)((d[ 3] & 0xf )) >> 0)) << 24)); + dd[ 1] = (word32)( + (((sword32)((d[ 3] ) >> 4)) << 0) | (((sword32)((d[ 4] ) >> 0)) << 4) | (((sword32)((d[ 5] ) >> 0)) << 12) - | (((sword32)((d[ 6] ) >> 0)) << 20); - dd[ 2] = (((sword32)((d[ 7] ) >> 0)) << 0) + | (((sword32)((d[ 6] ) >> 0)) << 20)); + dd[ 2] = (word32)( + (((sword32)((d[ 7] ) >> 0)) << 0) | (((sword32)((d[ 8] ) >> 0)) << 8) | (((sword32)((d[ 9] ) >> 0)) << 16) - | ((((sword32)((d[10] & 0xf )) >> 0)) << 24); - dd[ 3] = (((sword32)((d[10] ) >> 4)) << 0) + | ((((sword32)((d[10] & 0xf )) >> 0)) << 24)); + dd[ 3] = (word32)( + (((sword32)((d[10] ) >> 4)) << 0) | (((sword32)((d[11] ) >> 0)) << 4) | (((sword32)((d[12] ) >> 0)) << 12) - | (((sword32)((d[13] ) >> 0)) << 20); - dd[ 4] = (((sword32)((d[14] ) >> 0)) << 0) + | (((sword32)((d[13] ) >> 0)) << 20)); + dd[ 4] = (word32)( + (((sword32)((d[14] ) >> 0)) << 0) | (((sword32)((d[15] ) >> 0)) << 8) | (((sword32)((d[16] ) >> 0)) << 16) - | ((((sword32)((d[17] & 0xf )) >> 0)) << 24); - dd[ 5] = (((sword32)((d[17] ) >> 4)) << 0) + | ((((sword32)((d[17] & 0xf )) >> 0)) << 24)); + dd[ 5] = (word32)( + (((sword32)((d[17] ) >> 4)) << 0) | (((sword32)((d[18] ) >> 0)) << 4) | (((sword32)((d[19] ) >> 0)) << 12) - | (((sword32)((d[20] ) >> 0)) << 20); - dd[ 6] = (((sword32)((d[21] ) >> 0)) << 0) + | (((sword32)((d[20] ) >> 0)) << 20)); + dd[ 6] = (word32)( + (((sword32)((d[21] ) >> 0)) << 0) | (((sword32)((d[22] ) >> 0)) << 8) | (((sword32)((d[23] ) >> 0)) << 16) - | ((((sword32)((d[24] & 0xf )) >> 0)) << 24); - dd[ 7] = (((sword32)((d[24] ) >> 4)) << 0) + | ((((sword32)((d[24] & 0xf )) >> 0)) << 24)); + dd[ 7] = (word32)( + (((sword32)((d[24] ) >> 4)) << 0) | (((sword32)((d[25] ) >> 0)) << 4) | (((sword32)((d[26] ) >> 0)) << 12) - | (((sword32)((d[27] ) >> 0)) << 20); - dd[ 8] = (((sword32)((d[28] ) >> 0)) << 0) + | (((sword32)((d[27] ) >> 0)) << 20)); + dd[ 8] = (word32)( + (((sword32)((d[28] ) >> 0)) << 0) | (((sword32)((d[29] ) >> 0)) << 8) | (((sword32)((d[30] ) >> 0)) << 16) - | ((((sword32)((d[31] & 0xf )) >> 0)) << 24); - dd[ 9] = (((sword32)((d[31] ) >> 4)) << 0) + | ((((sword32)((d[31] & 0xf )) >> 0)) << 24)); + dd[ 9] = (word32)( + (((sword32)((d[31] ) >> 4)) << 0) | (((sword32)((d[32] ) >> 0)) << 4) | (((sword32)((d[33] ) >> 0)) << 12) - | (((sword32)((d[34] ) >> 0)) << 20); - dd[10] = (((sword32)((d[35] ) >> 0)) << 0) + | (((sword32)((d[34] ) >> 0)) << 20)); + dd[10] = (word32)( + (((sword32)((d[35] ) >> 0)) << 0) | (((sword32)((d[36] ) >> 0)) << 8) | (((sword32)((d[37] ) >> 0)) << 16) - | ((((sword32)((d[38] & 0xf )) >> 0)) << 24); - dd[11] = (((sword32)((d[38] ) >> 4)) << 0) + | ((((sword32)((d[38] & 0xf )) >> 0)) << 24)); + dd[11] = (word32)( + (((sword32)((d[38] ) >> 4)) << 0) | (((sword32)((d[39] ) >> 0)) << 4) | (((sword32)((d[40] ) >> 0)) << 12) - | (((sword32)((d[41] ) >> 0)) << 20); - dd[12] = (((sword32)((d[42] ) >> 0)) << 0) + | (((sword32)((d[41] ) >> 0)) << 20)); + dd[12] = (word32)( + (((sword32)((d[42] ) >> 0)) << 0) | (((sword32)((d[43] ) >> 0)) << 8) | (((sword32)((d[44] ) >> 0)) << 16) - | ((((sword32)((d[45] & 0xf )) >> 0)) << 24); - dd[13] = (((sword32)((d[45] ) >> 4)) << 0) + | ((((sword32)((d[45] & 0xf )) >> 0)) << 24)); + dd[13] = (word32)( + (((sword32)((d[45] ) >> 4)) << 0) | (((sword32)((d[46] ) >> 0)) << 4) | (((sword32)((d[47] ) >> 0)) << 12) - | (((sword32)((d[48] ) >> 0)) << 20); - dd[14] = (((sword32)((d[49] ) >> 0)) << 0) + | (((sword32)((d[48] ) >> 0)) << 20)); + dd[14] = (word32)( + (((sword32)((d[49] ) >> 0)) << 0) | (((sword32)((d[50] ) >> 0)) << 8) | (((sword32)((d[51] ) >> 0)) << 16) - | ((((sword32)((d[52] & 0xf )) >> 0)) << 24); - dd[15] = (((sword32)((d[52] ) >> 4)) << 0) + | ((((sword32)((d[52] & 0xf )) >> 0)) << 24)); + dd[15] = (word32)( + (((sword32)((d[52] ) >> 4)) << 0) | (((sword32)((d[53] ) >> 0)) << 4) | (((sword32)((d[54] ) >> 0)) << 12) - | (((sword32)((d[55] ) >> 0)) << 20); + | (((sword32)((d[55] ) >> 0)) << 20)); /* a * b + d */ - t[ 0] = (word64)dd[ 0] + (sword64)ad[ 0] * bd[ 0]; - t[ 1] = (word64)dd[ 1] + (sword64)ad[ 0] * bd[ 1] - + (sword64)ad[ 1] * bd[ 0]; - t[ 2] = (word64)dd[ 2] + (sword64)ad[ 0] * bd[ 2] - + (sword64)ad[ 1] * bd[ 1] - + (sword64)ad[ 2] * bd[ 0]; - t[ 3] = (word64)dd[ 3] + (sword64)ad[ 0] * bd[ 3] - + (sword64)ad[ 1] * bd[ 2] - + (sword64)ad[ 2] * bd[ 1] - + (sword64)ad[ 3] * bd[ 0]; - t[ 4] = (word64)dd[ 4] + (sword64)ad[ 0] * bd[ 4] - + (sword64)ad[ 1] * bd[ 3] - + (sword64)ad[ 2] * bd[ 2] - + (sword64)ad[ 3] * bd[ 1] - + (sword64)ad[ 4] * bd[ 0]; - t[ 5] = (word64)dd[ 5] + (sword64)ad[ 0] * bd[ 5] - + (sword64)ad[ 1] * bd[ 4] - + (sword64)ad[ 2] * bd[ 3] - + (sword64)ad[ 3] * bd[ 2] - + (sword64)ad[ 4] * bd[ 1] - + (sword64)ad[ 5] * bd[ 0]; - t[ 6] = (word64)dd[ 6] + (sword64)ad[ 0] * bd[ 6] - + (sword64)ad[ 1] * bd[ 5] - + (sword64)ad[ 2] * bd[ 4] - + (sword64)ad[ 3] * bd[ 3] - + (sword64)ad[ 4] * bd[ 2] - + (sword64)ad[ 5] * bd[ 1] - + (sword64)ad[ 6] * bd[ 0]; - t[ 7] = (word64)dd[ 7] + (sword64)ad[ 0] * bd[ 7] - + (sword64)ad[ 1] * bd[ 6] - + (sword64)ad[ 2] * bd[ 5] - + (sword64)ad[ 3] * bd[ 4] - + (sword64)ad[ 4] * bd[ 3] - + (sword64)ad[ 5] * bd[ 2] - + (sword64)ad[ 6] * bd[ 1] - + (sword64)ad[ 7] * bd[ 0]; - t[ 8] = (word64)dd[ 8] + (sword64)ad[ 0] * bd[ 8] - + (sword64)ad[ 1] * bd[ 7] - + (sword64)ad[ 2] * bd[ 6] - + (sword64)ad[ 3] * bd[ 5] - + (sword64)ad[ 4] * bd[ 4] - + (sword64)ad[ 5] * bd[ 3] - + (sword64)ad[ 6] * bd[ 2] - + (sword64)ad[ 7] * bd[ 1] - + (sword64)ad[ 8] * bd[ 0]; - t[ 9] = (word64)dd[ 9] + (sword64)ad[ 0] * bd[ 9] - + (sword64)ad[ 1] * bd[ 8] - + (sword64)ad[ 2] * bd[ 7] - + (sword64)ad[ 3] * bd[ 6] - + (sword64)ad[ 4] * bd[ 5] - + (sword64)ad[ 5] * bd[ 4] - + (sword64)ad[ 6] * bd[ 3] - + (sword64)ad[ 7] * bd[ 2] - + (sword64)ad[ 8] * bd[ 1] - + (sword64)ad[ 9] * bd[ 0]; - t[10] = (word64)dd[10] + (sword64)ad[ 0] * bd[10] - + (sword64)ad[ 1] * bd[ 9] - + (sword64)ad[ 2] * bd[ 8] - + (sword64)ad[ 3] * bd[ 7] - + (sword64)ad[ 4] * bd[ 6] - + (sword64)ad[ 5] * bd[ 5] - + (sword64)ad[ 6] * bd[ 4] - + (sword64)ad[ 7] * bd[ 3] - + (sword64)ad[ 8] * bd[ 2] - + (sword64)ad[ 9] * bd[ 1] - + (sword64)ad[10] * bd[ 0]; - t[11] = (word64)dd[11] + (sword64)ad[ 0] * bd[11] - + (sword64)ad[ 1] * bd[10] - + (sword64)ad[ 2] * bd[ 9] - + (sword64)ad[ 3] * bd[ 8] - + (sword64)ad[ 4] * bd[ 7] - + (sword64)ad[ 5] * bd[ 6] - + (sword64)ad[ 6] * bd[ 5] - + (sword64)ad[ 7] * bd[ 4] - + (sword64)ad[ 8] * bd[ 3] - + (sword64)ad[ 9] * bd[ 2] - + (sword64)ad[10] * bd[ 1] - + (sword64)ad[11] * bd[ 0]; - t[12] = (word64)dd[12] + (sword64)ad[ 0] * bd[12] - + (sword64)ad[ 1] * bd[11] - + (sword64)ad[ 2] * bd[10] - + (sword64)ad[ 3] * bd[ 9] - + (sword64)ad[ 4] * bd[ 8] - + (sword64)ad[ 5] * bd[ 7] - + (sword64)ad[ 6] * bd[ 6] - + (sword64)ad[ 7] * bd[ 5] - + (sword64)ad[ 8] * bd[ 4] - + (sword64)ad[ 9] * bd[ 3] - + (sword64)ad[10] * bd[ 2] - + (sword64)ad[11] * bd[ 1] - + (sword64)ad[12] * bd[ 0]; - t[13] = (word64)dd[13] + (sword64)ad[ 0] * bd[13] - + (sword64)ad[ 1] * bd[12] - + (sword64)ad[ 2] * bd[11] - + (sword64)ad[ 3] * bd[10] - + (sword64)ad[ 4] * bd[ 9] - + (sword64)ad[ 5] * bd[ 8] - + (sword64)ad[ 6] * bd[ 7] - + (sword64)ad[ 7] * bd[ 6] - + (sword64)ad[ 8] * bd[ 5] - + (sword64)ad[ 9] * bd[ 4] - + (sword64)ad[10] * bd[ 3] - + (sword64)ad[11] * bd[ 2] - + (sword64)ad[12] * bd[ 1] - + (sword64)ad[13] * bd[ 0]; - t[14] = (word64)dd[14] + (sword64)ad[ 0] * bd[14] - + (sword64)ad[ 1] * bd[13] - + (sword64)ad[ 2] * bd[12] - + (sword64)ad[ 3] * bd[11] - + (sword64)ad[ 4] * bd[10] - + (sword64)ad[ 5] * bd[ 9] - + (sword64)ad[ 6] * bd[ 8] - + (sword64)ad[ 7] * bd[ 7] - + (sword64)ad[ 8] * bd[ 6] - + (sword64)ad[ 9] * bd[ 5] - + (sword64)ad[10] * bd[ 4] - + (sword64)ad[11] * bd[ 3] - + (sword64)ad[12] * bd[ 2] - + (sword64)ad[13] * bd[ 1] - + (sword64)ad[14] * bd[ 0]; - t[15] = (word64)dd[15] + (sword64)ad[ 0] * bd[15] - + (sword64)ad[ 1] * bd[14] - + (sword64)ad[ 2] * bd[13] - + (sword64)ad[ 3] * bd[12] - + (sword64)ad[ 4] * bd[11] - + (sword64)ad[ 5] * bd[10] - + (sword64)ad[ 6] * bd[ 9] - + (sword64)ad[ 7] * bd[ 8] - + (sword64)ad[ 8] * bd[ 7] - + (sword64)ad[ 9] * bd[ 6] - + (sword64)ad[10] * bd[ 5] - + (sword64)ad[11] * bd[ 4] - + (sword64)ad[12] * bd[ 3] - + (sword64)ad[13] * bd[ 2] - + (sword64)ad[14] * bd[ 1] - + (sword64)ad[15] * bd[ 0]; - t[16] = (word64) (sword64)ad[ 1] * bd[15] - + (sword64)ad[ 2] * bd[14] - + (sword64)ad[ 3] * bd[13] - + (sword64)ad[ 4] * bd[12] - + (sword64)ad[ 5] * bd[11] - + (sword64)ad[ 6] * bd[10] - + (sword64)ad[ 7] * bd[ 9] - + (sword64)ad[ 8] * bd[ 8] - + (sword64)ad[ 9] * bd[ 7] - + (sword64)ad[10] * bd[ 6] - + (sword64)ad[11] * bd[ 5] - + (sword64)ad[12] * bd[ 4] - + (sword64)ad[13] * bd[ 3] - + (sword64)ad[14] * bd[ 2] - + (sword64)ad[15] * bd[ 1]; - t[17] = (word64) (sword64)ad[ 2] * bd[15] - + (sword64)ad[ 3] * bd[14] - + (sword64)ad[ 4] * bd[13] - + (sword64)ad[ 5] * bd[12] - + (sword64)ad[ 6] * bd[11] - + (sword64)ad[ 7] * bd[10] - + (sword64)ad[ 8] * bd[ 9] - + (sword64)ad[ 9] * bd[ 8] - + (sword64)ad[10] * bd[ 7] - + (sword64)ad[11] * bd[ 6] - + (sword64)ad[12] * bd[ 5] - + (sword64)ad[13] * bd[ 4] - + (sword64)ad[14] * bd[ 3] - + (sword64)ad[15] * bd[ 2]; - t[18] = (word64) (sword64)ad[ 3] * bd[15] - + (sword64)ad[ 4] * bd[14] - + (sword64)ad[ 5] * bd[13] - + (sword64)ad[ 6] * bd[12] - + (sword64)ad[ 7] * bd[11] - + (sword64)ad[ 8] * bd[10] - + (sword64)ad[ 9] * bd[ 9] - + (sword64)ad[10] * bd[ 8] - + (sword64)ad[11] * bd[ 7] - + (sword64)ad[12] * bd[ 6] - + (sword64)ad[13] * bd[ 5] - + (sword64)ad[14] * bd[ 4] - + (sword64)ad[15] * bd[ 3]; - t[19] = (word64) (sword64)ad[ 4] * bd[15] - + (sword64)ad[ 5] * bd[14] - + (sword64)ad[ 6] * bd[13] - + (sword64)ad[ 7] * bd[12] - + (sword64)ad[ 8] * bd[11] - + (sword64)ad[ 9] * bd[10] - + (sword64)ad[10] * bd[ 9] - + (sword64)ad[11] * bd[ 8] - + (sword64)ad[12] * bd[ 7] - + (sword64)ad[13] * bd[ 6] - + (sword64)ad[14] * bd[ 5] - + (sword64)ad[15] * bd[ 4]; - t[20] = (word64) (sword64)ad[ 5] * bd[15] - + (sword64)ad[ 6] * bd[14] - + (sword64)ad[ 7] * bd[13] - + (sword64)ad[ 8] * bd[12] - + (sword64)ad[ 9] * bd[11] - + (sword64)ad[10] * bd[10] - + (sword64)ad[11] * bd[ 9] - + (sword64)ad[12] * bd[ 8] - + (sword64)ad[13] * bd[ 7] - + (sword64)ad[14] * bd[ 6] - + (sword64)ad[15] * bd[ 5]; - t[21] = (word64) (sword64)ad[ 6] * bd[15] - + (sword64)ad[ 7] * bd[14] - + (sword64)ad[ 8] * bd[13] - + (sword64)ad[ 9] * bd[12] - + (sword64)ad[10] * bd[11] - + (sword64)ad[11] * bd[10] - + (sword64)ad[12] * bd[ 9] - + (sword64)ad[13] * bd[ 8] - + (sword64)ad[14] * bd[ 7] - + (sword64)ad[15] * bd[ 6]; - t[22] = (word64) (sword64)ad[ 7] * bd[15] - + (sword64)ad[ 8] * bd[14] - + (sword64)ad[ 9] * bd[13] - + (sword64)ad[10] * bd[12] - + (sword64)ad[11] * bd[11] - + (sword64)ad[12] * bd[10] - + (sword64)ad[13] * bd[ 9] - + (sword64)ad[14] * bd[ 8] - + (sword64)ad[15] * bd[ 7]; - t[23] = (word64) (sword64)ad[ 8] * bd[15] - + (sword64)ad[ 9] * bd[14] - + (sword64)ad[10] * bd[13] - + (sword64)ad[11] * bd[12] - + (sword64)ad[12] * bd[11] - + (sword64)ad[13] * bd[10] - + (sword64)ad[14] * bd[ 9] - + (sword64)ad[15] * bd[ 8]; - t[24] = (word64) (sword64)ad[ 9] * bd[15] - + (sword64)ad[10] * bd[14] - + (sword64)ad[11] * bd[13] - + (sword64)ad[12] * bd[12] - + (sword64)ad[13] * bd[11] - + (sword64)ad[14] * bd[10] - + (sword64)ad[15] * bd[ 9]; - t[25] = (word64) (sword64)ad[10] * bd[15] - + (sword64)ad[11] * bd[14] - + (sword64)ad[12] * bd[13] - + (sword64)ad[13] * bd[12] - + (sword64)ad[14] * bd[11] - + (sword64)ad[15] * bd[10]; - t[26] = (word64) (sword64)ad[11] * bd[15] - + (sword64)ad[12] * bd[14] - + (sword64)ad[13] * bd[13] - + (sword64)ad[14] * bd[12] - + (sword64)ad[15] * bd[11]; - t[27] = (word64) (sword64)ad[12] * bd[15] - + (sword64)ad[13] * bd[14] - + (sword64)ad[14] * bd[13] - + (sword64)ad[15] * bd[12]; - t[28] = (word64) (sword64)ad[13] * bd[15] - + (sword64)ad[14] * bd[14] - + (sword64)ad[15] * bd[13]; - t[29] = (word64) (sword64)ad[14] * bd[15] - + (sword64)ad[15] * bd[14]; - t[30] = (word64) (sword64)ad[15] * bd[15]; + t[ 0] = (word64)(dd[ 0] + (word64)((sword64)ad[ 0] * bd[ 0])); + t[ 1] = (word64)(dd[ 1] + (word64)((sword64)ad[ 0] * bd[ 1] + + (sword64)ad[ 1] * bd[ 0])); + t[ 2] = (word64)(dd[ 2] + (word64)((sword64)ad[ 0] * bd[ 2] + + (sword64)ad[ 1] * bd[ 1] + + (sword64)ad[ 2] * bd[ 0])); + t[ 3] = (word64)(dd[ 3] + (word64)((sword64)ad[ 0] * bd[ 3] + + (sword64)ad[ 1] * bd[ 2] + + (sword64)ad[ 2] * bd[ 1] + + (sword64)ad[ 3] * bd[ 0])); + t[ 4] = (word64)(dd[ 4] + (word64)((sword64)ad[ 0] * bd[ 4] + + (sword64)ad[ 1] * bd[ 3] + + (sword64)ad[ 2] * bd[ 2] + + (sword64)ad[ 3] * bd[ 1] + + (sword64)ad[ 4] * bd[ 0])); + t[ 5] = (word64)(dd[ 5] + (word64)((sword64)ad[ 0] * bd[ 5] + + (sword64)ad[ 1] * bd[ 4] + + (sword64)ad[ 2] * bd[ 3] + + (sword64)ad[ 3] * bd[ 2] + + (sword64)ad[ 4] * bd[ 1] + + (sword64)ad[ 5] * bd[ 0])); + t[ 6] = (word64)(dd[ 6] + (word64)((sword64)ad[ 0] * bd[ 6] + + (sword64)ad[ 1] * bd[ 5] + + (sword64)ad[ 2] * bd[ 4] + + (sword64)ad[ 3] * bd[ 3] + + (sword64)ad[ 4] * bd[ 2] + + (sword64)ad[ 5] * bd[ 1] + + (sword64)ad[ 6] * bd[ 0])); + t[ 7] = (word64)(dd[ 7] + (word64)((sword64)ad[ 0] * bd[ 7] + + (sword64)ad[ 1] * bd[ 6] + + (sword64)ad[ 2] * bd[ 5] + + (sword64)ad[ 3] * bd[ 4] + + (sword64)ad[ 4] * bd[ 3] + + (sword64)ad[ 5] * bd[ 2] + + (sword64)ad[ 6] * bd[ 1] + + (sword64)ad[ 7] * bd[ 0])); + t[ 8] = (word64)(dd[ 8] + (word64)((sword64)ad[ 0] * bd[ 8] + + (sword64)ad[ 1] * bd[ 7] + + (sword64)ad[ 2] * bd[ 6] + + (sword64)ad[ 3] * bd[ 5] + + (sword64)ad[ 4] * bd[ 4] + + (sword64)ad[ 5] * bd[ 3] + + (sword64)ad[ 6] * bd[ 2] + + (sword64)ad[ 7] * bd[ 1] + + (sword64)ad[ 8] * bd[ 0])); + t[ 9] = (word64)(dd[ 9] + (word64)((sword64)ad[ 0] * bd[ 9] + + (sword64)ad[ 1] * bd[ 8] + + (sword64)ad[ 2] * bd[ 7] + + (sword64)ad[ 3] * bd[ 6] + + (sword64)ad[ 4] * bd[ 5] + + (sword64)ad[ 5] * bd[ 4] + + (sword64)ad[ 6] * bd[ 3] + + (sword64)ad[ 7] * bd[ 2] + + (sword64)ad[ 8] * bd[ 1] + + (sword64)ad[ 9] * bd[ 0])); + t[10] = (word64)(dd[10] + (word64)((sword64)ad[ 0] * bd[10] + + (sword64)ad[ 1] * bd[ 9] + + (sword64)ad[ 2] * bd[ 8] + + (sword64)ad[ 3] * bd[ 7] + + (sword64)ad[ 4] * bd[ 6] + + (sword64)ad[ 5] * bd[ 5] + + (sword64)ad[ 6] * bd[ 4] + + (sword64)ad[ 7] * bd[ 3] + + (sword64)ad[ 8] * bd[ 2] + + (sword64)ad[ 9] * bd[ 1] + + (sword64)ad[10] * bd[ 0])); + t[11] = (word64)(dd[11] + (word64)((sword64)ad[ 0] * bd[11] + + (sword64)ad[ 1] * bd[10] + + (sword64)ad[ 2] * bd[ 9] + + (sword64)ad[ 3] * bd[ 8] + + (sword64)ad[ 4] * bd[ 7] + + (sword64)ad[ 5] * bd[ 6] + + (sword64)ad[ 6] * bd[ 5] + + (sword64)ad[ 7] * bd[ 4] + + (sword64)ad[ 8] * bd[ 3] + + (sword64)ad[ 9] * bd[ 2] + + (sword64)ad[10] * bd[ 1] + + (sword64)ad[11] * bd[ 0])); + t[12] = (word64)(dd[12] + (word64)((sword64)ad[ 0] * bd[12] + + (sword64)ad[ 1] * bd[11] + + (sword64)ad[ 2] * bd[10] + + (sword64)ad[ 3] * bd[ 9] + + (sword64)ad[ 4] * bd[ 8] + + (sword64)ad[ 5] * bd[ 7] + + (sword64)ad[ 6] * bd[ 6] + + (sword64)ad[ 7] * bd[ 5] + + (sword64)ad[ 8] * bd[ 4] + + (sword64)ad[ 9] * bd[ 3] + + (sword64)ad[10] * bd[ 2] + + (sword64)ad[11] * bd[ 1] + + (sword64)ad[12] * bd[ 0])); + t[13] = (word64)(dd[13] + (word64)((sword64)ad[ 0] * bd[13] + + (sword64)ad[ 1] * bd[12] + + (sword64)ad[ 2] * bd[11] + + (sword64)ad[ 3] * bd[10] + + (sword64)ad[ 4] * bd[ 9] + + (sword64)ad[ 5] * bd[ 8] + + (sword64)ad[ 6] * bd[ 7] + + (sword64)ad[ 7] * bd[ 6] + + (sword64)ad[ 8] * bd[ 5] + + (sword64)ad[ 9] * bd[ 4] + + (sword64)ad[10] * bd[ 3] + + (sword64)ad[11] * bd[ 2] + + (sword64)ad[12] * bd[ 1] + + (sword64)ad[13] * bd[ 0])); + t[14] = (word64)(dd[14] + (word64)((sword64)ad[ 0] * bd[14] + + (sword64)ad[ 1] * bd[13] + + (sword64)ad[ 2] * bd[12] + + (sword64)ad[ 3] * bd[11] + + (sword64)ad[ 4] * bd[10] + + (sword64)ad[ 5] * bd[ 9] + + (sword64)ad[ 6] * bd[ 8] + + (sword64)ad[ 7] * bd[ 7] + + (sword64)ad[ 8] * bd[ 6] + + (sword64)ad[ 9] * bd[ 5] + + (sword64)ad[10] * bd[ 4] + + (sword64)ad[11] * bd[ 3] + + (sword64)ad[12] * bd[ 2] + + (sword64)ad[13] * bd[ 1] + + (sword64)ad[14] * bd[ 0])); + t[15] = (word64)(dd[15] + (word64)((sword64)ad[ 0] * bd[15] + + (sword64)ad[ 1] * bd[14] + + (sword64)ad[ 2] * bd[13] + + (sword64)ad[ 3] * bd[12] + + (sword64)ad[ 4] * bd[11] + + (sword64)ad[ 5] * bd[10] + + (sword64)ad[ 6] * bd[ 9] + + (sword64)ad[ 7] * bd[ 8] + + (sword64)ad[ 8] * bd[ 7] + + (sword64)ad[ 9] * bd[ 6] + + (sword64)ad[10] * bd[ 5] + + (sword64)ad[11] * bd[ 4] + + (sword64)ad[12] * bd[ 3] + + (sword64)ad[13] * bd[ 2] + + (sword64)ad[14] * bd[ 1] + + (sword64)ad[15] * bd[ 0])); + t[16] = (word64)( (sword64)ad[ 1] * bd[15] + + (sword64)ad[ 2] * bd[14] + + (sword64)ad[ 3] * bd[13] + + (sword64)ad[ 4] * bd[12] + + (sword64)ad[ 5] * bd[11] + + (sword64)ad[ 6] * bd[10] + + (sword64)ad[ 7] * bd[ 9] + + (sword64)ad[ 8] * bd[ 8] + + (sword64)ad[ 9] * bd[ 7] + + (sword64)ad[10] * bd[ 6] + + (sword64)ad[11] * bd[ 5] + + (sword64)ad[12] * bd[ 4] + + (sword64)ad[13] * bd[ 3] + + (sword64)ad[14] * bd[ 2] + + (sword64)ad[15] * bd[ 1]); + t[17] = (word64)( (sword64)ad[ 2] * bd[15] + + (sword64)ad[ 3] * bd[14] + + (sword64)ad[ 4] * bd[13] + + (sword64)ad[ 5] * bd[12] + + (sword64)ad[ 6] * bd[11] + + (sword64)ad[ 7] * bd[10] + + (sword64)ad[ 8] * bd[ 9] + + (sword64)ad[ 9] * bd[ 8] + + (sword64)ad[10] * bd[ 7] + + (sword64)ad[11] * bd[ 6] + + (sword64)ad[12] * bd[ 5] + + (sword64)ad[13] * bd[ 4] + + (sword64)ad[14] * bd[ 3] + + (sword64)ad[15] * bd[ 2]); + t[18] = (word64)( (sword64)ad[ 3] * bd[15] + + (sword64)ad[ 4] * bd[14] + + (sword64)ad[ 5] * bd[13] + + (sword64)ad[ 6] * bd[12] + + (sword64)ad[ 7] * bd[11] + + (sword64)ad[ 8] * bd[10] + + (sword64)ad[ 9] * bd[ 9] + + (sword64)ad[10] * bd[ 8] + + (sword64)ad[11] * bd[ 7] + + (sword64)ad[12] * bd[ 6] + + (sword64)ad[13] * bd[ 5] + + (sword64)ad[14] * bd[ 4] + + (sword64)ad[15] * bd[ 3]); + t[19] = (word64)( (sword64)ad[ 4] * bd[15] + + (sword64)ad[ 5] * bd[14] + + (sword64)ad[ 6] * bd[13] + + (sword64)ad[ 7] * bd[12] + + (sword64)ad[ 8] * bd[11] + + (sword64)ad[ 9] * bd[10] + + (sword64)ad[10] * bd[ 9] + + (sword64)ad[11] * bd[ 8] + + (sword64)ad[12] * bd[ 7] + + (sword64)ad[13] * bd[ 6] + + (sword64)ad[14] * bd[ 5] + + (sword64)ad[15] * bd[ 4]); + t[20] = (word64)( (sword64)ad[ 5] * bd[15] + + (sword64)ad[ 6] * bd[14] + + (sword64)ad[ 7] * bd[13] + + (sword64)ad[ 8] * bd[12] + + (sword64)ad[ 9] * bd[11] + + (sword64)ad[10] * bd[10] + + (sword64)ad[11] * bd[ 9] + + (sword64)ad[12] * bd[ 8] + + (sword64)ad[13] * bd[ 7] + + (sword64)ad[14] * bd[ 6] + + (sword64)ad[15] * bd[ 5]); + t[21] = (word64)( (sword64)ad[ 6] * bd[15] + + (sword64)ad[ 7] * bd[14] + + (sword64)ad[ 8] * bd[13] + + (sword64)ad[ 9] * bd[12] + + (sword64)ad[10] * bd[11] + + (sword64)ad[11] * bd[10] + + (sword64)ad[12] * bd[ 9] + + (sword64)ad[13] * bd[ 8] + + (sword64)ad[14] * bd[ 7] + + (sword64)ad[15] * bd[ 6]); + t[22] = (word64)( (sword64)ad[ 7] * bd[15] + + (sword64)ad[ 8] * bd[14] + + (sword64)ad[ 9] * bd[13] + + (sword64)ad[10] * bd[12] + + (sword64)ad[11] * bd[11] + + (sword64)ad[12] * bd[10] + + (sword64)ad[13] * bd[ 9] + + (sword64)ad[14] * bd[ 8] + + (sword64)ad[15] * bd[ 7]); + t[23] = (word64)( (sword64)ad[ 8] * bd[15] + + (sword64)ad[ 9] * bd[14] + + (sword64)ad[10] * bd[13] + + (sword64)ad[11] * bd[12] + + (sword64)ad[12] * bd[11] + + (sword64)ad[13] * bd[10] + + (sword64)ad[14] * bd[ 9] + + (sword64)ad[15] * bd[ 8]); + t[24] = (word64)( (sword64)ad[ 9] * bd[15] + + (sword64)ad[10] * bd[14] + + (sword64)ad[11] * bd[13] + + (sword64)ad[12] * bd[12] + + (sword64)ad[13] * bd[11] + + (sword64)ad[14] * bd[10] + + (sword64)ad[15] * bd[ 9]); + t[25] = (word64)( (sword64)ad[10] * bd[15] + + (sword64)ad[11] * bd[14] + + (sword64)ad[12] * bd[13] + + (sword64)ad[13] * bd[12] + + (sword64)ad[14] * bd[11] + + (sword64)ad[15] * bd[10]); + t[26] = (word64)( (sword64)ad[11] * bd[15] + + (sword64)ad[12] * bd[14] + + (sword64)ad[13] * bd[13] + + (sword64)ad[14] * bd[12] + + (sword64)ad[15] * bd[11]); + t[27] = (word64)( (sword64)ad[12] * bd[15] + + (sword64)ad[13] * bd[14] + + (sword64)ad[14] * bd[13] + + (sword64)ad[15] * bd[12]); + t[28] = (word64)( (sword64)ad[13] * bd[15] + + (sword64)ad[14] * bd[14] + + (sword64)ad[15] * bd[13]); + t[29] = (word64)( (sword64)ad[14] * bd[15] + + (sword64)ad[15] * bd[14]); + t[30] = (word64)( (sword64)ad[15] * bd[15]); t[31] = 0; /* Mod curve order */ @@ -6265,110 +6341,126 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d) o = rd[14] >> 28; rd[15] += o; rd[14] = rd[14] & 0xfffffff; /* Reduce to mod order. */ u = 0; - u += (sword32)(rd[0] - (sword32)0x0b5844f3L); u >>= 28; - u += (sword32)(rd[1] - (sword32)0x078c292aL); u >>= 28; - u += (sword32)(rd[2] - (sword32)0x058f5523L); u >>= 28; - u += (sword32)(rd[3] - (sword32)0x0c2728dcL); u >>= 28; - u += (sword32)(rd[4] - (sword32)0x0690216cL); u >>= 28; - u += (sword32)(rd[5] - (sword32)0x049aed63L); u >>= 28; - u += (sword32)(rd[6] - (sword32)0x09c44edbL); u >>= 28; - u += (sword32)(rd[7] - (sword32)0x07cca23eL); u >>= 28; - u += (sword32)(rd[8] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[9] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[10] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[11] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[12] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[13] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[14] - (sword32)0x0fffffffL); u >>= 28; - u += (sword32)(rd[15] - (sword32)0x03ffffffL); u >>= 28; + u += (sword32)rd[0] - (sword32)0x0b5844f3L; u >>= 28; + u += (sword32)rd[1] - (sword32)0x078c292aL; u >>= 28; + u += (sword32)rd[2] - (sword32)0x058f5523L; u >>= 28; + u += (sword32)rd[3] - (sword32)0x0c2728dcL; u >>= 28; + u += (sword32)rd[4] - (sword32)0x0690216cL; u >>= 28; + u += (sword32)rd[5] - (sword32)0x049aed63L; u >>= 28; + u += (sword32)rd[6] - (sword32)0x09c44edbL; u >>= 28; + u += (sword32)rd[7] - (sword32)0x07cca23eL; u >>= 28; + u += (sword32)rd[8] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[9] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[10] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[11] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[12] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[13] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[14] - (sword32)0x0fffffffL; u >>= 28; + u += (sword32)rd[15] - (sword32)0x03ffffffL; u >>= 28; o = (word32)0 - (u >= 0); u = 0; - u += (sword32)(rd[0] - ((word32)0x0b5844f3L & o)); rd[0] = u & 0xfffffff; + u += (sword32)rd[0] - (sword32)((word32)0x0b5844f3L & o); + rd[0] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[1] - ((word32)0x078c292aL & o)); rd[1] = u & 0xfffffff; + u += (sword32)rd[1] - (sword32)((word32)0x078c292aL & o); + rd[1] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[2] - ((word32)0x058f5523L & o)); rd[2] = u & 0xfffffff; + u += (sword32)rd[2] - (sword32)((word32)0x058f5523L & o); + rd[2] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[3] - ((word32)0x0c2728dcL & o)); rd[3] = u & 0xfffffff; + u += (sword32)rd[3] - (sword32)((word32)0x0c2728dcL & o); + rd[3] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[4] - ((word32)0x0690216cL & o)); rd[4] = u & 0xfffffff; + u += (sword32)rd[4] - (sword32)((word32)0x0690216cL & o); + rd[4] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[5] - ((word32)0x049aed63L & o)); rd[5] = u & 0xfffffff; + u += (sword32)rd[5] - (sword32)((word32)0x049aed63L & o); + rd[5] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[6] - ((word32)0x09c44edbL & o)); rd[6] = u & 0xfffffff; + u += (sword32)rd[6] - (sword32)((word32)0x09c44edbL & o); + rd[6] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[7] - ((word32)0x07cca23eL & o)); rd[7] = u & 0xfffffff; + u += (sword32)rd[7] - (sword32)((word32)0x07cca23eL & o); + rd[7] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[8] - ((word32)0x0fffffffL & o)); rd[8] = u & 0xfffffff; + u += (sword32)rd[8] - (sword32)((word32)0x0fffffffL & o); + rd[8] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[9] - ((word32)0x0fffffffL & o)); rd[9] = u & 0xfffffff; + u += (sword32)rd[9] - (sword32)((word32)0x0fffffffL & o); + rd[9] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[10] - ((word32)0x0fffffffL & o)); rd[10] = u & 0xfffffff; + u += (sword32)rd[10] - (sword32)((word32)0x0fffffffL & o); + rd[10] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[11] - ((word32)0x0fffffffL & o)); rd[11] = u & 0xfffffff; + u += (sword32)rd[11] - (sword32)((word32)0x0fffffffL & o); + rd[11] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[12] - ((word32)0x0fffffffL & o)); rd[12] = u & 0xfffffff; + u += (sword32)rd[12] - (sword32)((word32)0x0fffffffL & o); + rd[12] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[13] - ((word32)0x0fffffffL & o)); rd[13] = u & 0xfffffff; + u += (sword32)rd[13] - (sword32)((word32)0x0fffffffL & o); + rd[13] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[14] - ((word32)0x0fffffffL & o)); rd[14] = u & 0xfffffff; + u += (sword32)rd[14] - (sword32)((word32)0x0fffffffL & o); + rd[14] = u & 0xfffffff; u >>= 28; - u += (sword32)(rd[15] - ((word32)0x03ffffffL & o)); rd[15] = u & 0xfffffff; + u += (sword32)rd[15] - (sword32)((word32)0x03ffffffL & o); + rd[15] = u & 0xfffffff; /* Convert to bytes */ r[ 0] = (byte)(rd[0 ] >> 0); r[ 1] = (byte)(rd[0 ] >> 8); r[ 2] = (byte)(rd[0 ] >> 16); - r[ 3] = (byte)(rd[0 ] >> 24) + (byte)((rd[1 ] >> 0) << 4); + r[ 3] = (byte)((byte)(rd[0 ] >> 24) + (byte)((rd[1 ] >> 0) << 4)); r[ 4] = (byte)(rd[1 ] >> 4); r[ 5] = (byte)(rd[1 ] >> 12); r[ 6] = (byte)(rd[1 ] >> 20); r[ 7] = (byte)(rd[2 ] >> 0); r[ 8] = (byte)(rd[2 ] >> 8); r[ 9] = (byte)(rd[2 ] >> 16); - r[10] = (byte)(rd[2 ] >> 24) + (byte)((rd[3 ] >> 0) << 4); + r[10] = (byte)((byte)(rd[2 ] >> 24) + (byte)((rd[3 ] >> 0) << 4)); r[11] = (byte)(rd[3 ] >> 4); r[12] = (byte)(rd[3 ] >> 12); r[13] = (byte)(rd[3 ] >> 20); r[14] = (byte)(rd[4 ] >> 0); r[15] = (byte)(rd[4 ] >> 8); r[16] = (byte)(rd[4 ] >> 16); - r[17] = (byte)(rd[4 ] >> 24) + (byte)((rd[5 ] >> 0) << 4); + r[17] = (byte)((byte)(rd[4 ] >> 24) + (byte)((rd[5 ] >> 0) << 4)); r[18] = (byte)(rd[5 ] >> 4); r[19] = (byte)(rd[5 ] >> 12); r[20] = (byte)(rd[5 ] >> 20); r[21] = (byte)(rd[6 ] >> 0); r[22] = (byte)(rd[6 ] >> 8); r[23] = (byte)(rd[6 ] >> 16); - r[24] = (byte)(rd[6 ] >> 24) + (byte)((rd[7 ] >> 0) << 4); + r[24] = (byte)((byte)(rd[6 ] >> 24) + (byte)((rd[7 ] >> 0) << 4)); r[25] = (byte)(rd[7 ] >> 4); r[26] = (byte)(rd[7 ] >> 12); r[27] = (byte)(rd[7 ] >> 20); r[28] = (byte)(rd[8 ] >> 0); r[29] = (byte)(rd[8 ] >> 8); r[30] = (byte)(rd[8 ] >> 16); - r[31] = (byte)(rd[8 ] >> 24) + (byte)((rd[9 ] >> 0) << 4); + r[31] = (byte)((byte)(rd[8 ] >> 24) + (byte)((rd[9 ] >> 0) << 4)); r[32] = (byte)(rd[9 ] >> 4); r[33] = (byte)(rd[9 ] >> 12); r[34] = (byte)(rd[9 ] >> 20); r[35] = (byte)(rd[10] >> 0); r[36] = (byte)(rd[10] >> 8); r[37] = (byte)(rd[10] >> 16); - r[38] = (byte)(rd[10] >> 24) + (byte)((rd[11] >> 0) << 4); + r[38] = (byte)((byte)(rd[10] >> 24) + (byte)((rd[11] >> 0) << 4)); r[39] = (byte)(rd[11] >> 4); r[40] = (byte)(rd[11] >> 12); r[41] = (byte)(rd[11] >> 20); r[42] = (byte)(rd[12] >> 0); r[43] = (byte)(rd[12] >> 8); r[44] = (byte)(rd[12] >> 16); - r[45] = (byte)(rd[12] >> 24) + (byte)((rd[13] >> 0) << 4); + r[45] = (byte)((byte)(rd[12] >> 24) + (byte)((rd[13] >> 0) << 4)); r[46] = (byte)(rd[13] >> 4); r[47] = (byte)(rd[13] >> 12); r[48] = (byte)(rd[13] >> 20); r[49] = (byte)(rd[14] >> 0); r[50] = (byte)(rd[14] >> 8); r[51] = (byte)(rd[14] >> 16); - r[52] = (byte)(rd[14] >> 24) + (byte)((rd[15] >> 0) << 4); + r[52] = (byte)((byte)(rd[14] >> 24) + (byte)((rd[15] >> 0) << 4)); r[53] = (byte)(rd[15] >> 4); r[54] = (byte)(rd[15] >> 12); r[55] = (byte)(rd[15] >> 20); diff --git a/src/wolfcrypt/src/ge_low_mem.c b/src/wolfcrypt/src/ge_low_mem.c index cb505af..c0a952b 100644 --- a/src/wolfcrypt/src/ge_low_mem.c +++ b/src/wolfcrypt/src/ge_low_mem.c @@ -1,6 +1,6 @@ /* ge_low_mem.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,20 +19,14 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include /* Based from Daniel Beer's public domain work. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - #ifdef HAVE_ED25519 #ifdef ED25519_SMALL /* use slower code that takes less memory */ #include -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/ge_operations.c b/src/wolfcrypt/src/ge_operations.c index 4a50d46..bde5a06 100644 --- a/src/wolfcrypt/src/ge_operations.c +++ b/src/wolfcrypt/src/ge_operations.c @@ -1,6 +1,6 @@ /* ge_operations.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,19 +22,13 @@ /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_ED25519 #ifndef ED25519_SMALL /* run when not defined to use small memory math */ #include #include -#include #ifdef NO_INLINE #include #else @@ -9392,7 +9386,7 @@ B is the Ed25519 base point (x,4/5) with x positive. int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b) { -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) signed char *aslide = NULL; signed char *bslide = NULL; ge_cached *Ai = NULL; /* A,3A,5A,7A,9A,11A,13A,15A */ @@ -9413,7 +9407,7 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, #endif int i; -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (((aslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || ((bslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || ((Ai = (ge_cached *)XMALLOC(8 * sizeof(*Ai), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || @@ -9475,7 +9469,7 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, } #endif -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) out: XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/src/wolfcrypt/src/hash.c b/src/wolfcrypt/src/hash.c index 4850a84..c709fa3 100644 --- a/src/wolfcrypt/src/hash.c +++ b/src/wolfcrypt/src/hash.c @@ -1,6 +1,6 @@ /* hash.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include #ifndef NO_ASN #include #endif diff --git a/src/wolfcrypt/src/hmac.c b/src/wolfcrypt/src/hmac.c index 65dbf66..912b26d 100644 --- a/src/wolfcrypt/src/hmac.c +++ b/src/wolfcrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -20,14 +20,7 @@ */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include -#include +#include #ifndef NO_HMAC @@ -155,76 +148,72 @@ int wc_HmacSizeByType(int type) return ret; } -int _InitHmac(Hmac* hmac, int type, void* heap) +static int HmacKeyInitHash(wc_HmacHash* hash, int type, void* heap, int devId) { int ret = 0; -#ifdef WOLF_CRYPTO_CB - int devId = hmac->devId; -#else - int devId = INVALID_DEVID; -#endif + switch (type) { #ifndef NO_MD5 case WC_MD5: - ret = wc_InitMd5_ex(&hmac->hash.md5, heap, devId); + ret = wc_InitMd5_ex(&hash->md5, heap, devId); break; #endif /* !NO_MD5 */ #ifndef NO_SHA case WC_SHA: - ret = wc_InitSha_ex(&hmac->hash.sha, heap, devId); + ret = wc_InitSha_ex(&hash->sha, heap, devId); break; #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 case WC_SHA224: - ret = wc_InitSha224_ex(&hmac->hash.sha224, heap, devId); + ret = wc_InitSha224_ex(&hash->sha224, heap, devId); break; #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 case WC_SHA256: - ret = wc_InitSha256_ex(&hmac->hash.sha256, heap, devId); + ret = wc_InitSha256_ex(&hash->sha256, heap, devId); break; #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 case WC_SHA384: - ret = wc_InitSha384_ex(&hmac->hash.sha384, heap, devId); + ret = wc_InitSha384_ex(&hash->sha384, heap, devId); break; #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 case WC_SHA512: - ret = wc_InitSha512_ex(&hmac->hash.sha512, heap, devId); + ret = wc_InitSha512_ex(&hash->sha512, heap, devId); break; #endif /* WOLFSSL_SHA512 */ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: - ret = wc_InitSha3_224(&hmac->hash.sha3, heap, devId); + ret = wc_InitSha3_224(&hash->sha3, heap, devId); break; #endif #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: - ret = wc_InitSha3_256(&hmac->hash.sha3, heap, devId); + ret = wc_InitSha3_256(&hash->sha3, heap, devId); break; #endif #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: - ret = wc_InitSha3_384(&hmac->hash.sha3, heap, devId); + ret = wc_InitSha3_384(&hash->sha3, heap, devId); break; #endif #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: - ret = wc_InitSha3_512(&hmac->hash.sha3, heap, devId); + ret = wc_InitSha3_512(&hash->sha3, heap, devId); break; #endif #endif #ifdef WOLFSSL_SM3 case WC_SM3: - ret = wc_InitSm3(&hmac->hash.sm3, heap, devId); + ret = wc_InitSm3(&hash->sm3, heap, devId); break; #endif @@ -233,6 +222,22 @@ int _InitHmac(Hmac* hmac, int type, void* heap) break; } + return ret; +} + +int _InitHmac(Hmac* hmac, int type, void* heap) +{ + int ret; +#ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; +#else + int devId = INVALID_DEVID; +#endif + + ret = HmacKeyInitHash(&hmac->hash, type, heap, devId); + if (ret != 0) + return ret; + /* default to NULL heap hint or test value */ #ifdef WOLFSSL_HEAP_TEST hmac->heap = (void*)WOLFSSL_HEAP_TEST; @@ -243,6 +248,158 @@ int _InitHmac(Hmac* hmac, int type, void* heap) return ret; } +#ifdef WOLFSSL_HMAC_COPY_HASH +static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst) +{ + int ret = 0; + + switch (macType) { + #ifndef NO_MD5 + case WC_MD5: + ret = wc_Md5Copy(&src->md5, &dst->md5); + break; + #endif /* !NO_MD5 */ + + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaCopy(&src->sha, &dst->sha); + break; + #endif /* !NO_SHA */ + + #ifdef WOLFSSL_SHA224 + case WC_SHA224: + ret = wc_Sha224Copy(&src->sha224, &dst->sha224); + break; + #endif /* WOLFSSL_SHA224 */ + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256Copy(&src->sha256, &dst->sha256); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384Copy(&src->sha384, &dst->sha384); + break; + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512Copy(&src->sha512, &dst->sha512); + break; + #endif /* WOLFSSL_SHA512 */ + + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + case WC_SHA3_224: + ret = wc_Sha3_224_Copy(&src->sha3, &dst->sha3); + break; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case WC_SHA3_256: + ret = wc_Sha3_256_Copy(&src->sha3, &dst->sha3); + break; + #endif + #ifndef WOLFSSL_NOSHA3_384 + case WC_SHA3_384: + ret = wc_Sha3_384_Copy(&src->sha3, &dst->sha3); + break; + #endif + #ifndef WOLFSSL_NOSHA3_512 + case WC_SHA3_512: + ret = wc_Sha3_512_Copy(&src->sha3, &dst->sha3); + break; + #endif + #endif /* WOLFSSL_SHA3 */ + + #ifdef WOLFSSL_SM3 + case WC_SM3: + ret = wc_Sm3Copy(&src->sm3, &dst->sm3); + break; + #endif + + default: + break; + } + + return ret; +} +#endif + +static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad) +{ + int ret = 0; + + switch (macType) { + #ifndef NO_MD5 + case WC_MD5: + ret = wc_Md5Update(&hash->md5, pad, WC_MD5_BLOCK_SIZE); + break; + #endif /* !NO_MD5 */ + + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaUpdate(&hash->sha, pad, WC_SHA_BLOCK_SIZE); + break; + #endif /* !NO_SHA */ + + #ifdef WOLFSSL_SHA224 + case WC_SHA224: + ret = wc_Sha224Update(&hash->sha224, pad, WC_SHA224_BLOCK_SIZE); + break; + #endif /* WOLFSSL_SHA224 */ + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256Update(&hash->sha256, pad, WC_SHA256_BLOCK_SIZE); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384Update(&hash->sha384, pad, WC_SHA384_BLOCK_SIZE); + break; + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512Update(&hash->sha512, pad, WC_SHA512_BLOCK_SIZE); + break; + #endif /* WOLFSSL_SHA512 */ + + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + case WC_SHA3_224: + ret = wc_Sha3_224_Update(&hash->sha3, pad, WC_SHA3_224_BLOCK_SIZE); + break; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case WC_SHA3_256: + ret = wc_Sha3_256_Update(&hash->sha3, pad, WC_SHA3_256_BLOCK_SIZE); + break; + #endif + #ifndef WOLFSSL_NOSHA3_384 + case WC_SHA3_384: + ret = wc_Sha3_384_Update(&hash->sha3, pad, WC_SHA3_384_BLOCK_SIZE); + break; + #endif + #ifndef WOLFSSL_NOSHA3_512 + case WC_SHA3_512: + ret = wc_Sha3_512_Update(&hash->sha3, pad, WC_SHA3_512_BLOCK_SIZE); + break; + #endif + #endif /* WOLFSSL_SHA3 */ + + #ifdef WOLFSSL_SM3 + case WC_SM3: + ret = wc_Sm3Update(&hash->sm3, pad, WC_SM3_BLOCK_SIZE); + break; + #endif + + default: + break; + } + + return ret; +} + int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, int allowFlag) @@ -603,6 +760,29 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, } } +#ifdef WOLFSSL_HMAC_COPY_HASH + if ( ret == 0) { + #ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; + #else + int devId = INVALID_DEVID; + #endif + + ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, heap, devId); + if (ret != 0) + return ret; + ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, heap, devId); + if (ret != 0) + return ret; + ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash, ip); + if (ret != 0) + return ret; + ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash, op); + if (ret != 0) + return ret; + } +#endif + return ret; #endif /* WOLFSSL_MAXQ108X */ } @@ -618,96 +798,6 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) return wc_HmacSetKey_ex(hmac, type, key, length, allowFlag); } -static int HmacKeyInnerHash(Hmac* hmac) -{ - int ret = 0; - - switch (hmac->macType) { - #ifndef NO_MD5 - case WC_MD5: - ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->ipad, - WC_MD5_BLOCK_SIZE); - break; - #endif /* !NO_MD5 */ - - #ifndef NO_SHA - case WC_SHA: - ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->ipad, - WC_SHA_BLOCK_SIZE); - break; - #endif /* !NO_SHA */ - - #ifdef WOLFSSL_SHA224 - case WC_SHA224: - ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->ipad, - WC_SHA224_BLOCK_SIZE); - break; - #endif /* WOLFSSL_SHA224 */ - #ifndef NO_SHA256 - case WC_SHA256: - ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->ipad, - WC_SHA256_BLOCK_SIZE); - break; - #endif /* !NO_SHA256 */ - - #ifdef WOLFSSL_SHA384 - case WC_SHA384: - ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->ipad, - WC_SHA384_BLOCK_SIZE); - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case WC_SHA512: - ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->ipad, - WC_SHA512_BLOCK_SIZE); - break; - #endif /* WOLFSSL_SHA512 */ - - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_SHA3_224: - ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->ipad, - WC_SHA3_224_BLOCK_SIZE); - break; - #endif - #ifndef WOLFSSL_NOSHA3_256 - case WC_SHA3_256: - ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->ipad, - WC_SHA3_256_BLOCK_SIZE); - break; - #endif - #ifndef WOLFSSL_NOSHA3_384 - case WC_SHA3_384: - ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->ipad, - WC_SHA3_384_BLOCK_SIZE); - break; - #endif - #ifndef WOLFSSL_NOSHA3_512 - case WC_SHA3_512: - ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->ipad, - WC_SHA3_512_BLOCK_SIZE); - break; - #endif - #endif /* WOLFSSL_SHA3 */ - - #ifdef WOLFSSL_SM3 - case WC_SM3: - ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->ipad, - WC_SM3_BLOCK_SIZE); - break; - #endif - - default: - break; - } - - if (ret == 0) - hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW; - - return ret; -} - - int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) { int ret = 0; @@ -739,9 +829,14 @@ int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length) #endif /* WOLFSSL_ASYNC_CRYPT */ if (!hmac->innerHashKeyed) { - ret = HmacKeyInnerHash(hmac); +#ifndef WOLFSSL_HMAC_COPY_HASH + ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad); +#else + ret = HmacKeyCopyHash(hmac->macType, &hmac->i_hash, &hmac->hash); +#endif if (ret != 0) return ret; + hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW; } switch (hmac->macType) { @@ -851,9 +946,14 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) #endif /* WOLFSSL_ASYNC_CRYPT */ if (!hmac->innerHashKeyed) { - ret = HmacKeyInnerHash(hmac); +#ifndef WOLFSSL_HMAC_COPY_HASH + ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad); +#else + ret = HmacKeyCopyHash(hmac->macType, &hmac->i_hash, &hmac->hash); +#endif if (ret != 0) return ret; + hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_SW; } switch (hmac->macType) { @@ -862,8 +962,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Md5Final(&hmac->hash.md5, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->opad, WC_MD5_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_MD5, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Md5Update(&hmac->hash.md5, (byte*)hmac->innerHash, @@ -879,8 +983,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_ShaFinal(&hmac->hash.sha, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad, WC_SHA_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash, @@ -896,8 +1004,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha224Final(&hmac->hash.sha224, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->opad, WC_SHA224_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA224, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha224Update(&hmac->hash.sha224, (byte*)hmac->innerHash, @@ -914,8 +1026,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha256Final(&hmac->hash.sha256, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad, WC_SHA256_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA256, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->innerHash, @@ -931,8 +1047,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha384Final(&hmac->hash.sha384, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad, WC_SHA384_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA384, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->innerHash, @@ -947,8 +1067,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha512Final(&hmac->hash.sha512, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->opad, WC_SHA512_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA512, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha512Update(&hmac->hash.sha512, (byte*)hmac->innerHash, @@ -965,8 +1089,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha3_224_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->opad, WC_SHA3_224_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA3_224, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha3_224_Update(&hmac->hash.sha3, (byte*)hmac->innerHash, @@ -981,8 +1109,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha3_256_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->opad, WC_SHA3_256_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA3_256, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha3_256_Update(&hmac->hash.sha3, (byte*)hmac->innerHash, @@ -997,8 +1129,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha3_384_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->opad, WC_SHA3_384_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA3_384, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha3_384_Update(&hmac->hash.sha3, (byte*)hmac->innerHash, @@ -1013,8 +1149,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sha3_512_Final(&hmac->hash.sha3, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->opad, WC_SHA3_512_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SHA3_512, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sha3_512_Update(&hmac->hash.sha3, (byte*)hmac->innerHash, @@ -1031,8 +1171,12 @@ int wc_HmacFinal(Hmac* hmac, byte* hash) ret = wc_Sm3Final(&hmac->hash.sm3, (byte*)hmac->innerHash); if (ret != 0) break; + #ifndef WOLFSSL_HMAC_COPY_HASH ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->opad, WC_SM3_BLOCK_SIZE); + #else + ret = HmacKeyCopyHash(WC_SM3, &hmac->o_hash, &hmac->hash); + #endif if (ret != 0) break; ret = wc_Sm3Update(&hmac->hash.sm3, (byte*)hmac->innerHash, @@ -1163,34 +1307,58 @@ void wc_HmacFree(Hmac* hmac) #ifndef NO_MD5 case WC_MD5: wc_Md5Free(&hmac->hash.md5); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Md5Free(&hmac->i_hash.md5); + wc_Md5Free(&hmac->o_hash.md5); + #endif break; #endif /* !NO_MD5 */ #ifndef NO_SHA case WC_SHA: wc_ShaFree(&hmac->hash.sha); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_ShaFree(&hmac->i_hash.sha); + wc_ShaFree(&hmac->o_hash.sha); + #endif break; #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 case WC_SHA224: wc_Sha224Free(&hmac->hash.sha224); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha224Free(&hmac->i_hash.sha224); + wc_Sha224Free(&hmac->o_hash.sha224); + #endif break; #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 case WC_SHA256: wc_Sha256Free(&hmac->hash.sha256); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha256Free(&hmac->i_hash.sha256); + wc_Sha256Free(&hmac->o_hash.sha256); + #endif break; #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 case WC_SHA384: wc_Sha384Free(&hmac->hash.sha384); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha384Free(&hmac->i_hash.sha384); + wc_Sha384Free(&hmac->o_hash.sha384); + #endif break; #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 case WC_SHA512: wc_Sha512Free(&hmac->hash.sha512); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha512Free(&hmac->i_hash.sha512); + wc_Sha512Free(&hmac->o_hash.sha512); + #endif break; #endif /* WOLFSSL_SHA512 */ @@ -1198,21 +1366,37 @@ void wc_HmacFree(Hmac* hmac) #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: wc_Sha3_224_Free(&hmac->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha3_224_Free(&hmac->i_hash.sha3); + wc_Sha3_224_Free(&hmac->o_hash.sha3); + #endif break; #endif #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: wc_Sha3_256_Free(&hmac->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha3_256_Free(&hmac->i_hash.sha3); + wc_Sha3_256_Free(&hmac->o_hash.sha3); + #endif break; #endif #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: wc_Sha3_384_Free(&hmac->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha3_384_Free(&hmac->i_hash.sha3); + wc_Sha3_384_Free(&hmac->o_hash.sha3); + #endif break; #endif #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: wc_Sha3_512_Free(&hmac->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sha3_512_Free(&hmac->i_hash.sha3); + wc_Sha3_512_Free(&hmac->o_hash.sha3); + #endif break; #endif #endif /* WOLFSSL_SHA3 */ @@ -1220,6 +1404,10 @@ void wc_HmacFree(Hmac* hmac) #ifdef WOLFSSL_SM3 case WC_SM3: wc_Sm3Free(&hmac->hash.sm3); + #ifdef WOLFSSL_HMAC_COPY_HASH + wc_Sm3Free(&hmac->i_hash.sm3); + wc_Sm3Free(&hmac->i_hash.sm3); + #endif break; #endif diff --git a/src/wolfcrypt/src/hpke.c b/src/wolfcrypt/src/hpke.c index 02e189b..8ce209f 100644 --- a/src/wolfcrypt/src/hpke.c +++ b/src/wolfcrypt/src/hpke.c @@ -1,6 +1,6 @@ /* hpke.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,16 +23,11 @@ * TODO: Add X448 and ChaCha20 */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ defined(HAVE_AESGCM) -#include #include #include #include @@ -591,6 +586,10 @@ static int wc_HpkeContextComputeNonce(Hpke* hpke, HpkeBaseContext* context, int ret; byte seq_bytes[HPKE_Nn_MAX]; + if (hpke == NULL || context == NULL) { + return BAD_FUNC_ARG; + } + /* convert the sequence into a byte string with the same length as the * nonce */ ret = I2OSP(context->seq, (int)hpke->Nn, seq_bytes); @@ -875,49 +874,63 @@ static int wc_HpkeSetupBaseSender(Hpke* hpke, HpkeBaseContext* context, return ret; } +/* give SetupBaseSender a more intuitive and wolfCrypt friendly name */ +int wc_HpkeInitSealContext(Hpke* hpke, HpkeBaseContext* context, + void* ephemeralKey, void* receiverKey, byte* info, word32 infoSz) +{ + if (hpke == NULL || context == NULL || ephemeralKey == NULL || + receiverKey == NULL || (info == NULL && infoSz > 0)) { + return BAD_FUNC_ARG; + } + + /* zero out all fields */ + XMEMSET(context, 0, sizeof(HpkeBaseContext)); + + return wc_HpkeSetupBaseSender(hpke, context, ephemeralKey, receiverKey, + info, infoSz); +} + /* encrypt a message using an hpke base context, return 0 or error */ -static int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context, +int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context, byte* aad, word32 aadSz, byte* plaintext, word32 ptSz, byte* out) { int ret; byte nonce[HPKE_Nn_MAX]; #ifndef WOLFSSL_SMALL_STACK - Aes aes_key[1]; + Aes aes[1]; #else - Aes* aes_key; + Aes* aes; #endif - - if (hpke == NULL) { + if (hpke == NULL || context == NULL || (aad == NULL && aadSz > 0) || + plaintext == NULL || out == NULL) { return BAD_FUNC_ARG; } - #ifdef WOLFSSL_SMALL_STACK - aes_key = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES); - if (aes_key == NULL) { + aes = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { return MEMORY_E; } #endif - - ret = wc_AesInit(aes_key, hpke->heap, INVALID_DEVID); + ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID); if (ret == 0) { + /* compute nonce */ ret = wc_HpkeContextComputeNonce(hpke, context, nonce); if (ret == 0) { - ret = wc_AesGcmSetKey(aes_key, context->key, hpke->Nk); + ret = wc_AesGcmSetKey(aes, context->key, hpke->Nk); } if (ret == 0) { - ret = wc_AesGcmEncrypt(aes_key, out, plaintext, ptSz, nonce, + ret = wc_AesGcmEncrypt(aes, out, plaintext, ptSz, nonce, hpke->Nn, out + ptSz, hpke->Nt, aad, aadSz); } + /* increment sequence for non one shot */ if (ret == 0) { context->seq++; } - wc_AesFree(aes_key); + wc_AesFree(aes); } - #ifdef WOLFSSL_SMALL_STACK - XFREE(aes_key, hpke->heap, DYNAMIC_TYPE_AES); + XFREE(aes, hpke->heap, DYNAMIC_TYPE_AES); #endif - return ret; } @@ -1021,8 +1034,10 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey, #ifdef ECC_TIMING_RESISTANT rng = wc_rng_new(NULL, 0, hpke->heap); - if (rng == NULL) - return RNG_FAILURE_E; + if (rng == NULL) { + ret = RNG_FAILURE_E; + break; + } wc_ecc_set_rng((ecc_key*)receiverKey, rng); #endif @@ -1111,49 +1126,60 @@ static int wc_HpkeSetupBaseReceiver(Hpke* hpke, HpkeBaseContext* context, return ret; } +/* give SetupBaseReceiver a more intuitive and wolfCrypt friendly name */ +int wc_HpkeInitOpenContext(Hpke* hpke, HpkeBaseContext* context, + void* receiverKey, const byte* pubKey, word16 pubKeySz, byte* info, + word32 infoSz) +{ + if (hpke == NULL || context == NULL || receiverKey == NULL || pubKey == NULL + || (info == NULL && infoSz > 0)) { + return BAD_FUNC_ARG; + } + + return wc_HpkeSetupBaseReceiver(hpke, context, receiverKey, pubKey, + pubKeySz, info, infoSz); +} + /* decrypt a message using a setup hpke context, return 0 or error */ -static int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, - byte* aad, word32 aadSz, byte* ciphertext, word32 ctSz, byte* out) +int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, byte* aad, + word32 aadSz, byte* ciphertext, word32 ctSz, byte* out) { int ret; byte nonce[HPKE_Nn_MAX]; #ifndef WOLFSSL_SMALL_STACK - Aes aes_key[1]; + Aes aes[1]; #else - Aes* aes_key; + Aes* aes; #endif - if (hpke == NULL) { return BAD_FUNC_ARG; } - XMEMSET(nonce, 0, sizeof(nonce)); #ifdef WOLFSSL_SMALL_STACK - aes_key = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES); - if (aes_key == NULL) { + aes = (Aes*)XMALLOC(sizeof(Aes), hpke->heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { return MEMORY_E; } #endif - + /* compute nonce */ ret = wc_HpkeContextComputeNonce(hpke, context, nonce); if (ret == 0) - ret = wc_AesInit(aes_key, hpke->heap, INVALID_DEVID); + ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID); if (ret == 0) { - ret = wc_AesGcmSetKey(aes_key, context->key, hpke->Nk); + ret = wc_AesGcmSetKey(aes, context->key, hpke->Nk); if (ret == 0) { - ret = wc_AesGcmDecrypt(aes_key, out, ciphertext, ctSz, nonce, + ret = wc_AesGcmDecrypt(aes, out, ciphertext, ctSz, nonce, hpke->Nn, ciphertext + ctSz, hpke->Nt, aad, aadSz); } + /* increment sequence for non one shot */ if (ret == 0) { context->seq++; } - wc_AesFree(aes_key); + wc_AesFree(aes); } - #ifdef WOLFSSL_SMALL_STACK - XFREE(aes_key, hpke->heap, DYNAMIC_TYPE_AES); + XFREE(aes, hpke->heap, DYNAMIC_TYPE_AES); #endif - return ret; } diff --git a/src/wolfcrypt/src/integer.c b/src/wolfcrypt/src/integer.c index 3deeaeb..341d99d 100644 --- a/src/wolfcrypt/src/integer.c +++ b/src/wolfcrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,21 +19,13 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - +#include /* * Based on public domain LibTomMath 0.38 by Tom St Denis, tomstdenis@iahu.ca, * http://math.libtomcrypt.com */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -/* in case user set USE_FAST_MATH there */ -#include - #ifndef NO_BIG_INT #if !defined(USE_FAST_MATH) && defined(USE_INTEGER_HEAP_MATH) @@ -177,6 +169,9 @@ int mp_init (mp_int * a) /* clear one (frees) */ void mp_clear (mp_int * a) { +#ifdef HAVE_FIPS + mp_forcezero(a); +#else int i; if (a == NULL) @@ -202,6 +197,7 @@ void mp_clear (mp_int * a) a->alloc = a->used = 0; a->sign = MP_ZPOS; } +#endif } void mp_free (mp_int * a) @@ -409,11 +405,10 @@ int mp_copy (const mp_int * a, mp_int * b) /* grow as required */ int mp_grow (mp_int * a, int size) { - int i; mp_digit *tmp; /* if the alloc size is smaller alloc more ram */ - if (a->alloc < size || size == 0) { + if ((a->alloc < size) || (size == 0) || (a->alloc == 0)) { /* ensure there are always at least MP_PREC digits extra on top */ size += (MP_PREC * 2) - (size % MP_PREC); @@ -434,11 +429,12 @@ int mp_grow (mp_int * a, int size) a->dp = tmp; /* zero excess digits */ - i = a->alloc; + XMEMSET(&a->dp[a->alloc], 0, sizeof (mp_digit) * (size - a->alloc)); a->alloc = size; - for (; i < a->alloc; i++) { - a->dp[i] = 0; - } + } + else if (a->dp == NULL) { + /* opportunistic sanity check for null a->dp with nonzero a->alloc */ + return MP_VAL; } return MP_OKAY; } @@ -1758,6 +1754,13 @@ int s_mp_add (mp_int * a, mp_int * b, mp_int * c) /* destination */ tmpc = c->dp; + /* sanity-check dp pointers. */ + if ((min_ab > 0) && + ((tmpa == NULL) || (tmpb == NULL) || (tmpc == NULL))) + { + return MP_VAL; + } + /* zero the carry */ u = 0; for (i = 0; i < min_ab; i++) { @@ -1833,6 +1836,13 @@ int s_mp_sub (mp_int * a, mp_int * b, mp_int * c) tmpb = b->dp; tmpc = c->dp; + /* sanity-check dp pointers from a and b. */ + if ((min_b > 0) && + ((tmpa == NULL) || (tmpb == NULL))) + { + return MP_VAL; + } + /* set carry to zero */ u = 0; for (i = 0; i < min_b; i++) { @@ -3290,6 +3300,10 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) q.used = a->used; q.sign = a->sign; w = 0; + + if (a->used == 0) + return MP_VAL; + for (ix = a->used - 1; ix >= 0; ix--) { w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]); @@ -3332,8 +3346,6 @@ int mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) /* init an mp_init for a given size */ int mp_init_size (mp_int * a, int size) { - int x; - /* pad size so there are always extra digits */ size += (MP_PREC * 2) - (size % MP_PREC); @@ -3353,9 +3365,7 @@ int mp_init_size (mp_int * a, int size) #endif /* zero the digits */ - for (x = 0; x < size; x++) { - a->dp[x] = 0; - } + XMEMSET(a->dp, 0, sizeof (mp_digit) * size); return MP_OKAY; } @@ -4681,8 +4691,11 @@ static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d) } } - w = 0; + + if (a->used == 0) + return MP_VAL; + for (ix = a->used - 1; ix >= 0; ix--) { w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]); diff --git a/src/wolfcrypt/src/kdf.c b/src/wolfcrypt/src/kdf.c index c45c635..0e092dd 100644 --- a/src/wolfcrypt/src/kdf.c +++ b/src/wolfcrypt/src/kdf.c @@ -1,6 +1,6 @@ /* kdf.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include -#include +#include #ifndef NO_KDF @@ -814,7 +806,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, return BAD_FUNC_ARG; } - ret = wc_HmacSizeByType(enmhashId); + ret = wc_HmacSizeByType((int)enmhashId); if (ret <= 0) { return BAD_FUNC_ARG; } @@ -1051,11 +1043,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, ret = MEMORY_E; } } - if (aes != NULL) #endif - { - XMEMSET(aes, 0, sizeof(Aes)); - } /* Setup AES object. */ if (ret == 0) { @@ -1155,11 +1143,7 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt ret = MEMORY_E; } } - if (aes != NULL) #endif - { - XMEMSET(aes, 0, sizeof(Aes)); - } /* Setup AES object. */ if (ret == 0) { @@ -1256,11 +1240,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, ret = MEMORY_E; } } - if (aes != NULL) #endif - { - XMEMSET(aes, 0, sizeof(Aes)); - } /* Setup AES object. */ if (ret == 0) { @@ -1339,11 +1319,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt, ret = MEMORY_E; } } - if (aes != NULL) #endif - { - XMEMSET(aes, 0, sizeof(Aes)); - } /* Setup AES object. */ if (ret == 0) { diff --git a/src/wolfcrypt/src/logging.c b/src/wolfcrypt/src/logging.c index d548cd6..29b9221 100644 --- a/src/wolfcrypt/src/logging.c +++ b/src/wolfcrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - -#include -#include #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) /* avoid adding WANT_READ and WANT_WRITE to error queue */ #include @@ -265,7 +258,6 @@ void WOLFSSL_TIME(int count) /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */ #elif defined(FUSION_RTOS) #include - #include #define fprintf FCL_FPRINTF #else #include /* for default printf stuff */ @@ -904,7 +896,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, * Get the error value at the HEAD of the ERR queue or 0 if the queue * is empty. The HEAD entry is removed by this call. */ -unsigned long wc_GetErrorNodeErr(void) +int wc_GetErrorNodeErr(void) { int ret; @@ -923,7 +915,7 @@ unsigned long wc_GetErrorNodeErr(void) wc_ClearErrorNodes(); } } - return (unsigned long)ret; + return ret; } #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) @@ -1171,7 +1163,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file) sz = WOLFSSL_MAX_ERROR_SZ - 1; } if (sz > 0) { - XMEMCPY(err->error, buf, sz); + XMEMCPY(err->error, buf, (size_t)sz); } sz = (int)XSTRLEN(file); @@ -1179,7 +1171,7 @@ int wc_AddErrorNode(int error, int line, char* buf, char* file) sz = WOLFSSL_MAX_ERROR_SZ - 1; } if (sz > 0) { - XMEMCPY(err->file, file, sz); + XMEMCPY(err->file, file, (size_t)sz); } err->value = error; @@ -1420,7 +1412,7 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, } } -unsigned long wc_GetErrorNodeErr(void) +int wc_GetErrorNodeErr(void) { int ret; @@ -1428,7 +1420,7 @@ unsigned long wc_GetErrorNodeErr(void) if (ERRQ_LOCK() != 0) { WOLFSSL_MSG("Lock debug mutex failed"); - return (unsigned long)(0 - BAD_MUTEX_E); + return (0 - BAD_MUTEX_E); } ret = pullErrorNode(NULL, NULL, NULL); @@ -1595,10 +1587,10 @@ unsigned long wc_PeekErrorNodeLineData(const char **file, int *line, return (unsigned long)(0 - NOT_COMPILED_IN); } -unsigned long wc_GetErrorNodeErr(void) +int wc_GetErrorNodeErr(void) { WOLFSSL_ENTER("wc_GetErrorNodeErr"); - return (unsigned long)(0 - NOT_COMPILED_IN); + return (0 - NOT_COMPILED_IN); } #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/src/wolfcrypt/src/md2.c b/src/wolfcrypt/src/md2.c index 07ad963..89cec62 100644 --- a/src/wolfcrypt/src/md2.c +++ b/src/wolfcrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,18 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_MD2 #include -#include #ifdef NO_INLINE #include @@ -42,6 +35,9 @@ void wc_InitMd2(wc_Md2* md2) { + if (md2 == NULL) + return; + XMEMSET(md2->X, 0, WC_MD2_X_SIZE); XMEMSET(md2->C, 0, WC_MD2_BLOCK_SIZE); XMEMSET(md2->buffer, 0, WC_MD2_BLOCK_SIZE); @@ -73,6 +69,9 @@ void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len) 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 }; + if (md2 == NULL || (data == NULL && len != 0)) + return; + while (len) { word32 L = (WC_MD2_PAD_SIZE - md2->count) < len ? (WC_MD2_PAD_SIZE - md2->count) : len; @@ -117,9 +116,13 @@ void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len) void wc_Md2Final(wc_Md2* md2, byte* hash) { byte padding[WC_MD2_BLOCK_SIZE]; - word32 padLen = WC_MD2_PAD_SIZE - md2->count; + word32 padLen; word32 i; + if (md2 == NULL || hash == NULL) + return; + + padLen = WC_MD2_PAD_SIZE - md2->count; for (i = 0; i < padLen; i++) padding[i] = (byte)padLen; diff --git a/src/wolfcrypt/src/md4.c b/src/wolfcrypt/src/md4.c index 592a0a3..53d206e 100644 --- a/src/wolfcrypt/src/md4.c +++ b/src/wolfcrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef NO_MD4 @@ -39,6 +34,9 @@ void wc_InitMd4(wc_Md4* md4) { + if (md4 == NULL) + return; + md4->digest[0] = 0x67452301L; md4->digest[1] = 0xefcdab89L; md4->digest[2] = 0x98badcfeL; @@ -141,8 +139,12 @@ static WC_INLINE void AddLength(wc_Md4* md4, word32 len) void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len) { /* do block size increments */ - byte* local = (byte*)md4->buffer; + byte* local; + + if (md4 == NULL || (data == NULL && len != 0)) + return; + local = (byte*)md4->buffer; while (len) { word32 add = min(len, WC_MD4_BLOCK_SIZE - md4->buffLen); XMEMCPY(&local[md4->buffLen], data, add); @@ -165,8 +167,12 @@ void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len) void wc_Md4Final(wc_Md4* md4, byte* hash) { - byte* local = (byte*)md4->buffer; + byte* local; + + if (md4 == NULL || hash == NULL) + return; + local = (byte*)md4->buffer; AddLength(md4, md4->buffLen); /* before adding pads */ local[md4->buffLen++] = 0x80; /* add 1 */ diff --git a/src/wolfcrypt/src/md5.c b/src/wolfcrypt/src/md5.c index 557de7c..84f1117 100644 --- a/src/wolfcrypt/src/md5.c +++ b/src/wolfcrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include +#include #if !defined(NO_MD5) @@ -35,8 +29,6 @@ #else #include -#include -#include #include #ifdef NO_INLINE diff --git a/src/wolfcrypt/src/memory.c b/src/wolfcrypt/src/memory.c index 4fd648a..928dd7b 100644 --- a/src/wolfcrypt/src/memory.c +++ b/src/wolfcrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,20 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h, + * because needed in linuxkm_memory.c, included below. + */ +#define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT -#ifdef HAVE_CONFIG_H - #include -#endif - -#ifdef WOLFSSL_LINUXKM - /* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h, - * because needed in linuxkm_memory.c, included below. - */ - #define WOLFSSL_NEED_LINUX_CURRENT -#endif - -#include -#include +#include /* Possible memory options: @@ -81,8 +73,6 @@ void *z_realloc(void *ptr, size_t size) #ifdef USE_WOLFSSL_MEMORY #include -#include -#include #if defined(WOLFSSL_DEBUG_MEMORY) && defined(WOLFSSL_DEBUG_MEMORY_PRINT) #include @@ -1764,7 +1754,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) { } (void)lrand48_r(&wc_svr_fuzzing_state, &result); if (result & 1) - return IO_FAILED_E; + return WC_NO_ERR_TRACE(IO_FAILED_E); else return 0; } @@ -1804,7 +1794,7 @@ WOLFSSL_LOCAL int SAVE_VECTOR_REGISTERS2_fuzzer(void) { balance_bit = !balance_bit; - return ((prn & 1) ^ balance_bit) ? IO_FAILED_E : 0; + return ((prn & 1) ^ balance_bit) ? WC_NO_ERR_TRACE(IO_FAILED_E) : 0; } #endif /* !HAVE_THREAD_LS */ diff --git a/src/wolfcrypt/src/misc.c b/src/wolfcrypt/src/misc.c index c37e2dc..98b83c7 100644 --- a/src/wolfcrypt/src/misc.c +++ b/src/wolfcrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,11 +25,15 @@ This module implements the arithmetic-shift right, left, byte swapping, XOR, masking and clearing memory logic. */ -#ifdef HAVE_CONFIG_H - #include -#endif -#include +#ifdef WOLFSSL_VIS_FOR_TESTS + #ifdef HAVE_CONFIG_H + #include + #endif + #include +#else + #include +#endif #ifndef WOLF_CRYPT_MISC_C #define WOLF_CRYPT_MISC_C @@ -189,6 +193,28 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, out[i] = ByteReverseWord32(in[i]); } #ifdef WOLFSSL_USE_ALIGN + else if (((size_t)in & 0x3) == 0) { + byte *out_bytes = (byte *)out; + word32 scratch; + + byteCount &= ~0x3U; + + for (i = 0; i < byteCount; i += (word32)sizeof(word32)) { + scratch = ByteReverseWord32(*in++); + XMEMCPY(out_bytes + i, &scratch, sizeof(scratch)); + } + } + else if (((size_t)out & 0x3) == 0) { + byte *in_bytes = (byte *)in; + word32 scratch; + + byteCount &= ~0x3U; + + for (i = 0; i < byteCount; i += (word32)sizeof(word32)) { + XMEMCPY(&scratch, in_bytes + i, sizeof(scratch)); + *out++ = ByteReverseWord32(scratch); + } + } else { byte *in_bytes = (byte *)in; byte *out_bytes = (byte *)out; @@ -335,22 +361,68 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in, { word32 count = byteCount/(word32)sizeof(word64), i; - for (i = 0; i < count; i++) - out[i] = ByteReverseWord64(in[i]); +#ifdef WOLFSSL_USE_ALIGN + if ((((size_t)in & 0x7) == 0) && + (((size_t)out & 0x7) == 0)) +#endif + { + for (i = 0; i < count; i++) + out[i] = ByteReverseWord64(in[i]); + } +#ifdef WOLFSSL_USE_ALIGN + else if (((size_t)in & 0x7) == 0) { + byte *out_bytes = (byte *)out; + word64 scratch; + + byteCount &= ~0x7U; + + for (i = 0; i < byteCount; i += (word32)sizeof(word64)) { + scratch = ByteReverseWord64(*in++); + XMEMCPY(out_bytes + i, &scratch, sizeof(scratch)); + } + } + else if (((size_t)out & 0x7) == 0) { + byte *in_bytes = (byte *)in; + word64 scratch; + + byteCount &= ~0x7U; + + for (i = 0; i < byteCount; i += (word32)sizeof(word64)) { + XMEMCPY(&scratch, in_bytes + i, sizeof(scratch)); + *out++ = ByteReverseWord64(scratch); + } + } + else { + byte *in_bytes = (byte *)in; + byte *out_bytes = (byte *)out; + word64 scratch; + + byteCount &= ~0x7U; + for (i = 0; i < byteCount; i += (word32)sizeof(word64)) { + XMEMCPY(&scratch, in_bytes + i, sizeof(scratch)); + scratch = ByteReverseWord64(scratch); + XMEMCPY(out_bytes + i, &scratch, sizeof(scratch)); + } + } +#endif } #endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */ #ifndef WOLFSSL_NO_XOR_OPS + +/* Leave no doubt that WOLFSSL_WORD_SIZE is a power of 2. */ +wc_static_assert((WOLFSSL_WORD_SIZE & (WOLFSSL_WORD_SIZE - 1)) == 0); + /* This routine performs a bitwise XOR operation of <*r> and <*a> for number of wolfssl_words, placing the result in <*r>. */ WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r, const wolfssl_word** a, const wolfssl_word** b, word32 n) { - word32 i; + const wolfssl_word *e = *a + n; - for (i = 0; i < n; i++) + while (*a < e) *((*r)++) = *((*a)++) ^ *((*b)++); } @@ -360,48 +432,68 @@ counts, placing the result in <*buf>. */ WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf, const void* mask, word32 count) { - word32 i; - byte* o; - const byte* b; - const byte* m; - - o = (byte*)out; - b = (const byte*)buf; - m = (const byte*)mask; - - - if (((wc_ptr_t)o) % WOLFSSL_WORD_SIZE == - ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE && - ((wc_ptr_t)b) % WOLFSSL_WORD_SIZE == - ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) { - /* type-punning helpers */ - union { - byte* bp; - wolfssl_word* wp; - } tpo; - union { - const byte* bp; - const wolfssl_word* wp; - } tpb, tpm; - /* Alignment checks out. Possible to XOR words. */ - /* Move alignment so that it lines up with a - * WOLFSSL_WORD_SIZE boundary */ - while (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE != 0 && count > 0) { - *(o++) = (byte)(*(b++) ^ *(m++)); + byte* o = (byte*)out; + const byte* b = (const byte*)buf; + const byte* m = (const byte*)mask; + + /* type-punning helpers */ + union { + byte* bp; + wolfssl_word* wp; + } tpo; + union { + const byte* bp; + const wolfssl_word* wp; + } tpb, tpm; + + if (((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) == 0) && + ((((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) == 0) && + ((((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)) == 0)) + { + /* All buffers are already aligned. Possible to XOR by words without + * fixup. + */ + + tpo.bp = o; + tpb.bp = b; + tpm.bp = m; + XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2); + o = tpo.bp; + b = tpb.bp; + m = tpm.bp; + count &= (WOLFSSL_WORD_SIZE - 1); + } + else if ((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) == + (((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) && + (((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) == + (((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1))) + { + /* Alignment can be fixed up to allow XOR by words. */ + + /* Perform bytewise xor until pointers are aligned to + * WOLFSSL_WORD_SIZE. + */ + while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0)) + { + *o++ = (byte)(*b++ ^ *m++); count--; } + tpo.bp = o; tpb.bp = b; tpm.bp = m; - XorWordsOut( &tpo.wp, &tpb.wp, &tpm.wp, count / WOLFSSL_WORD_SIZE); + XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2); o = tpo.bp; b = tpb.bp; m = tpm.bp; - count %= WOLFSSL_WORD_SIZE; + count &= (WOLFSSL_WORD_SIZE - 1); + } + + while (count > 0) { + *o++ = (byte)(*b++ ^ *m++); + count--; } - for (i = 0; i < count; i++) - o[i] = (byte)(b[i] ^ m[i]); } /* This routine performs a bitwise XOR operation of <*r> and <*a> for number @@ -409,9 +501,9 @@ of wolfssl_words, placing the result in <*r>. */ WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a, word32 n) { - word32 i; + const wolfssl_word *e = *a + n; - for (i = 0; i < n; i++) + while (*a < e) *((*r)++) ^= *((*a)++); } @@ -420,47 +512,82 @@ counts, placing the result in <*buf>. */ WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count) { - word32 i; - byte* b; - const byte* m; - - b = (byte*)buf; - m = (const byte*)mask; - - if (((wc_ptr_t)b) % WOLFSSL_WORD_SIZE == - ((wc_ptr_t)m) % WOLFSSL_WORD_SIZE) { - /* type-punning helpers */ - union { - byte* bp; - wolfssl_word* wp; - } tpb; - union { - const byte* bp; - const wolfssl_word* wp; - } tpm; - /* Alignment checks out. Possible to XOR words. */ - /* Move alignment so that it lines up with a - * WOLFSSL_WORD_SIZE boundary */ - while (((wc_ptr_t)buf) % WOLFSSL_WORD_SIZE != 0 && count > 0) { + byte* b = (byte*)buf; + const byte* m = (const byte*)mask; + + /* type-punning helpers */ + union { + byte* bp; + wolfssl_word* wp; + } tpb; + union { + const byte* bp; + const wolfssl_word* wp; + } tpm; + + if ((((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) == 0) && + (((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)) == 0)) + { + /* Both buffers are already aligned. Possible to XOR by words without + * fixup. + */ + + tpb.bp = b; + tpm.bp = m; + /* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */ + #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE) + PRAGMA_GCC_DIAG_PUSH; + PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") + #endif + XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2); + #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE) + PRAGMA_GCC_DIAG_POP; + #endif + b = tpb.bp; + m = tpm.bp; + count &= (WOLFSSL_WORD_SIZE - 1); + } + else if (((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) == + ((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1))) + { + /* Alignment can be fixed up to allow XOR by words. */ + + /* Perform bytewise xor until pointers are aligned to + * WOLFSSL_WORD_SIZE. + */ + while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0)) + { *(b++) ^= *(m++); count--; } + tpb.bp = b; tpm.bp = m; - XorWords( &tpb.wp, &tpm.wp, count / WOLFSSL_WORD_SIZE); + /* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */ + #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE) + PRAGMA_GCC_DIAG_PUSH; + PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") + #endif + XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2); + #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE) + PRAGMA_GCC_DIAG_POP; + #endif b = tpb.bp; m = tpm.bp; - count %= WOLFSSL_WORD_SIZE; + count &= (WOLFSSL_WORD_SIZE - 1); } - for (i = 0; i < count; i++) - b[i] ^= m[i]; + while (count > 0) { + *b++ ^= *m++; + count--; + } } -#endif + +#endif /* !WOLFSSL_NO_XOR_OPS */ #ifndef WOLFSSL_NO_FORCE_ZERO /* This routine fills the first len bytes of the memory area pointed by mem - with zeros. It ensures compiler optimizations doesn't skip it */ + with zeros. It ensures compiler optimization doesn't skip it */ WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, word32 len) { volatile byte* z = (volatile byte*)mem; @@ -506,6 +633,125 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, } #endif +#ifndef WOLFSSL_NO_CT_OPS +/* Constant time - mask set when a > b. */ +WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b) +{ + return (byte)((((word32)a - (word32)b - 1) >> 31) - 1); +} + +/* Constant time - mask set when a >= b. */ +WC_MISC_STATIC WC_INLINE byte ctMaskGTE(int a, int b) +{ + return (byte)((((word32)a - (word32)b) >> 31) - 1); +} + +/* Constant time - mask set when a >= b. */ +WC_MISC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b) +{ + return (int)((((word32)a - (word32)b) >> 31) - 1); +} + +#ifdef WORD64_AVAILABLE +/* Constant time - mask set when a >= b. */ +WC_MISC_STATIC WC_INLINE word32 ctMaskWord32GTE(word32 a, word32 b) +{ + return (word32)((((word64)a - (word64)b) >> 63) - 1); +} +#endif + +/* Constant time - mask set when a < b. */ +WC_MISC_STATIC WC_INLINE byte ctMaskLT(int a, int b) +{ + return (byte)((((word32)b - (word32)a - 1) >> 31) - 1); +} + +/* Constant time - mask set when a <= b. */ +WC_MISC_STATIC WC_INLINE byte ctMaskLTE(int a, int b) +{ + return (byte)((((word32)b - (word32)a) >> 31) - 1); +} + +/* Constant time - mask set when a == b. */ +WC_MISC_STATIC WC_INLINE byte ctMaskEq(int a, int b) +{ + return (byte)((byte)(~ctMaskGT(a, b)) & (byte)(~ctMaskLT(a, b))); +} + +/* Constant time - sets 16 bit integer mask when a > b */ +WC_MISC_STATIC WC_INLINE word16 ctMask16GT(int a, int b) +{ + return (word16)((((word32)a - (word32)b - 1) >> 31) - 1); +} + +/* Constant time - sets 16 bit integer mask when a >= b */ +WC_MISC_STATIC WC_INLINE word16 ctMask16GTE(int a, int b) +{ + return (word16)((((word32)a - (word32)b) >> 31) - 1); +} + +/* Constant time - sets 16 bit integer mask when a < b. */ +WC_MISC_STATIC WC_INLINE word16 ctMask16LT(int a, int b) +{ + return (word16)((((word32)b - (word32)a - 1) >> 31) - 1); +} + +/* Constant time - sets 16 bit integer mask when a <= b. */ +WC_MISC_STATIC WC_INLINE word16 ctMask16LTE(int a, int b) +{ + return (word16)((((word32)b - (word32)a) >> 31) - 1); +} + +/* Constant time - sets 16 bit integer mask when a == b. */ +WC_MISC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b) +{ + return (word16)((word16)(~ctMask16GT(a, b)) & (word16)(~ctMask16LT(a, b))); +} + +/* Constant time - mask set when a != b. */ +WC_MISC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b) +{ + return (byte)((byte)ctMaskGT(a, b) | (byte)ctMaskLT(a, b)); +} + +/* Constant time - select a when mask is set and b otherwise. */ +WC_MISC_STATIC WC_INLINE byte ctMaskSel(byte m, byte a, byte b) +{ + return (byte)((b & ((byte)~(word32)m)) | (a & m)); +} + +/* Constant time - select integer a when mask is set and integer b otherwise. */ +WC_MISC_STATIC WC_INLINE int ctMaskSelInt(byte m, int a, int b) +{ + return (b & (~(signed int)(signed char)m)) | + (a & ( (signed int)(signed char)m)); +} + +/* Constant time - select word32 a when mask is set and word32 b otherwise. */ +WC_MISC_STATIC WC_INLINE word32 ctMaskSelWord32(byte m, word32 a, word32 b) +{ + return (((word32)b & (word32)(~(signed int)(signed char)m)) | + ((word32)a & (word32)( (signed int)(signed char)m))); +} + +/* Constant time - bit set when a <= b. */ +WC_MISC_STATIC WC_INLINE byte ctSetLTE(int a, int b) +{ + return (byte)(((word32)a - (word32)b - 1) >> 31); +} + +/* Constant time - conditionally copy size bytes from src to dst if mask is set + */ +WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, + word16 size) +{ + int i; + for (i = 0; i < size; ++i) { + dst[i] ^= (dst[i] ^ src[i]) & mask; + } +} + +#endif /* !WOLFSSL_NO_CT_OPS */ #ifndef WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MIN @@ -515,7 +761,12 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, /* returns the smaller of a and b */ WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b) { +#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) + word32 gte_mask = (word32)ctMaskWord32GTE(a, b); + return (a & ~gte_mask) | (b & gte_mask); +#else /* WOLFSSL_NO_CT_OPS */ return a > b ? b : a; +#endif /* WOLFSSL_NO_CT_OPS */ } #endif /* !WOLFSSL_HAVE_MIN */ @@ -526,7 +777,12 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, #endif WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b) { +#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) + word32 gte_mask = (word32)ctMaskWord32GTE(a, b); + return (a & gte_mask) | (b & ~gte_mask); +#else /* WOLFSSL_NO_CT_OPS */ return a > b ? a : b; +#endif /* WOLFSSL_NO_CT_OPS */ } #endif /* !WOLFSSL_HAVE_MAX */ @@ -631,8 +887,10 @@ WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch) WC_MISC_STATIC WC_INLINE char ByteToHex(byte in) { - static const char kHexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7', - '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; + static ALIGN64 const char kHexChar[] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' + }; return (char)(kHexChar[in & 0xF]); } @@ -648,6 +906,11 @@ WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out) WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch) { +#ifndef WOLFSSL_NO_CT_OPS + return (ctMaskEq(ch, ' ') | + ctMaskEq(ch, '\t') | + ctMaskEq(ch, '\n')) & 1; +#else /* WOLFSSL_NO_CT_OPS */ switch (ch) { case ' ': case '\t': @@ -656,120 +919,9 @@ WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch) default: return 0; } +#endif /* WOLFSSL_NO_CT_OPS */ } -#ifndef WOLFSSL_NO_CT_OPS -/* Constant time - mask set when a > b. */ -WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b) -{ - return (byte)((((word32)a - (word32)b - 1) >> 31) - 1); -} - -/* Constant time - mask set when a >= b. */ -WC_MISC_STATIC WC_INLINE byte ctMaskGTE(int a, int b) -{ - return (byte)((((word32)a - (word32)b) >> 31) - 1); -} - -/* Constant time - mask set when a >= b. */ -WC_MISC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b) -{ - return (int)((((word32)a - (word32)b) >> 31) - 1); -} - -/* Constant time - mask set when a < b. */ -WC_MISC_STATIC WC_INLINE byte ctMaskLT(int a, int b) -{ - return (byte)((((word32)b - (word32)a - 1) >> 31) - 1); -} - -/* Constant time - mask set when a <= b. */ -WC_MISC_STATIC WC_INLINE byte ctMaskLTE(int a, int b) -{ - return (byte)((((word32)b - (word32)a) >> 31) - 1); -} - -/* Constant time - mask set when a == b. */ -WC_MISC_STATIC WC_INLINE byte ctMaskEq(int a, int b) -{ - return (byte)((byte)(~ctMaskGT(a, b)) & (byte)(~ctMaskLT(a, b))); -} - -/* Constant time - sets 16 bit integer mask when a > b */ -WC_MISC_STATIC WC_INLINE word16 ctMask16GT(int a, int b) -{ - return (word16)((((word32)a - (word32)b - 1) >> 31) - 1); -} - -/* Constant time - sets 16 bit integer mask when a >= b */ -WC_MISC_STATIC WC_INLINE word16 ctMask16GTE(int a, int b) -{ - return (word16)((((word32)a - (word32)b) >> 31) - 1); -} - -/* Constant time - sets 16 bit integer mask when a < b. */ -WC_MISC_STATIC WC_INLINE word16 ctMask16LT(int a, int b) -{ - return (word16)((((word32)b - (word32)a - 1) >> 31) - 1); -} - -/* Constant time - sets 16 bit integer mask when a <= b. */ -WC_MISC_STATIC WC_INLINE word16 ctMask16LTE(int a, int b) -{ - return (word16)((((word32)b - (word32)a) >> 31) - 1); -} - -/* Constant time - sets 16 bit integer mask when a == b. */ -WC_MISC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b) -{ - return (word16)((word16)(~ctMask16GT(a, b)) & (word16)(~ctMask16LT(a, b))); -} - -/* Constant time - mask set when a != b. */ -WC_MISC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b) -{ - return (byte)((byte)ctMaskGT(a, b) | (byte)ctMaskLT(a, b)); -} - -/* Constant time - select a when mask is set and b otherwise. */ -WC_MISC_STATIC WC_INLINE byte ctMaskSel(byte m, byte a, byte b) -{ - return (byte)((b & ((byte)~(word32)m)) | (a & m)); -} - -/* Constant time - select integer a when mask is set and integer b otherwise. */ -WC_MISC_STATIC WC_INLINE int ctMaskSelInt(byte m, int a, int b) -{ - return (b & (~(signed int)(signed char)m)) | - (a & ( (signed int)(signed char)m)); -} - -/* Constant time - select word32 a when mask is set and word32 b otherwise. */ -WC_MISC_STATIC WC_INLINE word32 ctMaskSelWord32(byte m, word32 a, word32 b) -{ - return (((word32)b & (word32)(~(signed int)(signed char)m)) | - ((word32)a & (word32)( (signed int)(signed char)m))); -} - -/* Constant time - bit set when a <= b. */ -WC_MISC_STATIC WC_INLINE byte ctSetLTE(int a, int b) -{ - return (byte)(((word32)a - (word32)b - 1) >> 31); -} - -/* Constant time - conditionally copy size bytes from src to dst if mask is set - */ -WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, - word16 size) -{ - int i; - for (i = 0; i < size; ++i) { - dst[i] ^= (dst[i] ^ src[i]) & mask; - } -} - -#endif - #if defined(WOLFSSL_W64_WRAPPER) #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_W64_WRAPPER_TEST) WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n) { diff --git a/src/wolfcrypt/src/pkcs12.c b/src/wolfcrypt/src/pkcs12.c index 07ff1ad..5f8b85a 100644 --- a/src/wolfcrypt/src/pkcs12.c +++ b/src/wolfcrypt/src/pkcs12.c @@ -1,6 +1,6 @@ /* pkcs12.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,11 +21,7 @@ /* PKCS#12 allows storage of key and certificates into containers */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(HAVE_PKCS12) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ @@ -33,9 +29,7 @@ #include #include -#include #include -#include #ifdef NO_INLINE #include #else @@ -289,6 +283,7 @@ static int GetSafeContent(WC_PKCS12* pkcs12, const byte* input, if (wc_BerToDer(input, safe->dataSz, NULL, &pkcs12->safeDersz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { WOLFSSL_MSG("Not BER sequence"); + freeSafe(safe, pkcs12->heap); return ASN_PARSE_E; } @@ -1144,7 +1139,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list, #ifdef ASN_BER_TO_DER /* append data to encrypted content cache in PKCS12 structure * return buffer on success, NULL on error */ -static byte* PKCS12_ConcatonateContent(WC_PKCS12* pkcs12,byte* mergedData, +static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData, word32* mergedSz, byte* in, word32 inSz) { byte* oldContent; @@ -1180,7 +1175,7 @@ static int PKCS12_CheckConstructedZero(byte* data, word32 dataSz, word32* idx) { word32 oid; int ret = 0; - int number, size; + int number, size = 0; byte tag = 0; if (GetSequence(data, idx, &size, dataSz) < 0) { @@ -1257,7 +1252,7 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data, ret = MEMORY_E; } } - mergedData = PKCS12_ConcatonateContent(pkcs12, mergedData, + mergedData = PKCS12_ConcatenateContent(pkcs12, mergedData, &mergedSz, &data[*idx], (word32)encryptedContentSz); if (mergedData == NULL) { ret = MEMORY_E; @@ -1269,17 +1264,19 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data, *idx += (word32)encryptedContentSz; } - *idx = saveIdx; - - *idx += SetLength(mergedSz, &data[*idx]); + if (ret == 0) { + *idx = saveIdx; - if (mergedSz > 0) { - /* Copy over concatenated octet strings into data buffer */ - XMEMCPY(&data[*idx], mergedData, mergedSz); + *idx += SetLength(mergedSz, &data[*idx]); - XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + if (mergedSz > 0) { + /* Copy over concatenated octet strings into data buffer */ + XMEMCPY(&data[*idx], mergedData, mergedSz); + } } + XFREE(mergedData, pkcs12->heap, DYNAMIC_TYPE_PKCS); + return ret; } #endif @@ -1300,6 +1297,27 @@ static int PKCS12_CoalesceOctetStrings(WC_PKCS12* pkcs12, byte* data, int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, WC_DerCertList** ca) +{ + return wc_PKCS12_parse_ex(pkcs12, psw, pkey, pkeySz, cert, certSz, ca, 0); +} + +/* return 0 on success and negative on failure. + * By side effect returns private key, cert, and optionally ca. + * Parses and decodes the parts of PKCS12 + * + * NOTE: can parse with USER RSA enabled but may return cert that is not the + * pair for the key when using RSA key pairs. + * + * pkcs12 : non-null WC_PKCS12 struct + * psw : password to use for PKCS12 decode + * pkey : Private key returned + * cert : x509 cert returned + * ca : optional ca returned + * keepKeyHeader : 0 removes PKCS8 header, other than 0 keeps PKCS8 header + */ +int wc_PKCS12_parse_ex(WC_PKCS12* pkcs12, const char* psw, + byte** pkey, word32* pkeySz, byte** cert, word32* certSz, + WC_DerCertList** ca, int keepKeyHeader) { ContentInfo* ci = NULL; WC_DerCertList* certList = NULL; @@ -1495,7 +1513,13 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, ERROR_OUT(MEMORY_E, exit_pk12par); } XMEMCPY(*pkey, data + idx, (size_t)size); - *pkeySz = (word32)ToTraditional_ex(*pkey, (word32)size, &algId); + if (keepKeyHeader) { + *pkeySz = (word32)size; + } + else { + *pkeySz = (word32)ToTraditional_ex(*pkey, + (word32)size, &algId); + } } #ifdef WOLFSSL_DEBUG_PKCS12 @@ -1534,10 +1558,19 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, XMEMCPY(k, data + idx, (size_t)size); /* overwrites input, be warned */ - if ((ret = ToTraditionalEnc(k, (word32)size, psw, pswSz, - &algId)) < 0) { - XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); - goto exit_pk12par; + if (keepKeyHeader) { + if ((ret = wc_DecryptPKCS8Key(k, (word32)size, psw, + pswSz)) < 0) { + XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); + goto exit_pk12par; + } + } + else { + if ((ret = ToTraditionalEnc(k, (word32)size, psw, + pswSz, &algId)) < 0) { + XFREE(k, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); + goto exit_pk12par; + } } if (ret < size) { diff --git a/src/wolfcrypt/src/pkcs7.c b/src/wolfcrypt/src/pkcs7.c index a96f537..a8545ba 100644 --- a/src/wolfcrypt/src/pkcs7.c +++ b/src/wolfcrypt/src/pkcs7.c @@ -1,6 +1,6 @@ /* pkcs7.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,18 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_PKCS7 #include -#include -#include #include #ifndef NO_RSA #include @@ -88,8 +81,8 @@ struct PKCS7State { byte* content; byte* buffer; /* main internal read buffer */ - wc_HashAlg hashAlg; - int hashType; + wc_HashAlg hashAlg; + enum wc_HashType hashType; int cntIdfCnt; /* count of in-definite length in content info */ /* stack variables to store for when returning */ @@ -297,7 +290,9 @@ static int wc_PKCS7_AddDataToStream(wc_PKCS7* pkcs7, byte* in, word32 inSz, } /* check if internal buffer size needs to be increased */ - if (len + pkcs7->stream->length > pkcs7->stream->bufferSz) { + if ((len + pkcs7->stream->length > pkcs7->stream->bufferSz) || + (pkcs7->stream->buffer == NULL)) + { int ret = wc_PKCS7_GrowStream(pkcs7, expected); if (ret < 0) { return ret; @@ -376,15 +371,11 @@ static int wc_PKCS7_SetMaxStream(wc_PKCS7* pkcs7, byte* in, word32 defSz) return ret; } - #ifdef ASN_BER_TO_DER if (length == 0 && ret == 0) { idx = 0; - if ((ret = wc_BerToDer(pt, maxIdx, NULL, (word32*)&length)) - != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { - return ret; - } + WOLFSSL_MSG("PKCS7 found indef SEQ with peek"); } - #endif /* ASN_BER_TO_DER */ + pkcs7->stream->maxLen = (word32)length + idx; if (pkcs7->stream->maxLen == 0) { @@ -1733,8 +1724,8 @@ static int FlattenAttributes(wc_PKCS7* pkcs7, byte* output, EncodedAttrib* ea, } /* create array of FlatAttrib struct pointers to hold DER attribs */ - derArr = (FlatAttrib**) XMALLOC((unsigned long)eaSz * sizeof(FlatAttrib*), pkcs7->heap, - DYNAMIC_TYPE_TMP_BUFFER); + derArr = (FlatAttrib**) XMALLOC((unsigned long)eaSz * sizeof(FlatAttrib*), + pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (derArr == NULL) { return MEMORY_E; } @@ -2073,6 +2064,8 @@ static int wc_PKCS7_BuildSignedAttributes(wc_PKCS7* pkcs7, ESD* esd, cannedAttribsCount = sizeof(cannedAttribs)/sizeof(PKCS7Attrib); + XMEMSET(&cannedAttribs[idx], 0, sizeof(cannedAttribs[idx])); + if ((pkcs7->defaultSignedAttribs & WOLFSSL_CONTENT_TYPE_ATTRIBUTE) || pkcs7->defaultSignedAttribs == 0) { cannedAttribs[idx].oid = contentTypeOid; @@ -2642,21 +2635,32 @@ static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes, /* check and handle octet boundary */ sz = contentDataRead; if ((int)idx + sz > BER_OCTET_LENGTH) { - sz = BER_OCTET_LENGTH - (int)idx; - contentDataRead -= sz; + int amtWritten = 0; - XMEMCPY(contentData + idx, buf, (word32)sz); - ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, - aes, encContentOut, contentData, BER_OCTET_LENGTH, out, - &outIdx, esd); - if (ret != 0) { - XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7); - XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7); - return ret; + /* loop over current buffer until it is empty */ + while (idx + (word32)sz > BER_OCTET_LENGTH) { + sz = BER_OCTET_LENGTH; + if (idx > 0) { /* account for previously stored data */ + sz = BER_OCTET_LENGTH - (int)idx; + } + contentDataRead -= sz; + + XMEMCPY(contentData + idx, buf, (word32)sz); + ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, + aes, encContentOut, contentData, BER_OCTET_LENGTH, out, + &outIdx, esd); + if (ret != 0) { + XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7); + XFREE(contentData, heap, DYNAMIC_TYPE_PKCS7); + return ret; + } + idx = 0; /* cleared out previously stored data */ + amtWritten += sz; + sz = contentDataRead; } /* copy over any remaining data */ - XMEMCPY(contentData, buf + sz, (word32)contentDataRead); + XMEMCPY(contentData, buf + amtWritten, (word32)contentDataRead); idx = (word32)contentDataRead; } else { @@ -2917,8 +2921,13 @@ static int PKCS7_EncodeSigned(wc_PKCS7* pkcs7, /* SignerIdentifier */ if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { /* IssuerAndSerialNumber */ - esd->issuerSnSz = (word32)SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, + ret = SetSerialNumber(pkcs7->issuerSn, pkcs7->issuerSnSz, esd->issuerSn, MAX_SN_SZ, MAX_SN_SZ); + if (ret < 0) { + idx = ret; + goto out; + } + esd->issuerSnSz = (word32)ret; signerInfoSz += esd->issuerSnSz; esd->issuerNameSz = SetSequence(pkcs7->issuerSz, esd->issuerName); signerInfoSz += esd->issuerNameSz + pkcs7->issuerSz; @@ -5267,35 +5276,52 @@ static int wc_PKCS7_HandleOctetStrings(wc_PKCS7* pkcs7, byte* in, word32 inSz, /* got partial octet string data */ /* accumulate partial octet string to buffer */ if (keepContent) { + #ifdef ASN_BER_TO_DER + if (pkcs7->streamOutCb) { + ret = wc_HashUpdate(&pkcs7->stream->hashAlg, + pkcs7->stream->hashType, + msg + *idx, pkcs7->stream->expected); + if (ret != 0) + break; + pkcs7->streamOutCb(pkcs7, msg + *idx, + pkcs7->stream->expected, pkcs7->streamCtx); + } + else + #endif /* ASN_BER_TO_DER */ + { + /* store current content buffer temporarily */ + tempBuf = pkcs7->stream->content; + pkcs7->stream->content = NULL; - /* store current content buffer temporarily */ - tempBuf = pkcs7->stream->content; - pkcs7->stream->content = NULL; - - /* grow content buffer */ - contBufSz = pkcs7->stream->accumContSz; - pkcs7->stream->accumContSz += pkcs7->stream->expected; + /* grow content buffer */ + contBufSz = pkcs7->stream->accumContSz; + pkcs7->stream->accumContSz += pkcs7->stream->expected; - pkcs7->stream->content = - (byte*)XMALLOC(pkcs7->stream->accumContSz, - pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->stream->content = + (byte*)XMALLOC(pkcs7->stream->accumContSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (pkcs7->stream->content == NULL) { - WOLFSSL_MSG("failed to grow content buffer."); - XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; - ret = MEMORY_E; - break; - } - else { - /* accumulate content */ - if (tempBuf != NULL && contBufSz != 0) { - XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz); + if (pkcs7->stream->content == NULL) { + WOLFSSL_MSG("failed to grow content buffer."); + if (tempBuf != NULL) { + XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + tempBuf = NULL; + } + ret = MEMORY_E; + break; + } + else { + /* accumulate content */ + if (tempBuf != NULL && contBufSz != 0) { + XMEMCPY(pkcs7->stream->content, tempBuf, contBufSz); + } + XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx, + pkcs7->stream->expected); + if (tempBuf != NULL) { + XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + tempBuf = NULL; + } } - XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx, - pkcs7->stream->expected); - XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; } } @@ -5574,7 +5600,7 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; } /* store hashType for later hashing */ - pkcs7->stream->hashType = (int)hashType; + pkcs7->stream->hashType = hashType; /* restore idx */ idx = localIdx; @@ -5915,6 +5941,16 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf, wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_VERIFY_STAGE3); #ifndef NO_PKCS7_STREAM + #ifdef ASN_BER_TO_DER + /* setup hash struct for creating hash of content if needed */ + if (pkcs7->streamOutCb) { + ret = wc_HashInit_ex(&pkcs7->stream->hashAlg, + pkcs7->stream->hashType, pkcs7->heap, pkcs7->devId); + if (ret != 0) + break; + } + #endif /* ASN_BER_TO_DER */ + /* free pkcs7->stream->content buffer */ XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->stream->content = NULL; @@ -6210,7 +6246,6 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf, /* store current index to get the signerInfo index later */ certIdx2 = idx; - /* store certificate if needed */ if (length > 0 && in2Sz == 0) { /* free tmpCert if not NULL */ @@ -6577,8 +6612,31 @@ static int PKCS7_VerifySignedData(wc_PKCS7* pkcs7, const byte* hashBuf, pkcs7->contentSz = (word32)contentSz; if (ret == 0) { - ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, (word32)sigSz, - signedAttrib, (word32)signedAttribSz, + #if !defined(NO_PKCS7_STREAM) && defined(ASN_BER_TO_DER) + byte streamHash[WC_MAX_DIGEST_SIZE]; + + /* get final hash if having done hash updates while + * streaming out the content */ + if (pkcs7->streamOutCb) { + ret = wc_HashFinal(&pkcs7->stream->hashAlg, + pkcs7->stream->hashType, streamHash); + hashBuf = streamHash; + length = wc_HashGetDigestSize(pkcs7->stream->hashType); + if (length < 0) { + WOLFSSL_MSG("Error getting digest size"); + ret = ASN_PARSE_E; + } + else { + hashSz = (word32)length; + } + wc_HashFree(&pkcs7->stream->hashAlg, + pkcs7->stream->hashType); + if (ret != 0) + break; + } + #endif /* !NO_PKCS7_STREAM && ASN_BER_TO_DER */ + ret = wc_PKCS7_SignedDataVerifySignature(pkcs7, sig, + (word32)sigSz, signedAttrib, (word32)signedAttribSz, hashBuf, hashSz); } } @@ -8400,34 +8458,21 @@ static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, } -/* decrypt content using encryptOID algo - * returns 0 on success */ -static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, - int keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, - word32 authTagSz, byte* in, int inSz, byte* out, int devId, void* heap) +static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, word32 encryptOID, + byte* key, word32 keySz, byte* iv, int ivSz, int devId, void* heap) { int ret; #ifndef NO_AES -#ifdef WOLFSSL_SMALL_STACK Aes *aes; -#else - Aes aes[1]; -#endif #endif #ifndef NO_DES3 - Des des; - Des3 des3; + Des *des; + Des3 *des3; #endif - if (iv == NULL || in == NULL || out == NULL) + if (iv == NULL) return BAD_FUNC_ARG; - if (pkcs7->decryptionCb != NULL) { - return pkcs7->decryptionCb(pkcs7, encryptOID, iv, ivSz, - aad, aadSz, authTag, authTagSz, in, - inSz, out, pkcs7->decryptionCtx); - } - if (key == NULL) return BAD_FUNC_ARG; @@ -8455,27 +8500,18 @@ static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, #endif (ivSz != WC_AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; -#ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) + + pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL, + DYNAMIC_TYPE_AES); + aes = pkcs7->decryptKey.aes; + if (aes == NULL) return MEMORY_E; -#endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION); - if (ret == 0) { - ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz); - #ifdef WOLFSSL_ASYNC_CRYPT - /* async decrypt not available here, so block till done */ - ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); - #endif - } - wc_AesFree(aes); } -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); -#endif break; + #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 @@ -8489,31 +8525,15 @@ static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, #endif #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \ defined(WOLFSSL_AES_256) - if (authTag == NULL) - return BAD_FUNC_ARG; - -#ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) + pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL, + DYNAMIC_TYPE_AES); + aes = pkcs7->decryptKey.aes; + if (aes == NULL) return MEMORY_E; -#endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, (word32)keySz); - if (ret == 0) { - ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, - (word32)ivSz, authTag, authTagSz, - aad, aadSz); - #ifdef WOLFSSL_ASYNC_CRYPT - /* async decrypt not available here, so block till done */ - ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); - #endif - } - wc_AesFree(aes); } -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); -#endif break; #endif #endif /* HAVE_AESGCM */ @@ -8529,31 +8549,15 @@ static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, #endif #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \ defined(WOLFSSL_AES_256) - if (authTag == NULL) - return BAD_FUNC_ARG; - -#ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) + pkcs7->decryptKey.aes = (Aes *)XMALLOC(sizeof *aes, NULL, + DYNAMIC_TYPE_AES); + aes = pkcs7->decryptKey.aes; + if (aes == NULL) return MEMORY_E; -#endif ret = wc_AesInit(aes, heap, devId); if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, (word32)keySz); - if (ret == 0) { - ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, - (word32)ivSz, authTag, authTagSz, - aad, aadSz); - #ifdef WOLFSSL_ASYNC_CRYPT - /* async decrypt not available here, so block till done */ - ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); - #endif - } - wc_AesFree(aes); } -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); -#endif break; #endif #endif /* HAVE_AESCCM */ @@ -8563,26 +8567,27 @@ static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) return BAD_FUNC_ARG; - ret = wc_Des_SetKey(&des, key, iv, DES_DECRYPTION); - if (ret == 0) - ret = wc_Des_CbcDecrypt(&des, out, in, (word32)inSz); - + pkcs7->decryptKey.des = (Des *)XMALLOC(sizeof *des, NULL, + DYNAMIC_TYPE_PKCS7); + des = pkcs7->decryptKey.des; + if (des == NULL) { + return MEMORY_E; + } + ret = wc_Des_SetKey(des, key, iv, DES_DECRYPTION); break; case DES3b: if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE) return BAD_FUNC_ARG; - ret = wc_Des3Init(&des3, heap, devId); + pkcs7->decryptKey.des3 = (Des3 *)XMALLOC(sizeof *des3, NULL, + DYNAMIC_TYPE_PKCS7); + des3 = pkcs7->decryptKey.des3; + if (des3 == NULL) { + return MEMORY_E; + } + ret = wc_Des3Init(des3, heap, devId); if (ret == 0) { - ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION); - if (ret == 0) { - ret = wc_Des3_CbcDecrypt(&des3, out, in, (word32)inSz); - #ifdef WOLFSSL_ASYNC_CRYPT - /* async decrypt not available here, so block till done */ - ret = wc_AsyncWait(ret, &des3.asyncDev, WC_ASYNC_FLAG_NONE); - #endif - } - wc_Des3Free(&des3); + ret = wc_Des3_SetKey(des3, key, iv, DES_DECRYPTION); } break; @@ -8592,77 +8597,283 @@ static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, return ALGO_ID_E; }; -#if defined(NO_AES) || (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM)) - (void)authTag; - (void)authTagSz; - (void)aad; - (void)aadSz; -#endif - return ret; } -/* Generate random block, place in out, return 0 on success negative on error. - * Used for generation of IV, nonce, etc */ -static int wc_PKCS7_GenerateBlock(wc_PKCS7* pkcs7, WC_RNG* rng, byte* out, - word32 outSz) +/* Only does decryption of content using encryptOID algo and already set keys + * returns 0 on success */ +static int wc_PKCS7_DecryptContentEx(wc_PKCS7* pkcs7, word32 encryptOID, + byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, + word32 authTagSz, byte* in, int inSz, byte* out) { int ret; - WC_RNG* rnd = NULL; - if (out == NULL || outSz == 0) + if (in == NULL + #ifdef ASN_BER_TO_DER + && pkcs7->getContentCb == NULL + #endif + ) { return BAD_FUNC_ARG; + } - /* input RNG is optional, init local one if input rng is NULL */ - if (rng == NULL) { - rnd = (WC_RNG*)XMALLOC(sizeof(WC_RNG), pkcs7->heap, DYNAMIC_TYPE_RNG); - if (rnd == NULL) - return MEMORY_E; - - ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId); - if (ret != 0) { - XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); - return ret; - } + switch (encryptOID) { +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 + case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 + case AES256CBCb: + #endif + ret = wc_AesCbcDecrypt(pkcs7->decryptKey.aes, out, in, + (word32)inSz); + #ifdef WOLFSSL_ASYNC_CRYPT + /* async decrypt not available here, so block till done */ + ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev, + WC_ASYNC_FLAG_NONE); + #endif + break; + #endif /* HAVE_AES_CBC */ + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + case AES128GCMb: + #endif + #ifdef WOLFSSL_AES_192 + case AES192GCMb: + #endif + #ifdef WOLFSSL_AES_256 + case AES256GCMb: + #endif + #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \ + defined(WOLFSSL_AES_256) + if (authTag == NULL) + return BAD_FUNC_ARG; - } else { - rnd = rng; - } + ret = wc_AesGcmDecrypt(pkcs7->decryptKey.aes, out, in, + (word32)inSz, iv, (word32)ivSz, authTag, authTagSz, + aad, aadSz); + #ifdef WOLFSSL_ASYNC_CRYPT + /* async decrypt not available here, so block till done */ + ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev, + WC_ASYNC_FLAG_NONE); + #endif + break; + #endif + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + case AES128CCMb: + #endif + #ifdef WOLFSSL_AES_192 + case AES192CCMb: + #endif + #ifdef WOLFSSL_AES_256 + case AES256CCMb: + #endif + ret = wc_AesCcmDecrypt(pkcs7->decryptKey.aes, out, in, + (word32)inSz, iv, (word32)ivSz, authTag, authTagSz, + aad, aadSz); + #ifdef WOLFSSL_ASYNC_CRYPT + /* async decrypt not available here, so block till done */ + ret = wc_AsyncWait(ret, &pkcs7->decryptKey.aes->asyncDev, + WC_ASYNC_FLAG_NONE); + #endif + break; + #endif /* HAVE_AESCCM */ +#endif /* !NO_AES */ +#ifndef NO_DES3 + case DESb: + ret = wc_Des_CbcDecrypt(pkcs7->decryptKey.des, out, in, + (word32)inSz); + break; - ret = wc_RNG_GenerateBlock(rnd, out, outSz); + case DES3b: + ret = wc_Des3_CbcDecrypt(pkcs7->decryptKey.des3, out, in, + (word32)inSz); + #ifdef WOLFSSL_ASYNC_CRYPT + /* async decrypt not available here, so block till done */ + ret = wc_AsyncWait(ret, + &pkcs7->decryptKey.des3->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + break; +#endif /* !NO_DES3 */ + default: + WOLFSSL_MSG("Unsupported content cipher type"); + return ALGO_ID_E; + }; - if (rng == NULL) { - wc_FreeRng(rnd); - XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); - } +#if defined(NO_AES) || (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM)) + (void)authTag; + (void)authTagSz; + (void)aad; + (void)aadSz; +#endif return ret; } -/* Set default SignerIdentifier type to be used. Is either - * IssuerAndSerialNumber or SubjectKeyIdentifier. Encoding defaults to using - * IssuerAndSerialNumber unless set with this function or explicitly - * overridden via options when adding RecipientInfo type. - * - * Using the type DEGENERATE_SID skips over signer information. In degenerate - * cases there are no signers. - * - * pkcs7 - pointer to initialized PKCS7 structure - * type - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID - * - * return 0 on success, negative upon error */ -int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type) +/* clears up struct for algo used and free's memory */ +static void wc_PKCS7_DecryptContentFree(wc_PKCS7* pkcs7, word32 encryptOID, + void* heap) { - if (pkcs7 == NULL) - return BAD_FUNC_ARG; - - if (type != CMS_ISSUER_AND_SERIAL_NUMBER && - type != CMS_SKID && - type != DEGENERATE_SID) { - return BAD_FUNC_ARG; - } + switch (encryptOID) { +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 + case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 + case AES256CBCb: + #endif + #endif /* HAVE_AES_CBC */ + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + case AES128GCMb: + #endif + #ifdef WOLFSSL_AES_192 + case AES192GCMb: + #endif + #ifdef WOLFSSL_AES_256 + case AES256GCMb: + #endif + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + case AES128CCMb: + #endif + #ifdef WOLFSSL_AES_192 + case AES192CCMb: + #endif + #ifdef WOLFSSL_AES_256 + case AES256CCMb: + #endif + #endif /* HAVE_AESCCM */ + if (pkcs7->decryptKey.aes != NULL) { + wc_AesFree(pkcs7->decryptKey.aes); + XFREE(pkcs7->decryptKey.aes, heap, DYNAMIC_TYPE_AES); + pkcs7->decryptKey.aes = NULL; + } + break; +#endif /* !NO_AES */ +#ifndef NO_DES3 + case DESb: + if (pkcs7->decryptKey.des != NULL) { + XFREE(pkcs7->decryptKey.des, heap, DYNAMIC_TYPE_PKCS7); + pkcs7->decryptKey.des = NULL; + } + break; + case DES3b: + if (pkcs7->decryptKey.des3 != NULL) { + wc_Des3Free(pkcs7->decryptKey.des3); + XFREE(pkcs7->decryptKey.des3, heap, DYNAMIC_TYPE_PKCS7); + pkcs7->decryptKey.des3 = NULL; + } + break; +#endif /* !NO_DES3 */ + default: + WOLFSSL_MSG("Unsupported content cipher type"); + }; +} + + +/* decrypts the content in one shot, doing init / decrypt / free + * returns 0 on success + */ +static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, word32 encryptOID, + byte* key, word32 keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, + byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out, + int devId, void* heap) +{ + int ret; + + if (pkcs7->decryptionCb != NULL) { + return pkcs7->decryptionCb(pkcs7, (int)encryptOID, iv, ivSz, + aad, aadSz, authTag, authTagSz, in, + inSz, out, pkcs7->decryptionCtx); + } + + ret = wc_PKCS7_DecryptContentInit(pkcs7, encryptOID, key, keySz, iv, ivSz, + devId, heap); + + if (ret == 0) { + ret = wc_PKCS7_DecryptContentEx(pkcs7, encryptOID, iv, ivSz, aad, + aadSz, authTag, authTagSz, in, inSz, out); + } + + wc_PKCS7_DecryptContentFree(pkcs7, encryptOID, heap); + + return ret; +} + + +/* Generate random block, place in out, return 0 on success negative on error. + * Used for generation of IV, nonce, etc */ +static int wc_PKCS7_GenerateBlock(wc_PKCS7* pkcs7, WC_RNG* rng, byte* out, + word32 outSz) +{ + int ret; + WC_RNG* rnd = NULL; + + if (out == NULL || outSz == 0) + return BAD_FUNC_ARG; + + /* input RNG is optional, init local one if input rng is NULL */ + if (rng == NULL) { + rnd = (WC_RNG*)XMALLOC(sizeof(WC_RNG), pkcs7->heap, DYNAMIC_TYPE_RNG); + if (rnd == NULL) + return MEMORY_E; + + ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId); + if (ret != 0) { + XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); + return ret; + } + + } else { + rnd = rng; + } + + ret = wc_RNG_GenerateBlock(rnd, out, outSz); + + if (rng == NULL) { + wc_FreeRng(rnd); + XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); + } + + return ret; +} + + +/* Set default SignerIdentifier type to be used. Is either + * IssuerAndSerialNumber or SubjectKeyIdentifier. Encoding defaults to using + * IssuerAndSerialNumber unless set with this function or explicitly + * overridden via options when adding RecipientInfo type. + * + * Using the type DEGENERATE_SID skips over signer information. In degenerate + * cases there are no signers. + * + * pkcs7 - pointer to initialized PKCS7 structure + * type - either CMS_ISSUER_AND_SERIAL_NUMBER, CMS_SKID or DEGENERATE_SID + * + * return 0 on success, negative upon error */ +int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type) +{ + if (pkcs7 == NULL) + return BAD_FUNC_ARG; + + if (type != CMS_ISSUER_AND_SERIAL_NUMBER && + type != CMS_SKID && + type != DEGENERATE_SID) { + return BAD_FUNC_ARG; + } pkcs7->sidType = type; @@ -8697,14 +8908,10 @@ int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz) /* return size of padded data, padded to blockSz chunks, or negative on error */ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) { - word32 padSz; - if (blockSz == 0) return BAD_FUNC_ARG; - padSz = blockSz - (inputSz % blockSz); - - return (int)padSz; + return (int)(blockSz - (inputSz % blockSz)); } @@ -8713,28 +8920,16 @@ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, word32 blockSz) { - int ret; - word32 i, padSz; - if (in == NULL || inSz == 0 || - out == NULL || outSz == 0) + out == NULL || outSz == 0 || blockSz == 0) return BAD_FUNC_ARG; - ret = wc_PKCS7_GetPadSize(inSz, blockSz); - if (ret < 0) - return ret; - padSz = (word32)ret; - - if (outSz < (inSz + padSz)) + if (outSz < wc_PkcsPad(NULL, inSz, blockSz)) return BAD_FUNC_ARG; XMEMCPY(out, in, inSz); - for (i = 0; i < padSz; i++) { - out[inSz + i] = (byte)padSz; - } - - return (int)(inSz + padSz); + return (int)wc_PkcsPad(out, inSz, blockSz); } @@ -8870,10 +9065,9 @@ static int wc_PKCS7_GenerateKEK_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen, /* RFC3211 (Section 2.3.1) key wrap algorithm (id-alg-PWRI-KEK). * * Returns output size on success, negative upon error */ -static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kekSz, - const byte* cek, word32 cekSz, - byte* out, word32 *outSz, - const byte* iv, word32 ivSz, int algID) +static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek, + word32 kekSz, const byte* cek, word32 cekSz, + byte* out, word32 *outSz, const byte* iv, word32 ivSz, int algID) { WC_RNG rng; int blockSz, outLen, ret; @@ -8926,8 +9120,8 @@ static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kek if (ret == 0) { /* encrypt, normal */ ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, - (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out, - outLen, out); + (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out, + outLen, out); } if (ret == 0) { @@ -8956,7 +9150,7 @@ static int wc_PKCS7_PwriKek_KeyWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kek static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek, word32 kekSz, const byte* in, word32 inSz, byte* out, word32 outSz, const byte* iv, - word32 ivSz, int algID) + word32 ivSz, word32 algID) { int blockSz, cekLen, ret; byte* tmpIv = NULL; @@ -8973,7 +9167,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek, return MEMORY_E; /* get encryption algorithm block size */ - blockSz = wc_PKCS7_GetOIDBlockSize(algID); + blockSz = wc_PKCS7_GetOIDBlockSize((int)algID); if (blockSz <= 0) { XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (blockSz < 0) @@ -8995,21 +9189,21 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(wc_PKCS7* pkcs7, const byte* kek, tmpIv = lastBlock - blockSz; /* decrypt last block */ - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, tmpIv, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, tmpIv, blockSz, NULL, 0, NULL, 0, lastBlock, blockSz, outTmp + inSz - blockSz, pkcs7->devId, pkcs7->heap); if (ret == 0) { /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */ lastBlock = outTmp + inSz - blockSz; - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap); } if (ret == 0) { /* decrypt using original kek and iv */ - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz, outTmp, pkcs7->devId, pkcs7->heap); } @@ -9224,7 +9418,8 @@ int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen, totalSz += (kdfSaltOctetStrSz + saltSz); /* set KDF iteration count */ - kdfIterationsSz = (word32)SetMyVersion((word32)iterations, kdfIterations, 0); + kdfIterationsSz = (word32)SetMyVersion((word32)iterations, kdfIterations, + 0); totalSz += kdfIterationsSz; /* set KDF params SEQ */ @@ -9436,8 +9631,8 @@ int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek, #endif encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz, - encryptedKey, (word32)encryptedKeySz, keyWrapOID, - direction); + encryptedKey, (word32)encryptedKeySz, keyWrapOID, + direction); if (encryptedKeySz < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9817,8 +10012,8 @@ int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) return BAD_FUNC_ARG; } - encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, - encContentOctet, pkcs7->encodeStream); + encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, + (word32)encryptedOutSz, encContentOctet, pkcs7->encodeStream); encContentSeqSz = (int)SetSequenceEx((word32)(contentTypeSz + contentEncAlgoSz + ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz), @@ -9847,18 +10042,19 @@ int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) /* resize encrypted content buffer */ if (encryptedContent != NULL) { - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - encryptedContent = (byte*)XMALLOC(streamSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); - if (encryptedContent == NULL) { - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - return MEMORY_E; - } + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = (byte*)XMALLOC(streamSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (encryptedContent == NULL) { + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + wc_PKCS7_FreeEncodedRecipientSet(pkcs7); + return MEMORY_E; + } } } #endif - envDataSeqSz = (int)SetSequenceEx((word32)totalSz, envDataSeq, pkcs7->encodeStream); + envDataSeqSz = (int)SetSequenceEx((word32)totalSz, envDataSeq, + pkcs7->encodeStream); totalSz += envDataSeqSz; #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { @@ -9867,7 +10063,8 @@ int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) #endif /* outer content */ - outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, pkcs7->encodeStream); + outerContentSz = (int)SetExplicit(0, (word32)totalSz, outerContent, + pkcs7->encodeStream); #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { totalSz += ASN_INDEF_END_SZ; @@ -10087,8 +10284,6 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz, ret = BUFFER_E; break; } - pkcs7->stream->expected = (pkcs7->stream->maxLen - - pkcs7->stream->totalRd) + pkcs7->stream->length; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_2); FALL_THROUGH; @@ -10127,7 +10322,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz, } pkcs7->stream->expected = (word32)sz + MAX_ALGO_SZ + ASN_TAG_SZ + - MAX_LENGTH_SZ; + MAX_LENGTH_SZ + 512; if (pkcs7->stream->length > 0 && pkcs7->stream->length < pkcs7->stream->expected) { return WC_PKCS7_WANT_READ_E; @@ -10248,7 +10443,8 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz, if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { break; } - wc_PKCS7_StreamStoreVar(pkcs7, (word32)encryptedKeySz, sidType, version); + wc_PKCS7_StreamStoreVar(pkcs7, (word32)encryptedKeySz, sidType, + version); pkcs7->stream->expected = (word32)encryptedKeySz; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_DECRYPT_KTRI_3); @@ -10331,8 +10527,8 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz, if (encOID != RSAESOAEPk) { #endif keySz = wc_RsaPrivateDecryptInline(encryptedKey, - (word32)encryptedKeySz, &outKey, - privKey); + (word32)encryptedKeySz, &outKey, + privKey); #ifndef WC_NO_RSA_OAEP } else { @@ -10964,7 +11160,8 @@ static int wc_PKCS7_DecryptOri(wc_PKCS7* pkcs7, byte* in, word32 inSz, return PKCS7_RECIP_E; } - /* mark recipFound, since we only support one RecipientInfo for now */ + /* mark recipFound, since we only support one RecipientInfo for + * now */ *recipFound = 1; #ifndef NO_PKCS7_STREAM @@ -11120,7 +11317,8 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz, } if (length != blockSz) { - WOLFSSL_MSG("Incorrect IV length, must be of content alg block size"); + WOLFSSL_MSG("Incorrect IV length, must be of content alg block " + "size"); XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; } @@ -11175,7 +11373,7 @@ static int wc_PKCS7_DecryptPwri(wc_PKCS7* pkcs7, byte* in, word32 inSz, ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz, pkiMsg + (*idx), (word32)length, cek, cekSz, tmpIv, (word32)blockSz, - (int)pwriEncAlgoId); + pwriEncAlgoId); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11275,8 +11473,8 @@ static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz, localIdx = *idx; if ((*idx < kekIdSz) && GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 && tag == ASN_GENERALIZED_TIME) { - if (wc_GetDateInfo(pkiMsg + *idx, (int)pkiMsgSz, &datePtr, &dateFormat, - &dateLen) != 0) { + if (wc_GetDateInfo(pkiMsg + *idx, (int)pkiMsgSz, &datePtr, + &dateFormat, &dateLen) != 0) { return ASN_PARSE_E; } *idx += (word32)(dateLen + 1); @@ -11303,7 +11501,8 @@ static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz, } /* get KeyEncryptionAlgorithmIdentifier */ - if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz) < 0) + if (GetAlgoId(pkiMsg, idx, &keyWrapOID, oidKeyWrapType, pkiMsgSz) + < 0) return ASN_PARSE_E; /* get EncryptedKey */ @@ -11324,22 +11523,24 @@ static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz, /* decrypt CEK with KEK */ if (pkcs7->wrapCEKCb) { - keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, (word32)length, keyId, - keyIdSz, NULL, 0, decryptedKey, - *decryptedKeySz, (int)keyWrapOID, - (int)PKCS7_KEKRI, direction); + keySz = pkcs7->wrapCEKCb(pkcs7, pkiMsg + *idx, (word32)length, + keyId, keyIdSz, NULL, 0, decryptedKey, + *decryptedKeySz, (int)keyWrapOID, + (int)PKCS7_KEKRI, direction); } else { - keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length, pkcs7->privateKey, - pkcs7->privateKeySz, decryptedKey, *decryptedKeySz, - (int)keyWrapOID, direction); + keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length, + pkcs7->privateKey, pkcs7->privateKeySz, + decryptedKey, *decryptedKeySz, + (int)keyWrapOID, direction); } if (keySz <= 0) return keySz; *decryptedKeySz = (word32)keySz; - /* mark recipFound, since we only support one RecipientInfo for now */ + /* mark recipFound, since we only support one RecipientInfo for + * now */ *recipFound = 1; *idx += (word32)length; @@ -11387,7 +11588,6 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, #ifndef NO_PKCS7_STREAM word32 tmpIdx = (idx) ? *idx : 0; #endif - WOLFSSL_ENTER("wc_PKCS7_DecryptKari"); if (pkcs7 == NULL || pkiMsg == NULL || idx == NULL || decryptedKey == NULL || decryptedKeySz == NULL) { @@ -11431,9 +11631,10 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, /* parse cert and key */ ret = wc_PKCS7_KariParseRecipCert(kari, (byte*)pkcs7->singleCert, - pkcs7->singleCertSz, pkcs7->privateKey, - pkcs7->privateKeySz); - if (ret != 0) { + pkcs7->singleCertSz, pkcs7->privateKey, + pkcs7->privateKeySz); + + if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11453,7 +11654,8 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, } /* try and remove optional UserKeyingMaterial */ - ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz, idx); + ret = wc_PKCS7_KariGetUserKeyingMaterial(kari, pkiMsg, pkiMsgSz, + idx); if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK @@ -11473,7 +11675,8 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, return ret; } - /* if user has not explicitly set keyAgreeOID, set from one in bundle */ + /* if user has not explicitly set keyAgreeOID, set from one in + * bundle */ if (pkcs7->keyAgreeOID == 0) pkcs7->keyAgreeOID = (int)keyAgreeOID; @@ -11528,6 +11731,10 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, ret = wc_ecc_export_x963(kari->senderKey, NULL, &tmpKeySz); PRIVATE_KEY_LOCK(); if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + #endif return ret; } @@ -11542,21 +11749,29 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, tmpKeyDer = (byte*)XMALLOC(tmpKeySz, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmpKeyDer == NULL) { + wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + #endif return MEMORY_E; } ret = wc_EccPublicKeyToDer(kari->senderKey, tmpKeyDer, tmpKeySz, 1); if (ret < 0) { + wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + #endif XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } tmpKeySz = (word32)ret; - keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey, (word32)encryptedKeySz, - rid, (word32)keyIdSize, tmpKeyDer, tmpKeySz, - decryptedKey, *decryptedKeySz, - (int)keyWrapOID, (int)PKCS7_KARI, direction); + keySz = pkcs7->wrapCEKCb(pkcs7, encryptedKey, + (word32)encryptedKeySz, rid, (word32)keyIdSize, tmpKeyDer, + tmpKeySz, decryptedKey, *decryptedKeySz, + (int)keyWrapOID, (int)PKCS7_KARI, direction); XFREE(tmpKeyDer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (keySz > 0) { @@ -11569,8 +11784,8 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, } else { /* create KEK */ - ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, (int)keyWrapOID, - pkcs7->keyAgreeOID); + ret = wc_PKCS7_KariGenerateKEK(kari, pkcs7->rng, + (int)keyWrapOID, pkcs7->keyAgreeOID); if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK @@ -11580,9 +11795,9 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz, } /* decrypt CEK with KEK */ - keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz, kari->kek, - kari->kekSz, decryptedKey, *decryptedKeySz, - (int)keyWrapOID, direction); + keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz, + kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz, + (int)keyWrapOID, direction); } if (keySz <= 0) { wc_PKCS7_KariFree(kari); @@ -11710,7 +11925,7 @@ static int wc_PKCS7_DecryptRecipientInfos(wc_PKCS7* pkcs7, byte* in, /* when looking for next recipient, use first sequence and version to * indicate there is another, if not, move on */ - while(*recipFound == 0) { + while (*recipFound == 0) { /* remove RecipientInfo, if we don't have a SEQUENCE, back up idx to * last good saved one */ @@ -11902,7 +12117,6 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, switch (pkcs7->state) { case WC_PKCS7_INFOSET_START: - case WC_PKCS7_INFOSET_BER: case WC_PKCS7_INFOSET_STAGE1: case WC_PKCS7_INFOSET_STAGE2: case WC_PKCS7_INFOSET_END: @@ -11934,41 +12148,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, if (ret == 0 && length == 0 && pkiMsg[(*idx)-1] == 0x80) { #ifdef ASN_BER_TO_DER - word32 len; - - wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_INFOSET_BER); - FALL_THROUGH; - - /* full buffer is needed for conversion */ - case WC_PKCS7_INFOSET_BER: - #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, - pkcs7->stream->maxLen - pkcs7->stream->length, - &pkiMsg, idx)) != 0) { - return ret; - } - pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: - inSz; - #endif - - len = 0; - - ret = wc_BerToDer(pkiMsg, pkiMsgSz, NULL, &len); - if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) - return ret; - pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (pkcs7->der == NULL) - return MEMORY_E; - ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len); - if (ret < 0) - return ret; - - pkiMsg = in = pkcs7->der; - pkiMsgSz = pkcs7->derSz = inSz = len; - *idx = 0; - - if (GetSequence(pkiMsg, idx, &length, pkiMsgSz) < 0) - return ASN_PARSE_E; + pkcs7->indefDepth++; #else return BER_INDEF_E; #endif @@ -11997,7 +12177,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, ret = ASN_PARSE_E; if (ret == 0) { - if (type == ENVELOPED_DATA && contentType != ENVELOPED_DATA) { + if (type == ENVELOPED_DATA && contentType != + ENVELOPED_DATA) { WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData"); ret = PKCS7_OID_E; } else if (type == AUTH_ENVELOPED_DATA && @@ -12087,7 +12268,8 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, } else { /* AuthEnvelopedData version MUST be 0 */ if (version != 0) { - WOLFSSL_MSG("PKCS#7 AuthEnvelopedData needs to be of version 0"); + WOLFSSL_MSG( + "PKCS#7 AuthEnvelopedData needs to be of version 0"); ret = ASN_VERSION_E; } } @@ -12101,6 +12283,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in, break; #ifndef NO_PKCS7_STREAM + pkcs7->stream->expected = (word32)length; if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { break; } @@ -12137,6 +12320,7 @@ WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz) } +#if 0 /* append data to encrypted content cache in PKCS7 structure * return 0 on success, negative on error */ static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz) @@ -12170,6 +12354,7 @@ static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz) return 0; } +#endif /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */ @@ -12198,15 +12383,22 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, byte padLen; byte* encryptedContent = NULL; int explicitOctet = 0; - word32 localIdx; + word32 localIdx = 0; byte tag = 0; if (pkcs7 == NULL) return BAD_FUNC_ARG; - if (pkiMsg == NULL || pkiMsgSz == 0 || - output == NULL || outputSz == 0) + if (pkiMsg == NULL || pkiMsgSz == 0) + return BAD_FUNC_ARG; + + if ((output == NULL || outputSz == 0) + #ifdef ASN_BER_TO_DER + && pkcs7->streamOutCb == NULL + #endif + ) { return BAD_FUNC_ARG; + } #ifndef NO_PKCS7_STREAM (void)tmpIv; /* help out static analysis */ @@ -12220,7 +12412,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, switch (pkcs7->state) { case WC_PKCS7_START: case WC_PKCS7_INFOSET_START: - case WC_PKCS7_INFOSET_BER: case WC_PKCS7_INFOSET_STAGE1: case WC_PKCS7_INFOSET_STAGE2: case WC_PKCS7_INFOSET_END: @@ -12230,17 +12421,6 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, break; } - #ifdef ASN_BER_TO_DER - /* check if content was BER and has been converted to DER */ - if (pkcs7->derSz > 0) { - pkiMsg = in = pkcs7->der; - inSz = pkcs7->derSz; - #ifdef NO_PKCS7_STREAM - pkiMsgSz = pkcs7->derSz; - #endif - } - #endif - decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (decryptedKey == NULL) @@ -12278,7 +12458,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, decryptedKey, &decryptedKeySz, &recipFound); if (ret == 0 && recipFound == 0) { - WOLFSSL_MSG("No recipient found in envelopedData that matches input"); + WOLFSSL_MSG( + "No recipient found in envelopedData that matches input"); ret = PKCS7_RECIP_E; } @@ -12287,6 +12468,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, #ifndef NO_PKCS7_STREAM tmpIdx = idx; pkcs7->stream->aadSz = decryptedKeySz; + pkcs7->stream->expected = MAX_LENGTH_SZ + MAX_VERSION_SZ + + ASN_TAG_SZ + MAX_LENGTH_SZ; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_3); FALL_THROUGH; @@ -12294,10 +12477,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, case WC_PKCS7_ENV_3: #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ + - MAX_VERSION_SZ + ASN_TAG_SZ + - MAX_LENGTH_SZ, &pkiMsg, &idx)) - != 0) { + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { return ret; } pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; @@ -12311,6 +12492,40 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, ret = ASN_PARSE_E; } + #ifndef NO_PKCS7_STREAM + if (length == 0) { + /* if indefinite length, assume worst case size + * - Content Type OID + tag/length + * - Algorithm ID structure (OID + parameters) + * - Version + */ + pkcs7->stream->expected = MAX_SEQ_SZ + /* outer sequence */ + MAX_OID_SZ + /* content type OID */ + MAX_ALGO_SZ + /* algo identifier */ + MAX_VERSION_SZ +/* version */ + ASN_TAG_SZ + /* tag */ + MAX_LENGTH_SZ; /* length */ + } + else { + /* revize expected size if known */ + pkcs7->stream->expected = (word32)length + ASN_TAG_SZ; + } + + /* Did we get enough for the expected length? */ + if (pkcs7->stream->expected > pkiMsgSz) { + localIdx = idx; + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { + return ret; + } + pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: + inSz; + if (pkcs7->stream->length > 0) { + idx = localIdx; /* account for byte used with seq read */ + } + } + #endif + if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) { ret = ASN_PARSE_E; @@ -12350,7 +12565,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, } if (ret == 0 && length != expBlockSz) { - WOLFSSL_MSG("Incorrect IV length, must be of content alg block size"); + WOLFSSL_MSG( + "Incorrect IV length, must be of content alg block size"); ret = ASN_PARSE_E; } @@ -12362,8 +12578,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, } wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, length); pkcs7->stream->contentSz = (word32)blockKeySz; - pkcs7->stream->expected = (word32)length + MAX_LENGTH_SZ + MAX_LENGTH_SZ + - ASN_TAG_SZ + ASN_TAG_SZ; + pkcs7->stream->expected = (word32)length + MAX_LENGTH_SZ + + MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_4); FALL_THROUGH; @@ -12405,8 +12621,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, } idx++; - if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentTotalSz, - pkiMsgSz) <= 0) { + if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentTotalSz, + pkiMsgSz, 0) < 0) { ret = ASN_PARSE_E; } @@ -12418,8 +12634,24 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, break; } pkcs7->stream->expected = (word32)encryptedContentTotalSz; + if (explicitOctet) { + pkcs7->stream->expected = MAX_OCTET_STR_SZ; + } wc_PKCS7_StreamGetVar(pkcs7, &encOID, &expBlockSz, 0); wc_PKCS7_StreamStoreVar(pkcs7, encOID, expBlockSz, explicitOctet); + + if (explicitOctet) { + /* initialize decryption state in preparation */ + if (pkcs7->decryptionCb == NULL) { + ret = wc_PKCS7_DecryptContentInit(pkcs7, encOID, + pkcs7->stream->aad, pkcs7->stream->aadSz, + pkcs7->stream->tmpIv, expBlockSz, + pkcs7->devId, pkcs7->heap); + if (ret != 0) + break; + } + } + #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_ENV_5); FALL_THROUGH; @@ -12436,6 +12668,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, tmpIv = pkcs7->stream->tmpIv; encryptedContentTotalSz = (int)pkcs7->stream->expected; + pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; + /* restore decrypted key */ decryptedKey = pkcs7->stream->aad; decryptedKeySz = pkcs7->stream->aadSz; @@ -12447,11 +12681,27 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, if (explicitOctet) { /* encrypted content may be fragmented into multiple * consecutive OCTET STRINGs, if so loop through - * collecting and caching encrypted content bytes */ - localIdx = idx; - while (idx < (localIdx + (word32)encryptedContentTotalSz)) { + * decrypting and outputting or caching contents until the indef + * ending tag is found */ - if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) { + while (1) { + encryptedContentSz = 0; + if (pkiMsgSz <= localIdx + MAX_OCTET_STR_SZ) { + #ifndef NO_PKCS7_STREAM + /* ran out of data to parse */ + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { + break; + } + pkiMsgSz = (pkcs7->stream->length > 0) ? + pkcs7->stream->length : inSz; + #else + ret = BUFFER_E; + #endif + } + + localIdx = idx; + if (GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) < 0) { ret = ASN_PARSE_E; } @@ -12459,61 +12709,175 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, ret = ASN_PARSE_E; } - if (ret == 0 && GetLength(pkiMsg, &idx, - &encryptedContentSz, pkiMsgSz) <= 0) { + if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, + &encryptedContentSz, pkiMsgSz, 0) <= 0) { ret = ASN_PARSE_E; } + #ifndef NO_PKCS7_STREAM + if (ret == 0) { + /* always try to get 2 extra bytes to catch indef ending */ + pkcs7->stream->expected = (word32)encryptedContentSz + + (localIdx - idx) + ASN_INDEF_END_SZ; + } + #endif + + if (ret == 0 && + pkcs7->cachedEncryptedContentSz < + (word32)encryptedContentSz) { + if (pkcs7->cachedEncryptedContent != NULL) { + XFREE(pkcs7->cachedEncryptedContent, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + } + pkcs7->cachedEncryptedContent = (byte*)XMALLOC( + (word32)encryptedContentSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (pkcs7->cachedEncryptedContent == NULL) { + ret = MEMORY_E; + } + } + pkcs7->cachedEncryptedContentSz = + (word32)encryptedContentSz; + + /* sanity check that the buffer has all of the data */ + if (ret == 0 && (localIdx + (word32)encryptedContentSz) > + pkiMsgSz) { + #ifndef NO_PKCS7_STREAM + word32 ofsetIdx = localIdx - idx; + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &localIdx)) + != 0) { + return ret; + } + localIdx += ofsetIdx; + pkiMsgSz = (pkcs7->stream->length > 0)? + pkcs7->stream->length: inSz; + #else + ret = BUFFER_E; + #endif + } + + /* Use callback for decryption still, if set */ + if (ret == 0 && pkcs7->decryptionCb != NULL) { + ret = pkcs7->decryptionCb(pkcs7, (int)encOID, tmpIv, + expBlockSz, NULL, 0, NULL, 0, &pkiMsg[localIdx], + encryptedContentSz, pkcs7->cachedEncryptedContent, + pkcs7->decryptionCtx); + } if (ret == 0) { - ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx], - (word32)encryptedContentSz); + ret = wc_PKCS7_DecryptContentEx(pkcs7, encOID, + tmpIv, expBlockSz, NULL, 0, NULL, 0, + &pkiMsg[localIdx], encryptedContentSz, + pkcs7->cachedEncryptedContent); } + #ifndef NO_PKCS7_STREAM if (ret != 0) { + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + wc_PKCS7_StreamEndCase(pkcs7, &localIdx, &idx); + } break; } + #endif /* advance idx past encrypted content */ - idx += (word32)encryptedContentSz; + localIdx += (word32)encryptedContentSz; + + if (localIdx + ASN_INDEF_END_SZ <= pkiMsgSz) { + if (pkiMsg[localIdx] == ASN_EOC && + pkiMsg[localIdx+1] == ASN_EOC) { + /* found the end of encrypted content */ + localIdx += ASN_INDEF_END_SZ; + break; + } + } + #ifndef NO_PKCS7_STREAM + pkcs7->stream->expected = MAX_OCTET_STR_SZ; + if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &localIdx, + &localIdx)) != 0) { + break; + } + #endif + + /* save last decrypted string to handle padding (this output + * flush happens outside of the while loop in the case that + * the indef end was found) */ + if (ret == 0) { + #ifdef ASN_BER_TO_DER + if (pkcs7->streamOutCb) { + ret = pkcs7->streamOutCb(pkcs7, + pkcs7->cachedEncryptedContent, + (word32)encryptedContentSz, pkcs7->streamCtx); + } + #endif /* ASN_BER_TO_DER */ + } + + idx = localIdx; } if (ret != 0) { + if (ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + /* free up in an error case if not looking for more + * data */ + wc_PKCS7_DecryptContentFree(pkcs7, encOID, + pkcs7->heap); + } break; } - + wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap); } else { - /* cache encrypted content, no OCTET STRING */ - ret = PKCS7_CacheEncryptedContent(pkcs7, &pkiMsg[idx], - (word32)encryptedContentTotalSz); + pkcs7->cachedEncryptedContentSz = + (word32)encryptedContentTotalSz; + pkcs7->cachedEncryptedContent = (byte*)XMALLOC( + pkcs7->cachedEncryptedContentSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + + /* decrypt encryptedContent */ + ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey, + (word32)blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, + &pkiMsg[idx], encryptedContentTotalSz, + pkcs7->cachedEncryptedContent, + pkcs7->devId, pkcs7->heap); if (ret != 0) { break; } + idx += (word32)encryptedContentTotalSz; } /* use cached content */ encryptedContent = pkcs7->cachedEncryptedContent; encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz; - - /* decrypt encryptedContent */ - ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey, - blockKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, - encryptedContent, encryptedContentSz, encryptedContent, - pkcs7->devId, pkcs7->heap); - if (ret != 0) { - break; - } - padLen = encryptedContent[encryptedContentSz-1]; /* copy plaintext to output */ - if (padLen > encryptedContentSz || - (word32)(encryptedContentSz - padLen) > outputSz) { + if (padLen > encryptedContentSz) { ret = BUFFER_E; break; } - XMEMCPY(output, encryptedContent, + + #ifdef ASN_BER_TO_DER + if (pkcs7->streamOutCb) { + ret = pkcs7->streamOutCb(pkcs7, encryptedContent, + (word32)encryptedContentSz - padLen, + pkcs7->streamCtx); + if (ret != 0) { + WOLFSSL_MSG("Stream out callback returned failure"); + ret = BUFFER_E; + break; + } + } + else + #endif /* ASN_BER_TO_DER */ + { + if (output == NULL || (word32)(encryptedContentSz - padLen) > + outputSz) { + ret = BUFFER_E; + break; + } + XMEMCPY(output, encryptedContent, (word32)encryptedContentSz - padLen); + } /* free memory, zero out keys */ ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); @@ -12887,17 +13251,20 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, (int)pkcs7->unauthAttribsSz); unauthAttribsCount = pkcs7->unauthAttribsSz; - flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); - if (flatUnauthAttribs == NULL) { - wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - return MEMORY_E; + if (unauthAttribsSz > 0) { + flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (flatUnauthAttribs == NULL) { + wc_PKCS7_FreeEncodedRecipientSet(pkcs7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + return MEMORY_E; + } + + FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs, + (int)unauthAttribsCount); } - FlattenAttributes(pkcs7, flatUnauthAttribs, unauthAttribs, - (int)unauthAttribsCount); unauthAttribsSetSz = SetImplicit(ASN_SET, 2, unauthAttribsSz, unauthAttribSet, 0); } @@ -12997,8 +13364,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, return BAD_FUNC_ARG; } - encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, - encContentOctet, 0); + encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, + (word32)encryptedOutSz, encContentOctet, 0); encContentSeqSz = (int)SetSequence((word32)contentTypeSz + (word32)contentEncAlgoSz + (word32)nonceOctetStringSz + nonceSz + macIntSz + @@ -13137,19 +13504,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, int expBlockSz = 0, blockKeySz = 0; byte authTag[WC_AES_BLOCK_SIZE]; byte nonce[GCM_NONCE_MID_SZ]; /* GCM nonce is larger than CCM */ - int nonceSz = 0, authTagSz = 0, macSz = 0; - -#ifdef WOLFSSL_SMALL_STACK + int nonceSz = 0, macSz = 0; + word32 authTagSz = 0; byte* decryptedKey = NULL; -#else - byte decryptedKey[MAX_ENCRYPTED_KEY_SZ]; -#endif int encryptedContentSz = 0; int encryptedAllocSz = 0; byte* encryptedContent = NULL; int explicitOctet = 0; - byte authAttribSetByte = 0; byte* encodedAttribs = NULL; word32 encodedAttribIdx = 0, encodedAttribSz = 0; byte* authAttrib = NULL; @@ -13195,9 +13557,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, break; } #endif - #ifdef WOLFSSL_SMALL_STACK decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + DYNAMIC_TYPE_PKCS7); if (decryptedKey == NULL) { ret = MEMORY_E; break; @@ -13207,7 +13568,6 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, } #ifndef NO_PKCS7_STREAM pkcs7->stream->key = decryptedKey; - #endif #endif XMEMSET(decryptedKey, 0, MAX_ENCRYPTED_KEY_SZ); FALL_THROUGH; @@ -13221,10 +13581,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, case WC_PKCS7_DECRYPT_ORI: decryptedKeySz = MAX_ENCRYPTED_KEY_SZ; - #ifdef WOLFSSL_SMALL_STACK - #ifndef NO_PKCS7_STREAM + #ifndef NO_PKCS7_STREAM decryptedKey = pkcs7->stream->key; - #endif #endif ret = wc_PKCS7_DecryptRecipientInfos(pkcs7, in, inSz, &idx, @@ -13235,32 +13593,48 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, } if (recipFound == 0) { - WOLFSSL_MSG("No recipient found in envelopedData that matches input"); + WOLFSSL_MSG( + "No recipient found in envelopedData that matches input"); ret = PKCS7_RECIP_E; break; } #ifndef NO_PKCS7_STREAM tmpIdx = idx; + pkcs7->stream->expected = MAX_SEQ_SZ; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_3); FALL_THROUGH; case WC_PKCS7_AUTHENV_3: #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ + - MAX_ALGO_SZ + MAX_ALGO_SZ + ASN_TAG_SZ, - &pkiMsg, &idx)) != 0) { + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { break; } pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; #endif /* remove EncryptedContentInfo */ - if (ret == 0 && GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) { + if (ret == 0 && GetSequence_ex(pkiMsg, &idx, &length, pkiMsgSz, 0) + < 0) { ret = ASN_PARSE_E; } + #ifndef NO_PKCS7_STREAM + /* check that the expected size was accurate */ + if (ret == 0) { + if (length > (int)pkcs7->stream->expected && length > + (int)pkiMsgSz) { + pkcs7->stream->expected = (word32)length + 1; + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { + break; + } + } + } + #endif + if (ret == 0 && wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) { ret = ASN_PARSE_E; @@ -13370,8 +13744,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, ret = ASN_PARSE_E; } - if (ret == 0 && GetLength(pkiMsg, &idx, &encryptedContentSz, - pkiMsgSz) <= 0) { + if (ret == 0 && GetLength_ex(pkiMsg, &idx, &encryptedContentSz, + pkiMsgSz, 0) <= 0) { ret = ASN_PARSE_E; } @@ -13411,7 +13785,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, } } - pkcs7->stream->expected = (word32)encryptedContentSz; + pkcs7->stream->expected = (word32)encryptedContentSz + + MAX_LENGTH_SZ + ASN_TAG_SZ + ASN_TAG_SZ; wc_PKCS7_StreamStoreVar(pkcs7, encOID, blockKeySz, encryptedContentSz); #endif @@ -13421,21 +13796,20 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, case WC_PKCS7_AUTHENV_5: #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ + - ASN_TAG_SZ + ASN_TAG_SZ + pkcs7->stream->expected, - &pkiMsg, &idx)) != 0) { + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { break; } pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; - encryptedContentSz = (int)pkcs7->stream->expected; + wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, + &encryptedContentSz); #else pkiMsgSz = inSz; #endif if (expBlockSz == 0) { #ifndef NO_PKCS7_STREAM - wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL); #endif if (encOID == 0) expBlockSz = 1; @@ -13468,7 +13842,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, idx += (word32)encryptedContentSz; } #ifndef NO_PKCS7_STREAM - pkcs7->stream->bufferPt = encryptedContent; + pkcs7->stream->bufferPt = encryptedContent; #endif /* may have IMPLICIT [1] authenticatedAttributes */ @@ -13476,11 +13850,11 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, if (ret == 0 && GetASNTag(pkiMsg, &localIdx, &tag, pkiMsgSz) == 0 && tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) { encodedAttribIdx = idx; - encodedAttribs = pkiMsg + idx; idx++; - if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) <= 0) + if (GetLength_ex(pkiMsg, &idx, &length, pkiMsgSz, 0) <= 0) { ret = ASN_PARSE_E; + } #ifndef NO_PKCS7_STREAM pkcs7->stream->expected = (word32)length; #endif @@ -13489,19 +13863,19 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, if (ret != 0) break; - #ifndef NO_PKCS7_STREAM if (encodedAttribSz > 0) { - pkcs7->stream->aadSz = encodedAttribSz; - pkcs7->stream->aad = (byte*)XMALLOC(encodedAttribSz, + encodedAttribs = (byte*)XMALLOC(encodedAttribSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (pkcs7->stream->aad == NULL) { + if (encodedAttribs == NULL) { ret = MEMORY_E; break; } - else { - XMEMCPY(pkcs7->stream->aad, encodedAttribs, - (idx - encodedAttribIdx)); - } + } + + #ifndef NO_PKCS7_STREAM + if (encodedAttribSz > 0) { + pkcs7->stream->aadSz = encodedAttribSz; + pkcs7->stream->aad = encodedAttribs; } if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { @@ -13515,7 +13889,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; } + pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ; #endif + wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND); goto authenv_atrbend; /* jump over attribute cases */ } FALL_THROUGH; @@ -13535,7 +13911,24 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, authAttrib = &pkiMsg[idx]; authAttribSz = length; - if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, authAttribSz) < 0) { + { + word32 ofst; + + /* From RFC5083, "For the purpose of constructing the + * AAD, the IMPLICIT [1] tag in the authAttrs field is + * not used for the DER encoding: rather a universal SET + * OF tag is used. */ + ofst = SetSet((word32)length, encodedAttribs); + + XMEMCPY(encodedAttribs + ofst, authAttrib, + (word32)authAttribSz); + } + + /* ignoring the size returned, we know it is + * idx - encodedAttribIdx from parsing what's given */ + + if (ret == 0 && wc_PKCS7_ParseAttribs(pkcs7, authAttrib, + authAttribSz) < 0) { WOLFSSL_MSG("Error parsing authenticated attributes"); ret = ASN_PARSE_E; break; @@ -13544,14 +13937,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, idx += (word32)length; #ifndef NO_PKCS7_STREAM - if (encodedAttribSz > 0) { - XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - (word32)length), - authAttrib, (word32)authAttribSz); + if (pkcs7->stream->aadSz > 0) { + XMEMCPY(pkcs7->stream->aad + (pkcs7->stream->aadSz - + (word32)length), authAttrib, (word32)authAttribSz); } if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; } - + pkcs7->stream->expected = MAX_LENGTH_SZ + ASN_TAG_SZ; #endif wc_PKCS7_ChangeState(pkcs7, WC_PKCS7_AUTHENV_ATRBEND); FALL_THROUGH; @@ -13559,8 +13952,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, case WC_PKCS7_AUTHENV_ATRBEND: authenv_atrbend: #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_LENGTH_SZ + - ASN_TAG_SZ, &pkiMsg, &idx)) != 0) { + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { return ret; } pkiMsgSz = (pkcs7->stream->length > 0)? pkcs7->stream->length: inSz; @@ -13572,34 +13965,44 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, #endif - /* get authTag OCTET STRING */ - if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) { + localIdx = idx; + + /* Get authTag OCTET STRING */ + if (ret == 0 && pkiMsg[localIdx] != ASN_OCTET_STRING) { ret = ASN_PARSE_E; } - if (ret == 0 && tag != ASN_OCTET_STRING) { + localIdx++; /* move past ASN_OCTET_STRING */ + + if (ret == 0 && GetLength_ex(pkiMsg, &localIdx, &length, + pkiMsgSz, 0) < 0) { ret = ASN_PARSE_E; } + authTagSz = (word32)length; - if (ret == 0 && GetLength(pkiMsg, &idx, &authTagSz, pkiMsgSz) < 0) { - ret = ASN_PARSE_E; + #ifndef NO_PKCS7_STREAM + /* there might not be enough data for the auth tag too */ + if (ret == 0) { + if ((authTagSz + (localIdx - idx)) > pkcs7->stream->expected && + (authTagSz + (localIdx - idx)) > pkiMsgSz) { + pkcs7->stream->expected = authTagSz + + (localIdx - idx); + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, + pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { + return ret; + } + } } + #endif + idx = localIdx; - if (ret == 0 && authTagSz > (int)sizeof(authTag)) { + if (ret == 0 && authTagSz > (word32)sizeof(authTag)) { WOLFSSL_MSG("AuthEnvelopedData authTag too large for buffer"); ret = ASN_PARSE_E; } if (ret == 0) { - XMEMCPY(authTag, &pkiMsg[idx], (word32)authTagSz); - idx += (word32)authTagSz; - } - - if (ret == 0 && authAttrib != NULL) { - /* temporarily swap authAttribs byte[0] to SET OF instead of - * IMPLICIT [1], for aad calculation */ - authAttribSetByte = encodedAttribs[0]; - - encodedAttribs[0] = ASN_SET | ASN_CONSTRUCTED; + XMEMCPY(authTag, &pkiMsg[idx], authTagSz); + idx += authTagSz; } if (ret < 0) @@ -13615,15 +14018,15 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, /* store tag for later */ if (authTagSz > 0) { - pkcs7->stream->tagSz = (word32)authTagSz; - pkcs7->stream->tag = (byte*)XMALLOC((word32)authTagSz, + pkcs7->stream->tagSz = authTagSz; + pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->tag == NULL) { ret = MEMORY_E; break; } else { - XMEMCPY(pkcs7->stream->tag, authTag, (word32)authTagSz); + XMEMCPY(pkcs7->stream->tag, authTag, authTagSz); } } @@ -13652,14 +14055,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, } if (pkcs7->stream->tagSz > 0) { - authTagSz = (int)pkcs7->stream->tagSz; + authTagSz = pkcs7->stream->tagSz; if (authTagSz > WC_AES_BLOCK_SIZE) { WOLFSSL_MSG("PKCS7 saved tag is too large"); ret = BUFFER_E; break; } else { - XMEMCPY(authTag, pkcs7->stream->tag, (word32)authTagSz); + XMEMCPY(authTag, pkcs7->stream->tag, authTagSz); } } @@ -13671,25 +14074,26 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, wc_PKCS7_StreamGetVar(pkcs7, &encOID, &blockKeySz, &encryptedContentSz); encryptedContent = pkcs7->stream->bufferPt; - #ifdef WOLFSSL_SMALL_STACK decryptedKey = pkcs7->stream->key; - #endif #endif /* decrypt encryptedContent */ - ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey, - blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz, - authTag, (word32)authTagSz, encryptedContent, - encryptedContentSz, encryptedContent, pkcs7->devId, - pkcs7->heap); + ret = wc_PKCS7_DecryptContent(pkcs7, encOID, decryptedKey, + (word32)blockKeySz, nonce, nonceSz, encodedAttribs, + encodedAttribSz, authTag, authTagSz, + encryptedContent, encryptedContentSz, encryptedContent, + pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - if (authAttrib != NULL) { - /* restore authAttrib IMPLICIT [1] */ - encodedAttribs[0] = authAttribSetByte; + if (encodedAttribs != NULL) { + XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encodedAttribs = NULL; + #ifndef NO_PKCS7_STREAM + pkcs7->stream->aad = NULL; + #endif } /* copy plaintext to output */ @@ -13700,12 +14104,10 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); encryptedContent = NULL; ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); - #ifdef WOLFSSL_SMALL_STACK XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); decryptedKey = NULL; - #ifndef NO_PKCS7_STREAM + #ifndef NO_PKCS7_STREAM pkcs7->stream->key = NULL; - #endif #endif ret = encryptedContentSz; #ifndef NO_PKCS7_STREAM @@ -13718,23 +14120,33 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in, ret = BAD_FUNC_ARG; } -#ifdef WOLFSSL_SMALL_STACK if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { if (decryptedKey != NULL) { ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + decryptedKey = NULL; + #ifndef NO_PKCS7_STREAM + pkcs7->stream->key = NULL; + #endif } - XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } -#else - if (ret < 0) { + if (encryptedContent != NULL) { ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); encryptedContent = NULL; + #ifndef NO_PKCS7_STREAM + pkcs7->stream->bufferPt = NULL; + #endif + } + + if (encodedAttribs != NULL) { + XFREE(encodedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encodedAttribs = NULL; + #ifndef NO_PKCS7_STREAM + pkcs7->stream->aad = NULL; + #endif } - ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); } -#endif #ifndef NO_PKCS7_STREAM if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { @@ -13924,23 +14336,27 @@ int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) pkcs7->unprotectedAttribs, (int)pkcs7->unprotectedAttribsSz); - flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); - if (flatAttribs == NULL) { - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - return MEMORY_E; - } + if (attribsSz > 0) { + flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (flatAttribs == NULL) { + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + return MEMORY_E; + } - ret = FlattenAttributes(pkcs7, flatAttribs, attribs, (int)attribsCount); - if (ret != 0) { - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - return ret; + ret = FlattenAttributes(pkcs7, flatAttribs, attribs, + (int)attribsCount); + if (ret != 0) { + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + return ret; + } } + attribsSetSz = SetImplicit(ASN_SET, 1, attribsSz, attribSet, 0); } else { @@ -14007,8 +14423,10 @@ int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7->unprotectedAttribsSz != 0) { XMEMCPY(output + idx, attribSet, attribsSetSz); idx += (int)attribsSetSz; - XMEMCPY(output + idx, flatAttribs, attribsSz); - idx += (int)attribsSz; + if (attribsSz > 0) { + XMEMCPY(output + idx, flatAttribs, attribsSz); + idx += (int)attribsSz; + } } XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -14202,7 +14620,8 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, if (ret == 0 && (ret = GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz)) < 0) ret = ASN_PARSE_E; - if (ret == 0 && (expBlockSz = wc_PKCS7_GetOIDBlockSize((int)encOID)) < 0) + if (ret == 0 && (expBlockSz = + wc_PKCS7_GetOIDBlockSize((int)encOID)) < 0) ret = expBlockSz; if (ret != 0) break; @@ -14243,7 +14662,8 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, ret = ASN_PARSE_E; if (ret == 0 && length != expBlockSz) { - WOLFSSL_MSG("Incorrect IV length, must be of content alg block size"); + WOLFSSL_MSG( + "Incorrect IV length, must be of content alg block size"); ret = ASN_PARSE_E; } @@ -14322,6 +14742,11 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, version = (int)pkcs7->stream->vers; tmpIv = pkcs7->stream->tmpIv; #endif + if (encryptedContentSz <= 0) { + ret = BUFFER_E; + break; + } + if (ret == 0 && (encryptedContent = (byte*)XMALLOC( (unsigned int)encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7)) == NULL) { @@ -14335,8 +14760,8 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, idx += (word32)encryptedContentSz; /* decrypt encryptedContent */ - ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, - pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, + ret = wc_PKCS7_DecryptContent(pkcs7, encOID, + pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, expBlockSz, NULL, 0, NULL, 0, encryptedContent, encryptedContentSz, encryptedContent, pkcs7->devId, pkcs7->heap); @@ -14374,7 +14799,8 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, pkiMsgSz, &idx); if (ret != 0) { ForceZero(encryptedContent, (word32)encryptedContentSz); - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedContent, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); ret = ASN_PARSE_E; } } @@ -14384,7 +14810,8 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz, ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - /* go back and check the version now that attribs have been processed */ + /* go back and check the version now that attribs have been + * processed */ if (pkcs7->version == 3 && version != 0) { WOLFSSL_MSG("Wrong PKCS#7 FirmwareEncryptedData version"); return ASN_VERSION_E; @@ -14514,7 +14941,8 @@ int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7) #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) /* build PKCS#7 compressedData content type, return encrypted size */ -int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz) +int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, + word32 outputSz) { byte contentInfoSeq[MAX_SEQ_SZ]; byte contentInfoTypeOid[MAX_OID_SZ]; @@ -14625,7 +15053,8 @@ int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz */ /* ContentInfo content EXPLICIT SEQUENCE */ - contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq, 0); + contentInfoContentSeqSz = SetExplicit(0, totalSz, contentInfoContentSeq, + 0); totalSz += contentInfoContentSeqSz; ret = wc_SetContentType(COMPRESSED_DATA, contentInfoTypeOid, @@ -14686,8 +15115,8 @@ int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz /* unwrap and decompress PKCS#7/CMS compressedData object, * Handles content wrapped compressed data and raw compressed data packet * returned decoded size */ -int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, - byte* output, word32 outputSz) +int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, word32 outputSz) { int length, version, ret; word32 idx = 0, algOID, contentType; diff --git a/src/wolfcrypt/src/poly1305.c b/src/wolfcrypt/src/poly1305.c index 718289c..bd72a40 100644 --- a/src/wolfcrypt/src/poly1305.c +++ b/src/wolfcrypt/src/poly1305.c @@ -1,6 +1,6 @@ /* poly1305.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,16 +36,10 @@ and Daniel J. Bernstein * 303.004 MiB/s with and 1874.194 MiB/s without. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_POLY1305 #include -#include -#include #include #ifdef NO_INLINE #include @@ -529,6 +523,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) #endif poly1305_setkey_avx(ctx, key); RESTORE_VECTOR_REGISTERS(); + ctx->started = 0; #elif defined(POLY130564) /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ @@ -813,13 +808,49 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) printf("\n"); #endif +#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_THUMB2) && \ + !defined(WOLFSSL_ARMASM_NO_NEON) + /* handle leftover */ + if (ctx->leftover) { + size_t want = sizeof(ctx->buffer) - ctx->leftover; + if (want > bytes) + want = bytes; + + for (i = 0; i < want; i++) + ctx->buffer[ctx->leftover + i] = m[i]; + bytes -= (word32)want; + m += want; + ctx->leftover += want; + if (ctx->leftover < sizeof(ctx->buffer)) { + return 0; + } + + poly1305_blocks(ctx, ctx->buffer, sizeof(ctx->buffer)); + ctx->leftover = 0; + } + + /* process full blocks */ + if (bytes >= sizeof(ctx->buffer)) { + size_t want = bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1); + + poly1305_blocks(ctx, m, want); + m += want; + bytes -= (word32)want; + } + + /* store leftover */ + if (bytes) { + for (i = 0; i < bytes; i++) + ctx->buffer[ctx->leftover + i] = m[i]; + ctx->leftover += bytes; + } +#else #ifdef USE_INTEL_POLY1305_SPEEDUP #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { SAVE_VECTOR_REGISTERS(return _svr_ret;); /* handle leftover */ - if (ctx->leftover) { size_t want = sizeof(ctx->buffer) - ctx->leftover; if (want > bytes) @@ -835,8 +866,10 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) return 0; } - if (!ctx->started) + if (!ctx->started) { poly1305_calc_powers_avx2(ctx); + ctx->started = 1; + } poly1305_blocks_avx2(ctx, ctx->buffer, sizeof(ctx->buffer)); ctx->leftover = 0; } @@ -845,8 +878,10 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) if (bytes >= sizeof(ctx->buffer)) { size_t want = bytes & ~(sizeof(ctx->buffer) - 1); - if (!ctx->started) + if (!ctx->started) { poly1305_calc_powers_avx2(ctx); + ctx->started = 1; + } poly1305_blocks_avx2(ctx, m, want); m += want; bytes -= (word32)want; @@ -902,6 +937,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) ctx->leftover += bytes; } } +#endif return 0; } diff --git a/src/wolfcrypt/src/port/Espressif/esp32_aes.c b/src/wolfcrypt/src/port/Espressif/esp32_aes.c index fc0fd7f..b1479de 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -1,6 +1,6 @@ /* esp32_aes.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/port/Espressif/esp32_mp.c b/src/wolfcrypt/src/port/Espressif/esp32_mp.c index 6d9d2ab..dbfd133 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -1,6 +1,6 @@ /* esp32_mp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/port/Espressif/esp32_sha.c b/src/wolfcrypt/src/port/Espressif/esp32_sha.c index 65d635d..f9f8d90 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -1,6 +1,6 @@ /* esp32_sha.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/port/Espressif/esp32_util.c b/src/wolfcrypt/src/port/Espressif/esp32_util.c index f133875..90b3cdc 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_util.c @@ -1,6 +1,6 @@ /* esp32_util.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,7 +37,9 @@ #if ESP_IDF_VERSION_MAJOR > 4 #include #include + #include #endif + /* wolfSSL */ #include /* needed to print MATH_INT_T value */ #include @@ -739,15 +741,25 @@ esp_err_t esp_DisableWatchdog(void) #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) - ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP32P4) + #if ESP_IDF_VERSION_MINOR >= 3 + #if CONFIG_ESP_TASK_WDT + ret = esp_task_wdt_deinit(); + #else + /* CONFIG_ESP_TASK_WDT=y needed in sdkconfig */ + ESP_LOGW(TAG, "esp_task_wdt_deinit not available"); + #endif + #else + ESP_LOGW(TAG, "esp_task_wdt_deinit not implemented"); + #endif #else rtc_wdt_protect_off(); rtc_wdt_disable(); #endif } #else - ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_OIDF v%d", + ESP_LOGW(TAG, "esp_DisableWatchdog not implemented on ESP_IDF v%d", ESP_IDF_VERSION_MAJOR); #endif #endif @@ -780,8 +792,17 @@ esp_err_t esp_EnabledWatchdog(void) #elif defined(CONFIG_IDF_TARGET_ESP32C2) || \ defined(CONFIG_IDF_TARGET_ESP32C3) || \ defined(CONFIG_IDF_TARGET_ESP32C6) || \ - defined(CONFIG_IDF_TARGET_ESP32H2) + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP32P4) + ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + esp_task_wdt_config_t twdt_config = { + .timeout_ms = 5000, /* Timeout in milliseconds */ + .trigger_panic = true, /* trigger panic on timeout */ + .idle_core_mask = (1 << 0), /* Enable on Core 0 */ + }; ESP_LOGW(TAG, "No known rtc_wdt_protect_off for this platform."); + esp_task_wdt_init(&twdt_config); + esp_task_wdt_add(NULL); #else rtc_wdt_protect_on(); rtc_wdt_enable(); diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 81d88a6..5bd7a64 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -1,6 +1,6 @@ /* esp_sdk_mem_lib.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 678de3b..036174e 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -1,6 +1,6 @@ /* esp_sdk_time_lib.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index 9a200a9..db7c954 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -1,6 +1,6 @@ /* esp_sdk_wifi_lib.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/port/atmel/atmel.c b/src/wolfcrypt/src/port/atmel/atmel.c index 31ad98f..6aabe5d 100644 --- a/src/wolfcrypt/src/port/atmel/atmel.c +++ b/src/wolfcrypt/src/port/atmel/atmel.c @@ -1,6 +1,6 @@ /* atmel.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/pwdbased.c b/src/wolfcrypt/src/pwdbased.c index 208f667..c60db6a 100644 --- a/src/wolfcrypt/src/pwdbased.c +++ b/src/wolfcrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifndef NO_PWDBASED @@ -42,7 +37,6 @@ #include #include #include -#include #ifdef NO_INLINE #include @@ -52,9 +46,6 @@ #endif #if FIPS_VERSION3_GE(6,0,0) - #ifdef DEBUG_WOLFSSL - #include - #endif const unsigned int wolfCrypt_FIPS_pbkdf_ro_sanity[2] = { 0x1a2b3c4d, 0x00000010 }; int wolfCrypt_FIPS_PBKDF_sanity(void) @@ -840,6 +831,8 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, goto end; } + XMEMSET(y, 0, (size_t)(blockSize * 128)); + /* Step 1. */ ret = wc_PBKDF2(blocks, passwd, passLen, salt, saltLen, 1, (int)blocksSz, WC_SHA256); diff --git a/src/wolfcrypt/src/random.c b/src/wolfcrypt/src/random.c index febc292..746a06b 100644 --- a/src/wolfcrypt/src/random.c +++ b/src/wolfcrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,15 +25,26 @@ DESCRIPTION This library contains implementation for the random number generator. */ -#ifdef HAVE_CONFIG_H - #include -#endif -#include -#include -#if defined(DEBUG_WOLFSSL) - #include -#endif +/* Possible defines: + * ENTROPY_NUM_UPDATE default: 18 + * Number of updates to perform. A hash is created and memory accessed + * based on the hash values in each update of a sample. + * More updates will result in better entropy quality but longer sample + * times. + * ENTROPY_NUM_UPDATES_BITS default: 5 + * Number of bits needed to represent ENTROPY_NUM_UPDATE. + * = upper(log2(ENTROPY_NUM_UPDATE)) + * ENTROPY_NUM_WORDS_BITS default: 14 + * State has 2^ENTROPY_NUMN_WORDS_BITS entries. Range: 8-30 + * The value should be based on the cache sizes. + * Use a value that is at least as large as the L1 cache if possible. + * The higher the value, the more likely there will be cache misses and + * better the entropy quality. + * A larger value will use more static memory. + */ + +#include /* on HPUX 11 you may need to install /dev/random see http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I @@ -87,11 +98,12 @@ This library contains implementation for the random number generator. #ifndef _WIN32_WINNT #define _WIN32_WINNT 0x0400 #endif + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #include #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ #elif defined(HAVE_WNR) #include - #include wolfSSL_Mutex wnr_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wnr_mutex); /* global netRandom mutex */ int wnr_timeout = 0; /* entropy timeout, milliseconds */ #ifndef WOLFSSL_MUTEX_INITIALIZER @@ -794,8 +806,13 @@ static wc_Sha3 entropyHash; /* Reset the health tests. */ static void Entropy_HealthTest_Reset(void); -#if !defined(ENTROPY_MEMUSE_THREAD) && \ - (defined(__x86_64__) || defined(__i386__)) +#ifdef CUSTOM_ENTROPY_TIMEHIRES +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + return CUSTOM_ENTROPY_TIMEHIRES(); +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && \ + (defined(__x86_64__) || defined(__i386__)) /* Get the high resolution time counter. * * @return 64-bit count of CPU cycles. @@ -818,7 +835,7 @@ static WC_INLINE word64 Entropy_TimeHiRes(void) */ static WC_INLINE word64 Entropy_TimeHiRes(void) { - return mach_absolute_time(); + return clock_gettime_nsec_np(CLOCK_MONOTONIC_RAW); } #elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__aarch64__) /* Get the high resolution time counter. @@ -913,7 +930,8 @@ static WC_INLINE word64 Entropy_TimeHiRes(void) * @param [in,out] args Entropy data including: counter and stop flag. * @return NULL always. */ -static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN Entropy_IncCounter(void* args) +static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN + Entropy_IncCounter(void* args) { (void)args; @@ -926,8 +944,9 @@ static THREAD_RETURN WOLFSSL_THREAD_NO_JOIN Entropy_IncCounter(void* args) #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE fprintf(stderr, "EXITING ENTROPY COUNTER THREAD\n"); #endif + /* Exit from thread. */ - WOLFSSL_RETURN_FROM_THREAD(0); + RETURN_FROM_THREAD_NOJOIN(0); } /* Start a thread that increments counter if not one already. @@ -1031,9 +1050,18 @@ static void Entropy_StopThread(void) #elif !defined(ENTROPY_NUM_UPDATES_BITS) #define ENTROPY_NUM_UPDATES_BITS ENTROPY_BLOCK_SZ #endif -/* Amount to shift offset to get better coverage of a block */ -#define ENTROPY_OFFSET_SHIFTING \ - (ENTROPY_BLOCK_SZ / ENTROPY_NUM_UPDATES_BITS) +#ifndef ENTROPY_NUM_UPDATES_BITS + #error "ENTROPY_NUM_UPDATES_BITS must be defined - " \ + "upper(log2(ENTROPY_NUM_UPDATES))" +#endif +#if ENTROPY_NUM_UPDATES_BITS != 0 + /* Amount to shift offset to get better coverage of a block */ + #define ENTROPY_OFFSET_SHIFTING \ + (ENTROPY_BLOCK_SZ / ENTROPY_NUM_UPDATES_BITS) +#else + /* Amount to shift offset to get better coverage of a block */ + #define ENTROPY_OFFSET_SHIFTING ENTROPY_BLOCK_SZ +#endif #ifndef ENTROPY_NUM_64BIT_WORDS /* Number of 64-bit words to update - 32. */ @@ -1042,8 +1070,14 @@ static void Entropy_StopThread(void) #error "ENTROPY_NUM_64BIT_WORDS must be <= SHA3-256 digest size in bytes" #endif +#if ENTROPY_BLOCK_SZ < ENTROPY_NUM_UPDATES_BITS +#define EXTRA_ENTROPY_WORDS ENTROPY_NUM_UPDATES +#else +#define EXTRA_ENTROPY_WORDS 0 +#endif + /* State to update that is multiple cache lines long. */ -static word64 entropy_state[ENTROPY_NUM_WORDS] = {0}; +static word64 entropy_state[ENTROPY_NUM_WORDS + EXTRA_ENTROPY_WORDS] = {0}; /* Using memory will take different amount of times depending on the CPU's * caches and business. @@ -1721,16 +1755,21 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, #else ret = wc_GenerateSeed(&rng->seed, seed, seedSz); #endif /* WC_RNG_SEED_CB */ - if (ret == 0) - ret = wc_RNG_TestSeed(seed, seedSz); - else { + if (ret != 0) { #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret); + WOLFSSL_MSG_EX("Seed generation failed... %d", ret); #endif ret = DRBG_FAILURE; rng->status = DRBG_FAILED; } + if (ret == 0) + ret = wc_RNG_TestSeed(seed, seedSz); + #if defined(DEBUG_WOLFSSL) + if (ret != 0) { + WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret); + } + #endif if (ret == DRBG_SUCCESS) ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg, seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ, @@ -2184,7 +2223,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId) #endif #ifdef WOLFSSL_SMALL_STACK - check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, NULL, + check = (byte*)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (check == NULL) { return MEMORY_E; @@ -2304,7 +2343,7 @@ static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId) } #ifdef WOLFSSL_SMALL_STACK - XFREE(check, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(check, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -2766,7 +2805,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } -#elif defined(MICROCHIP_PIC32) +#elif defined(MICROCHIP_PIC32) || defined(MICROCHIP_MPLAB_HARMONY) #ifdef MICROCHIP_MPLAB_HARMONY #ifdef MICROCHIP_MPLAB_HARMONY_3 diff --git a/src/wolfcrypt/src/rc2.c b/src/wolfcrypt/src/rc2.c index 67dc7d6..33d2bd2 100644 --- a/src/wolfcrypt/src/rc2.c +++ b/src/wolfcrypt/src/rc2.c @@ -1,6 +1,6 @@ /* rc2.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,17 +19,14 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include + /* DESCRIPTION This library provides the interface to the RC2 encryption algorithm (RFC 2268) */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #ifdef WC_RC2 @@ -41,7 +38,6 @@ This library provides the interface to the RC2 encryption algorithm (RFC 2268) #endif #include -#include /* Table based on value of PI, defined in RFC 2268 */ static const byte pitable[256] = { diff --git a/src/wolfcrypt/src/ripemd.c b/src/wolfcrypt/src/ripemd.c index 36cca1b..7f3b6d8 100644 --- a/src/wolfcrypt/src/ripemd.c +++ b/src/wolfcrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_RIPEMD @@ -37,8 +31,6 @@ #include #endif -#include - int wc_InitRipeMd(RipeMd* ripemd) { if (ripemd == NULL) { diff --git a/src/wolfcrypt/src/rsa.c b/src/wolfcrypt/src/rsa.c index a3c0292..94d57bd 100644 --- a/src/wolfcrypt/src/rsa.c +++ b/src/wolfcrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,12 +26,8 @@ This library provides the interface to the RSA. RSA keys can be used to encrypt, decrypt, sign and verify data. */ -#ifdef HAVE_CONFIG_H - #include -#endif -#include -#include +#include #ifndef NO_RSA @@ -53,7 +49,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) #include #endif -#ifdef WOLFSSL_SE050 +#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) #include #endif #ifdef WOLFSSL_HAVE_SP_RSA @@ -95,7 +91,6 @@ RSA Key Size Configuration: #include -#include #ifdef WOLF_CRYPTO_CB #include #endif @@ -298,7 +293,7 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId) { int ret = 0; -#ifdef WOLFSSL_SE050 +#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) /* SE050 TLS users store a word32 at id, need to cast back */ word32* keyPtr = NULL; #endif @@ -312,7 +307,7 @@ int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, if (ret == 0 && id != NULL && len != 0) { XMEMCPY(key->id, id, (size_t)len); key->idLen = len; - #ifdef WOLFSSL_SE050 + #if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) /* Set SE050 ID from word32, populate RsaKey with public from SE050 */ if (len == (int)sizeof(word32)) { keyPtr = (word32*)key->id; @@ -521,7 +516,7 @@ static int cc310_RSA_GenerateKeyPair(RsaKey* key, int size, long e) } #endif /* WOLFSSL_CRYPTOCELL */ -#ifdef WOLFSSL_SE050 +#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) /* Use specified hardware key ID with RsaKey operations. Unlike devId, * keyId is a word32 so can handle key IDs larger than an int. * @@ -646,6 +641,8 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng) ret = wc_RsaEncryptSize(key); if (ret < 0) return ret; + else if (ret == 0) + return BAD_FUNC_ARG; sigLen = (word32)ret; WOLFSSL_MSG("Doing RSA consistency test"); @@ -1756,6 +1753,7 @@ static int RsaUnPad_PSS(byte *pkcsBlock, unsigned int pkcsBlockLen, if (tmp == NULL) { return MEMORY_E; } + XMEMSET(tmp, 0, (size_t)maskLen); #endif if ((ret = RsaMGF(mgf, pkcsBlock + maskLen, (word32)hLen, tmp, (word32)maskLen, @@ -3162,12 +3160,13 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, int checkSmallCt) { int ret = 0; - (void)rng; - (void)checkSmallCt; #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) RsaPadding padding; #endif + (void)rng; + (void)checkSmallCt; + if (key == NULL || in == NULL || inLen == 0 || out == NULL || outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) { return BAD_FUNC_ARG; @@ -3365,7 +3364,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, return cc310_RsaSSL_Sign(in, inLen, out, outLen, key, cc310_hashModeRSA(hash, 0)); } - #elif defined(WOLFSSL_SE050) + #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) { return se050_rsa_public_encrypt(in, inLen, out, outLen, key, rsa_type, pad_value, pad_type, hash, @@ -3527,7 +3526,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, return cc310_RsaSSL_Verify(in, inLen, out, key, cc310_hashModeRSA(hash, 0)); } - #elif defined(WOLFSSL_SE050) + #elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) { ret = se050_rsa_private_decrypt(in, inLen, out, outLen, key, rsa_type, pad_value, pad_type, hash, @@ -3600,6 +3599,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng, &padding); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + if (ret == 0) { + ret = (int)outLen; + } break; } } @@ -4061,11 +4063,12 @@ int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inSz, byte* sig, int ret = 0; byte sigCheckBuf[WC_MAX_DIGEST_SIZE*2 + RSA_PSS_PAD_SZ]; byte *sigCheck = sigCheckBuf; - + int digSz; (void)bits; - if (in == NULL || sig == NULL || - inSz != (word32)wc_HashGetDigestSize(hashType)) { + digSz = wc_HashGetDigestSize(hashType); + + if (in == NULL || sig == NULL || digSz < 0 || inSz != (word32)digSz) { ret = BAD_FUNC_ARG; } @@ -4780,7 +4783,8 @@ int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz, int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { #ifndef WC_NO_RNG -#if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) +#if !defined(WOLFSSL_CRYPTOCELL) && \ + (!defined(WOLFSSL_SE050) || defined(WOLFSSL_SE050_NO_RSA)) #ifdef WOLFSSL_SMALL_STACK mp_int *p = NULL; mp_int *q = NULL; @@ -4823,7 +4827,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #if defined(WOLFSSL_CRYPTOCELL) err = cc310_RSA_GenerateKeyPair(key, size, e); goto out; -#elif defined(WOLFSSL_SE050) +#elif defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) err = se050_rsa_create_key(key, size, e); goto out; #else @@ -4859,17 +4863,17 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #endif { err = wc_CryptoCb_MakeRsaKey(key, size, e, rng); - #ifndef WOLF_CRYPTO_CB_ONLY_RSA - if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) - goto out; - /* fall-through when unavailable */ - #endif - #ifdef WOLF_CRYPTO_CB_ONLY_RSA - if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + #ifdef WOLF_CRYPTO_CB_ONLY_RSA + if (err == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { err = NO_VALID_DEVID; goto out; } - #endif + #else + if (err != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + goto out; + } + /* fall-through when unavailable */ + #endif } #endif diff --git a/src/wolfcrypt/src/sakke.c b/src/wolfcrypt/src/sakke.c index fab1067..d428c59 100644 --- a/src/wolfcrypt/src/sakke.c +++ b/src/wolfcrypt/src/sakke.c @@ -1,6 +1,6 @@ /* sakke.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef NO_INLINE #include @@ -40,7 +34,6 @@ #ifdef WOLFCRYPT_HAVE_SAKKE -#include #include #include diff --git a/src/wolfcrypt/src/sha.c b/src/wolfcrypt/src/sha.c index 78ce918..887541a 100644 --- a/src/wolfcrypt/src/sha.c +++ b/src/wolfcrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,18 +19,11 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef DEBUG_WOLFSSL_VERBOSE #if defined(WOLFSSL_ESPIDF) #include - #else - #include #endif #endif @@ -47,7 +40,6 @@ #endif #include -#include #include #ifdef WOLF_CRYPTO_CB @@ -110,7 +102,6 @@ #else -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/sha256.c b/src/wolfcrypt/src/sha256.c index c9c3b10..5b990a2 100644 --- a/src/wolfcrypt/src/sha256.c +++ b/src/wolfcrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,12 +38,7 @@ on the specific device platform. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include +#include /* * SHA256 Build Options: @@ -77,7 +72,6 @@ on the specific device platform. #endif #include -#include #include #include @@ -127,8 +121,6 @@ on the specific device platform. /* #include */ #else -#include - #ifdef NO_INLINE #include #else @@ -209,7 +201,8 @@ on the specific device platform. #define SHA256_UPDATE_REV_BYTES(ctx) (sha256->sha_method == SHA256_C) #else #define SHA256_UPDATE_REV_BYTES(ctx) \ - (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags)) + (!IS_INTEL_AVX1(intel_flags) && !IS_INTEL_AVX2(intel_flags) && \ + !IS_INTEL_SHA(intel_flags)) #endif #elif defined(FREESCALE_MMCAU_SHA) #define SHA256_UPDATE_REV_BYTES(ctx) 0 /* reverse not needed on update */ @@ -1652,7 +1645,8 @@ static int InitSha256(wc_Sha256* sha256) #ifdef WC_C_DYNAMIC_FALLBACK if (sha256->sha_method != SHA256_C) #else - if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags)) + if (IS_INTEL_AVX1(intel_flags) || IS_INTEL_AVX2(intel_flags) || + IS_INTEL_SHA(intel_flags)) #endif #endif { @@ -2590,7 +2584,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) #endif #ifdef WOLFSSL_HASH_FLAGS - dst->flags |= WC_HASH_FLAG_ISCOPY; + dst->flags |= WC_HASH_FLAG_ISCOPY; #endif #if defined(WOLFSSL_HASH_KEEP) diff --git a/src/wolfcrypt/src/sha3.c b/src/wolfcrypt/src/sha3.c index 4ced66e..a9795ff 100644 --- a/src/wolfcrypt/src/sha3.c +++ b/src/wolfcrypt/src/sha3.c @@ -1,6 +1,6 @@ /* sha3.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ !defined(WOLFSSL_AFALG_XILINX_SHA3) @@ -40,7 +35,6 @@ #endif #include -#include #include #ifdef WOLF_CRYPTO_CB @@ -761,7 +755,9 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) if (SHA3_BLOCK == sha3_block_avx2) RESTORE_VECTOR_REGISTERS(); #endif - XMEMCPY(sha3->t, data, len); + if (len > 0) { + XMEMCPY(sha3->t, data, len); + } sha3->i = (byte)(sha3->i + len); return 0; @@ -1499,6 +1495,10 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len) { int ret; + if ((shake == NULL) || (data == NULL && len != 0)) { + return BAD_FUNC_ARG; + } + ret = Sha3Update(shake, data, len, WC_SHA3_128_COUNT); if (ret == 0) { byte hash[1]; @@ -1526,6 +1526,9 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len) */ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) { + if ((shake == NULL) || (out == NULL && blockCnt != 0)) { + return BAD_FUNC_ARG; + } #if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) if (SHA3_BLOCK == sha3_block_avx2) SAVE_VECTOR_REGISTERS(return _svr_ret;); @@ -1644,6 +1647,10 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len) { int ret; + if ((shake == NULL) || (data == NULL && len != 0)) { + return BAD_FUNC_ARG; + } + ret = Sha3Update(shake, data, len, WC_SHA3_256_COUNT); if (ret == 0) { byte hash[1]; @@ -1664,6 +1671,9 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len) */ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt) { + if ((shake == NULL) || (out == NULL && blockCnt != 0)) { + return BAD_FUNC_ARG; + } #if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP) if (SHA3_BLOCK == sha3_block_avx2) SAVE_VECTOR_REGISTERS(return _svr_ret;); diff --git a/src/wolfcrypt/src/sha512.c b/src/wolfcrypt/src/sha512.c index 16c3c0f..73ef412 100644 --- a/src/wolfcrypt/src/sha512.c +++ b/src/wolfcrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \ (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \ @@ -56,7 +51,6 @@ #endif #include -#include #include #include @@ -73,8 +67,6 @@ #define USE_SLOW_SHA512 #endif -#include - #ifdef NO_INLINE #include #else @@ -1402,22 +1394,16 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) { -#ifdef LITTLE_ENDIAN_ORDER - word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; -#endif - if (sha512 == NULL || hash == NULL) { return BAD_FUNC_ARG; } #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64((word64*)digest, (word64*)sha512->digest, - WC_SHA512_DIGEST_SIZE); - XMEMCPY(hash, digest, digestSz); -#else - XMEMCPY(hash, sha512->digest, digestSz); + ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE); #endif + XMEMCPY(hash, sha512->digest, digestSz); + return 0; } @@ -1807,22 +1793,16 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) { -#ifdef LITTLE_ENDIAN_ORDER - word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; -#endif - if (sha384 == NULL || hash == NULL) { return BAD_FUNC_ARG; } #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords64((word64*)digest, (word64*)sha384->digest, - WC_SHA384_DIGEST_SIZE); - XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); -#else - XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); + ByteReverseWords64(sha384->digest, sha384->digest, WC_SHA384_DIGEST_SIZE); #endif + XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); + return 0; } diff --git a/src/wolfcrypt/src/signature.c b/src/wolfcrypt/src/signature.c index 83c92d8..5576e2e 100644 --- a/src/wolfcrypt/src/signature.c +++ b/src/wolfcrypt/src/signature.c @@ -1,6 +1,6 @@ /* signature.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,15 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #include -#include -#include #ifndef NO_ASN #include #endif diff --git a/src/wolfcrypt/src/siphash.c b/src/wolfcrypt/src/siphash.c index b7c63c3..05c2690 100644 --- a/src/wolfcrypt/src/siphash.c +++ b/src/wolfcrypt/src/siphash.c @@ -1,6 +1,6 @@ /* siphash.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,16 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include +#include #include -#include #ifdef NO_INLINE #include @@ -582,7 +575,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz, return 0; } -#elif !defined(WOLFSSL_NO_ASM) && defined(__GNUC__) && defined(__aarch64__) && \ +#elif defined(WOLFSSL_ARMASM) && defined(__GNUC__) && defined(__aarch64__) && \ (WOLFSSL_SIPHASH_CROUNDS == 1 || WOLFSSL_SIPHASH_CROUNDS == 2) && \ (WOLFSSL_SIPHASH_DROUNDS == 2 || WOLFSSL_SIPHASH_DROUNDS == 4) diff --git a/src/wolfcrypt/src/sm2.c b/src/wolfcrypt/src/sm2.c index 24b8df9..b866522 100644 --- a/src/wolfcrypt/src/sm2.c +++ b/src/wolfcrypt/src/sm2.c @@ -1,6 +1,6 @@ /* sm2.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sm3.c b/src/wolfcrypt/src/sm3.c index dfbef2e..b4723d8 100644 --- a/src/wolfcrypt/src/sm3.c +++ b/src/wolfcrypt/src/sm3.c @@ -1,6 +1,6 @@ /* sm3.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM3 diff --git a/src/wolfcrypt/src/sm4.c b/src/wolfcrypt/src/sm4.c index c29cc2b..4da6f0b 100644 --- a/src/wolfcrypt/src/sm4.c +++ b/src/wolfcrypt/src/sm4.c @@ -1,6 +1,6 @@ /* sm4.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM4 diff --git a/src/wolfcrypt/src/sp_arm32.c b/src/wolfcrypt/src/sp_arm32.c index 13f5578..a70eb35 100644 --- a/src/wolfcrypt/src/sp_arm32.c +++ b/src/wolfcrypt/src/sp_arm32.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include @@ -114,9 +109,9 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -256,11 +251,18 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) * a A single precision integer. * b A single precision integer. */ -static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #32\n\t" @@ -2238,8 +2240,13 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" "ldm sp!, {r3, r4, r5, r6}\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12" ); @@ -2252,11 +2259,18 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * a A single precision integer. * b A single precision integer. */ -static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #36\n\t" @@ -2592,8 +2606,13 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "sub %[r], %[r], #32\n\t" "stm %[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "add sp, sp, #36\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); @@ -2606,11 +2625,18 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * a A single precision integer. * b A single precision integer. */ -static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #44\n\t" @@ -2724,8 +2750,13 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "ldm sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "stm lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "add sp, sp, #44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr" ); @@ -2738,11 +2769,18 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -2761,8 +2799,13 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -2773,10 +2816,16 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -2808,8 +2857,13 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -2821,11 +2875,19 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -2858,8 +2920,13 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -2935,10 +3002,16 @@ SP_NOINLINE static void sp_2048_mul_16(sp_digit* r, const sp_digit* a, * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -2998,8 +3071,13 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -3011,11 +3089,19 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -3076,8 +3162,13 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -3157,10 +3248,16 @@ SP_NOINLINE static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -3276,8 +3373,13 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -3289,11 +3391,19 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -3410,8 +3520,13 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -3492,10 +3607,16 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #32\n\t" @@ -4690,8 +4811,13 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" "ldm sp!, {r2, r3, r4, r8}\n\t" "stm %[r]!, {r2, r3, r4, r8}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12" ); @@ -4703,10 +4829,16 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -4934,8 +5066,13 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "sub %[r], %[r], #32\n\t" "stm %[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); @@ -4947,10 +5084,16 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #32\n\t" @@ -5051,8 +5194,13 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); @@ -5065,11 +5213,18 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -5087,8 +5242,13 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -5136,11 +5296,19 @@ SP_NOINLINE static void sp_2048_sqr_16(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -5172,8 +5340,13 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -5221,11 +5394,19 @@ SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -5285,8 +5466,13 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -5336,11 +5522,19 @@ SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -5360,8 +5554,13 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], r12\n\t" "bne L_sp_2048_add_64_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -5375,10 +5574,16 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -5397,8 +5602,13 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_2048_sub_in_pkace_64_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -5413,11 +5623,18 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x200\n\t" @@ -5600,8 +5817,13 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_2048_mul_64_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -5612,10 +5834,16 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x200\n\t" @@ -5758,8 +5986,13 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_2048_sqr_64_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -5791,11 +6024,19 @@ static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -5815,8 +6056,13 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], r12\n\t" "bne L_sp_2048_add_32_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -5830,10 +6076,16 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -5852,8 +6104,13 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_2048_sub_in_pkace_32_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -5868,11 +6125,18 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x100\n\t" @@ -6055,8 +6319,13 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_2048_mul_32_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -6067,10 +6336,16 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x100\n\t" @@ -6213,8 +6488,13 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_2048_sqr_32_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -6250,11 +6530,17 @@ static void sp_2048_mont_setup(const sp_digit* a, sp_digit* rho) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -6335,8 +6621,13 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0x100\n\t" "blt L_sp_2048_mul_d_64_word_%=\n\t" "str r3, [%[r], #256]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -6348,11 +6639,17 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -8400,8 +8697,13 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r3}\n\t" "str r4, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -8431,13 +8733,20 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -8456,8 +8765,13 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0x80\n\t" "blt L_sp_2048_cond_sub_32_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -8472,13 +8786,20 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -8595,8 +8916,13 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -8610,11 +8936,19 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -9576,8 +9910,13 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -9591,11 +9930,19 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -9872,8 +10219,13 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -9887,11 +10239,19 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -10078,8 +10438,13 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -10124,11 +10489,17 @@ SP_NOINLINE static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -10209,8 +10580,13 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0x80\n\t" "blt L_sp_2048_mul_d_32_word_%=\n\t" "str r3, [%[r], #128]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -10222,11 +10598,17 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -11250,8 +11632,13 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r4}\n\t" "str r5, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -11267,11 +11654,17 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -11309,8 +11702,13 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -11326,11 +11724,17 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -11447,8 +11851,13 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -11462,10 +11871,16 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -11846,8 +12261,13 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -12257,13 +12677,20 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -12282,8 +12709,13 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0x100\n\t" "blt L_sp_2048_cond_sub_64_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -12298,13 +12730,20 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -12533,8 +12972,13 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -12548,11 +12992,19 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -14442,8 +14894,13 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -14457,11 +14914,19 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -14994,8 +15459,13 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -15009,11 +15479,19 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -15360,8 +15838,13 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -15406,11 +15889,19 @@ SP_NOINLINE static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -15429,8 +15920,13 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], lr\n\t" "bne L_sp_2048_sub_64_word_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); @@ -15444,11 +15940,19 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -15564,8 +16068,13 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -15582,11 +16091,17 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -15624,8 +16139,13 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -15641,11 +16161,17 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -15762,8 +16288,13 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -15881,10 +16412,16 @@ static void sp_2048_mask_64(sp_digit* r, const sp_digit* a, sp_digit m) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -16617,8 +17154,13 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -17150,13 +17692,20 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -17175,8 +17724,13 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, "cmp r12, #0x80\n\t" "blt L_sp_2048_cond_add_32_words_%=\n\t" "mov %[r], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -17191,13 +17745,20 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r8, #0\n\t" @@ -17314,8 +17875,13 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, "adcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "adc %[r], r8, r8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; @@ -17636,11 +18202,17 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef WOLFSSL_HAVE_SP_DH #ifdef HAVE_FFDHE_2048 +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) +#else +static void sp_2048_lshift_64(sp_digit* r, const sp_digit* a, byte n) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register byte n asm ("r2") = (byte)n_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "rsb r12, %[n], #31\n\t" @@ -18028,8 +18600,13 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) "orr r6, r6, r3\n\t" "str r5, [%[r]]\n\t" "str r6, [%[r], #4]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : +#else + : + : [r] "r" (r), [a] "r" (a), [n] "r" (n) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -18317,9 +18894,9 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -18458,11 +19035,18 @@ static void sp_3072_to_bin_96(sp_digit* r, byte* a) * a A single precision integer. * b A single precision integer. */ -static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #48\n\t" @@ -23942,8 +24526,13 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" "ldm sp!, {r3, r4, r5, r6}\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12" ); @@ -23955,11 +24544,19 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -23985,8 +24582,13 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -23997,10 +24599,16 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -24046,8 +24654,13 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -24059,11 +24672,19 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -24110,8 +24731,13 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -24191,10 +24817,16 @@ SP_NOINLINE static void sp_3072_mul_24(sp_digit* r, const sp_digit* a, * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -24282,8 +24914,13 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -24295,11 +24932,19 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -24388,8 +25033,13 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -24469,10 +25119,16 @@ SP_NOINLINE static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -24644,8 +25300,13 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -24657,11 +25318,19 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -24834,8 +25503,13 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -24915,10 +25589,16 @@ SP_NOINLINE static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #48\n\t" @@ -27966,8 +28646,13 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" "ldm sp!, {r2, r3, r4, r8}\n\t" "stm %[r]!, {r2, r3, r4, r8}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12" ); @@ -27979,11 +28664,19 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -28008,8 +28701,13 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -28057,11 +28755,19 @@ SP_NOINLINE static void sp_3072_sqr_24(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -28107,8 +28813,13 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -28156,11 +28867,19 @@ SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -28248,8 +28967,13 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -28299,11 +29023,19 @@ SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -28323,8 +29055,13 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], r12\n\t" "bne L_sp_3072_add_96_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -28338,10 +29075,16 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -28360,8 +29103,13 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_3072_sub_in_pkace_96_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -28376,11 +29124,18 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x300\n\t" @@ -28563,8 +29318,13 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_3072_mul_96_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -28575,10 +29335,16 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x300\n\t" @@ -28721,8 +29487,13 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_3072_sqr_96_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -28754,11 +29525,19 @@ static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -28778,8 +29557,13 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], r12\n\t" "bne L_sp_3072_add_48_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -28793,10 +29577,16 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -28815,8 +29605,13 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_3072_sub_in_pkace_48_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -28831,11 +29626,18 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x180\n\t" @@ -29018,8 +29820,13 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_3072_mul_48_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -29030,10 +29837,16 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x180\n\t" @@ -29176,8 +29989,13 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_3072_sqr_48_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -29213,11 +30031,17 @@ static void sp_3072_mont_setup(const sp_digit* a, sp_digit* rho) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -29298,8 +30122,13 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0x180\n\t" "blt L_sp_3072_mul_d_96_word_%=\n\t" "str r3, [%[r], #384]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -29311,11 +30140,17 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -32387,8 +33222,13 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r5}\n\t" "str r3, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -32418,13 +33258,20 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -32443,8 +33290,13 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0xc0\n\t" "blt L_sp_3072_cond_sub_48_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -32459,13 +33311,20 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -32638,8 +33497,13 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -32653,11 +33517,19 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -34083,8 +34955,13 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -34098,11 +34975,19 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -34507,8 +35392,13 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -34522,11 +35412,19 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -34793,8 +35691,13 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -34839,11 +35742,17 @@ SP_NOINLINE static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -34924,8 +35833,13 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0xc0\n\t" "blt L_sp_3072_mul_d_48_word_%=\n\t" "str r3, [%[r], #192]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -34937,11 +35851,17 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -36477,8 +37397,13 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r5}\n\t" "str r3, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -36494,11 +37419,17 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -36536,8 +37467,13 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -36553,11 +37489,17 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -36674,8 +37616,13 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -36689,10 +37636,16 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -37249,8 +38202,13 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -37660,13 +38618,20 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -37685,8 +38650,13 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0x180\n\t" "blt L_sp_3072_cond_sub_96_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -37701,13 +38671,20 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -38048,8 +39025,13 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -38063,11 +39045,19 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -40885,8 +41875,13 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -40900,11 +41895,19 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -41693,8 +42696,13 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -41708,11 +42716,19 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -42219,8 +43235,13 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -42265,11 +43286,19 @@ SP_NOINLINE static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -42288,8 +43317,13 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], lr\n\t" "bne L_sp_3072_sub_96_word_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); @@ -42303,11 +43337,19 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -42479,8 +43521,13 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -42497,11 +43544,17 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -42539,8 +43592,13 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -42556,11 +43614,17 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -42677,8 +43741,13 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -42796,10 +43865,16 @@ static void sp_3072_mask_96(sp_digit* r, const sp_digit* a, sp_digit m) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -42808,9 +43883,8 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) "mov r3, #-1\n\t" #ifdef WOLFSSL_SP_SMALL #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r4, #0x1\n\t" - "lsl r4, r4, #8\n\t" - "add r4, r4, #0x7c\n\t" + "mov r4, #0x7c\n\t" + "orr r4, r4, #0x100\n\t" #else "mov r4, #0x17c\n\t" #endif @@ -43890,8 +44964,13 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -44423,13 +45502,20 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -44448,8 +45534,13 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, "cmp r12, #0xc0\n\t" "blt L_sp_3072_cond_add_48_words_%=\n\t" "mov %[r], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -44464,13 +45555,20 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r8, #0\n\t" @@ -44643,8 +45741,13 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, "adcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "adc %[r], r8, r8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; @@ -44965,11 +46068,17 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef WOLFSSL_HAVE_SP_DH #ifdef HAVE_FFDHE_3072 +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) +#else +static void sp_3072_lshift_96(sp_digit* r, const sp_digit* a, byte n) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register byte n asm ("r2") = (byte)n_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "rsb r12, %[n], #31\n\t" @@ -45549,8 +46658,13 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) "orr r4, r4, r3\n\t" "str r6, [%[r]]\n\t" "str r4, [%[r], #4]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : +#else + : + : [r] "r" (r), [a] "r" (a), [n] "r" (n) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -45838,9 +46952,9 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -45978,10 +47092,16 @@ static void sp_4096_to_bin_128(sp_digit* r, byte* a) * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -46209,8 +47329,13 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -46222,12 +47347,19 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -46456,8 +47588,13 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -46546,12 +47683,19 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -46571,8 +47715,13 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, "cmp %[a], r12\n\t" "bne L_sp_4096_add_128_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -46586,10 +47735,16 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -46608,8 +47763,13 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_4096_sub_in_pkace_128_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -46624,11 +47784,18 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x400\n\t" @@ -46811,8 +47978,13 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_4096_mul_128_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -46823,10 +47995,16 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x400\n\t" @@ -46969,8 +48147,13 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_4096_sqr_128_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -47004,11 +48187,17 @@ static void sp_4096_mont_setup(const sp_digit* a, sp_digit* rho) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -47089,8 +48278,13 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0x200\n\t" "blt L_sp_4096_mul_d_128_word_%=\n\t" "str r3, [%[r], #512]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -47102,11 +48296,17 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -51202,8 +52402,13 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r4}\n\t" "str r5, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -51234,13 +52439,20 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -51259,8 +52471,13 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0x200\n\t" "blt L_sp_4096_cond_sub_128_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -51275,13 +52492,20 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -51734,8 +52958,13 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -51749,11 +52978,19 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -55499,8 +56736,13 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -55514,11 +56756,19 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -56563,8 +57813,13 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -56578,11 +57833,19 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -57249,8 +58512,13 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -57295,12 +58563,19 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -57319,8 +58594,13 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, "cmp %[a], lr\n\t" "bne L_sp_4096_sub_128_word_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); @@ -57334,12 +58614,19 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -57567,8 +58854,13 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -57585,11 +58877,17 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -57627,8 +58925,13 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -57644,11 +58947,17 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -57765,8 +59074,13 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -57884,10 +59198,16 @@ static void sp_4096_mask_128(sp_digit* r, const sp_digit* a, sp_digit m) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -57896,9 +59216,8 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) "mov r3, #-1\n\t" #ifdef WOLFSSL_SP_SMALL #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r4, #0x1\n\t" - "lsl r4, r4, #8\n\t" - "add r4, r4, #0xfc\n\t" + "mov r4, #0xfc\n\t" + "orr r4, r4, #0x100\n\t" #else "mov r4, #0x1fc\n\t" #endif @@ -59330,8 +60649,13 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -59863,13 +61187,20 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -59888,8 +61219,13 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, "cmp r12, #0x100\n\t" "blt L_sp_4096_cond_add_64_words_%=\n\t" "mov %[r], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -59904,13 +61240,20 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r8, #0\n\t" @@ -60139,8 +61482,13 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, "adcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "adc %[r], r8, r8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; @@ -60461,11 +61809,17 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef WOLFSSL_HAVE_SP_DH #ifdef HAVE_FFDHE_4096 +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) +#else +static void sp_4096_lshift_128(sp_digit* r, const sp_digit* a, byte n) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register byte n asm ("r2") = (byte)n_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "rsb r12, %[n], #31\n\t" @@ -61237,8 +62591,13 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) "orr r5, r5, r3\n\t" "str r4, [%[r]]\n\t" "str r5, [%[r], #4]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : +#else + : + : [r] "r" (r), [a] "r" (a), [n] "r" (n) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -61531,11 +62890,18 @@ static const sp_digit p256_b[8] = { * a A single precision integer. * b A single precision integer. */ -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x40\n\t" @@ -61718,8 +63084,13 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_256_mul_8_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -61733,11 +63104,18 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p * a A single precision integer. * b A single precision integer. */ -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #32\n\t" @@ -63715,8 +65093,13 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "stm %[r]!, {r3, r4, r5, r6}\n\t" "ldm sp!, {r3, r4, r5, r6}\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12" ); @@ -63729,11 +65112,18 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p * a A single precision integer. * b A single precision integer. */ -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #36\n\t" @@ -64069,8 +65459,13 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "sub %[r], %[r], #32\n\t" "stm %[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "add sp, sp, #36\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); @@ -64083,11 +65478,18 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p * a A single precision integer. * b A single precision integer. */ -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #44\n\t" @@ -64201,8 +65603,13 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "ldm sp, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "stm lr, {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "add sp, sp, #44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr" ); @@ -64216,10 +65623,16 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x40\n\t" @@ -64362,8 +65775,13 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_256_sqr_8_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -64376,10 +65794,16 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #32\n\t" @@ -65574,8 +66998,13 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" "ldm sp!, {r2, r3, r4, r8}\n\t" "stm %[r]!, {r2, r3, r4, r8}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12" ); @@ -65587,10 +67016,16 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -65818,8 +67253,13 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "sub %[r], %[r], #32\n\t" "stm %[r], {r3, r4, r5, r6, r7, r8, r9, r10}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); @@ -65831,10 +67271,16 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #32\n\t" @@ -65935,8 +67381,13 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); @@ -65951,11 +67402,18 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -65975,8 +67433,13 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "cmp %[a], r12\n\t" "bne L_sp_256_add_8_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -65990,11 +67453,18 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -66013,8 +67483,13 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -66027,11 +67502,18 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * a The number to convert. * m The modulus (prime). */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#else +static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #24\n\t" @@ -66250,12 +67732,21 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, "stm %[r], {r2, r3, r4, r5, r6, r7, r8, lr}\n\t" "mov %[r], #0\n\t" "add sp, sp, #24\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ return (word32)(size_t)r; } @@ -66464,12 +67955,19 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -68567,13 +70065,26 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "ldr %[r], [sp, #64]\n\t" "stm %[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #elif defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) @@ -68586,12 +70097,19 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -69046,13 +70564,26 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "ldr %[r], [sp, #64]\n\t" "stm %[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #else @@ -69065,12 +70596,19 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x4c\n\t" @@ -69303,13 +70841,26 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "ldr %[r], [sp, #68]\n\t" "stm %[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x4c\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #endif @@ -69321,11 +70872,18 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -70503,13 +72061,26 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "ldr %[r], [sp, #64]\n\t" "stm %[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #elif defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) @@ -70520,11 +72091,18 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -70871,13 +72449,26 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "ldr %[r], [sp, #64]\n\t" "stm %[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #else @@ -70888,11 +72479,18 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -71113,13 +72711,26 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "ldr %[r], [sp, #64]\n\t" "stm %[r], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #endif @@ -71226,10 +72837,16 @@ static void sp_256_mont_inv_8(sp_digit* r, const sp_digit* a, sp_digit* td) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -71346,8 +72963,13 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -71368,13 +72990,20 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -71393,8 +73022,13 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #32\n\t" "blt L_sp_256_cond_sub_8_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -71409,13 +73043,20 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -71448,8 +73089,13 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -71466,11 +73112,19 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -71736,8 +73390,13 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -71751,11 +73410,19 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -71840,8 +73507,13 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -71855,11 +73527,19 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -71926,8 +73606,13 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -71942,9 +73627,17 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -72078,13 +73771,26 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "ldr %[a], [sp, #64]\n\t" "stm %[a], {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" "add sp, sp, #0x44\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4) @@ -72094,12 +73800,19 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -72365,8 +74078,13 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -72380,12 +74098,19 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -72470,8 +74195,13 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -72485,12 +74215,19 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -72557,8 +74294,13 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -72614,12 +74356,19 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -72657,12 +74406,21 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r11, r11, lr, lsr #31\n\t" "sbc r12, r12, lr\n\t" "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Double a Montgomery form number (r = a + a % m). @@ -72671,10 +74429,17 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a Number to double in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #0\n\t" @@ -72708,12 +74473,21 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r10, r10, r2, lsr #31\n\t" "sbc r11, r11, r2\n\t" "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Triple a Montgomery form number (r = a + a + a % m). @@ -72722,10 +74496,17 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a Number to triple in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -72791,12 +74572,21 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r10, r10, r12, lsr #31\n\t" "sbc r11, r11, r12\n\t" "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Subtract two Montgomery form numbers (r = a - b % m). @@ -72806,12 +74596,19 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -72847,12 +74644,21 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adcs r11, r11, lr, lsr #31\n\t" "adc r12, r12, lr\n\t" "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) @@ -72861,11 +74667,19 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a Number to divide. * m Modulus (prime). */ -static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r4, r5, r6, r7}\n\t" @@ -72925,8 +74739,13 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi "orr r10, r10, r7, lsl #31\n\t" "orr r11, r11, r3, lsl #31\n\t" "stm %[r], {r8, r9, r10, r11}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3" ); @@ -76434,9 +78253,15 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, * * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_add_one_8(sp_digit* a_p) +#else +static void sp_256_add_one_8(sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r1, r2, r3, r4}\n\t" @@ -76451,8 +78276,13 @@ static void sp_256_add_one_8(sp_digit* a_p) "adcs r3, r3, #0\n\t" "adcs r4, r4, #0\n\t" "stm %[a]!, {r1, r2, r3, r4}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -76491,9 +78321,9 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -76842,10 +78672,16 @@ int sp_ecc_secret_gen_256_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -76864,8 +78700,13 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_256_sub_in_pkace_8_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -76878,10 +78719,16 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -76899,8 +78746,13 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -76914,11 +78766,17 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -76999,8 +78857,13 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #32\n\t" "blt L_sp_256_mul_d_8_word_%=\n\t" "str r3, [%[r], #32]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -77012,11 +78875,17 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -77272,8 +79141,13 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r4}\n\t" "str r5, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -77289,11 +79163,17 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -77331,8 +79211,13 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -77348,11 +79233,17 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -77469,8 +79360,13 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -78130,11 +80026,18 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -78153,8 +80056,13 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "cmp %[a], lr\n\t" "bne L_sp_256_sub_8_word_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); @@ -78168,11 +80076,18 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -78190,18 +80105,29 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -78239,8 +80165,7 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) "strd r8, r9, [%[r], #24]\n\t" #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "ldr r2, [%[a]]\n\t" - "ldr r3, [%[a], #4]\n\t" + "ldm r1, {r2, r3}\n\t" #else "ldrd r2, r3, [%[a]]\n\t" #endif @@ -78259,8 +80184,7 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) "orr r8, r8, r5, lsl #31\n\t" "orr r9, r9, r12, lsl #31\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "str r6, [%[r]]\n\t" - "str r7, [%[r], #4]\n\t" + "stm r0, {r6, r7}\n\t" #else "strd r6, r7, [%[r]]\n\t" #endif @@ -78270,8 +80194,13 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) #else "strd r8, r9, [%[r], #8]\n\t" #endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10" ); @@ -78283,11 +80212,18 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) * a Number to divide. * m Modulus. */ -static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -78357,8 +80293,13 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "orr r10, r10, r7, lsl #31\n\t" "orr r11, r11, r3, lsl #31\n\t" "stm %[r], {r8, r9, r10, r11}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -78400,11 +80341,21 @@ static const byte L_sp_256_num_bits_8_table[] = { 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, }; +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_256_num_bits_8(const sp_digit* a_p) +#else +static int sp_256_num_bits_8(const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register byte* L_sp_256_num_bits_8_table_c asm ("r1") = (byte*)&L_sp_256_num_bits_8_table; +#else + register byte* L_sp_256_num_bits_8_table_c = + (byte*)&L_sp_256_num_bits_8_table; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, %[L_sp_256_num_bits_8_table]\n\t" @@ -78716,30 +80667,36 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "\n" "L_sp_256_num_bits_8_9_%=: \n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) : +#else + : + : [a] "r" (a), + [L_sp_256_num_bits_8_table] "r" (L_sp_256_num_bits_8_table_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr" ); return (word32)(size_t)a; } #else +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_256_num_bits_8(const sp_digit* a_p) +#else +static int sp_256_num_bits_8(const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r1, [%[a], #28]\n\t" "cmp r1, #0\n\t" "beq L_sp_256_num_bits_8_7_%=\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x100\n\t" -#endif "clz r12, r1\n\t" "sub r12, r2, r12\n\t" "b L_sp_256_num_bits_8_9_%=\n\t" @@ -78806,8 +80763,13 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "\n" "L_sp_256_num_bits_8_9_%=: \n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (word32)(size_t)a; @@ -79892,11 +81854,18 @@ static const sp_digit p384_b[12] = { * a A single precision integer. * b A single precision integer. */ -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x60\n\t" @@ -80079,8 +82048,13 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_384_mul_12_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -80093,11 +82067,18 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * a A single precision integer. * b A single precision integer. */ -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #48\n\t" @@ -85577,8 +87558,13 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" "ldm sp!, {r3, r4, r5, r6}\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12" ); @@ -85591,10 +87577,16 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x60\n\t" @@ -85737,8 +87729,13 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_384_sqr_12_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -85750,10 +87747,16 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #48\n\t" @@ -88801,8 +90804,13 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" "ldm sp!, {r2, r3, r4, r8}\n\t" "stm %[r]!, {r2, r3, r4, r8}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12" ); @@ -88816,11 +90824,18 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -88840,8 +90855,13 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "cmp %[a], r12\n\t" "bne L_sp_384_add_12_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -88855,11 +90875,18 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -88885,8 +90912,13 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -89198,13 +91230,20 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -89223,8 +91262,13 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #48\n\t" "blt L_sp_384_cond_sub_12_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -89239,13 +91283,20 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -89292,8 +91343,13 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -89309,11 +91365,19 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -89695,8 +91759,13 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -89710,11 +91779,19 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -89831,8 +91908,13 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "str r12, [%[a]]\n\t" "str lr, [%[a], #4]\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -89846,11 +91928,19 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -89937,8 +92027,13 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "str r7, [%[a], #12]\n\t" "str r8, [%[a], #16]\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -90095,10 +92190,16 @@ static void sp_384_mont_inv_12(sp_digit* r, const sp_digit* a, sp_digit* td) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -90259,8 +92360,13 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -90319,13 +92425,20 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register const sp_digit* m asm ("r3") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ sp_digit o; @@ -90339,11 +92452,19 @@ static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a Number to double in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ sp_digit o; @@ -90357,11 +92478,19 @@ static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a Number to triple in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ sp_digit o; @@ -90378,11 +92507,18 @@ static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -90401,8 +92537,13 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "cmp %[a], lr\n\t" "bne L_sp_384_sub_12_word_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); @@ -90416,11 +92557,18 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -90445,8 +92593,13 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -90462,13 +92615,20 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -90487,8 +92647,13 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, "cmp r12, #48\n\t" "blt L_sp_384_cond_add_12_words_%=\n\t" "mov %[r], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -90503,13 +92668,20 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r8, #0\n\t" @@ -90556,8 +92728,13 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, "adcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "adc %[r], r8, r8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; @@ -90571,13 +92748,20 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register const sp_digit* m asm ("r3") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ sp_digit o; @@ -90588,10 +92772,16 @@ static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi #ifdef WOLFSSL_SP_SMALL #else #endif /* WOLFSSL_SP_SMALL */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_384_rshift1_12(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3}\n\t" @@ -90640,8 +92830,13 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) "lsr r4, r4, #1\n\t" "str r3, [%[r], #40]\n\t" "str r4, [%[r], #44]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4" ); } @@ -94221,9 +96416,15 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, * * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_384_add_one_12(sp_digit* a_p) +#else +static void sp_384_add_one_12(sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r1, r2, r3, r4}\n\t" @@ -94244,8 +96445,13 @@ static void sp_384_add_one_12(sp_digit* a_p) "adcs r3, r3, #0\n\t" "adcs r4, r4, #0\n\t" "stm %[a]!, {r1, r2, r3, r4}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -94284,9 +96490,9 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -94635,10 +96841,16 @@ int sp_ecc_secret_gen_384_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -94657,8 +96869,13 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_384_sub_in_pkace_12_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -94671,10 +96888,16 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -94699,8 +96922,13 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -94714,11 +96942,17 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -94799,8 +97033,13 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #48\n\t" "blt L_sp_384_mul_d_12_word_%=\n\t" "str r3, [%[r], #48]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -94812,11 +97051,17 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -95200,8 +97445,13 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r5}\n\t" "str r3, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -95217,11 +97467,17 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -95259,8 +97515,13 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -95276,11 +97537,17 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -95397,8 +97664,13 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -96028,11 +98300,19 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * a Number to divide. * m Modulus. */ -static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r4}\n\t" @@ -96074,8 +98354,7 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "L_sp_384_div2_mod_12_div2_%=: \n\t" "sub %[r], %[r], #48\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "ldr r8, [%[r]]\n\t" - "ldr r9, [%[r], #4]\n\t" + "ldm r0, {r8, r9}\n\t" #else "ldrd r8, r9, [%[r]]\n\t" #endif @@ -96125,8 +98404,13 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "orr r10, r10, r3, lsl #31\n\t" "str r9, [%[r], #40]\n\t" "str r10, [%[r], #44]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -96168,11 +98452,21 @@ static const byte L_sp_384_num_bits_12_table[] = { 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, }; +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_384_num_bits_12(const sp_digit* a_p) +#else +static int sp_384_num_bits_12(const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register byte* L_sp_384_num_bits_12_table_c asm ("r1") = (byte*)&L_sp_384_num_bits_12_table; +#else + register byte* L_sp_384_num_bits_12_table_c = + (byte*)&L_sp_384_num_bits_12_table; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, %[L_sp_384_num_bits_12_table]\n\t" @@ -96183,9 +98477,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_11_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x78\n\t" + "mov r2, #0x78\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x178\n\t" #endif @@ -96199,9 +98492,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_11_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x70\n\t" + "mov r2, #0x70\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x170\n\t" #endif @@ -96215,9 +98507,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_11_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x68\n\t" + "mov r2, #0x68\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x168\n\t" #endif @@ -96228,9 +98519,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "L_sp_384_num_bits_12_11_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x60\n\t" + "mov r2, #0x60\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x160\n\t" #endif @@ -96246,9 +98536,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_10_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x58\n\t" + "mov r2, #0x58\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x158\n\t" #endif @@ -96262,9 +98551,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_10_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x50\n\t" + "mov r2, #0x50\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x150\n\t" #endif @@ -96278,9 +98566,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_10_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x48\n\t" + "mov r2, #0x48\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x148\n\t" #endif @@ -96291,9 +98578,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "L_sp_384_num_bits_12_10_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x40\n\t" + "mov r2, #0x40\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x140\n\t" #endif @@ -96309,9 +98595,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_9_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x38\n\t" + "mov r2, #0x38\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x138\n\t" #endif @@ -96325,9 +98610,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_9_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x30\n\t" + "mov r2, #0x30\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x130\n\t" #endif @@ -96341,9 +98625,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_9_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x28\n\t" + "mov r2, #0x28\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x128\n\t" #endif @@ -96354,9 +98637,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "L_sp_384_num_bits_12_9_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x20\n\t" + "mov r2, #0x20\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x120\n\t" #endif @@ -96372,9 +98654,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_8_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x18\n\t" + "mov r2, #0x18\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x118\n\t" #endif @@ -96388,9 +98669,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_8_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x10\n\t" + "mov r2, #0x10\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x110\n\t" #endif @@ -96404,9 +98684,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_384_num_bits_12_8_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x8\n\t" + "mov r2, #0x8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x108\n\t" #endif @@ -96416,13 +98695,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "\n" "L_sp_384_num_bits_12_8_1_%=: \n\t" "and r3, r1, #0xff\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x100\n\t" -#endif "ldrb r12, [lr, r3]\n\t" "add r12, r2, r12\n\t" "b L_sp_384_num_bits_12_13_%=\n\t" @@ -96736,27 +99009,38 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "\n" "L_sp_384_num_bits_12_13_%=: \n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) : +#else + : + : [a] "r" (a), + [L_sp_384_num_bits_12_table] "r" (L_sp_384_num_bits_12_table_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr" ); return (word32)(size_t)a; } #else +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_384_num_bits_12(const sp_digit* a_p) +#else +static int sp_384_num_bits_12(const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r1, [%[a], #44]\n\t" "cmp r1, #0\n\t" "beq L_sp_384_num_bits_12_11_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x80\n\t" + "mov r2, #0x80\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x180\n\t" #endif @@ -96769,9 +99053,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_384_num_bits_12_10_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x60\n\t" + "mov r2, #0x60\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x160\n\t" #endif @@ -96784,9 +99067,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_384_num_bits_12_9_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x40\n\t" + "mov r2, #0x40\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x140\n\t" #endif @@ -96799,9 +99081,8 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_384_num_bits_12_8_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x20\n\t" + "mov r2, #0x20\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x120\n\t" #endif @@ -96813,13 +99094,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "ldr r1, [%[a], #28]\n\t" "cmp r1, #0\n\t" "beq L_sp_384_num_bits_12_7_%=\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x100\n\t" -#endif "clz r12, r1\n\t" "sub r12, r2, r12\n\t" "b L_sp_384_num_bits_12_13_%=\n\t" @@ -96886,8 +99161,13 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "\n" "L_sp_384_num_bits_12_13_%=: \n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (word32)(size_t)a; @@ -98018,11 +100298,18 @@ static const sp_digit p521_b[17] = { * a A single precision integer. * b A single precision integer. */ -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x88\n\t" @@ -98208,8 +100495,13 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_521_mul_17_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -98222,11 +100514,18 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * a A single precision integer. * b A single precision integer. */ -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -109225,8 +111524,13 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" "ldm sp!, {r3}\n\t" "stm %[r]!, {r3}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12" ); @@ -109239,10 +111543,16 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x88\n\t" @@ -109388,8 +111698,13 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_521_sqr_17_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -109401,10 +111716,16 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -115261,8 +117582,13 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" "ldm sp!, {r2}\n\t" "stm %[r]!, {r2}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12" ); @@ -115276,11 +117602,18 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -115306,8 +117639,13 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r]!, {r4}\n\t" "mov r4, #0\n\t" "adc %[r], r4, #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -115321,11 +117659,18 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -115362,8 +117707,13 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r]!, {r3}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -115592,13 +117942,20 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -115617,8 +117974,13 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0x44\n\t" "blt L_sp_521_cond_sub_17_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -115633,13 +117995,20 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -115705,8 +118074,13 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, "sbcs r4, r4, r6\n\t" "str r4, [%[r]]\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -115719,9 +118093,17 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" @@ -115793,9 +118175,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p "ldm %[a], {r1, r2, r3, r4, r5}\n\t" "ldm sp!, {r7, r8, r9, r10, r11}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov lr, #0x1\n\t" - "lsl lr, lr, #8\n\t" - "add lr, lr, #0xff\n\t" + "mov lr, #0xff\n\t" + "orr lr, lr, #0x100\n\t" #else "mov lr, #0x1ff\n\t" #endif @@ -115833,13 +118214,26 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p "adcs r7, r7, #0\n\t" "adcs r8, r8, #0\n\t" "stm %[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)mp_p; +#else + (void)mp; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4) @@ -115849,12 +118243,19 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -115872,9 +118273,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "cmp r9, #0x40\n\t" "bne L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r7, #0x1\n\t" - "lsl r7, r7, #8\n\t" - "add r7, r7, #0xff\n\t" + "mov r7, #0xff\n\t" + "orr r7, r7, #0x100\n\t" #else "mov r7, #0x1ff\n\t" #endif @@ -116464,8 +118864,13 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "lsr r3, r4, #9\n\t" "add %[a], %[a], #4\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -116479,12 +118884,19 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -116500,9 +118912,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "cmp r9, #0x40\n\t" "bne L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r7, #0x1\n\t" - "lsl r7, r7, #8\n\t" - "add r7, r7, #0xff\n\t" + "mov r7, #0xff\n\t" + "orr r7, r7, #0x100\n\t" #else "mov r7, #0x1ff\n\t" #endif @@ -116724,8 +119135,13 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "lsr r3, r4, #9\n\t" "add %[a], %[a], #4\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -116739,12 +119155,19 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, + const sp_digit* m, sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -116762,9 +119185,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "cmp r12, #0x40\n\t" "bne L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r10, #0x1\n\t" - "lsl r10, r10, #8\n\t" - "add r10, r10, #0xff\n\t" + "mov r10, #0xff\n\t" + "orr r10, r10, #0x100\n\t" #else "mov r10, #0x1ff\n\t" #endif @@ -116939,8 +119361,13 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "lsr lr, r10, #9\n\t" "add %[a], %[a], #4\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -117094,10 +119521,16 @@ static void sp_521_mont_inv_17(sp_digit* r, const sp_digit* a, sp_digit* td) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -117313,8 +119746,13 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -117373,12 +119811,19 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -117414,9 +119859,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[b]!, {r4}\n\t" "adcs r8, r8, r4\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r12, #0x1\n\t" - "lsl r12, r12, #8\n\t" - "add r12, r12, #0xff\n\t" + "mov r12, #0xff\n\t" + "orr r12, r12, #0x100\n\t" #else "mov r12, #0x1ff\n\t" #endif @@ -117447,12 +119891,21 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[r], {r4}\n\t" "adcs r4, r4, #0\n\t" "stm %[r]!, {r4}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Double a Montgomery form number (r = a + a % m). @@ -117461,10 +119914,18 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a Number to double in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #0\n\t" @@ -117491,9 +119952,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[a]!, {r4}\n\t" "adcs r4, r4, r4\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r3, #0x1\n\t" - "lsl r3, r3, #8\n\t" - "add r3, r3, #0xff\n\t" + "mov r3, #0xff\n\t" + "orr r3, r3, #0x100\n\t" #else "mov r3, #0x1ff\n\t" #endif @@ -117524,12 +119984,21 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[r], {r4}\n\t" "adcs r4, r4, #0\n\t" "stm %[r]!, {r4}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Triple a Montgomery form number (r = a + a + a % m). @@ -117538,10 +120007,18 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a Number to triple in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #0\n\t" @@ -117602,9 +120079,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[a]!, {r8}\n\t" "adcs r4, r4, r8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r3, #0x1\n\t" - "lsl r3, r3, #8\n\t" - "add r3, r3, #0xff\n\t" + "mov r3, #0xff\n\t" + "orr r3, r3, #0x100\n\t" #else "mov r3, #0x1ff\n\t" #endif @@ -117621,12 +120097,21 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[r], {r4}\n\t" "adcs r4, r4, #0\n\t" "stm %[r]!, {r4}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Subtract two Montgomery form numbers (r = a - b % m). @@ -117636,12 +120121,19 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, - const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -117677,9 +120169,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[b]!, {r4}\n\t" "sbcs r8, r8, r4\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r12, #0x1\n\t" - "lsl r12, r12, #8\n\t" - "add r12, r12, #0xff\n\t" + "mov r12, #0xff\n\t" + "orr r12, r12, #0x100\n\t" #else "mov r12, #0x1ff\n\t" #endif @@ -117711,18 +120202,33 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "ldm %[r], {r4}\n\t" "sbcs r4, r4, #0\n\t" "stm %[r]!, {r4}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; +#else + (void)m; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_521_rshift1_17(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3}\n\t" @@ -117791,8 +120297,13 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) "lsr r3, r3, #1\n\t" "str r2, [%[r], #60]\n\t" "str r3, [%[r], #64]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4" ); } @@ -121994,9 +124505,15 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, * * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_add_one_17(sp_digit* a_p) +#else +static void sp_521_add_one_17(sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r1, r2, r3, r4}\n\t" @@ -122026,8 +124543,13 @@ static void sp_521_add_one_17(sp_digit* a_p) "ldm %[a], {r1}\n\t" "adcs r1, r1, #0\n\t" "stm %[a]!, {r1}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -122066,9 +124588,9 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -122410,17 +124932,22 @@ int sp_ecc_secret_gen_521_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, #endif /* HAVE_ECC_DHE */ #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) +#else +static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register byte n asm ("r2") = (byte)n_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "rsb r12, %[n], #32\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "ldr r4, [%[a]]\n\t" - "ldr r5, [%[a], #4]\n\t" + "ldm r1, {r4, r5}\n\t" #else "ldrd r4, r5, [%[a]]\n\t" #endif @@ -122509,8 +125036,13 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) #else "strd r4, r5, [%[r], #60]\n\t" #endif +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : +#else + : + : [r] "r" (r), [a] "r" (a), [n] "r" (n) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122519,11 +125051,17 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) +#else +static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register byte n asm ("r2") = (byte)n_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "rsb r12, %[n], #31\n\t" @@ -122629,17 +125167,28 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) "orr r5, r5, r3\n\t" "str r4, [%[r]]\n\t" "str r5, [%[r], #4]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : +#else + : + : [r] "r" (r), [a] "r" (a), [n] "r" (n) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) +#else +static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register byte n asm ("r2") = (byte)n_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "rsb r12, %[n], #31\n\t" @@ -122847,8 +125396,13 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) "orr r6, r6, r3\n\t" "str r5, [%[r]]\n\t" "str r6, [%[r], #4]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : +#else + : + : [r] "r" (r), [a] "r" (a), [n] "r" (n) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122859,10 +125413,16 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -122886,8 +125446,13 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbcs r2, r2, r6\n\t" "stm %[a]!, {r2}\n\t" "sbc %[a], %[a], %[a]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -122900,10 +125465,16 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -122939,8 +125510,13 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbcs r2, r2, r6\n\t" "stm %[a]!, {r2}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -122954,11 +125530,17 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -123039,8 +125621,13 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0x44\n\t" "blt L_sp_521_mul_d_17_word_%=\n\t" "str r3, [%[r], #68]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -123052,11 +125639,17 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -123600,8 +126193,13 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r4}\n\t" "str r5, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -123617,11 +126215,17 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -123659,8 +126263,13 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -123676,11 +126285,17 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -123797,8 +126412,13 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -124459,11 +127079,18 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -124487,8 +127114,13 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r3, r3, r7\n\t" "stm %[r]!, {r3}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr" ); @@ -124502,11 +127134,18 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -124542,8 +127181,13 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbcs r3, r3, r7\n\t" "stm %[r]!, {r3}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -124556,11 +127200,19 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit * a Number to divide. * m Modulus. */ -static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) +#else +static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r4}\n\t" @@ -124617,8 +127269,7 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "L_sp_521_div2_mod_17_div2_%=: \n\t" "sub %[r], %[r], #0x44\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "ldr r8, [%[r]]\n\t" - "ldr r9, [%[r], #4]\n\t" + "ldm r0, {r8, r9}\n\t" #else "ldrd r8, r9, [%[r]]\n\t" #endif @@ -124688,8 +127339,13 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "orr r9, r9, r3, lsl #31\n\t" "str r8, [%[r], #60]\n\t" "str r9, [%[r], #64]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -124731,11 +127387,21 @@ static const byte L_sp_521_num_bits_17_table[] = { 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, }; +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_521_num_bits_17(const sp_digit* a_p) +#else +static int sp_521_num_bits_17(const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register byte* L_sp_521_num_bits_17_table_c asm ("r1") = (byte*)&L_sp_521_num_bits_17_table; +#else + register byte* L_sp_521_num_bits_17_table_c = + (byte*)&L_sp_521_num_bits_17_table; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, %[L_sp_521_num_bits_17_table]\n\t" @@ -124746,9 +127412,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_16_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x2\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x18\n\t" + "mov r2, #0x18\n\t" + "orr r2, r2, #0x200\n\t" #else "mov r2, #0x218\n\t" #endif @@ -124762,9 +127427,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_16_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x2\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x10\n\t" + "mov r2, #0x10\n\t" + "orr r2, r2, #0x200\n\t" #else "mov r2, #0x210\n\t" #endif @@ -124778,9 +127442,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_16_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x2\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x8\n\t" + "mov r2, #0x8\n\t" + "orr r2, r2, #0x200\n\t" #else "mov r2, #0x208\n\t" #endif @@ -124790,13 +127453,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_16_1_%=: \n\t" "and r3, r1, #0xff\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x2\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x200\n\t" -#endif "ldrb r12, [lr, r3]\n\t" "add r12, r2, r12\n\t" "b L_sp_521_num_bits_17_18_%=\n\t" @@ -124809,9 +127466,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_15_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xf8\n\t" + "mov r2, #0xf8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1f8\n\t" #endif @@ -124825,9 +127481,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_15_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xf0\n\t" + "mov r2, #0xf0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1f0\n\t" #endif @@ -124841,9 +127496,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_15_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xe8\n\t" + "mov r2, #0xe8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1e8\n\t" #endif @@ -124854,9 +127508,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_15_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xe0\n\t" + "mov r2, #0xe0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1e0\n\t" #endif @@ -124872,9 +127525,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_14_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xd8\n\t" + "mov r2, #0xd8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1d8\n\t" #endif @@ -124888,9 +127540,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_14_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xd0\n\t" + "mov r2, #0xd0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1d0\n\t" #endif @@ -124904,9 +127555,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_14_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xc8\n\t" + "mov r2, #0xc8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1c8\n\t" #endif @@ -124917,9 +127567,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_14_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xc0\n\t" + "mov r2, #0xc0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1c0\n\t" #endif @@ -124935,9 +127584,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_13_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xb8\n\t" + "mov r2, #0xb8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1b8\n\t" #endif @@ -124951,9 +127599,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_13_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xb0\n\t" + "mov r2, #0xb0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1b0\n\t" #endif @@ -124967,9 +127614,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_13_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xa8\n\t" + "mov r2, #0xa8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1a8\n\t" #endif @@ -124980,9 +127626,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_13_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xa0\n\t" + "mov r2, #0xa0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1a0\n\t" #endif @@ -124998,9 +127643,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_12_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x98\n\t" + "mov r2, #0x98\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x198\n\t" #endif @@ -125014,9 +127658,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_12_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x90\n\t" + "mov r2, #0x90\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x190\n\t" #endif @@ -125030,9 +127673,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_12_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x88\n\t" + "mov r2, #0x88\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x188\n\t" #endif @@ -125043,9 +127685,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_12_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x80\n\t" + "mov r2, #0x80\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x180\n\t" #endif @@ -125061,9 +127702,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_11_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x78\n\t" + "mov r2, #0x78\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x178\n\t" #endif @@ -125077,9 +127717,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_11_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x70\n\t" + "mov r2, #0x70\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x170\n\t" #endif @@ -125093,9 +127732,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_11_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x68\n\t" + "mov r2, #0x68\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x168\n\t" #endif @@ -125106,9 +127744,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_11_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x60\n\t" + "mov r2, #0x60\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x160\n\t" #endif @@ -125124,9 +127761,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_10_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x58\n\t" + "mov r2, #0x58\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x158\n\t" #endif @@ -125140,9 +127776,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_10_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x50\n\t" + "mov r2, #0x50\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x150\n\t" #endif @@ -125156,9 +127791,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_10_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x48\n\t" + "mov r2, #0x48\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x148\n\t" #endif @@ -125169,9 +127803,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_10_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x40\n\t" + "mov r2, #0x40\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x140\n\t" #endif @@ -125187,9 +127820,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_9_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x38\n\t" + "mov r2, #0x38\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x138\n\t" #endif @@ -125203,9 +127835,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_9_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x30\n\t" + "mov r2, #0x30\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x130\n\t" #endif @@ -125219,9 +127850,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_9_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x28\n\t" + "mov r2, #0x28\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x128\n\t" #endif @@ -125232,9 +127862,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "L_sp_521_num_bits_17_9_1_%=: \n\t" "and r3, r1, #0xff\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x20\n\t" + "mov r2, #0x20\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x120\n\t" #endif @@ -125250,9 +127879,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_8_3_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x18\n\t" + "mov r2, #0x18\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x118\n\t" #endif @@ -125266,9 +127894,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_8_2_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x10\n\t" + "mov r2, #0x10\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x110\n\t" #endif @@ -125282,9 +127909,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r3, #0\n\t" "beq L_sp_521_num_bits_17_8_1_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x8\n\t" + "mov r2, #0x8\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x108\n\t" #endif @@ -125294,13 +127920,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_8_1_%=: \n\t" "and r3, r1, #0xff\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x100\n\t" -#endif "ldrb r12, [lr, r3]\n\t" "add r12, r2, r12\n\t" "b L_sp_521_num_bits_17_18_%=\n\t" @@ -125614,27 +128234,38 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_18_%=: \n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) : +#else + : + : [a] "r" (a), + [L_sp_521_num_bits_17_table] "r" (L_sp_521_num_bits_17_table_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr" ); return (word32)(size_t)a; } #else +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static int sp_521_num_bits_17(const sp_digit* a_p) +#else +static int sp_521_num_bits_17(const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r1, [%[a], #64]\n\t" "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_16_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x2\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x20\n\t" + "mov r2, #0x20\n\t" + "orr r2, r2, #0x200\n\t" #else "mov r2, #0x220\n\t" #endif @@ -125646,13 +128277,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "ldr r1, [%[a], #60]\n\t" "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_15_%=\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x2\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x200\n\t" -#endif "clz r12, r1\n\t" "sub r12, r2, r12\n\t" "b L_sp_521_num_bits_17_18_%=\n\t" @@ -125662,9 +128287,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_14_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xe0\n\t" + "mov r2, #0xe0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1e0\n\t" #endif @@ -125677,9 +128301,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_13_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xc0\n\t" + "mov r2, #0xc0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1c0\n\t" #endif @@ -125692,9 +128315,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_12_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0xa0\n\t" + "mov r2, #0xa0\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x1a0\n\t" #endif @@ -125707,9 +128329,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_11_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x80\n\t" + "mov r2, #0x80\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x180\n\t" #endif @@ -125722,9 +128343,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_10_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x60\n\t" + "mov r2, #0x60\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x160\n\t" #endif @@ -125737,9 +128357,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_9_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x40\n\t" + "mov r2, #0x40\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x140\n\t" #endif @@ -125752,9 +128371,8 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_8_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x20\n\t" + "mov r2, #0x20\n\t" + "orr r2, r2, #0x100\n\t" #else "mov r2, #0x120\n\t" #endif @@ -125766,13 +128384,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "ldr r1, [%[a], #28]\n\t" "cmp r1, #0\n\t" "beq L_sp_521_num_bits_17_7_%=\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "mov r2, #0x1\n\t" - "lsl r2, r2, #8\n\t" - "add r2, r2, #0x0\n\t" -#else "mov r2, #0x100\n\t" -#endif "clz r12, r1\n\t" "sub r12, r2, r12\n\t" "b L_sp_521_num_bits_17_18_%=\n\t" @@ -125839,8 +128451,13 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_18_%=: \n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a) : +#else + : + : [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (word32)(size_t)a; @@ -126854,11 +129471,18 @@ typedef struct sp_point_1024 { * a A single precision integer. * b A single precision integer. */ -static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x40\n\t" @@ -136600,8 +139224,13 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" "ldm sp!, {r3, r4, r5, r6}\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12" ); @@ -136612,10 +139241,16 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x40\n\t" @@ -141833,8 +144468,13 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" "ldm sp!, {r2, r3, r4, r8}\n\t" "stm %[r]!, {r2, r3, r4, r8}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12" ); @@ -141846,11 +144486,19 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -141883,8 +144531,13 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -141895,10 +144548,16 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer and result. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3, r4, r5}\n\t" @@ -141958,8 +144617,13 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbcs r5, r5, r9\n\t" "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc %[a], r9, r9\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; @@ -141971,11 +144635,19 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -142036,8 +144708,13 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r3, r4, r5, r6}\n\t" "mov %[r], #0\n\t" "adc %[r], %[r], #0\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -142118,11 +144795,19 @@ SP_NOINLINE static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r3, r4, r5, r6}\n\t" @@ -142154,8 +144839,13 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbcs r6, r6, r10\n\t" "stm %[r]!, {r3, r4, r5, r6}\n\t" "sbc %[r], r6, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; @@ -142204,11 +144894,18 @@ SP_NOINLINE static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x100\n\t" @@ -142391,8 +145088,13 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_1024_mul_32_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -142403,10 +145105,16 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b * r A single precision integer. * a A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0x100\n\t" @@ -142549,8 +145257,13 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "subs r5, r5, #32\n\t" "bgt L_sp_1024_sqr_32_store_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11" ); @@ -142648,10 +145361,16 @@ static const sp_point_1024 p1024_base = { * a A single precision integer. * b A single precision integer. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +#else +static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -142670,8 +145389,13 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "cmp %[a], lr\n\t" "bne L_sp_1024_sub_in_pkace_32_word_%=\n\t" "mov %[a], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr" ); @@ -142688,13 +145412,20 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r6, #0\n\t" @@ -142713,8 +145444,13 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, "cmp lr, #0x80\n\t" "blt L_sp_1024_cond_sub_32_words_%=\n\t" "mov %[r], r12\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -142729,13 +145465,20 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to subtract. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -142852,8 +145595,13 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, "sbcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "sbc %[r], lr, lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (word32)(size_t)r; @@ -142867,11 +145615,19 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) +#else +static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r3, #0\n\t" @@ -142891,8 +145647,13 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "cmp %[a], r12\n\t" "bne L_sp_1024_add_32_word_%=\n\t" "mov %[r], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12" ); @@ -142907,11 +145668,17 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -142992,8 +145759,13 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "cmp r9, #0x80\n\t" "blt L_sp_1024_mul_d_32_word_%=\n\t" "str r3, [%[r], #128]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -143005,11 +145777,17 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * a A single precision integer. * b A single precision digit. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +#else +static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register sp_digit b asm ("r2") = (sp_digit)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* A[0] * B */ @@ -144033,8 +146811,13 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) #endif "stm %[r]!, {r4}\n\t" "str r5, [%[r]]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -144050,11 +146833,17 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr r6, %[div], #16\n\t" @@ -144092,8 +146881,13 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d0], %[d0], r3\n\t" "udiv r3, %[d0], %[div]\n\t" "add %[d1], r4, r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -144109,11 +146903,17 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) * * Note that this is an approximate div. It may give an answer 1 larger. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +#else +static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit d1 asm ("r0") = (sp_digit)d1_p; register sp_digit d0 asm ("r1") = (sp_digit)d0_p; register sp_digit div asm ("r2") = (sp_digit)div_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "lsr lr, %[div], #1\n\t" @@ -144230,8 +147030,13 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "subs r6, %[div], r7\n\t" "sbc r6, r6, r6\n\t" "sub %[d1], r3, r6\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : +#else + : + : [d1] "r" (d1), [d0] "r" (d0), [div] "r" (div) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)d1; @@ -144275,10 +147080,16 @@ static void sp_1024_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * return -ve, 0 or +ve if a is less than, equal to or greater than b * respectively. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) +#else +static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; register const sp_digit* b asm ("r1") = (const sp_digit*)b_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r2, #-1\n\t" @@ -144659,8 +147470,13 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "eor r2, r2, r3\n\t" #endif /*WOLFSSL_SP_SMALL */ "mov %[a], r2\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) : +#else + : + : [a] "r" (a), [b] "r" (b) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)a; @@ -145002,11 +147818,19 @@ static int sp_1024_point_to_ecc_point_32(const sp_point_1024* p, ecc_point* pm) * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( #if !(defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 4)) @@ -145973,8 +148797,13 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "sbc r10, r10, r10\n\t" "orr r3, r3, r10\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -145988,11 +148817,19 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldr r11, [%[m]]\n\t" @@ -146274,8 +149111,13 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "sbc r10, r10, r10\n\t" "orr r3, r3, r10\n\t" "mov %[mp], r3\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -146289,11 +149131,19 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) +#else +static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; register sp_digit mp asm ("r2") = (sp_digit)mp_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( /* i = 0 */ @@ -146485,8 +149335,13 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "sbc r3, r3, r3\n\t" "orr lr, lr, r3\n\t" "mov %[mp], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : +#else + : + : [a] "r" (a), [m] "r" (m), [mp] "r" (mp) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -146638,13 +149493,20 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register const sp_digit* m asm ("r3") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -146799,8 +149661,13 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, "sbcs r6, r6, r10\n\t" "sbc r7, r7, r11\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" ); @@ -146812,12 +149679,19 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, * a Number to double in Montgomery form. * m Modulus (prime). */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#else +static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -146956,8 +149830,13 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, "sbcs r6, r6, r10\n\t" "sbc r7, r7, r11\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12" ); @@ -146969,12 +149848,19 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, * a Number to triple in Montgomery form. * m Modulus (prime). */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +#else +static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, + const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* m asm ("r2") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r12, #0\n\t" @@ -147268,8 +150154,13 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, "sbcs r6, r6, r10\n\t" "sbc r7, r7, r11\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12" ); @@ -147282,13 +150173,20 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, * b Number to subtract with in Montgomery form. * m Modulus (prime). */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +#else +static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register const sp_digit* m asm ("r3") = (const sp_digit*)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a]!, {r4, r5, r6, r7}\n\t" @@ -147437,8 +150335,13 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, "adcs r6, r6, r10\n\t" "adc r7, r7, r11\n\t" "stm %[r]!, {r4, r5, r6, r7}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" ); @@ -147453,13 +150356,20 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov lr, #0\n\t" @@ -147478,8 +150388,13 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, "cmp r12, #0x80\n\t" "blt L_sp_1024_cond_add_32_words_%=\n\t" "mov %[r], lr\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (word32)(size_t)r; @@ -147494,13 +150409,20 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, * b A single precision number to add. * m Mask value to apply. */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +#else +static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; register sp_digit m asm ("r3") = (sp_digit)m_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "mov r8, #0\n\t" @@ -147617,18 +150539,29 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, "adcs r5, r5, r7\n\t" "stm %[r]!, {r4, r5}\n\t" "adc %[r], r8, r8\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : +#else + : + : [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } #endif /* WOLFSSL_SP_SMALL */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) +#else +static void sp_1024_rshift1_32(sp_digit* r, const sp_digit* a) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "ldm %[a], {r2, r3}\n\t" @@ -147757,8 +150690,13 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) "lsr r3, r3, #1\n\t" "str r2, [%[r], #120]\n\t" "str r3, [%[r], #124]\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [r] "+r" (r), [a] "+r" (a) : +#else + : + : [r] "r" (r), [a] "r" (a) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r4" ); } @@ -156725,9 +159663,9 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; diff --git a/src/wolfcrypt/src/sp_arm64.c b/src/wolfcrypt/src/sp_arm64.c index 2825042..3b9bc25 100644 --- a/src/wolfcrypt/src/sp_arm64.c +++ b/src/wolfcrypt/src/sp_arm64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/sp_armthumb.c b/src/wolfcrypt/src/sp_armthumb.c index 894000e..4868f7f 100644 --- a/src/wolfcrypt/src/sp_armthumb.c +++ b/src/wolfcrypt/src/sp_armthumb.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include @@ -114,9 +109,9 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -30305,9 +30300,9 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -83399,9 +83394,9 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -103943,9 +103938,9 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -114852,9 +114847,9 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -129094,9 +129089,9 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -218537,9 +218532,9 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; diff --git a/src/wolfcrypt/src/sp_c32.c b/src/wolfcrypt/src/sp_c32.c index a1f0eb2..10d646a 100644 --- a/src/wolfcrypt/src/sp_c32.c +++ b/src/wolfcrypt/src/sp_c32.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/sp_c64.c b/src/wolfcrypt/src/sp_c64.c index 0a77db8..06dc0bd 100644 --- a/src/wolfcrypt/src/sp_c64.c +++ b/src/wolfcrypt/src/sp_c64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/sp_cortexm.c b/src/wolfcrypt/src/sp_cortexm.c index ada8bbf..fc756ff 100644 --- a/src/wolfcrypt/src/sp_cortexm.c +++ b/src/wolfcrypt/src/sp_cortexm.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include @@ -114,9 +109,9 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -257,9 +252,11 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -604,7 +601,8 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d "ADD sp, sp, #0x24\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -616,9 +614,11 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -741,7 +741,8 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d "ADD sp, sp, #0x2c\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -753,7 +754,8 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -783,7 +785,7 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -836,7 +838,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -848,9 +850,11 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -892,7 +896,7 @@ static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -1038,7 +1042,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -1050,9 +1054,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1122,7 +1128,7 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -1328,7 +1334,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -1340,9 +1346,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1468,7 +1476,7 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -1787,7 +1795,8 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) "ADD sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -1904,7 +1913,8 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) "ADD sp, sp, #0x20\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -1916,7 +1926,8 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -1945,7 +1956,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -1993,9 +2004,11 @@ SP_NOINLINE static void sp_2048_sqr_16(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2036,7 +2049,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -2084,9 +2097,11 @@ SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2155,7 +2170,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -2205,9 +2220,11 @@ SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2246,7 +2263,8 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -2298,7 +2316,8 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -2312,7 +2331,8 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -2426,7 +2446,8 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -2543,7 +2564,8 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -2574,9 +2596,11 @@ static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2615,7 +2639,8 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -2667,7 +2692,8 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -2681,7 +2707,8 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -2795,7 +2822,8 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -2912,7 +2940,8 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -2994,7 +3023,7 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -3340,7 +3369,7 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "STR r4, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -3370,9 +3399,11 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3411,7 +3442,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -3426,9 +3457,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3555,7 +3588,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -3570,9 +3603,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3868,7 +3903,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -3881,9 +3917,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3986,7 +4024,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -4001,9 +4040,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4209,7 +4250,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -4222,9 +4264,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4315,7 +4359,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -4407,7 +4452,7 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -4593,7 +4638,7 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "STR r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -4609,9 +4654,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4658,7 +4705,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -4674,9 +4721,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4740,7 +4789,7 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -5153,7 +5202,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -5562,9 +5611,11 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5603,7 +5654,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -5618,9 +5669,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5859,7 +5912,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -5874,9 +5927,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6428,7 +6483,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -6441,9 +6497,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6546,7 +6604,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -6561,9 +6620,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6929,7 +6990,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -6942,9 +7004,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7035,7 +7099,8 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -7080,9 +7145,11 @@ SP_NOINLINE static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7120,7 +7187,8 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); return (word32)(size_t)r; } @@ -7133,9 +7201,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7260,7 +7330,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -7277,9 +7347,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7326,7 +7398,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -7342,9 +7414,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7408,7 +7482,7 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -8276,7 +8350,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -8807,9 +8881,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8848,7 +8924,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -8863,9 +8939,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8992,7 +9070,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "ADC %[r], r10, r10\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -9712,7 +9790,7 @@ static void sp_2048_lshift_64(sp_digit* r, const sp_digit* a, byte n) "STR r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r7", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r7" ); } @@ -9999,9 +10077,9 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -10141,7 +10219,8 @@ static void sp_3072_to_bin_96(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -11157,7 +11236,8 @@ static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -11168,9 +11248,11 @@ static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11205,7 +11287,7 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -11272,7 +11354,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -11284,9 +11366,11 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11342,7 +11426,7 @@ static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -11520,7 +11604,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -11532,9 +11616,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11632,7 +11718,7 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -11894,7 +11980,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -11906,9 +11992,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12090,7 +12178,7 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -12860,7 +12948,8 @@ static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) "STM %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -12871,9 +12960,11 @@ static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12907,7 +12998,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -12955,9 +13046,11 @@ SP_NOINLINE static void sp_3072_sqr_24(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13012,7 +13105,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -13060,9 +13153,11 @@ SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13159,7 +13254,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -13209,9 +13304,11 @@ SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13250,7 +13347,8 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -13302,7 +13400,8 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -13316,7 +13415,8 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -13430,7 +13530,8 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -13547,7 +13648,8 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -13578,9 +13680,11 @@ static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13619,7 +13723,8 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -13671,7 +13776,8 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -13685,7 +13791,8 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -13799,7 +13906,8 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -13916,7 +14024,8 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -13998,7 +14107,7 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -14504,7 +14613,7 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -14534,9 +14643,11 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14575,7 +14686,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -14590,9 +14701,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14775,7 +14888,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -14790,9 +14903,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15216,7 +15331,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -15229,9 +15345,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15334,7 +15452,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -15349,9 +15468,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15637,7 +15758,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -15650,9 +15772,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15743,7 +15867,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -15835,7 +15960,7 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -16101,7 +16226,7 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -16117,9 +16242,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16166,7 +16293,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -16182,9 +16309,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16248,7 +16377,7 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -16837,7 +16966,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -17246,9 +17375,11 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17287,7 +17418,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -17302,9 +17433,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17655,7 +17788,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -17670,9 +17803,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -18480,7 +18615,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -18493,9 +18629,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -18598,7 +18736,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -18613,9 +18752,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19141,7 +19282,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -19154,9 +19296,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19247,7 +19391,8 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -19292,9 +19437,11 @@ SP_NOINLINE static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19332,7 +19479,8 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); return (word32)(size_t)r; } @@ -19345,9 +19493,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19528,7 +19678,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -19545,9 +19695,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19594,7 +19746,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -19610,9 +19762,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19676,7 +19830,7 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -20896,7 +21050,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -21427,9 +21581,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -21468,7 +21624,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -21483,9 +21639,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -21668,7 +21826,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "ADC %[r], r10, r10\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -22580,7 +22738,7 @@ static void sp_3072_lshift_96(sp_digit* r, const sp_digit* a, byte n) "STR r4, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r7", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r7" ); } @@ -22867,9 +23025,9 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -23246,7 +23404,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -23258,9 +23416,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23498,7 +23658,7 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -23587,9 +23747,11 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23628,7 +23790,8 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -23680,7 +23843,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -23694,7 +23858,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -23808,7 +23973,8 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -23925,7 +24091,8 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -24005,7 +24172,7 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -24671,7 +24838,7 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "STR r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -24702,9 +24869,11 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24743,7 +24912,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -24758,9 +24927,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -25223,7 +25394,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -25238,9 +25409,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -26304,7 +26477,8 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -26317,9 +26491,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -26422,7 +26598,8 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -26437,9 +26614,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27125,7 +27304,8 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -27138,9 +27318,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27231,7 +27413,8 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -27276,9 +27459,11 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27316,7 +27501,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); return (word32)(size_t)r; } @@ -27329,9 +27515,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27568,7 +27756,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -27585,9 +27773,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27634,7 +27824,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -27650,9 +27840,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27716,7 +27908,7 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -29288,7 +29480,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -29819,9 +30011,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29860,7 +30054,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -29875,9 +30069,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -30116,7 +30312,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "ADC %[r], r10, r10\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -31220,7 +31416,7 @@ static void sp_4096_lshift_128(sp_digit* r, const sp_digit* a, byte n) "STR r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r7", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r7" ); } @@ -31513,7 +31709,8 @@ static const sp_digit p256_b[8] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -31627,7 +31824,8 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -31640,9 +31838,11 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -31987,7 +32187,8 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di "ADD sp, sp, #0x24\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -31999,9 +32200,11 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32124,7 +32327,8 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di "ADD sp, sp, #0x2c\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -32244,7 +32448,8 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -32494,7 +32699,8 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -32611,7 +32817,8 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD sp, sp, #0x20\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -32625,7 +32832,8 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -32666,7 +32874,8 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -32679,7 +32888,8 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -32709,7 +32919,7 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -32722,9 +32932,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * m The modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32951,7 +33163,8 @@ static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, const sp_digit* "ADD sp, sp, #0x18\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -33167,9 +33380,11 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33633,7 +33848,8 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const "ADD sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -33658,9 +33874,11 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33902,7 +34120,8 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const "ADD sp, sp, #0x4c\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -33926,9 +34145,11 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, const * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34283,7 +34504,8 @@ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const "ADD sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -34306,9 +34528,11 @@ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34532,7 +34756,8 @@ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, const "ADD sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -34786,7 +35011,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -34807,9 +35032,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34848,7 +35075,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -34863,9 +35090,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34908,7 +35137,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -34925,9 +35154,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35031,7 +35262,8 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -35044,9 +35276,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35132,7 +35366,8 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -35146,9 +35381,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35289,7 +35526,8 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD sp, sp, #0x44\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -35311,9 +35549,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35417,7 +35657,8 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -35430,9 +35671,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35518,7 +35761,8 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -35573,9 +35817,11 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35622,7 +35868,8 @@ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const "STM %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -35638,9 +35885,11 @@ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35682,7 +35931,8 @@ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const "STM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -35698,9 +35948,11 @@ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35774,7 +36026,8 @@ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const "STM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3", "r12" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -35791,9 +36044,11 @@ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35838,7 +36093,8 @@ SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const "STM %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -35854,9 +36110,11 @@ SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35905,7 +36163,8 @@ SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, const "STM %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3" ); } @@ -39436,7 +39695,7 @@ static void sp_256_add_one_8(sp_digit* a) "STM %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -39474,9 +39733,9 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -39865,7 +40124,8 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -39905,7 +40165,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -39966,7 +40226,7 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -40032,7 +40292,7 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "STR r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -40048,9 +40308,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40097,7 +40359,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -40113,9 +40375,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40179,7 +40443,7 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -40838,7 +41102,8 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -40878,7 +41143,8 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); return (word32)(size_t)r; } @@ -40891,7 +41157,8 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -40920,7 +41187,7 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -40966,7 +41233,8 @@ static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) "STRD r8, r9, [%[r], #8]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); } @@ -40977,7 +41245,8 @@ static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -41058,7 +41327,8 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "STM %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -41261,7 +41531,7 @@ static int sp_256_num_bits_8(const sp_digit* a) "MOV %[a], r4\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5" ); return (word32)(size_t)a; } @@ -42345,7 +42615,8 @@ static const sp_digit p384_b[12] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -42459,7 +42730,8 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -42471,7 +42743,8 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -43487,7 +43760,8 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -43606,7 +43880,8 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -44307,7 +44582,8 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "STM %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -44320,7 +44596,8 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -44361,7 +44638,8 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -44374,7 +44652,8 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -44411,7 +44690,7 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -44723,9 +45002,11 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -44764,7 +45045,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -44779,9 +45060,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -44838,7 +45121,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -44854,9 +45137,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -44992,7 +45277,8 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -45005,9 +45291,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45113,7 +45401,8 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -45448,7 +45737,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -45507,9 +45796,11 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45532,9 +45823,11 @@ SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45556,9 +45849,11 @@ SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45583,7 +45878,8 @@ SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, const * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -45623,7 +45919,8 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); return (word32)(size_t)r; } @@ -45636,7 +45933,8 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -45672,7 +45970,7 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -45688,9 +45986,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45729,7 +46029,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -45744,9 +46044,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45803,7 +46105,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "ADC %[r], r10, r10\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -45817,9 +46119,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45898,7 +46202,7 @@ static void sp_384_rshift1_12(sp_digit* r, const sp_digit* a) "STR r4, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -49508,7 +49812,7 @@ static void sp_384_add_one_12(sp_digit* a) "STM %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -49546,9 +49850,9 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -49937,7 +50241,8 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -49984,7 +50289,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -50045,7 +50350,7 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -50131,7 +50436,7 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -50147,9 +50452,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50196,7 +50503,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -50212,9 +50519,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50278,7 +50587,7 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -50907,9 +51216,11 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m) +static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -51026,7 +51337,8 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "STR r10, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -51329,7 +51641,7 @@ static int sp_384_num_bits_12(const sp_digit* a) "MOV %[a], r4\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5" ); return (word32)(size_t)a; } @@ -52459,7 +52771,8 @@ static const sp_digit p521_b[17] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -52576,7 +52889,8 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -52588,7 +52902,8 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -54618,7 +54933,8 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -54740,7 +55056,8 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -56025,7 +56342,8 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "STM %[r]!, {r2}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -56038,7 +56356,8 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -56085,7 +56404,8 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADC %[r], r4, #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -56098,7 +56418,8 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -56146,7 +56467,7 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -56375,9 +56696,11 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56416,7 +56739,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -56431,9 +56754,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56509,7 +56834,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -56522,9 +56847,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56637,7 +56964,8 @@ SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, sp "STM %[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -56659,9 +56987,11 @@ SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, sp * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56924,7 +57254,8 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -56937,9 +57268,11 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57157,7 +57490,8 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -57544,7 +57878,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -57603,9 +57937,11 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57677,7 +58013,8 @@ SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, const "STM %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -57693,9 +58030,11 @@ SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57757,7 +58096,8 @@ SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, const "STM %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -57773,9 +58113,11 @@ SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57857,7 +58199,8 @@ SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, const "STM %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -57874,9 +58217,11 @@ SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, const * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57949,7 +58294,8 @@ SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, const "STM %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG (void)m_p; @@ -58038,7 +58384,7 @@ static void sp_521_rshift1_17(sp_digit* r, const sp_digit* a) "STR r3, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -62279,7 +62625,7 @@ static void sp_521_add_one_17(sp_digit* a) "STM %[a]!, {r1}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -62317,9 +62663,9 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; @@ -62758,7 +63104,7 @@ static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n) "STRD r4, r5, [%[r], #60]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r7", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r7" ); } @@ -62884,7 +63230,7 @@ static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n) "STR r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r7", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r7" ); } @@ -63108,7 +63454,7 @@ static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n) "STR r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r7", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r7" ); } @@ -63163,7 +63509,8 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "SBC %[a], %[a], %[a]\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -63221,7 +63568,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -63282,7 +63629,7 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -63393,7 +63740,7 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "STR r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -63409,9 +63756,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63458,7 +63807,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -63474,9 +63823,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63540,7 +63891,7 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -64200,7 +64551,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -64245,7 +64597,8 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12" ); return (word32)(size_t)r; } @@ -64258,7 +64611,8 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -64305,7 +64659,7 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -64318,9 +64672,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m) +static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -64472,7 +64828,8 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "STR r9, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -64900,7 +65257,7 @@ static int sp_521_num_bits_17(const sp_digit* a) "MOV %[a], r4\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5" ); return (word32)(size_t)a; } @@ -65913,7 +66270,8 @@ typedef struct sp_point_1024 { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -67711,7 +68069,8 @@ static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -68863,7 +69222,8 @@ static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) "STM %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -68874,9 +69234,11 @@ static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -68918,7 +69280,7 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -68999,7 +69361,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "SBC %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)a; } @@ -69011,9 +69373,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69083,7 +69447,7 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "ADC %[r], %[r], #0x0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -69164,9 +69528,11 @@ SP_NOINLINE static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69207,7 +69573,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, const sp_digit* b "SBC %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -69256,7 +69622,8 @@ SP_NOINLINE static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -69370,7 +69737,8 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -69487,7 +69855,8 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -69623,7 +69992,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11" ); return (word32)(size_t)a; } @@ -69639,9 +70009,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69680,7 +70052,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -69695,9 +70067,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69824,7 +70198,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "SBC %[r], r5, r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9" ); return (word32)(size_t)r; } @@ -69838,9 +70212,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69879,7 +70255,8 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (word32)(size_t)r; } @@ -69940,7 +70317,7 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -70126,7 +70503,7 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "STR r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -70142,9 +70519,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70191,7 +70570,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit "ADD %[d1], r6, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -70207,9 +70586,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, + sp_digit div_p) #else -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) +SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70273,7 +70654,7 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit "SUB %[d1], r3, r8\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)d1; } @@ -70716,7 +71097,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) "MOV %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)a; } @@ -71057,9 +71438,11 @@ static int sp_1024_point_to_ecc_point_32(const sp_point_1024* p, ecc_point* pm) * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -71360,7 +71743,8 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -71373,9 +71757,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, + const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, sp_digit mp) +SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, + sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -71586,7 +71972,8 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV %[mp], r5\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -71737,9 +72124,11 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -71904,7 +72293,8 @@ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, cons "STM %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -71915,9 +72305,11 @@ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, cons * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72065,7 +72457,8 @@ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, cons "STM %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -72076,9 +72469,11 @@ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, cons * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, const sp_digit* m) +SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, + const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72381,7 +72776,8 @@ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, cons "STM %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -72393,9 +72789,11 @@ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, cons * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, const sp_digit* b, const sp_digit* m) +SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72554,7 +72952,8 @@ SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, cons "STM %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -72568,9 +72967,11 @@ SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, cons * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72609,7 +73010,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8" ); return (word32)(size_t)r; } @@ -72624,9 +73025,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b, sp_digit m) +static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, + const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72753,7 +73156,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "ADC %[r], r10, r10\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (word32)(size_t)r; } @@ -72899,7 +73302,7 @@ static void sp_1024_rshift1_32(sp_digit* r, const sp_digit* a) "STR r3, [%[r], #124]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -81865,9 +82268,9 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) } #else switch (i) { - case 2: d[2] = a[2]; //fallthrough - case 1: d[1] = a[1]; //fallthrough - case 0: d[0] = a[0]; //fallthrough + case 2: d[i-2] = a[2]; //fallthrough + case 1: d[i-1] = a[1]; //fallthrough + case 0: d[i-0] = a[0]; //fallthrough } #endif j++; diff --git a/src/wolfcrypt/src/sp_dsp32.c b/src/wolfcrypt/src/sp_dsp32.c index e65862d..f218860 100644 --- a/src/wolfcrypt/src/sp_dsp32.c +++ b/src/wolfcrypt/src/sp_dsp32.c @@ -1,6 +1,6 @@ /* sp_cdsp_signed.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* from wolfcrypt/src/sp_c32.c */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif +/* from wolfcrypt/src/sp_c32.c */ -#include -#include #include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/sp_int.c b/src/wolfcrypt/src/sp_int.c index 00b3607..1769840 100644 --- a/src/wolfcrypt/src/sp_int.c +++ b/src/wolfcrypt/src/sp_int.c @@ -1,6 +1,6 @@ /* sp_int.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,12 +26,8 @@ DESCRIPTION This library provides single precision (SP) integer math functions. */ -#ifdef HAVE_CONFIG_H - #include -#endif -#include -#include +#include #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) @@ -39,12 +35,12 @@ This library provides single precision (SP) integer math functions. defined(WOLFSSL_SP_NO_MALLOC) #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ !defined(WOLFSSL_SP_NO_DYN_STACK) -#pragma GCC diagnostic push +PRAGMA_GCC_DIAG_PUSH /* We are statically declaring a variable smaller than sp_int. * We track available memory in the 'size' field. * Disable warnings of sp_int being partly outside array bounds of variable. */ -#pragma GCC diagnostic ignored "-Warray-bounds" +PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"") #endif #endif @@ -353,8 +349,8 @@ while (0) "movq %%rax, %[l] \n\t" \ "movq %%rdx, %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ - : [a] "m" (va), [b] "m" (vb) \ - : "memory", "%rax", "%rdx", "cc" \ + : [a] "rm" (va), [b] "rm" (vb) \ + : "%rax", "%rdx", "cc" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -377,7 +373,7 @@ while (0) "adcq %%rdx, %[h] \n\t" \ "adcq $0 , %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ - : [a] "m" (va), [b] "m" (vb) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "%rax", "%rdx", "cc" \ ) /* Multiply va by vb and add double size result into: vh | vl */ @@ -388,7 +384,7 @@ while (0) "addq %%rax, %[l] \n\t" \ "adcq %%rdx, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va), [b] "m" (vb) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "%rax", "%rdx", "cc" \ ) /* Multiply va by vb and add double size result twice into: vo | vh | vl */ @@ -403,7 +399,7 @@ while (0) "adcq %%rdx, %[h] \n\t" \ "adcq $0 , %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ - : [a] "m" (va), [b] "m" (vb) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "%rax", "%rdx", "cc" \ ) /* Multiply va by vb and add double size result twice into: vo | vh | vl @@ -419,7 +415,7 @@ while (0) "adcq %%rdx, %[h] \n\t" \ "adcq $0 , %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ - : [a] "m" (va), [b] "m" (vb) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "%rax", "%rdx", "cc" \ ) /* Square va and store double size result in: vh | vl */ @@ -430,8 +426,8 @@ while (0) "movq %%rax, %[l] \n\t" \ "movq %%rdx, %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ - : [a] "m" (va) \ - : "memory", "%rax", "%rdx", "cc" \ + : [a] "rm" (va) \ + : "%rax", "%rdx", "cc" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -442,7 +438,7 @@ while (0) "adcq %%rdx, %[h] \n\t" \ "adcq $0 , %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "%rax", "%rdx", "cc" \ ) /* Square va and add double size result into: vh | vl */ @@ -453,7 +449,7 @@ while (0) "addq %%rax, %[l] \n\t" \ "adcq %%rdx, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "%rax", "%rdx", "cc" \ ) /* Add va into: vh | vl */ @@ -462,10 +458,9 @@ while (0) "addq %[a], %[l] \n\t" \ "adcq $0 , %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "cc" \ ) -/* Add va, variable in a register, into: vh | vl */ #define SP_ASM_ADDC_REG(vl, vh, va) \ __asm__ __volatile__ ( \ "addq %[a], %[l] \n\t" \ @@ -480,7 +475,7 @@ while (0) "subq %[a], %[l] \n\t" \ "sbbq $0 , %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "cc" \ ) /* Sub va from: vh | vl */ @@ -703,8 +698,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "movl %%eax, %[l] \n\t" \ "movl %%edx, %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ - : [a] "m" (va), [b] "m" (vb) \ - : "memory", "eax", "edx", "cc" \ + : [a] "rm" (va), [b] "rm" (vb) \ + : "eax", "edx", "cc" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -726,8 +721,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "addl %%eax, %[l] \n\t" \ "adcl %%edx, %[h] \n\t" \ "adcl $0 , %[o] \n\t" \ - : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \ - : [a] "r" (va), [b] "r" (vb) \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "eax", "edx", "cc" \ ) /* Multiply va by vb and add double size result into: vh | vl */ @@ -738,7 +733,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "addl %%eax, %[l] \n\t" \ "adcl %%edx, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va), [b] "m" (vb) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "eax", "edx", "cc" \ ) /* Multiply va by vb and add double size result twice into: vo | vh | vl */ @@ -752,8 +747,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "addl %%eax, %[l] \n\t" \ "adcl %%edx, %[h] \n\t" \ "adcl $0 , %[o] \n\t" \ - : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \ - : [a] "r" (va), [b] "r" (vb) \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "eax", "edx", "cc" \ ) /* Multiply va by vb and add double size result twice into: vo | vh | vl @@ -769,7 +764,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "adcl %%edx, %[h] \n\t" \ "adcl $0 , %[o] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ - : [a] "m" (va), [b] "m" (vb) \ + : [a] "rm" (va), [b] "rm" (vb) \ : "eax", "edx", "cc" \ ) /* Square va and store double size result in: vh | vl */ @@ -780,8 +775,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "movl %%eax, %[l] \n\t" \ "movl %%edx, %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ - : [a] "m" (va) \ - : "memory", "eax", "edx", "cc" \ + : [a] "rm" (va) \ + : "eax", "edx", "cc" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -791,8 +786,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "addl %%eax, %[l] \n\t" \ "adcl %%edx, %[h] \n\t" \ "adcl $0 , %[o] \n\t" \ - : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \ - : [a] "m" (va) \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "rm" (va) \ : "eax", "edx", "cc" \ ) /* Square va and add double size result into: vh | vl */ @@ -803,7 +798,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "addl %%eax, %[l] \n\t" \ "adcl %%edx, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "eax", "edx", "cc" \ ) /* Add va into: vh | vl */ @@ -812,10 +807,9 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "addl %[a], %[l] \n\t" \ "adcl $0 , %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "cc" \ ) -/* Add va, variable in a register, into: vh | vl */ #define SP_ASM_ADDC_REG(vl, vh, va) \ __asm__ __volatile__ ( \ "addl %[a], %[l] \n\t" \ @@ -830,7 +824,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "subl %[a], %[l] \n\t" \ "sbbl $0 , %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ - : [a] "m" (va) \ + : [a] "rm" (va) \ : "cc" \ ) /* Sub va from: vh | vl */ @@ -904,7 +898,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "umulh %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory", "cc" \ + : "cc" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -915,7 +909,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mov %[o], xzr \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \ : [a] "r" (va), [b] "r" (vb) \ - : "x8" \ + : "x8", "cc" \ ) /* Multiply va by vb and add double size result into: vo | vh | vl */ #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \ @@ -978,7 +972,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "umulh %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : "cc" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -1135,7 +1129,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "umull %[l], %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -1144,7 +1137,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mov %[o], #0 \n\t" \ : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \ : [a] "r" (va), [b] "r" (vb) \ - : \ ) /* Multiply va by vb and add double size result into: vo | vh | vl */ #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \ @@ -1163,7 +1155,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "umlal %[l], %[h], %[a], %[b] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ : [a] "r" (va), [b] "r" (vb) \ - : \ ) /* Multiply va by vb and add double size result twice into: vo | vh | vl */ #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \ @@ -1200,7 +1191,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "umull %[l], %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -1259,7 +1249,6 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "clz %[n], %[a] \n\t" \ : [n] "=r" (vn) \ : [a] "r" (va) \ - : \ ) #endif @@ -3482,7 +3471,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhdu %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ + : \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -3555,7 +3544,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhdu %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -3630,7 +3619,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhdu %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ + : \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -3703,7 +3692,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhdu %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -3789,7 +3778,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhwu %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ + : \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -3861,7 +3850,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhwu %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -3935,7 +3924,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhwu %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ + : \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -4007,7 +3996,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhwu %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -4091,7 +4080,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mfhi %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory", "$lo", "$hi" \ + : "$lo", "$hi" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -4194,7 +4183,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mfhi %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory", "$lo", "$hi" \ + : "$lo", "$hi" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -4292,7 +4281,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mfhi %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory", "%lo", "%hi" \ + : "%lo", "%hi" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -4395,7 +4384,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mfhi %[h] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory", "%lo", "%hi" \ + : "%lo", "%hi" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -4492,7 +4481,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhu %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ + : \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -4589,7 +4578,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhu %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -4684,7 +4673,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhu %[h], %[a], %[b] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory" \ + : \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -4781,7 +4770,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "mulhu %[h], %[a], %[a] \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory" \ + : \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -4878,7 +4867,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "lgr %[h], %%r0 \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va), [b] "r" (vb) \ - : "memory", "r0", "r1" \ + : "r0", "r1" \ ) /* Multiply va by vb and store double size result in: vo | vh | vl */ #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ @@ -4958,7 +4947,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, "lgr %[h], %%r0 \n\t" \ : [h] "+r" (vh), [l] "+r" (vl) \ : [a] "r" (va) \ - : "memory", "r0", "r1" \ + : "r0", "r1" \ ) /* Square va and add double size result into: vo | vh | vl */ #define SP_ASM_SQR_ADD(vl, vh, vo, va) \ @@ -5136,7 +5125,7 @@ int sp_init_size(sp_int* a, unsigned int size) int err = MP_OKAY; /* Validate parameters. Don't use size more than max compiled. */ - if ((a == NULL) || ((size <= 0) || (size > SP_INT_DIGITS))) { + if ((a == NULL) || ((size == 0) || (size > SP_INT_DIGITS))) { err = MP_VAL; } @@ -5279,6 +5268,9 @@ void sp_zero(sp_int* a) */ void sp_clear(sp_int* a) { +#ifdef HAVE_FIPS + sp_forcezero(a); +#else /* Clear when valid pointer passed in. */ if (a != NULL) { unsigned int i; @@ -5291,6 +5283,7 @@ void sp_clear(sp_int* a) _sp_zero(a); sp_free(a); } +#endif } #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || \ @@ -8016,7 +8009,7 @@ int sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) } #endif /* WOLFSSL_SP_MATH_ALL */ -/* Constant time clamping/ +/* Constant time clamping. * * @param [in, out] a SP integer to clamp. */ @@ -8027,8 +8020,20 @@ static void sp_clamp_ct(sp_int* a) sp_size_t mask = (sp_size_t)-1; for (i = (int)a->used - 1; i >= 0; i--) { - used = (sp_size_t)(used - ((a->dp[i] == 0) & mask)); - mask &= (sp_size_t)(0 - (a->dp[i] == 0)); +#if ((SP_WORD_SIZE == 64) && \ + (defined(_WIN64) || !defined(WOLFSSL_UINT128_T_DEFINED))) || \ + ((SP_WORD_SIZE == 32) && defined(NO_64BIT)) + sp_int_digit negVal = ~a->dp[i]; + sp_int_digit minusOne = a->dp[i] - 1; + sp_int_digit zeroMask = + (sp_int_digit)((sp_int_sdigit)(negVal & minusOne) >> + (SP_WORD_SIZE - 1)); +#else + sp_int_digit zeroMask = + (sp_int_digit)((((sp_int_sword)a->dp[i]) - 1) >> SP_WORD_SIZE); +#endif + mask &= (sp_size_t)zeroMask; + used = (sp_size_t)(used + mask); } a->used = used; } @@ -8216,7 +8221,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) * @return MP_OKAY on success. */ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, - unsigned int max, sp_int* r) + unsigned int max_size, sp_int* r) { #ifndef SQR_MUL_ASM sp_int_sword w; @@ -8237,7 +8242,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, l = 0; h = 0; #endif - for (i = 0; i < max; i++) { + for (i = 0; i < max_size; i++) { /* Values past 'used' are not initialized. */ mask_a += (i == a->used); mask_b += (i == b->used); @@ -8527,13 +8532,13 @@ int sp_rshb(const sp_int* a, int n, sp_int* r) { int err = MP_OKAY; /* Number of digits to shift down. */ - sp_size_t i = (sp_size_t)(n >> SP_WORD_SHIFT); + sp_size_t i; if ((a == NULL) || (n < 0)) { err = MP_VAL; } /* Handle case where shifting out all digits. */ - if ((err == MP_OKAY) && (i >= a->used)) { + else if ((i = (sp_size_t)(n >> SP_WORD_SHIFT)) >= a->used) { _sp_zero(r); } /* Change callers when more error cases returned. */ @@ -8876,7 +8881,7 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem, if ((!done) && (err == MP_OKAY)) { #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \ !defined(WOLFSSL_SP_NO_MALLOC) - int cnt = 4; + unsigned int cnt = 4; /* Reuse remainder sp_int where possible. */ if ((rem != NULL) && (rem != d) && (rem->size > a->used)) { sa = rem; @@ -8905,7 +8910,7 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem, } if (tr == NULL) { tr = td[i]; - _sp_init_size(tr, a->used - d->used + 2); + _sp_init_size(tr, (unsigned int)(a->used - d->used + 2)); } #else sa = td[2]; @@ -9252,8 +9257,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL, - DYNAMIC_TYPE_BIGINT); + t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * + (size_t)(a->used + b->used), NULL, + DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; } @@ -9328,8 +9334,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL, - DYNAMIC_TYPE_BIGINT); + t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * + (size_t)(a->used + b->used), NULL, + DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; } @@ -12003,9 +12010,14 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r) } /* Need extra digit during calculation. */ + /* NOLINTBEGIN(clang-analyzer-core.UndefinedBinaryOperatorResult) */ + /* clang-tidy falsely believes that r->size was corrupted by the _sp_copy() + * to "Copy base into working variable" in _sp_exptmod_ex(). + */ if ((err == MP_OKAY) && (a->used + b->used > r->size)) { err = MP_VAL; } + /* NOLINTEND(clang-analyzer-core.UndefinedBinaryOperatorResult) */ #if 0 if (err == MP_OKAY) { @@ -14873,7 +14885,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t = (sp_int_digit*)XMALLOC( - sizeof(sp_int_digit) * (((a->used + 1) / 2) * 2 + 1), NULL, + sizeof(sp_int_digit) * (size_t)(((a->used + 1) / 2) * 2 + 1), NULL, DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; @@ -14987,8 +14999,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL, - DYNAMIC_TYPE_BIGINT); + t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * + (size_t)(a->used * 2), NULL, + DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; } @@ -17613,10 +17626,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) h = 0; } /* Handle overflow. */ - h = o2; - SP_ASM_ADDC(l, h, a->dp[7]); + SP_ASM_ADDC(l, o2, a->dp[7]); a->dp[3] = l; - a->dp[4] = h; + a->dp[4] = o2; a->used = 5; /* Remove leading zeros. */ @@ -17679,10 +17691,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) h = 0; } /* Handle overflow. */ - h = o2; - SP_ASM_ADDC(l, h, a->dp[11]); + SP_ASM_ADDC(l, o2, a->dp[11]); a->dp[5] = l; - a->dp[6] = h; + a->dp[6] = o2; a->used = 7; /* Remove leading zeros. */ @@ -17718,7 +17729,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) h = 0; SP_ASM_MUL_ADD_NO(l, h, mu, *(md++)); l = h; - for (j = 1; j + 1 < (unsigned int)m->used - 1; j += 2) { + for (j = 1; j < (unsigned int)m->used - 2; j += 2) { h = 0; SP_ASM_ADDC(l, h, ad[j]); SP_ASM_MUL_ADD_NO(l, h, mu, *(md++)); @@ -17744,11 +17755,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) o = h; } /* Handle overflow. */ - l = o; - h = o2; - SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]); - a->dp[m->used - 1] = l; - a->dp[m->used] = h; + SP_ASM_ADDC(o, o2, a->dp[m->used * 2 - 1]); + a->dp[m->used - 1] = o; + a->dp[m->used] = o2; a->used = m->used + 1; /* Remove leading zeros. */ @@ -17789,8 +17798,8 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) SP_ASM_MUL_ADD_NO(l, h, mu, *(md++)); ad[0] = l; l = h; - /* 2.4. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */ - for (j = 1; j + 1 < (unsigned int)m->used - 1; j += 2) { + /* 2.4. For j = 1 up to NumDigits(m)-2 */ + for (j = 1; j < (unsigned int)m->used - 2; j += 2) { h = 0; /* 2.4.1. a += mu * DigitMask(m, j) */ SP_ASM_ADDC(l, h, ad[j + 0]); @@ -17820,11 +17829,9 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) o = h; } /* Handle overflow. */ - l = o; - h = o2; - SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]); - a->dp[m->used * 2 - 1] = l; - a->dp[m->used * 2] = h; + SP_ASM_ADDC(o, o2, a->dp[m->used * 2 - 1]); + a->dp[m->used * 2 - 1] = o; + a->dp[m->used * 2] = o2; a->used = (sp_size_t)(m->used * 2 + 1); } @@ -17977,9 +17984,14 @@ int sp_mont_norm(sp_int* norm, const sp_int* m) if (err == MP_OKAY) { /* Find top bit and ensure norm has enough space. */ bits = (unsigned int)sp_count_bits(m); + /* NOLINTBEGIN(clang-analyzer-core.UndefinedBinaryOperatorResult) */ + /* clang-tidy falsely believes that norm->size was corrupted by the + * _sp_copy() to "Set real working value to base." in _sp_exptmod_ex(). + */ if (bits >= (unsigned int)norm->size * SP_WORD_SIZE) { err = MP_VAL; } + /* NOLINTEND(clang-analyzer-core.UndefinedBinaryOperatorResult) */ } if (err == MP_OKAY) { /* Round up for case when m is less than a word - no advantage in using @@ -19880,7 +19892,7 @@ void sp_memzero_check(sp_int* sp) defined(WOLFSSL_SP_NO_MALLOC) #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ !defined(WOLFSSL_SP_NO_DYN_STACK) -#pragma GCC diagnostic pop +PRAGMA_GCC_DIAG_POP #endif #endif diff --git a/src/wolfcrypt/src/sp_sm2_arm32.c b/src/wolfcrypt/src/sp_sm2_arm32.c index 4dc5377..0a458bd 100644 --- a/src/wolfcrypt/src/sp_sm2_arm32.c +++ b/src/wolfcrypt/src/sp_sm2_arm32.c @@ -1,6 +1,6 @@ /* sp_sm2_arm32.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_sm2_arm64.c b/src/wolfcrypt/src/sp_sm2_arm64.c index 8f87711..db67898 100644 --- a/src/wolfcrypt/src/sp_sm2_arm64.c +++ b/src/wolfcrypt/src/sp_sm2_arm64.c @@ -1,6 +1,6 @@ /* sp_sm2_arm64.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_sm2_armthumb.c b/src/wolfcrypt/src/sp_sm2_armthumb.c index 0be6685..21e49dc 100644 --- a/src/wolfcrypt/src/sp_sm2_armthumb.c +++ b/src/wolfcrypt/src/sp_sm2_armthumb.c @@ -1,6 +1,6 @@ /* sp_sm2_armthumb.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_sm2_c32.c b/src/wolfcrypt/src/sp_sm2_c32.c index 754b80a..5aae8d2 100644 --- a/src/wolfcrypt/src/sp_sm2_c32.c +++ b/src/wolfcrypt/src/sp_sm2_c32.c @@ -1,6 +1,6 @@ /* sp_sm2_c32.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_sm2_c64.c b/src/wolfcrypt/src/sp_sm2_c64.c index 861bfe3..d848104 100644 --- a/src/wolfcrypt/src/sp_sm2_c64.c +++ b/src/wolfcrypt/src/sp_sm2_c64.c @@ -1,6 +1,6 @@ /* sp_sm2_c64.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_sm2_cortexm.c b/src/wolfcrypt/src/sp_sm2_cortexm.c index 4b1083f..4ea4b8f 100644 --- a/src/wolfcrypt/src/sp_sm2_cortexm.c +++ b/src/wolfcrypt/src/sp_sm2_cortexm.c @@ -1,6 +1,6 @@ /* sp_sm2_cortexm.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_sm2_x86_64.c b/src/wolfcrypt/src/sp_sm2_x86_64.c index 24a5b9e..fd6f0d2 100644 --- a/src/wolfcrypt/src/sp_sm2_x86_64.c +++ b/src/wolfcrypt/src/sp_sm2_x86_64.c @@ -1,6 +1,6 @@ /* sp_sm2_x86_64.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFSSL_SM2 diff --git a/src/wolfcrypt/src/sp_x86_64.c b/src/wolfcrypt/src/sp_x86_64.c index 039820d..298ec47 100644 --- a/src/wolfcrypt/src/sp_x86_64.c +++ b/src/wolfcrypt/src/sp_x86_64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,16 +21,11 @@ /* Implementation by Sean Parkinson. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) -#include #include #ifdef NO_INLINE #include diff --git a/src/wolfcrypt/src/sphincs.c b/src/wolfcrypt/src/sphincs.c index 5fc054d..94be4ac 100644 --- a/src/wolfcrypt/src/sphincs.c +++ b/src/wolfcrypt/src/sphincs.c @@ -1,6 +1,6 @@ /* sphincs.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,14 +19,9 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* Based on dilithium.c and Reworked for Sphincs by Anthony Hu. */ - -#ifdef HAVE_CONFIG_H - #include -#endif +#include -/* in case user set HAVE_PQC there */ -#include +/* Based on dilithium.c and Reworked for Sphincs by Anthony Hu. */ #include @@ -37,7 +32,6 @@ #endif #include -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/srp.c b/src/wolfcrypt/src/srp.c index b06f62a..c7f5986 100644 --- a/src/wolfcrypt/src/srp.c +++ b/src/wolfcrypt/src/srp.c @@ -1,6 +1,6 @@ /* srp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,18 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef WOLFCRYPT_HAVE_SRP #include #include -#include #ifdef NO_INLINE #include @@ -152,39 +146,39 @@ static int SrpHashFinal(SrpHash* hash, byte* digest) } } -static word32 SrpHashSize(SrpType type) +static int SrpHashSize(SrpType type) { switch (type) { case SRP_TYPE_SHA: #ifndef NO_SHA return WC_SHA_DIGEST_SIZE; #else - return 0; + return ALGO_ID_E; #endif case SRP_TYPE_SHA256: #ifndef NO_SHA256 return WC_SHA256_DIGEST_SIZE; #else - return 0; + return ALGO_ID_E; #endif case SRP_TYPE_SHA384: #ifdef WOLFSSL_SHA384 return WC_SHA384_DIGEST_SIZE; #else - return 0; + return ALGO_ID_E; #endif case SRP_TYPE_SHA512: #ifdef WOLFSSL_SHA512 return WC_SHA512_DIGEST_SIZE; #else - return 0; + return ALGO_ID_E; #endif default: - return 0; + return ALGO_ID_E; } } @@ -353,7 +347,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, byte digest2[SRP_MAX_DIGEST_SIZE]; byte pad = 0; int r; - word32 i, j = 0; + word32 i; + int hashSize = 0; if (!srp || !N || !g || !salt || nSz < gSz) return BAD_FUNC_ARG; @@ -361,6 +356,10 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, if (!srp->user) return SRP_CALL_ORDER_E; + hashSize = SrpHashSize(srp->type); + if (hashSize < 0) + return hashSize; + /* Set N */ if (mp_read_unsigned_bin(&srp->N, N, nSz) != MP_OKAY) return MP_READ_E; @@ -389,7 +388,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, srp->saltSz = saltSz; /* Set k = H(N, g) */ - r = SrpHashInit(&hash, srp->type, srp->heap); + r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); for (i = 0; (word32)i < nSz - gSz; i++) { if (!r) r = SrpHashUpdate(&hash, &pad, 1); @@ -414,7 +413,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, /* digest1 = H(N) ^ H(g) */ if (r == 0) { - for (i = 0, j = SrpHashSize(srp->type); i < j; i++) + for (i = 0; i < (word32)hashSize; i++) digest1[i] ^= digest2[i]; } @@ -425,8 +424,8 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, SrpHashFree(&hash); /* client proof = H( H(N) ^ H(g) | H(user) | salt) */ - if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, j); - if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, j); + if (!r) r = SrpHashUpdate(&srp->client_proof, digest1, (word32)hashSize); + if (!r) r = SrpHashUpdate(&srp->client_proof, digest2, (word32)hashSize); if (!r) r = SrpHashUpdate(&srp->client_proof, salt, saltSz); return r; @@ -436,7 +435,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) { SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; - word32 digestSz; + int digestSz; int r; if (!srp || !password || srp->side != SRP_CLIENT_SIDE) @@ -446,6 +445,8 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) return SRP_CALL_ORDER_E; digestSz = SrpHashSize(srp->type); + if (digestSz < 0) + return digestSz; /* digest = H(username | ':' | password) */ r = SrpHashInit(&hash, srp->type, srp->heap); @@ -458,12 +459,12 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) /* digest = H(salt | H(username | ':' | password)) */ if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz); - if (!r) r = SrpHashUpdate(&hash, digest, digestSz); + if (!r) r = SrpHashUpdate(&hash, digest, (word32)digestSz); if (!r) r = SrpHashFinal(&hash, digest); SrpHashFree(&hash); /* Set x (private key) */ - if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, digestSz); + if (!r) r = mp_read_unsigned_bin(&srp->auth, digest, (word32)digestSz); ForceZero(digest, SRP_MAX_DIGEST_SIZE); @@ -572,10 +573,15 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size) #endif word32 modulusSz; int r; + int hashSize; if (!srp || !pub || !size) return BAD_FUNC_ARG; + hashSize = SrpHashSize(srp->type); + if (hashSize < 0) + return hashSize; + if (mp_iszero(&srp->auth) == MP_YES) return SRP_CALL_ORDER_E; @@ -616,7 +622,7 @@ int wc_SrpGetPublic(Srp* srp, byte* pub, word32* size) { r = mp_init_multi(i, j, 0, 0, 0, 0); } - if (!r) r = mp_read_unsigned_bin(i, srp->k,SrpHashSize(srp->type)); + if (!r) r = mp_read_unsigned_bin(i, srp->k, (word32)hashSize); if (!r) r = mp_iszero(i) == MP_YES ? SRP_BAD_KEY_E : 0; if (!r) r = mp_exptmod(&srp->g, &srp->priv, &srp->N, pubkey); if (!r) r = mp_mulmod(i, &srp->auth, &srp->N, j); @@ -654,17 +660,22 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) { SrpHash hash; byte digest[SRP_MAX_DIGEST_SIZE]; - word32 i, j, digestSz = SrpHashSize(srp->type); + word32 i, j; + int digestSz; byte counter[4]; int r = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + digestSz = SrpHashSize(srp->type); + if (digestSz < 0) + return digestSz; + XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE); - srp->key = (byte*)XMALLOC(2 * digestSz, srp->heap, DYNAMIC_TYPE_SRP); + srp->key = (byte*)XMALLOC(2 * (word32)digestSz, srp->heap, DYNAMIC_TYPE_SRP); if (srp->key == NULL) return MEMORY_E; - srp->keySz = 2 * digestSz; + srp->keySz = 2 * (word32)digestSz; for (i = j = 0; j < srp->keySz; i++) { counter[0] = (byte)(i >> 24); @@ -677,7 +688,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) if (!r) r = SrpHashUpdate(&hash, counter, 4); if (!r) { - if (j + digestSz > srp->keySz) { + if (j + (word32)digestSz > srp->keySz) { r = SrpHashFinal(&hash, digest); XMEMCPY(srp->key + j, digest, srp->keySz - j); j = srp->keySz; @@ -685,7 +696,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) else { r = SrpHashFinal(&hash, srp->key + j); - j += digestSz; + j += (word32)digestSz; } } SrpHashFree(&hash); @@ -715,7 +726,8 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, mp_int u[1], s[1], temp1[1], temp2[1]; #endif byte *secret = NULL; - word32 i, secretSz, digestSz; + word32 i, secretSz; + int digestSz; byte pad = 0; int r; @@ -761,6 +773,11 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, goto out; digestSz = SrpHashSize(srp->type); + if (digestSz < 0) { + r = digestSz; + goto out; + } + secretSz = (word32)mp_unsigned_bin_size(&srp->N); if ((secretSz < clientPubKeySz) || (secretSz < serverPubKeySz)) { @@ -795,7 +812,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, /* set u */ if ((r = SrpHashFinal(hash, digest))) goto out; - if ((r = mp_read_unsigned_bin(u, digest, SrpHashSize(srp->type)))) + if ((r = mp_read_unsigned_bin(u, digest, (word32)digestSz))) goto out; SrpHashFree(hash); @@ -804,7 +821,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, if (srp->side == SRP_CLIENT_SIDE) { /* temp1 = B - k * v; rejects k == 0, B == 0 and B >= N. */ - if ((r = mp_read_unsigned_bin(temp1, srp->k, digestSz))) + if ((r = mp_read_unsigned_bin(temp1, srp->k, (word32)digestSz))) goto out; if (mp_iszero(temp1) == MP_YES) { r = SRP_BAD_KEY_E; @@ -940,11 +957,16 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, int wc_SrpGetProof(Srp* srp, byte* proof, word32* size) { int r; + int hashSize; if (!srp || !proof || !size) return BAD_FUNC_ARG; - if (*size < SrpHashSize(srp->type)) + hashSize = SrpHashSize(srp->type); + if (hashSize < 0) + return ALGO_ID_E; + + if (*size < (word32)hashSize) return BUFFER_E; if ((r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE @@ -952,7 +974,7 @@ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size) : &srp->server_proof, proof)) != 0) return r; - *size = SrpHashSize(srp->type); + *size = (word32)hashSize; if (srp->side == SRP_CLIENT_SIDE) { /* server proof = H( A | client proof | K) */ @@ -967,11 +989,16 @@ int wc_SrpVerifyPeersProof(Srp* srp, byte* proof, word32 size) { byte digest[SRP_MAX_DIGEST_SIZE]; int r; + int hashSize; if (!srp || !proof) return BAD_FUNC_ARG; - if (size != SrpHashSize(srp->type)) + hashSize = SrpHashSize(srp->type); + if (hashSize < 0) + return ALGO_ID_E; + + if (size != (word32)hashSize) return BUFFER_E; r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof diff --git a/src/wolfcrypt/src/tfm.c b/src/wolfcrypt/src/tfm.c index 5b16871..5bd7328 100644 --- a/src/wolfcrypt/src/tfm.c +++ b/src/wolfcrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,7 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - +#include /* * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, @@ -31,13 +31,6 @@ * to fit wolfSSL's needs. */ -#ifdef HAVE_CONFIG_H - #include -#endif - -/* in case user set USE_FAST_MATH there */ -#include - #ifdef USE_FAST_MATH #ifdef NO_INLINE @@ -4575,6 +4568,9 @@ void fp_zero(fp_int *a) void fp_clear(fp_int *a) { +#ifdef HAVE_FIPS + fp_forcezero(a); +#else int size; a->used = 0; a->sign = FP_ZPOS; @@ -4585,6 +4581,7 @@ void fp_clear(fp_int *a) #endif XMEMSET(a->dp, 0, size * sizeof(fp_digit)); fp_free(a); +#endif } void fp_forcezero (mp_int * a) diff --git a/src/wolfcrypt/src/wc_dsp.c b/src/wolfcrypt/src/wc_dsp.c index c6c76c2..09c7ea1 100644 --- a/src/wolfcrypt/src/wc_dsp.c +++ b/src/wolfcrypt/src/wc_dsp.c @@ -1,6 +1,6 @@ /* wc_dsp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#include -#include -#include #ifdef NO_INLINE #include #else diff --git a/src/wolfcrypt/src/wc_encrypt.c b/src/wolfcrypt/src/wc_encrypt.c index 9393a69..b1e8b82 100644 --- a/src/wolfcrypt/src/wc_encrypt.c +++ b/src/wolfcrypt/src/wc_encrypt.c @@ -1,6 +1,6 @@ /* wc_encrypt.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,23 +19,17 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include -#ifdef HAVE_CONFIG_H - #include -#endif - -#include #include #include #include #include #include #include -#include #include #include #include -#include #ifdef NO_INLINE #include @@ -455,10 +449,12 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, #if defined(WOLFSSL_AES_256) case PBE_AES256_CBC: switch(shaOid) { + #ifndef NO_SHA256 case HMAC_SHA256_OID: typeH = WC_SHA256; derivedLen = 32; break; + #endif #ifndef NO_SHA default: typeH = WC_SHA; @@ -471,10 +467,12 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, #if defined(WOLFSSL_AES_128) case PBE_AES128_CBC: switch(shaOid) { + #ifndef NO_SHA256 case HMAC_SHA256_OID: typeH = WC_SHA256; derivedLen = 16; break; + #endif #ifndef NO_SHA default: typeH = WC_SHA; diff --git a/src/wolfcrypt/src/wc_lms.c b/src/wolfcrypt/src/wc_lms.c index b2a3bf8..9de58da 100644 --- a/src/wolfcrypt/src/wc_lms.c +++ b/src/wolfcrypt/src/wc_lms.c @@ -1,6 +1,6 @@ /* wc_lms.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include +#include #if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) #include @@ -352,14 +346,14 @@ static const wc_LmsParamsMap wc_lms_map[] = { WC_SHA256_192_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 - { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2", - LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + { WC_LMS_PARM_SHA256_192_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2", + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, - { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4", - LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + { WC_LMS_PARM_SHA256_192_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4", + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, - { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8", - LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + { WC_LMS_PARM_SHA256_192_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8", + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #endif #endif /* WOLFSSL_LMS_SHA256_192 */ @@ -1162,7 +1156,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen) if (ret == 0) { XMEMCPY(key->pub, in, inLen); - key->state = WC_LMS_STATE_VERIFYONLY; + if (key->state != WC_LMS_STATE_OK) + key->state = WC_LMS_STATE_VERIFYONLY; } return ret; @@ -1263,4 +1258,28 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, return ret; } +/* Get the Key ID from the raw private key data. + * + * PRIV = Q | PARAMS | SEED | I + * where I is the Key ID. + * + * @param [in] priv Private key data. + * @param [in] privSz Size of private key data. + * @param Pointer to 16 byte Key ID in the private key. + * @return NULL on failure. + */ +const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) +{ + word32 seedSz = privSz - LMS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN - LMS_I_LEN; + + if (priv == NULL) { + return NULL; + } + if ((seedSz != WC_SHA256_192_DIGEST_SIZE) && + (seedSz != WC_SHA256_DIGEST_SIZE)) { + return NULL; + } + return priv - LMS_I_LEN; +} + #endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ diff --git a/src/wolfcrypt/src/wc_lms_impl.c b/src/wolfcrypt/src/wc_lms_impl.c index 44bff83..47b60a6 100644 --- a/src/wolfcrypt/src/wc_lms_impl.c +++ b/src/wolfcrypt/src/wc_lms_impl.c @@ -1,6 +1,6 @@ /* wc_lms_impl.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,13 +37,9 @@ * Enable when memory is limited. */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#include #include -#include #ifdef NO_INLINE #include @@ -1339,10 +1335,10 @@ static void wc_lmots_public_key_encode(const LmsParams* params, const byte* priv_i = priv + LMS_Q_LEN + params->hash_len; /* u32str(type) || ... || T(1) */ - c32toa(params->lmsType, pub); + c32toa(params->lmsType & LMS_H_W_MASK, pub); pub += 4; /* u32str(type) || u32str(otstype) || ... || T(1) */ - c32toa(params->lmOtsType, pub); + c32toa(params->lmOtsType & LMS_H_W_MASK, pub); pub += 4; /* u32str(type) || u32str(otstype) || I || T(1) */ XMEMCPY(pub, priv_i, LMS_I_LEN); @@ -1365,14 +1361,14 @@ static int wc_lmots_public_key_check(const LmsParams* params, const byte* pub) ato32(pub, &type); pub += 4; /* Compare with parameters. */ - if (type != params->lmsType) { + if (type != (params->lmsType & LMS_H_W_MASK)) { ret = PUBLIC_KEY_E; } if (ret == 0) { /* Get node hash and Winternitz width type. */ ato32(pub, &type); /* Compare with parameters. */ - if (type != params->lmOtsType) { + if (type != (params->lmOtsType & LMS_H_W_MASK)) { ret = PUBLIC_KEY_E; } } @@ -2097,8 +2093,10 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #endif /* WOLFSSL_SMALL_STACK */ /* Public key, root node, is top of data stack. */ - XMEMCPY(stack, stackCache->stack, params->height * params->hash_len); - sp = stack + stackCache->offset; + if (ret == 0) { + XMEMCPY(stack, stackCache->stack, params->height * params->hash_len); + sp = stack + stackCache->offset; + } /* Compute all nodes requested. */ for (i = min_idx; (ret == 0) && (i <= max_idx); i++) { @@ -2193,7 +2191,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, } } - if (!useRoot) { + if (!useRoot && (ret == 0)) { /* Copy stack back. */ XMEMCPY(stackCache->stack, stack, params->height * params->hash_len); stackCache->offset = (word32)((size_t)sp - (size_t)stack); @@ -2248,7 +2246,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, s += LMS_Q_LEN; /* ots_signature = sig = u32str(type) || ... */ - c32toa(state->params->lmOtsType, s); + c32toa(state->params->lmOtsType & LMS_H_W_MASK, s); s += LMS_TYPE_LEN; /* Sign this level. * S = u32str(q) || ots_signature || ... */ @@ -2257,7 +2255,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, /* Skip over ots_signature. */ s += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ - c32toa(params->lmsType, s); + c32toa(params->lmsType & LMS_H_W_MASK, s); } return ret; @@ -2278,13 +2276,13 @@ static void wc_lms_sig_copy(const LmsParams* params, const byte* y, XMEMCPY(sig, priv, LMS_Q_LEN); sig += LMS_Q_LEN; /* S = u32str(q) || ... */ - c32toa(params->lmOtsType, sig); + c32toa(params->lmOtsType & LMS_H_W_MASK, sig); sig += LMS_TYPE_LEN; /* S = u32str(q) || ots_signature || ... */ XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len); sig += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ - c32toa(params->lmsType, sig); + c32toa(params->lmsType & LMS_H_W_MASK, sig); } #endif /* !WOLFSSL_WC_LMS_SMALL && !WOLFSSL_LMS_NO_SIG_CACHE */ #endif /* !WOLFSSL_LMS_VERIFY_ONLY */ @@ -3478,7 +3476,9 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); + #if !defined(WOLFSSL_LMS_MAX_LEVELS) || WOLFSSL_LMS_MAX_LEVELS > 1 byte* root = NULL; + #endif #ifndef WOLFSSL_LMS_NO_SIG_CACHE int store_p = 0; word32 q_32 = LMS_Q_AT_LEVEL(q, params->levels, i, @@ -3489,10 +3489,12 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Move to start of next signature at this level. */ sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); + #if !defined(WOLFSSL_LMS_MAX_LEVELS) || WOLFSSL_LMS_MAX_LEVELS > 1 if (i != 0) { /* Put root node into signature at this index. */ root = sig - params->hash_len; } + #endif #ifndef WOLFSSL_LMS_NO_SIG_CACHE /* Check if we have a cached version of C and the p hashes that we @@ -3528,10 +3530,12 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Copy the authentication path out of the private key. */ XMEMCPY(s, priv_key->state[i].auth_path, params->height * params->hash_len); + #if !defined(WOLFSSL_LMS_MAX_LEVELS) || WOLFSSL_LMS_MAX_LEVELS > 1 /* Copy the root node into signature unless at top. */ if (i != 0) { XMEMCPY(root, priv_key->state[i].root, params->hash_len); } + #endif } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ diff --git a/src/wolfcrypt/src/wc_mlkem.c b/src/wolfcrypt/src/wc_mlkem.c new file mode 100644 index 0000000..a370279 --- /dev/null +++ b/src/wolfcrypt/src/wc_mlkem.c @@ -0,0 +1,2070 @@ +/* wc_mlkem.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Implementation based on FIPS 203: + * https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf + * + * Original implementation based on NIST 3rd Round submission package. + * See link at: + * https://csrc.nist.gov/Projects/post-quantum-cryptography/ + * post-quantum-cryptography-standardization/round-3-submissions + */ + +/* Possible Kyber options: + * + * WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM Default: OFF + * Uses less dynamic memory to perform key generation. + * Has a small performance trade-off. + * Only usable with C implementation. + * + * WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM Default: OFF + * Uses less dynamic memory to perform encapsulation. + * Affects decapsulation too as encapsulation called. + * Has a small performance trade-off. + * Only usable with C implementation. + * + * WOLFSSL_MLKEM_NO_MAKE_KEY Default: OFF + * Disable the make key or key generation API. + * Reduces the code size. + * Turn on when only doing encapsulation. + * + * WOLFSSL_MLKEM_NO_ENCAPSULATE Default: OFF + * Disable the encapsulation API. + * Reduces the code size. + * Turn on when doing make key/decapsulation. + * + * WOLFSSL_MLKEM_NO_DECAPSULATE Default: OFF + * Disable the decapsulation API. + * Reduces the code size. + * Turn on when only doing encapsulation. + * + * WOLFSSL_MLKEM_CACHE_A Default: OFF + * Stores the matrix A during key generation for use in encapsulation when + * performing decapsulation. + * KyberKey is 8KB larger but decapsulation is significantly faster. + * Turn on when performing make key and decapsualtion with same object. + */ + +#include + +#include +#include +#include +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + #if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \ + defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM) + #error "Can't use small memory with assembly optimized code" + #endif +#endif +#if defined(WOLFSSL_MLKEM_CACHE_A) + #if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \ + defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM) + #error "Can't cache A with small memory code" + #endif +#endif + +#if defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + #error "No ML-KEM operations to be built." +#endif + +#ifdef WOLFSSL_WC_MLKEM + +/******************************************************************************/ + +/* Use SHA3-256 to generate 32-bytes of hash. */ +#define MLKEM_HASH_H mlkem_hash256 +/* Use SHA3-512 to generate 64-bytes of hash. */ +#define MLKEM_HASH_G mlkem_hash512 +/* Use SHAKE-256 as a key derivation function (KDF). */ +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(WOLFSSL_ARMASM) && defined(__aarch64__)) + #define MLKEM_KDF mlkem_kdf +#else + #define MLKEM_KDF wc_Shake256Hash +#endif + +/******************************************************************************/ + +/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */ +volatile sword16 mlkem_opt_blocker = 0; + +/******************************************************************************/ + +/** + * Initialize the Kyber key. + * + * @param [in] type Type of key: + * WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024, + * KYBER512, KYBER768, KYBER1024. + * @param [out] key Kyber key object to initialize. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL or type is unrecognized. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, int devId) +{ + int ret = 0; + + /* Validate key. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Validate type. */ + switch (type) { + #ifndef WOLFSSL_NO_ML_KEM + case WC_ML_KEM_512: + #ifndef WOLFSSL_WC_ML_KEM_512 + /* Code not compiled in for Kyber-512. */ + ret = NOT_COMPILED_IN; + #endif + break; + case WC_ML_KEM_768: + #ifndef WOLFSSL_WC_ML_KEM_768 + /* Code not compiled in for Kyber-768. */ + ret = NOT_COMPILED_IN; + #endif + break; + case WC_ML_KEM_1024: + #ifndef WOLFSSL_WC_ML_KEM_1024 + /* Code not compiled in for Kyber-1024. */ + ret = NOT_COMPILED_IN; + #endif + break; + #endif + #ifdef WOLFSSL_MLKEM_KYBER + case KYBER512: + #ifndef WOLFSSL_KYBER512 + /* Code not compiled in for Kyber-512. */ + ret = NOT_COMPILED_IN; + #endif + break; + case KYBER768: + #ifndef WOLFSSL_KYBER768 + /* Code not compiled in for Kyber-768. */ + ret = NOT_COMPILED_IN; + #endif + break; + case KYBER1024: + #ifndef WOLFSSL_KYBER1024 + /* Code not compiled in for Kyber-1024. */ + ret = NOT_COMPILED_IN; + #endif + break; + #endif + default: + /* No other values supported. */ + ret = BAD_FUNC_ARG; + break; + } + } + if (ret == 0) { + /* Keep type for parameters. */ + key->type = type; + /* Cache heap pointer. */ + key->heap = heap; + #ifdef WOLF_CRYPTO_CB + /* Cache device id - not used in for this algorithm yet. */ + key->devId = devId; + #endif + key->flags = 0; + + /* Zero out all data. */ + XMEMSET(&key->prf, 0, sizeof(key->prf)); + + /* Initialize the hash algorithm object. */ + ret = mlkem_hash_new(&key->hash, heap, devId); + } + if (ret == 0) { + /* Initialize the PRF algorithm object. */ + ret = mlkem_prf_new(&key->prf, heap, devId); + } + if (ret == 0) { + mlkem_init(); + } + + (void)devId; + + return ret; +} + +/** + * Free the Kyber key object. + * + * @param [in, out] key Kyber key object to dispose of. + * @return 0 on success. + */ +int wc_MlKemKey_Free(MlKemKey* key) +{ + if (key != NULL) { + /* Dispose of PRF object. */ + mlkem_prf_free(&key->prf); + /* Dispose of hash object. */ + mlkem_hash_free(&key->hash); + /* Ensure all private data is zeroed. */ + ForceZero(&key->hash, sizeof(key->hash)); + ForceZero(&key->prf, sizeof(key->prf)); + ForceZero(key->priv, sizeof(key->priv)); + ForceZero(key->z, sizeof(key->z)); + } + + return 0; +} + +/******************************************************************************/ + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY +/** + * Make a Kyber key object using a random number generator. + * + * FIPS 203 - Algorithm 19: ML-KEM.KeyGen() + * Generates an encapsulation key and a corresponding decapsulation key. + * 1: d <- B_32 > d is 32 random bytes + * 2: z <- B_32 > z is 32 random bytes + * 3: if d == NULL or z == NULL then + * 4: return falsum + * > return an error indication if random bit generation failed + * 5: end if + * 6: (ek,dk) <- ML-KEM.KeyGen_Interal(d, z) + * > run internal key generation algorithm + * &: return (ek,dk) + * + * @param [in, out] key Kyber key object. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or rng is NULL. + * @return MEMORY_E when dynamic memory allocation failed. + * @return MEMORY_E when dynamic memory allocation failed. + * @return RNG_FAILURE_E when generating random numbers failed. + * @return DRBG_CONT_FAILURE when random number generator health check fails. + */ +int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng) +{ + int ret = 0; + unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ]; + + /* Validate parameters. */ + if ((key == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Generate random to use with PRFs. + * Step 1: d is 32 random bytes + * Step 2: z is 32 random bytes + */ + ret = wc_RNG_GenerateBlock(rng, rand, WC_ML_KEM_SYM_SZ * 2); + /* Step 3: ret is not zero when d == NULL or z == NULL. */ + } + if (ret == 0) { + /* Make a key pair from the random. + * Step 6. run internal key generation algorithm + * Step 7. public and private key are stored in key + */ + ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand)); + } + + /* Ensure seeds are zeroized. */ + ForceZero((void*)rand, (word32)sizeof(rand)); + + /* Step 4: return ret != 0 on falsum or internal key generation failure. */ + return ret; +} + +/** + * Make a Kyber key object using random data. + * + * FIPS 203 - Algorithm 16: ML-KEM.KeyGen_internal(d,z) + * Uses randomness to generate an encapsulation key and a corresponding + * decapsulation key. + * 1: (ek_PKE,dk_PKE) < K-PKE.KeyGen(d) > run key generation for K-PKE + * ... + * + * FIPS 203 - Algorithm 13: K-PKE.KeyGen(d) + * Uses randomness to generate an encryption key and a corresponding decryption + * key. + * 1: (rho,sigma) <- G(d||k)A + * > expand 32+1 bytes to two pseudorandom 32-byte seeds + * 2: N <- 0 + * 3-7: generate matrix A_hat + * 8-11: generate s + * 12-15: generate e + * 16-18: calculate t_hat from A_hat, s and e + * ... + * + * @param [in, out] key Kyber key ovject. + * @param [in] rand Random data. + * @param [in] len Length of random data in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or rand is NULL. + * @return BUFFER_E when length is not WC_ML_KEM_MAKEKEY_RAND_SZ. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, const unsigned char* rand, + int len) +{ + byte buf[2 * WC_ML_KEM_SYM_SZ + 1]; + byte* rho = buf; + byte* sigma = buf + WC_ML_KEM_SYM_SZ; +#ifndef WOLFSSL_NO_MALLOC + sword16* e = NULL; +#else +#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM +#ifndef WOLFSSL_MLKEM_CACHE_A + sword16 e[(WC_ML_KEM_MAX_K + 1) * WC_ML_KEM_MAX_K * MLKEM_N]; +#else + sword16 e[WC_ML_KEM_MAX_K * MLKEM_N]; +#endif +#else + sword16 e[WC_ML_KEM_MAX_K * MLKEM_N]; +#endif +#endif +#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM + sword16* a = NULL; +#endif + sword16* s = NULL; + sword16* t = NULL; + int ret = 0; + int k = 0; + + /* Validate parameters. */ + if ((key == NULL) || (rand == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (len != WC_ML_KEM_MAKEKEY_RAND_SZ)) { + ret = BUFFER_E; + } + + if (ret == 0) { + key->flags = 0; + + /* Establish parameters based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + +#ifndef WOLFSSL_NO_MALLOC + if (ret == 0) { + /* Allocate dynamic memory for matrix and error vector. */ +#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM +#ifndef WOLFSSL_MLKEM_CACHE_A + /* e (v) | a (m) */ + e = (sword16*)XMALLOC((k + 1) * k * MLKEM_N * sizeof(sword16), + key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#else + /* e (v) */ + e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16), + key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#else + /* e (v) */ + e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16), + key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (e == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + const byte* d = rand; + +#ifdef WOLFSSL_MLKEM_CACHE_A + a = key->a; +#elif !defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) + /* Matrix A allocated at end of error vector. */ + a = e + (k * MLKEM_N); +#endif + +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & MLKEM_KYBER) +#endif +#ifdef WOLFSSL_MLKEM_KYBER + { + /* Expand 32 bytes of random to 32. */ + ret = MLKEM_HASH_G(&key->hash, d, WC_ML_KEM_SYM_SZ, NULL, 0, buf); + } +#endif +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + buf[0] = k; + /* Expand 33 bytes of random to 32. + * Alg 13: Step 1: (rho,sigma) <- G(d||k) + */ + ret = MLKEM_HASH_G(&key->hash, d, WC_ML_KEM_SYM_SZ, buf, 1, buf); + } +#endif + } + if (ret == 0) { + const byte* z = rand + WC_ML_KEM_SYM_SZ; + s = key->priv; + t = key->pub; + + /* Cache the public seed for use in encapsulation and encoding public + * key. */ + XMEMCPY(key->pubSeed, rho, WC_ML_KEM_SYM_SZ); + /* Cache the z value for decapsulation and encoding private key. */ + XMEMCPY(key->z, z, sizeof(key->z)); + + /* Initialize PRF for use in noise generation. */ + mlkem_prf_init(&key->prf); +#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM + /* Generate noise using PRF. + * Alg 13: Steps 8-15: generate s and e + */ + ret = mlkem_get_noise(&key->prf, k, s, e, NULL, sigma); + } + if (ret == 0) { + /* Generate the matrix A. + * Alg 13: Steps 3-7 + */ + ret = mlkem_gen_matrix(&key->prf, a, k, rho, 0); + } + if (ret == 0) { + /* Generate key pair from random data. + * Alg 13: Steps 16-18. + */ + mlkem_keygen(s, t, e, a, k); +#else + /* Generate noise using PRF. + * Alg 13: Steps 8-11: generate s + */ + ret = mlkem_get_noise(&key->prf, k, s, NULL, NULL, sigma); + } + if (ret == 0) { + /* Generate key pair from private vector and seeds. + * Alg 13: Steps 3-7: generate matrix A_hat + * Alg 13: 12-15: generate e + * Alg 13: 16-18: calculate t_hat from A_hat, s and e + */ + ret = mlkem_keygen_seeds(s, t, &key->prf, e, k, rho, sigma); + } + if (ret == 0) { +#endif + /* Private and public key are set/available. */ + key->flags |= MLKEM_FLAG_PRIV_SET | MLKEM_FLAG_PUB_SET; +#ifdef WOLFSSL_MLKEM_CACHE_A + key->flags |= MLKEM_FLAG_A_SET; +#endif + } + +#ifndef WOLFSSL_NO_MALLOC + /* Free dynamic memory allocated in function. */ + if (key != NULL) { + XFREE(e, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + + return ret; +} +#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */ + +/******************************************************************************/ + +/** + * Get the size in bytes of cipher text for key. + * + * @param [in] key Kyber key object. + * @param [out] len Length of cipher text in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Return in 'len' size of the cipher text for the type of this key. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + *len = WC_ML_KEM_512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + *len = WC_ML_KEM_768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + *len = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + *len = KYBER768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + *len = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + + return ret; +} + +/** + * Size of a shared secret in bytes. Always KYBER_SS_SZ. + * + * @param [in] key Kyber key object. Not used. + * @param [out] Size of the shared secret created with a Kyber key. + * @return 0 on success. + * @return 0 to indicate success. + */ +int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len) +{ + (void)key; + + *len = WC_ML_KEM_SS_SZ; + + return 0; +} + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +/* Encapsulate data and derive secret. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r) + * Uses the encryption key to encrypt a plaintext message using the randomness + * r. + * 1: N <- 0 + * 2: t_hat <- ByteDecode_12(ek_PKE[0:384k]) + * > run ByteDecode_12 k times to decode t_hat + * 3: rho <- ek_PKE[384k : 384K + 32] + * > extract 32-byte seed from ek_PKE + * 4-8: generate matrix A_hat + * 9-12: generate y + * 13-16: generate e_1 + * 17: generate e_2 + * 18-19: calculate u + * 20: mu <- Decompress_1(ByteDecode_1(m)) + * 21: calculate v + * 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) + * > run ByteEncode_d_u and Compress_d_u k times + * 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) + * 24: return c <- (c_1||c_2) + * + * @param [in] key Kyber key object. + * @param [in] m Random bytes. + * @param [in] r Seed to feed to PRF when generating y, e1 and e2. + * @param [out] c Calculated cipher text. + * @return 0 on success. + * @return NOT_COMPILED_IN when key type is not supported. + */ +static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c) +{ + int ret = 0; + sword16* a = NULL; +#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM + sword16* mu = NULL; + sword16* e1 = NULL; + sword16* e2 = NULL; +#endif + unsigned int k = 0; + unsigned int compVecSz = 0; +#ifndef WOLFSSL_NO_MALLOC + sword16* y = NULL; +#else +#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM + sword16 y[((WC_ML_KEM_MAX_K + 3) * WC_ML_KEM_MAX_K + 3) * MLKEM_N]; +#else + sword16 y[3 * WC_ML_KEM_MAX_K * MLKEM_N]; +#endif +#endif + sword16* u; + sword16* v; + + /* Establish parameters based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER +#ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + +#ifndef WOLFSSL_NO_MALLOC + if (ret == 0) { + /* Allocate dynamic memory for all matrices, vectors and polynomials. */ +#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM + y = (sword16*)XMALLOC(((k + 3) * k + 3) * MLKEM_N * sizeof(sword16), + key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#else + y = (sword16*)XMALLOC(3 * k * MLKEM_N * sizeof(sword16), key->heap, + DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (y == NULL) { + ret = MEMORY_E; + } + } +#endif + +#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM + if (ret == 0) { + /* Assign allocated dynamic memory to pointers. + * y (b) | a (m) | mu (p) | e1 (p) | e2 (v) | u (v) | v (p) */ + a = y + MLKEM_N * k; + mu = a + MLKEM_N * k * k; + e1 = mu + MLKEM_N; + e2 = e1 + MLKEM_N * k; + + /* Convert msg to a polynomial. + * Step 20: mu <- Decompress_1(ByteDecode_1(m)) */ + mlkem_from_msg(mu, m); + + /* Initialize the PRF for use in the noise generation. */ + mlkem_prf_init(&key->prf); + /* Generate noise using PRF. + * Steps 9-17: generate y, e_1, e_2 + */ + ret = mlkem_get_noise(&key->prf, k, y, e1, e2, r); + } + #ifdef WOLFSSL_MLKEM_CACHE_A + if ((ret == 0) && ((key->flags & MLKEM_FLAG_A_SET) != 0)) { + unsigned int i; + /* Transpose matrix. + * Steps 4-8: generate matrix A_hat (from original) */ + for (i = 0; i < k; i++) { + unsigned int j; + for (j = 0; j < k; j++) { + XMEMCPY(&a[(i * k + j) * MLKEM_N], + &key->a[(j * k + i) * MLKEM_N], + MLKEM_N * 2); + } + } + } + else + #endif /* WOLFSSL_MLKEM_CACHE_A */ + if (ret == 0) { + /* Generate the transposed matrix. + * Step 4-8: generate matrix A_hat */ + ret = mlkem_gen_matrix(&key->prf, a, k, key->pubSeed, 1); + } + if (ret == 0) { + /* Assign remaining allocated dynamic memory to pointers. + * y (v) | a (m) | mu (p) | e1 (p) | r2 (v) | u (v) | v (p)*/ + u = e2 + MLKEM_N; + v = u + MLKEM_N * k; + + /* Perform encapsulation maths. + * Steps 18-19, 21: calculate u and v */ + mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k); + } +#else /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */ + if (ret == 0) { + /* Assign allocated dynamic memory to pointers. + * y (v) | a (v) | u (v) */ + a = y + MLKEM_N * k; + + /* Initialize the PRF for use in the noise generation. */ + mlkem_prf_init(&key->prf); + /* Generate noise using PRF. + * Steps 9-12: generate y */ + ret = mlkem_get_noise(&key->prf, k, y, NULL, NULL, r); + } + if (ret == 0) { + /* Assign remaining allocated dynamic memory to pointers. + * y (v) | at (v) | u (v) */ + u = a + MLKEM_N * k; + v = a; + + /* Perform encapsulation maths. + * Steps 13-17: generate e_1 and e_2 + * Steps 18-19, 21: calculate u and v */ + ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, k, m, + key->pubSeed, r); + } +#endif /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */ + + if (ret == 0) { + byte* c1 = c; + byte* c2 = c + compVecSz; + + #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (k == WC_ML_KEM_512_K) { + /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */ + mlkem_vec_compress_10(c1, u, k); + /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */ + mlkem_compress_4(c2, v); + /* Step 24: return c <- (c_1||c_2) */ + } + #endif + #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (k == WC_ML_KEM_768_K) { + /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */ + mlkem_vec_compress_10(c1, u, k); + /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */ + mlkem_compress_4(c2, v); + /* Step 24: return c <- (c_1||c_2) */ + } + #endif + #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (k == WC_ML_KEM_1024_K) { + /* Step 22: c_1 <- ByteEncode_d_u(Compress_d_u(u)) */ + mlkem_vec_compress_11(c1, u); + /* Step 23: c_2 <- ByteEncode_d_v(Compress_d_v(v)) */ + mlkem_compress_5(c2, v); + /* Step 24: return c <- (c_1||c_2) */ + } + #endif + } + +#ifndef WOLFSSL_NO_MALLOC + /* Dispose of dynamic memory allocated in function. */ + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE +/** + * Encapsulate with random number generator and derive secret. + * + * FIPS 203, Algorithm 20: ML-KEM.Encaps(ek) + * Uses the encapsulation key to generate a shared secret key and an associated + * ciphertext. + * 1: m <- B_32 > m is 32 random bytes + * 2: if m == NULL then + * 3: return falsum + * 4: end if + * 5: (K,c) <- ML-KEM.Encaps_internal(ek,m) + * > run internal encapsulation algorithm + * 6: return (K,c) + * + * @param [in] key Kyber key object. + * @param [out] c Cipher text. + * @param [out] k Shared secret generated. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, ct, ss or RNG is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* c, unsigned char* k, + WC_RNG* rng) +{ + int ret = 0; + unsigned char m[WC_ML_KEM_ENC_RAND_SZ]; + + /* Validate parameters. */ + if ((key == NULL) || (c == NULL) || (k == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Generate seed for use with PRFs. + * Step 1: m is 32 random bytes + */ + ret = wc_RNG_GenerateBlock(rng, m, sizeof(m)); + /* Step 2: ret is not zero when m == NULL. */ + } + if (ret == 0) { + /* Encapsulate with the random. + * Step 5: run internal encapsulation algorithm + */ + ret = wc_KyberKey_EncapsulateWithRandom(key, c, k, m, sizeof(m)); + } + + /* Step 3: return ret != 0 on falsum or internal key generation failure. */ + return ret; +} + +/** + * Encapsulate with random data and derive secret. + * + * FIPS 203, Algorithm 17: ML-KEM.Encaps_internal(ek, m) + * Uses the encapsulation key and randomness to generate a key and an associated + * ciphertext. + * Step 1: (K,r) <- G(m||H(ek)) + * > derive shared secret key K and randomness r + * Step 2: c <- K-PPKE.Encrypt(ek, m, r) + * > encrypt m using K-PKE with randomness r + * Step 3: return (K,c) + * + * @param [out] c Cipher text. + * @param [out] k Shared secret generated. + * @param [in] m Random bytes. + * @param [in] len Length of random bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, c, k or RNG is NULL. + * @return BUFFER_E when len is not WC_ML_KEM_ENC_RAND_SZ. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key, unsigned char* c, + unsigned char* k, const unsigned char* m, int len) +{ +#ifdef WOLFSSL_MLKEM_KYBER + byte msg[KYBER_SYM_SZ]; +#endif + byte kr[2 * KYBER_SYM_SZ + 1]; + int ret = 0; +#ifdef WOLFSSL_MLKEM_KYBER + unsigned int cSz = 0; +#endif + + /* Validate parameters. */ + if ((key == NULL) || (c == NULL) || (k == NULL) || (m == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (len != WC_ML_KEM_ENC_RAND_SZ)) { + ret = BUFFER_E; + } + +#ifdef WOLFSSL_MLKEM_KYBER + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + #endif + break; +#endif + #ifdef WOLFSSL_KYBER512 + case KYBER512: + cSz = KYBER512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + cSz = KYBER768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + cSz = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } +#endif + + /* If public hash (h) is not stored against key, calculate it + * (fields set explicitly instead of using decode). + * Step 1: ... H(ek)... + */ + if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) { + #ifndef WOLFSSL_NO_MALLOC + byte* pubKey = NULL; + word32 pubKeyLen; + #else + byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + word32 pubKeyLen = WC_ML_KEM_MAX_PUBLIC_KEY_SIZE; + #endif + + #ifndef WOLFSSL_NO_MALLOC + /* Determine how big an encoded public key will be. */ + ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen); + if (ret == 0) { + /* Allocate dynamic memory for encoded public key. */ + pubKey = (byte*)XMALLOC(pubKeyLen, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + #endif + /* Encode public key - h is hash of encoded public key. */ + ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen); + #ifndef WOLFSSL_NO_MALLOC + } + /* Dispose of encoded public key. */ + XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) { + /* Implementation issue if h not cached and flag set. */ + ret = BAD_STATE_E; + } + +#ifdef WOLFSSL_MLKEM_KYBER + if (ret == 0) { +#ifndef WOLFSSL_NO_ML_KEM + if (key->type & MLKEM_KYBER) +#endif + { + /* Hash random to anonymize as seed data. */ + ret = MLKEM_HASH_H(&key->hash, m, WC_ML_KEM_SYM_SZ, msg); + } + } +#endif + if (ret == 0) { + /* Hash message into seed buffer. */ +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & MLKEM_KYBER) +#endif +#ifdef WOLFSSL_MLKEM_KYBER + { + ret = MLKEM_HASH_G(&key->hash, msg, WC_ML_KEM_SYM_SZ, key->h, + WC_ML_KEM_SYM_SZ, kr); + } +#endif +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + /* Step 1: (K,r) <- G(m||H(ek)) */ + ret = MLKEM_HASH_G(&key->hash, m, WC_ML_KEM_SYM_SZ, key->h, + WC_ML_KEM_SYM_SZ, kr); + } +#endif + } + + if (ret == 0) { + /* Encapsulate the message using the key and the seed. */ +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & MLKEM_KYBER) +#endif +#ifdef WOLFSSL_MLKEM_KYBER + { + ret = mlkemkey_encapsulate(key, msg, kr + WC_ML_KEM_SYM_SZ, c); + } +#endif +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + /* Step 2: c <- K-PKE.Encrypt(ek,m,r) */ + ret = mlkemkey_encapsulate(key, m, kr + WC_ML_KEM_SYM_SZ, c); + } +#endif + } + +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & MLKEM_KYBER) +#endif +#ifdef WOLFSSL_MLKEM_KYBER + { + if (ret == 0) { + /* Hash the cipher text after the seed. */ + ret = MLKEM_HASH_H(&key->hash, c, cSz, kr + WC_ML_KEM_SYM_SZ); + } + if (ret == 0) { + /* Derive the secret from the seed and hash of cipher text. */ + ret = MLKEM_KDF(kr, 2 * WC_ML_KEM_SYM_SZ, k, WC_ML_KEM_SS_SZ); + } + } +#endif +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + if (ret == 0) { + /* return (K,c) */ + XMEMCPY(k, kr, WC_ML_KEM_SS_SZ); + } + } +#endif + + return ret; +} +#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE */ + +/******************************************************************************/ + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE +/* Decapsulate cipher text to the message using key. + * + * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c) + * Uses the decryption key to decrypt a ciphertext. + * 1: c1 <- c[0 : 32.d_u.k] + * 2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)] + * 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) + * 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) + * ... + * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) + * 7: m <- ByteEncode_1(Compress_1(w)) + * 8: return m + * + * @param [in] key Kyber key object. + * @param [out] m Message than was encapsulated. + * @param [in] c Cipher text. + * @return 0 on success. + * @return NOT_COMPILED_IN when key type is not supported. + * @return MEMORY_E when dynamic memory allocation failed. + */ +static MLKEM_NOINLINE int mlkemkey_decapsulate(MlKemKey* key, byte* m, + const byte* c) +{ + int ret = 0; + sword16* v; + sword16* w; + unsigned int k = 0; + unsigned int compVecSz; +#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) + sword16* u = NULL; +#else + sword16 u[(WC_ML_KEM_MAX_K + 1) * MLKEM_N]; +#endif + + /* Establish parameters based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + compVecSz = WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + compVecSz = WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + compVecSz = WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER +#ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + compVecSz = KYBER512_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + compVecSz = KYBER768_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + compVecSz = KYBER1024_POLY_VEC_COMPRESSED_SZ; + break; +#endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + +#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) + if (ret == 0) { + /* Allocate dynamic memory for a vector and a polynomial. */ + u = (sword16*)XMALLOC((k + 1) * MLKEM_N * sizeof(sword16), key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (u == NULL) { + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { + /* Step 1: c1 <- c[0 : 32.d_u.k] */ + const byte* c1 = c; + /* Step 2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)] */ + const byte* c2 = c + compVecSz; + + /* Assign allocated dynamic memory to pointers. + * u (v) | v (p) */ + v = u + k * MLKEM_N; + w = u; + + #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (k == WC_ML_KEM_512_K) { + /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */ + mlkem_vec_decompress_10(u, c1, k); + /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */ + mlkem_decompress_4(v, c2); + } + #endif + #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (k == WC_ML_KEM_768_K) { + /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */ + mlkem_vec_decompress_10(u, c1, k); + /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */ + mlkem_decompress_4(v, c2); + } + #endif + #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (k == WC_ML_KEM_1024_K) { + /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */ + mlkem_vec_decompress_11(u, c1); + /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */ + mlkem_decompress_5(v, c2); + } + #endif + + /* Decapsulate the cipher text into polynomial. + * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */ + mlkem_decapsulate(key->priv, w, u, v, k); + + /* Convert the polynomial into a array of bytes (message). + * Step 7: m <- ByteEncode_1(Compress_1(w)) */ + mlkem_to_msg(m, w); + /* Step 8: return m */ + } + +#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) + /* Dispose of dynamically memory allocated in function. */ + XFREE(u, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +/** + * Decapsulate the cipher text to calculate the shared secret. + * + * Validates the cipher text by encapsulating and comparing with data passed in. + * + * FIPS 203, Algorithm 21: ML-KEM.Decaps(dk, c) + * Uses the decapsulation key to produce a shared secret key from a ciphertext. + * 1: K' <- ML-KEM.Decaps_internal(dk,c) + * > run internal decapsulation algorithm + * 2: return K' + * + * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c) + * Uses the decapsulation key to produce a shared secret key from a ciphertext. + * ... + * 1: dk_PKE <- dk[0 : 384k] + * > extract (from KEM decaps key) the PKE decryption key + * 2: ek_PKE <- dk[384k : 768l + 32] + * > extract PKE encryption key + * 3: h <- dk[768K + 32 : 768k + 64] + * > extract hash of PKE encryption key + * 4: z <- dk[768K + 64 : 768k + 96] + * > extract implicit rejection value + * 5: m' <- K-PKE.Decrypt(dk_PKE, c) > decrypt ciphertext + * 6: (K', r') <- G(m'||h) + * 7: K_bar <- J(z||c) + * 8: c' <- K-PKE.Encrypt(ek_PKE, m', r') + * > re-encrypt using the derived randomness r' + * 9: if c != c' then + * 10: K' <= K_bar + * > if ciphertexts do not match, "implicitly reject" + * 11: end if + * 12: return K' + * + * @param [in] key Kyber key object. + * @param [out] ss Shared secret. + * @param [in] ct Cipher text. + * @param [in] len Length of cipher text. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, ss or cr are NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return BUFFER_E when len is not the length of cipher text for the key type. + * @return MEMORY_E when dynamic memory allocation failed. + */ +int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss, + const unsigned char* ct, word32 len) +{ + byte msg[WC_ML_KEM_SYM_SZ]; + byte kr[2 * WC_ML_KEM_SYM_SZ + 1]; + int ret = 0; + unsigned int ctSz = 0; + unsigned int i = 0; + int fail = 0; +#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) + byte* cmp = NULL; +#else + byte cmp[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; +#endif + + /* Validate parameters. */ + if ((key == NULL) || (ss == NULL) || (ct == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Establish cipher text size based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + ctSz = WC_ML_KEM_512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + ctSz = WC_ML_KEM_768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + ctSz = WC_ML_KEM_1024_CIPHER_TEXT_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + ctSz = KYBER512_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + ctSz = KYBER768_CIPHER_TEXT_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + ctSz = KYBER1024_CIPHER_TEXT_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + + /* Ensure the cipher text passed in is the correct size. */ + if ((ret == 0) && (len != ctSz)) { + ret = BUFFER_E; + } + +#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) + if (ret == 0) { + /* Allocate memory for cipher text that is generated. */ + cmp = (byte*)XMALLOC(ctSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (cmp == NULL) { + ret = MEMORY_E; + } + } +#endif + + if (ret == 0) { + /* Decapsulate the cipher text. */ + ret = mlkemkey_decapsulate(key, msg, ct); + } + if (ret == 0) { + /* Hash message into seed buffer. */ + ret = MLKEM_HASH_G(&key->hash, msg, WC_ML_KEM_SYM_SZ, key->h, + WC_ML_KEM_SYM_SZ, kr); + } + if (ret == 0) { + /* Encapsulate the message. */ + ret = mlkemkey_encapsulate(key, msg, kr + WC_ML_KEM_SYM_SZ, cmp); + } + if (ret == 0) { + /* Compare generated cipher text with that passed in. */ + fail = mlkem_cmp(ct, cmp, ctSz); + +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + if (key->type & MLKEM_KYBER) +#endif +#ifdef WOLFSSL_MLKEM_KYBER + { + /* Hash the cipher text after the seed. */ + ret = MLKEM_HASH_H(&key->hash, ct, ctSz, kr + WC_ML_KEM_SYM_SZ); + if (ret == 0) { + /* Change seed to z on comparison failure. */ + for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) { + kr[i] ^= (kr[i] ^ key->z[i]) & fail; + } + + /* Derive the secret from the seed and hash of cipher text. */ + ret = MLKEM_KDF(kr, 2 * WC_ML_KEM_SYM_SZ, ss, WC_ML_KEM_SS_SZ); + } + } +#endif +#if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) + else +#endif +#ifndef WOLFSSL_NO_ML_KEM + { + ret = mlkem_derive_secret(&key->prf, key->z, ct, ctSz, msg); + if (ret == 0) { + /* Set secret to kr or fake secret on comparison failure. */ + for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) { + ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); + } + } + } +#endif + } + +#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) + /* Dispose of dynamic memory allocated in function. */ + if (key != NULL) { + XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + + return ret; +} +#endif /* WOLFSSL_MLKEM_NO_DECAPSULATE */ + +/******************************************************************************/ + +/** + * Get the public key and public seed from bytes. + * + * FIPS 203, Algorithm 14 K-PKE.Encrypt(ek_PKE, m, r) + * ... + * 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) + * 3: rho <- ek_PKE[384k : 384k + 32] + * ... + * + * @param [out] pub Public key - vector. + * @param [out] pubSeed Public seed. + * @param [in] p Public key data. + * @param [in] k Number of polynomials in vector. + */ +static void mlkemkey_decode_public(sword16* pub, byte* pubSeed, const byte* p, + unsigned int k) +{ + unsigned int i; + + /* Decode public key that is vector of polynomials. + * Step 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) */ + mlkem_from_bytes(pub, p, k); + p += k * WC_ML_KEM_POLY_SIZE; + + /* Read public key seed. + * Step 3: rho <- ek_PKE[384k : 384k + 32] */ + for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) { + pubSeed[i] = p[i]; + } +} + +/** + * Decode the private key. + * + * Private Vector | Public Key | Public Hash | Randomizer + * + * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c) + * 1: dk_PKE <- dk[0 : 384k] + * > extract (from KEM decaps key) the PKE decryption key + * 2: ek_PKE <- dk[384k : 768l + 32] + * > extract PKE encryption key + * 3: h <- dk[768K + 32 : 768k + 64] + * > extract hash of PKE encryption key + * 4: z <- dk[768K + 64 : 768k + 96] + * > extract implicit rejection value + * + * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE, c) + * ... + * 5: s_hat <= ByteDecode_12(dk_PKE) + * ... + * + * @param [in, out] key Kyber key object. + * @param [in] in Buffer holding encoded key. + * @param [in] len Length of data in buffer. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or in is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return BUFFER_E when len is not the correct size. + */ +int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, const unsigned char* in, + word32 len) +{ + int ret = 0; + word32 privLen = 0; + word32 pubLen = 0; + unsigned int k = 0; + const unsigned char* p = in; + + /* Validate parameters. */ + if ((key == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + privLen = KYBER512_PRIVATE_KEY_SIZE; + pubLen = KYBER512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + privLen = KYBER768_PRIVATE_KEY_SIZE; + pubLen = KYBER768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + privLen = KYBER1024_PRIVATE_KEY_SIZE; + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + /* Ensure the data is the correct length for the key type. */ + if ((ret == 0) && (len != privLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + /* Decode private key that is vector of polynomials. + * Alg 18 Step 1: dk_PKE <- dk[0 : 384k] + * Alg 15 Step 5: s_hat <- ByteDecode_12(dk_PKE) */ + mlkem_from_bytes(key->priv, p, k); + p += k * WC_ML_KEM_POLY_SIZE; + + /* Decode the public key that is after the private key. */ + mlkemkey_decode_public(key->pub, key->pubSeed, p, k); + p += pubLen; + + /* Copy the hash of the encoded public key that is after public key. */ + XMEMCPY(key->h, p, sizeof(key->h)); + p += WC_ML_KEM_SYM_SZ; + /* Copy the z (randomizer) that is after hash. */ + XMEMCPY(key->z, p, sizeof(key->z)); + + /* Set flags */ + key->flags |= MLKEM_FLAG_H_SET | MLKEM_FLAG_BOTH_SET; + } + + return ret; +} + +/** + * Decode public key. + * + * Public vector | Public Seed + * + * @param [in, out] key Kyber key object. + * @param [in] in Buffer holding encoded key. + * @param [in] len Length of data in buffer. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or in is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + * @return BUFFER_E when len is not the correct size. + */ +int wc_MlKemKey_DecodePublicKey(MlKemKey* key, const unsigned char* in, + word32 len) +{ + int ret = 0; + word32 pubLen = 0; + unsigned int k = 0; + const unsigned char* p = in; + + if ((key == NULL) || (in == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Establish parameters based on key type. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + pubLen = KYBER512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + pubLen = KYBER768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + /* Ensure the data is the correct length for the key type. */ + if ((ret == 0) && (len != pubLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + mlkemkey_decode_public(key->pub, key->pubSeed, p, k); + + /* Calculate public hash. */ + ret = MLKEM_HASH_H(&key->hash, in, len, key->h); + } + if (ret == 0) { + /* Record public key and public hash set. */ + key->flags |= MLKEM_FLAG_PUB_SET | MLKEM_FLAG_H_SET; + } + + return ret; +} + +/** + * Get the size in bytes of encoded private key for the key. + * + * @param [in] key Kyber key object. + * @param [out] len Length of encoded private key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Return in 'len' size of the encoded private key for the type of this + * key. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + *len = WC_ML_KEM_512_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + *len = WC_ML_KEM_768_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + *len = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + *len = KYBER768_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + *len = KYBER1024_PRIVATE_KEY_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + + return ret; +} + +/** + * Get the size in bytes of encoded public key for the key. + * + * @param [in] key Kyber key object. + * @param [out] len Length of encoded public key in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or len is NULL. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (len == NULL)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Return in 'len' size of the encoded public key for the type of this + * key. */ + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + *len = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + *len = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + *len = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + *len = KYBER512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + *len = KYBER768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + *len = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + + return ret; +} + +/** + * Encode the private key. + * + * Private Vector | Public Key | Public Hash | Randomizer + * + * FIPS 203, Algorithm 16: ML-KEM.KeyGen_internal(d,z) + * ... + * 3: dk <- (dk_PKE||ek||H(ek)||z) + * ... + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 20: dk_PKE <- ByteEncode_12(s_hat) + * ... + * + * @param [in] key Kyber key object. + * @param [out] out Buffer to hold data. + * @param [in] len Size of buffer in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or out is NULL or private/public key not + * available. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out, word32 len) +{ + int ret = 0; + unsigned int k = 0; + unsigned int pubLen = 0; + unsigned int privLen = 0; + unsigned char* p = out; + + if ((key == NULL) || (out == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && + ((key->flags & MLKEM_FLAG_BOTH_SET) != MLKEM_FLAG_BOTH_SET)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + privLen = WC_ML_KEM_512_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + privLen = WC_ML_KEM_768_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + privLen = WC_ML_KEM_1024_PRIVATE_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + pubLen = KYBER512_PUBLIC_KEY_SIZE; + privLen = KYBER512_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + pubLen = KYBER768_PUBLIC_KEY_SIZE; + privLen = KYBER768_PRIVATE_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + privLen = KYBER1024_PRIVATE_KEY_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + /* Check buffer is big enough for encoding. */ + if ((ret == 0) && (len != privLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + /* Encode private key that is vector of polynomials. */ + mlkem_to_bytes(p, key->priv, k); + p += WC_ML_KEM_POLY_SIZE * k; + + /* Encode public key. */ + ret = wc_KyberKey_EncodePublicKey(key, p, pubLen); + p += pubLen; + } + /* Ensure hash of public key is available. */ + if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) { + ret = MLKEM_HASH_H(&key->hash, p - pubLen, pubLen, key->h); + } + if (ret == 0) { + /* Public hash is available. */ + key->flags |= MLKEM_FLAG_H_SET; + /* Append public hash. */ + XMEMCPY(p, key->h, sizeof(key->h)); + p += WC_ML_KEM_SYM_SZ; + /* Append z (randomizer). */ + XMEMCPY(p, key->z, sizeof(key->z)); + } + + return ret; +} + +/** + * Encode the public key. + * + * Public vector | Public Seed + * + * FIPS 203, Algorithm 16: ML-KEM.KeyGen_internal(d,z) + * ... + * 2: ek <- ek_PKE + * ... + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 19: ek_PKE <- ByteEncode_12(t_hat)||rho + * ... + * + * @param [in] key Kyber key object. + * @param [out] out Buffer to hold data. + * @param [in] len Size of buffer in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or out is NULL or public key not available. + * @return NOT_COMPILED_IN when key type is not supported. + */ +int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out, word32 len) +{ + int ret = 0; + unsigned int k = 0; + unsigned int pubLen = 0; + unsigned char* p = out; + + if ((key == NULL) || (out == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && + ((key->flags & MLKEM_FLAG_PUB_SET) != MLKEM_FLAG_PUB_SET)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + switch (key->type) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + k = WC_ML_KEM_512_K; + pubLen = WC_ML_KEM_512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + k = WC_ML_KEM_768_K; + pubLen = WC_ML_KEM_768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + k = WC_ML_KEM_1024_K; + pubLen = WC_ML_KEM_1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + case KYBER512: + k = KYBER512_K; + pubLen = KYBER512_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER768 + case KYBER768: + k = KYBER768_K; + pubLen = KYBER768_PUBLIC_KEY_SIZE; + break; + #endif + #ifdef WOLFSSL_KYBER1024 + case KYBER1024: + k = KYBER1024_K; + pubLen = KYBER1024_PUBLIC_KEY_SIZE; + break; + #endif +#endif + default: + /* No other values supported. */ + ret = NOT_COMPILED_IN; + break; + } + } + /* Check buffer is big enough for encoding. */ + if ((ret == 0) && (len != pubLen)) { + ret = BUFFER_E; + } + + if (ret == 0) { + int i; + + /* Encode public key polynomial by polynomial. */ + mlkem_to_bytes(p, key->pub, k); + p += k * WC_ML_KEM_POLY_SIZE; + + /* Append public seed. */ + for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) { + p[i] = key->pubSeed[i]; + } + + /* Make sure public hash is set. */ + if ((key->flags & MLKEM_FLAG_H_SET) == 0) { + ret = MLKEM_HASH_H(&key->hash, out, len, key->h); + } + } + if (ret == 0) { + /* Public hash is set. */ + key->flags |= MLKEM_FLAG_H_SET; + } + + return ret; +} + +#endif /* WOLFSSL_WC_MLKEM */ diff --git a/src/wolfcrypt/src/wc_mlkem_poly.c b/src/wolfcrypt/src/wc_mlkem_poly.c new file mode 100644 index 0000000..e5f4a18 --- /dev/null +++ b/src/wolfcrypt/src/wc_mlkem_poly.c @@ -0,0 +1,5986 @@ +/* wc_mlkem_poly.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Implementation based on FIPS 203: + * https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf + * + * Original implementation based on NIST 3rd Round submission package. + * See link at: + * https://csrc.nist.gov/Projects/post-quantum-cryptography/ + * post-quantum-cryptography-standardization/round-3-submissions + */ + +/* Implementation of the functions that operate on polynomials or vectors of + * polynomials. + */ + +/* Possible Kyber options: + * + * WOLFSSL_WC_MLKEM Default: OFF + * Enables this code, wolfSSL implementation, to be built. + * + * WOLFSSL_WC_ML_KEM_512 Default: OFF + * Enables the ML-KEM 512 parameter implementations. + * WOLFSSL_WC_ML_KEM_768 Default: OFF + * Enables the ML-KEM 768 parameter implementations. + * WOLFSSL_WC_ML_KEM_1024 Default: OFF + * Enables the ML-KEM 1024 parameter implementations. + * WOLFSSL_KYBER512 Default: OFF + * Enables the KYBER512 parameter implementations. + * WOLFSSL_KYBER768 Default: OFF + * Enables the KYBER768 parameter implementations. + * WOLFSSL_KYBER1024 Default: OFF + * Enables the KYBER1024 parameter implementations. + * + * USE_INTEL_SPEEDUP Default: OFF + * Compiles in Intel x64 specific implementations that are faster. + * WOLFSSL_MLKEM_NO_LARGE_CODE Default: OFF + * Compiles smaller, fast code size with a speed trade-off. + * WOLFSSL_MLKEM_SMALL Default: OFF + * Compiles to small code size with a speed trade-off. + * WOLFSSL_SMALL_STACK Default: OFF + * Use less stack by dynamically allocating local variables. + * + * WOLFSSL_MLKEM_NTT_UNROLL Default: OFF + * Enable an alternative NTT implementation that may be faster on some + * platforms and is smaller in code size. + * WOLFSSL_MLKEM_INVNTT_UNROLL Default: OFF + * Enables an alternative inverse NTT implementation that may be faster on + * some platforms and is smaller in code size. + */ + +#include + +#include +#include + +#ifdef WOLFSSL_WC_MLKEM + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \ + defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM) +static int mlkem_gen_matrix_i(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed, + int i, int transposed); +static int mlkem_get_noise_i(MLKEM_PRF_T* prf, int k, sword16* vec2, + byte* seed, int i, int make); +static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p, + const byte* seed); +#endif + +/* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */ +extern volatile sword16 mlkem_opt_blocker; + +#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM)) +static word32 cpuid_flags = 0; +#endif + +/* Half of Q plus one. Converted message bit value of 1. */ +#define MLKEM_Q_1_HALF ((MLKEM_Q + 1) / 2) +/* Half of Q */ +#define MLKEM_Q_HALF (MLKEM_Q / 2) + + +/* q^-1 mod 2^16 (inverse of 3329 mod 16384) */ +#define MLKEM_QINV 62209 + +/* Used in Barrett Reduction: + * r = a mod q + * => r = a - ((V * a) >> 26) * q), as V based on 2^26 + * V is the multiplier that gets the quotient after shifting. + */ +#define MLKEM_V (((1U << 26) + (MLKEM_Q / 2)) / MLKEM_Q) + +/* Used in converting to Montgomery form. + * f is the normalizer = 2^k % m. + * 16-bit value cast to sword32 in use. + */ +#define MLKEM_F ((1ULL << 32) % MLKEM_Q) + +/* Number of bytes in an output block of SHA-3-128 */ +#define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8) +/* Number of bytes in an output block of SHA-3-256 */ +#define SHA3_256_BYTES (WC_SHA3_256_COUNT * 8) + +/* Number of blocks to generate for matrix. */ +#define GEN_MATRIX_NBLOCKS \ + ((12 * MLKEM_N / 8 * (1 << 12) / MLKEM_Q + XOF_BLOCK_SIZE) / XOF_BLOCK_SIZE) +/* Number of bytes to generate for matrix. */ +#define GEN_MATRIX_SIZE GEN_MATRIX_NBLOCKS * XOF_BLOCK_SIZE + + +/* Number of random bytes to generate for ETA3. */ +#define ETA3_RAND_SIZE ((3 * MLKEM_N) / 4) +/* Number of random bytes to generate for ETA2. */ +#define ETA2_RAND_SIZE ((2 * MLKEM_N) / 4) + + +/* Montgomery reduce a. + * + * @param [in] a 32-bit value to be reduced. + * @return Montgomery reduction result. + */ +#define MLKEM_MONT_RED(a) \ + (sword16)(((a) - (sword32)(((sword16)((sword16)(a) * \ + (sword16)MLKEM_QINV)) * \ + (sword32)MLKEM_Q)) >> 16) + +/* Barrett reduce a. r = a mod q. + * + * Converted division to multiplication. + * + * @param [in] a 16-bit value to be reduced to range of q. + * @return Modulo result. + */ +#define MLKEM_BARRETT_RED(a) \ + (sword16)((sword16)(a) - (sword16)((sword16)( \ + ((sword32)((sword32)MLKEM_V * (sword16)(a))) >> 26) * (word16)MLKEM_Q)) + + +/* Zetas for NTT. */ +const sword16 zetas[MLKEM_N / 2] = { + 2285, 2571, 2970, 1812, 1493, 1422, 287, 202, + 3158, 622, 1577, 182, 962, 2127, 1855, 1468, + 573, 2004, 264, 383, 2500, 1458, 1727, 3199, + 2648, 1017, 732, 608, 1787, 411, 3124, 1758, + 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, + 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, + 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, + 2931, 961, 1821, 2604, 448, 2264, 677, 2054, + 2226, 430, 555, 843, 2078, 871, 1550, 105, + 422, 587, 177, 3094, 3038, 2869, 1574, 1653, + 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, + 1739, 644, 2457, 349, 418, 329, 3173, 3254, + 817, 1097, 603, 610, 1322, 2044, 1864, 384, + 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, + 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, + 3221, 3021, 996, 991, 958, 1869, 1522, 1628 +}; + + +#if !defined(WOLFSSL_ARMASM) +/* Number-Theoretic Transform. + * + * FIPS 203, Algorithm 9: NTT(f) + * Computes the NTT representation f_hat of the given polynomial f element of + * R_q. + * 1: f_hat <- f + * 2: i <- 1 + * 3: for (len <- 128; len >= 2; len <- len/2) + * 4: for (start <- 0; start < 256; start <- start + 2.len) + * 5: zeta <- zetas^BitRev_7(i) mod q + * 6: i <- i + 1 + * 7: for (j <- start; j < start + len; j++) + * 8: t <- zeta.f[j+len] + * 9: f_hat[j+len] <- f_hat[j] - t + * 10: f_hat[j] <- f_hat[j] - t + * 11: end for + * 12: end for + * 13: end for + * 14: return f_hat + * + * @param [in, out] r Polynomial to transform. + */ +static void mlkem_ntt(sword16* r) +{ +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int len; + unsigned int k; + unsigned int j; + + /* Step 2 */ + k = 1; + /* Step 3 */ + for (len = MLKEM_N / 2; len >= 2; len >>= 1) { + unsigned int start; + /* Step 4 */ + for (start = 0; start < MLKEM_N; start = j + len) { + /* Step 5, 6*/ + sword16 zeta = zetas[k++]; + /* Step 7 */ + for (j = start; j < start + len; ++j) { + /* Step 8 */ + sword32 p = (sword32)zeta * r[j + len]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[j]; + /* Step 9 */ + r[j + len] = rj - t; + /* Step 10 */ + r[j] = rj + t; + } + } + } + + /* Reduce coefficients with quick algorithm. */ + for (j = 0; j < MLKEM_N; ++j) { + r[j] = MLKEM_BARRETT_RED(r[j]); + } +#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + /* Take out the first iteration. */ + unsigned int len; + unsigned int k = 1; + unsigned int j; + unsigned int start; + sword16 zeta = zetas[k++]; + + for (j = 0; j < MLKEM_N / 2; ++j) { + sword32 p = (sword32)zeta * r[j + MLKEM_N / 2]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[j]; + r[j + MLKEM_N / 2] = rj - t; + r[j] = rj + t; + } + for (len = MLKEM_N / 4; len >= 2; len >>= 1) { + for (start = 0; start < MLKEM_N; start = j + len) { + zeta = zetas[k++]; + for (j = start; j < start + len; ++j) { + sword32 p = (sword32)zeta * r[j + len]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[j]; + r[j + len] = rj - t; + r[j] = rj + t; + } + } + } + + /* Reduce coefficients with quick algorithm. */ + for (j = 0; j < MLKEM_N; ++j) { + r[j] = MLKEM_BARRETT_RED(r[j]); + } +#elif defined(WOLFSSL_MLKEM_NTT_UNROLL) + /* Unroll len loop (Step 3). */ + unsigned int k = 1; + unsigned int j; + unsigned int start; + sword16 zeta = zetas[k++]; + + /* len = 128 */ + for (j = 0; j < MLKEM_N / 2; ++j) { + sword32 p = (sword32)zeta * r[j + MLKEM_N / 2]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[j]; + r[j + MLKEM_N / 2] = rj - t; + r[j] = rj + t; + } + /* len = 64 */ + for (start = 0; start < MLKEM_N; start += 2 * 64) { + zeta = zetas[k++]; + for (j = 0; j < 64; ++j) { + sword32 p = (sword32)zeta * r[start + j + 64]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 64] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 32 */ + for (start = 0; start < MLKEM_N; start += 2 * 32) { + zeta = zetas[k++]; + for (j = 0; j < 32; ++j) { + sword32 p = (sword32)zeta * r[start + j + 32]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 32] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 16 */ + for (start = 0; start < MLKEM_N; start += 2 * 16) { + zeta = zetas[k++]; + for (j = 0; j < 16; ++j) { + sword32 p = (sword32)zeta * r[start + j + 16]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 16] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 8 */ + for (start = 0; start < MLKEM_N; start += 2 * 8) { + zeta = zetas[k++]; + for (j = 0; j < 8; ++j) { + sword32 p = (sword32)zeta * r[start + j + 8]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 8] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 4 */ + for (start = 0; start < MLKEM_N; start += 2 * 4) { + zeta = zetas[k++]; + for (j = 0; j < 4; ++j) { + sword32 p = (sword32)zeta * r[start + j + 4]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 4] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 2 */ + for (start = 0; start < MLKEM_N; start += 2 * 2) { + zeta = zetas[k++]; + for (j = 0; j < 2; ++j) { + sword32 p = (sword32)zeta * r[start + j + 2]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 2] = rj - t; + r[start + j] = rj + t; + } + } + /* Reduce coefficients with quick algorithm. */ + for (j = 0; j < MLKEM_N; ++j) { + r[j] = MLKEM_BARRETT_RED(r[j]); + } +#else + /* Unroll len (2, 3, 2) and start loops. */ + unsigned int j; + sword16 t0; + sword16 t1; + sword16 t2; + sword16 t3; + + /* len = 128,64 */ + sword16 zeta128 = zetas[1]; + sword16 zeta64_0 = zetas[2]; + sword16 zeta64_1 = zetas[3]; + for (j = 0; j < MLKEM_N / 8; j++) { + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 32]; + sword16 r2 = r[j + 64]; + sword16 r3 = r[j + 96]; + sword16 r4 = r[j + 128]; + sword16 r5 = r[j + 160]; + sword16 r6 = r[j + 192]; + sword16 r7 = r[j + 224]; + + t0 = MLKEM_MONT_RED((sword32)zeta128 * r4); + t1 = MLKEM_MONT_RED((sword32)zeta128 * r5); + t2 = MLKEM_MONT_RED((sword32)zeta128 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta128 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta64_0 * r2); + t1 = MLKEM_MONT_RED((sword32)zeta64_0 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta64_1 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta64_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } + + /* len = 32,16,8 */ + for (j = 0; j < MLKEM_N; j += 64) { + int i; + sword16 zeta32 = zetas[ 4 + j / 64 + 0]; + sword16 zeta16_0 = zetas[ 8 + j / 32 + 0]; + sword16 zeta16_1 = zetas[ 8 + j / 32 + 1]; + sword16 zeta8_0 = zetas[16 + j / 16 + 0]; + sword16 zeta8_1 = zetas[16 + j / 16 + 1]; + sword16 zeta8_2 = zetas[16 + j / 16 + 2]; + sword16 zeta8_3 = zetas[16 + j / 16 + 3]; + for (i = 0; i < 8; i++) { + sword16 r0 = r[j + i + 0]; + sword16 r1 = r[j + i + 8]; + sword16 r2 = r[j + i + 16]; + sword16 r3 = r[j + i + 24]; + sword16 r4 = r[j + i + 32]; + sword16 r5 = r[j + i + 40]; + sword16 r6 = r[j + i + 48]; + sword16 r7 = r[j + i + 56]; + + t0 = MLKEM_MONT_RED((sword32)zeta32 * r4); + t1 = MLKEM_MONT_RED((sword32)zeta32 * r5); + t2 = MLKEM_MONT_RED((sword32)zeta32 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta32 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta16_0 * r2); + t1 = MLKEM_MONT_RED((sword32)zeta16_0 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta16_1 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta16_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta8_0 * r1); + t1 = MLKEM_MONT_RED((sword32)zeta8_1 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta8_2 * r5); + t3 = MLKEM_MONT_RED((sword32)zeta8_3 * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + /* len = 4,2 and Final reduction */ + for (j = 0; j < MLKEM_N; j += 8) { + sword16 zeta4 = zetas[32 + j / 8 + 0]; + sword16 zeta2_0 = zetas[64 + j / 4 + 0]; + sword16 zeta2_1 = zetas[64 + j / 4 + 1]; + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 1]; + sword16 r2 = r[j + 2]; + sword16 r3 = r[j + 3]; + sword16 r4 = r[j + 4]; + sword16 r5 = r[j + 5]; + sword16 r6 = r[j + 6]; + sword16 r7 = r[j + 7]; + + t0 = MLKEM_MONT_RED((sword32)zeta4 * r4); + t1 = MLKEM_MONT_RED((sword32)zeta4 * r5); + t2 = MLKEM_MONT_RED((sword32)zeta4 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta4 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta2_0 * r2); + t1 = MLKEM_MONT_RED((sword32)zeta2_0 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta2_1 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta2_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = MLKEM_BARRETT_RED(r0); + r[j + 1] = MLKEM_BARRETT_RED(r1); + r[j + 2] = MLKEM_BARRETT_RED(r2); + r[j + 3] = MLKEM_BARRETT_RED(r3); + r[j + 4] = MLKEM_BARRETT_RED(r4); + r[j + 5] = MLKEM_BARRETT_RED(r5); + r[j + 6] = MLKEM_BARRETT_RED(r6); + r[j + 7] = MLKEM_BARRETT_RED(r7); + } +#endif +} + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +/* Zetas for inverse NTT. */ +const sword16 zetas_inv[MLKEM_N / 2] = { + 1701, 1807, 1460, 2371, 2338, 2333, 308, 108, + 2851, 870, 854, 1510, 2535, 1278, 1530, 1185, + 1659, 1187, 3109, 874, 1335, 2111, 136, 1215, + 2945, 1465, 1285, 2007, 2719, 2726, 2232, 2512, + 75, 156, 3000, 2911, 2980, 872, 2685, 1590, + 2210, 602, 1846, 777, 147, 2170, 2551, 246, + 1676, 1755, 460, 291, 235, 3152, 2742, 2907, + 3224, 1779, 2458, 1251, 2486, 2774, 2899, 1103, + 1275, 2652, 1065, 2881, 725, 1508, 2368, 398, + 951, 247, 1421, 3222, 2499, 271, 90, 853, + 1860, 3203, 1162, 1618, 666, 320, 8, 2813, + 1544, 282, 1838, 1293, 2314, 552, 2677, 2106, + 1571, 205, 2918, 1542, 2721, 2597, 2312, 681, + 130, 1602, 1871, 829, 2946, 3065, 1325, 2756, + 1861, 1474, 1202, 2367, 3147, 1752, 2707, 171, + 3127, 3042, 1907, 1836, 1517, 359, 758, 1441 +}; + +/* Inverse Number-Theoretic Transform. + * + * FIPS 203, Algorithm 10: NTT^-1(f_hat) + * Computes the polynomial f element of R_q that corresponds to the given NTT + * representation f element of T_q. + * 1: f <- f_hat + * 2: i <- 127 + * 3: for (len <- 2; len <= 128 ; len <- 2.len) + * 4: for (start <- 0; start < 256; start <- start + 2.len) + * 5: zeta <- zetas^BitRev_7(i) mod q + * 6: i <- i - 1 + * 7: for (j <- start; j < start + len; j++) + * 8: t <- f[j] + * 9: f[j] < t + f[j + len] + * 10: f[j + len] <- zeta.(f[j+len] - t) + * 11: end for + * 12: end for + * 13: end for + * 14: f <- f.3303 mod q + * 15: return f + * + * @param [in, out] r Polynomial to transform. + */ +static void mlkem_invntt(sword16* r) +{ +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int len; + unsigned int k; + unsigned int j; + sword16 zeta; + + /* Step 2 - table reversed */ + k = 0; + /* Step 3 */ + for (len = 2; len <= MLKEM_N / 2; len <<= 1) { + unsigned int start; + /* Step 4 */ + for (start = 0; start < MLKEM_N; start = j + len) { + /* Step 5, 6 */ + zeta = zetas_inv[k++]; + /* Step 7 */ + for (j = start; j < start + len; ++j) { + sword32 p; + /* Step 8 */ + sword16 rj = r[j]; + sword16 rjl = r[j + len]; + /* Step 9 */ + sword16 t = rj + rjl; + r[j] = MLKEM_BARRETT_RED(t); + /* Step 10 */ + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[j + len] = MLKEM_MONT_RED(p); + } + } + } + + /* Step 14 */ + zeta = zetas_inv[127]; + for (j = 0; j < MLKEM_N; ++j) { + sword32 p = (sword32)zeta * r[j]; + r[j] = MLKEM_MONT_RED(p); + } +#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + /* Take out last iteration. */ + unsigned int len; + unsigned int k; + unsigned int j; + sword16 zeta; + sword16 zeta2; + + k = 0; + for (len = 2; len <= MLKEM_N / 4; len <<= 1) { + unsigned int start; + for (start = 0; start < MLKEM_N; start = j + len) { + zeta = zetas_inv[k++]; + for (j = start; j < start + len; ++j) { + sword32 p; + sword16 rj = r[j]; + sword16 rjl = r[j + len]; + sword16 t = rj + rjl; + r[j] = MLKEM_BARRETT_RED(t); + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[j + len] = MLKEM_MONT_RED(p); + } + } + } + + zeta = zetas_inv[126]; + zeta2 = zetas_inv[127]; + for (j = 0; j < MLKEM_N / 2; ++j) { + sword32 p; + sword16 rj = r[j]; + sword16 rjl = r[j + MLKEM_N / 2]; + sword16 t = rj + rjl; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[j] = t; + r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p); + + p = (sword32)zeta2 * r[j]; + r[j] = MLKEM_MONT_RED(p); + p = (sword32)zeta2 * r[j + MLKEM_N / 2]; + r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p); + } +#elif defined(WOLFSSL_MLKEM_INVNTT_UNROLL) + /* Unroll len loop (Step 3). */ + unsigned int k; + unsigned int j; + unsigned int start; + sword16 zeta; + sword16 zeta2; + + k = 0; + /* len = 2 */ + for (start = 0; start < MLKEM_N; start += 2 * 2) { + zeta = zetas_inv[k++]; + for (j = 0; j < 2; ++j) { + sword32 p; + sword16 rj = r[start + j]; + sword16 rjl = r[start + j + 2]; + sword16 t = rj + rjl; + r[start + j] = t; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[start + j + 2] = MLKEM_MONT_RED(p); + } + } + /* len = 4 */ + for (start = 0; start < MLKEM_N; start += 2 * 4) { + zeta = zetas_inv[k++]; + for (j = 0; j < 4; ++j) { + sword32 p; + sword16 rj = r[start + j]; + sword16 rjl = r[start + j + 4]; + sword16 t = rj + rjl; + r[start + j] = t; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[start + j + 4] = MLKEM_MONT_RED(p); + } + } + /* len = 8 */ + for (start = 0; start < MLKEM_N; start += 2 * 8) { + zeta = zetas_inv[k++]; + for (j = 0; j < 8; ++j) { + sword32 p; + sword16 rj = r[start + j]; + sword16 rjl = r[start + j + 8]; + sword16 t = rj + rjl; + /* Reduce. */ + r[start + j] = MLKEM_BARRETT_RED(t); + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[start + j + 8] = MLKEM_MONT_RED(p); + } + } + /* len = 16 */ + for (start = 0; start < MLKEM_N; start += 2 * 16) { + zeta = zetas_inv[k++]; + for (j = 0; j < 16; ++j) { + sword32 p; + sword16 rj = r[start + j]; + sword16 rjl = r[start + j + 16]; + sword16 t = rj + rjl; + r[start + j] = t; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[start + j + 16] = MLKEM_MONT_RED(p); + } + } + /* len = 32 */ + for (start = 0; start < MLKEM_N; start += 2 * 32) { + zeta = zetas_inv[k++]; + for (j = 0; j < 32; ++j) { + sword32 p; + sword16 rj = r[start + j]; + sword16 rjl = r[start + j + 32]; + sword16 t = rj + rjl; + r[start + j] = t; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[start + j + 32] = MLKEM_MONT_RED(p); + } + } + /* len = 64 */ + for (start = 0; start < MLKEM_N; start += 2 * 64) { + zeta = zetas_inv[k++]; + for (j = 0; j < 64; ++j) { + sword32 p; + sword16 rj = r[start + j]; + sword16 rjl = r[start + j + 64]; + sword16 t = rj + rjl; + /* Reduce. */ + r[start + j] = MLKEM_BARRETT_RED(t); + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[start + j + 64] = MLKEM_MONT_RED(p); + } + } + /* len = 128, 256 */ + zeta = zetas_inv[126]; + zeta2 = zetas_inv[127]; + for (j = 0; j < MLKEM_N / 2; ++j) { + sword32 p; + sword16 rj = r[j]; + sword16 rjl = r[j + MLKEM_N / 2]; + sword16 t = rj + rjl; + rjl = rj - rjl; + p = (sword32)zeta * rjl; + r[j] = t; + r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p); + + p = (sword32)zeta2 * r[j]; + r[j] = MLKEM_MONT_RED(p); + p = (sword32)zeta2 * r[j + MLKEM_N / 2]; + r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p); + } +#else + /* Unroll len (2, 3, 3) and start loops. */ + unsigned int j; + sword16 t0; + sword16 t1; + sword16 t2; + sword16 t3; + sword16 zeta64_0; + sword16 zeta64_1; + sword16 zeta128; + sword16 zeta256; + sword32 p; + + for (j = 0; j < MLKEM_N; j += 8) { + sword16 zeta2_0 = zetas_inv[ 0 + j / 4 + 0]; + sword16 zeta2_1 = zetas_inv[ 0 + j / 4 + 1]; + sword16 zeta4 = zetas_inv[64 + j / 8 + 0]; + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 1]; + sword16 r2 = r[j + 2]; + sword16 r3 = r[j + 3]; + sword16 r4 = r[j + 4]; + sword16 r5 = r[j + 5]; + sword16 r6 = r[j + 6]; + sword16 r7 = r[j + 7]; + + p = (sword32)zeta2_0 * (sword16)(r0 - r2); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta2_0 * (sword16)(r1 - r3); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta2_1 * (sword16)(r4 - r6); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta2_1 * (sword16)(r5 - r7); + t3 = MLKEM_MONT_RED(p); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta4 * (sword16)(r0 - r4); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta4 * (sword16)(r1 - r5); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta4 * (sword16)(r2 - r6); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta4 * (sword16)(r3 - r7); + t3 = MLKEM_MONT_RED(p); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r[j + 0] = r0; + r[j + 1] = r1; + r[j + 2] = r2; + r[j + 3] = r3; + r[j + 4] = r4; + r[j + 5] = r5; + r[j + 6] = r6; + r[j + 7] = r7; + } + + for (j = 0; j < MLKEM_N; j += 64) { + int i; + sword16 zeta8_0 = zetas_inv[ 96 + j / 16 + 0]; + sword16 zeta8_1 = zetas_inv[ 96 + j / 16 + 1]; + sword16 zeta8_2 = zetas_inv[ 96 + j / 16 + 2]; + sword16 zeta8_3 = zetas_inv[ 96 + j / 16 + 3]; + sword16 zeta16_0 = zetas_inv[112 + j / 32 + 0]; + sword16 zeta16_1 = zetas_inv[112 + j / 32 + 1]; + sword16 zeta32 = zetas_inv[120 + j / 64 + 0]; + for (i = 0; i < 8; i++) { + sword16 r0 = r[j + i + 0]; + sword16 r1 = r[j + i + 8]; + sword16 r2 = r[j + i + 16]; + sword16 r3 = r[j + i + 24]; + sword16 r4 = r[j + i + 32]; + sword16 r5 = r[j + i + 40]; + sword16 r6 = r[j + i + 48]; + sword16 r7 = r[j + i + 56]; + + p = (sword32)zeta8_0 * (sword16)(r0 - r1); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta8_1 * (sword16)(r2 - r3); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta8_2 * (sword16)(r4 - r5); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta8_3 * (sword16)(r6 - r7); + t3 = MLKEM_MONT_RED(p); + r0 = MLKEM_BARRETT_RED(r0 + r1); + r2 = MLKEM_BARRETT_RED(r2 + r3); + r4 = MLKEM_BARRETT_RED(r4 + r5); + r6 = MLKEM_BARRETT_RED(r6 + r7); + r1 = t0; + r3 = t1; + r5 = t2; + r7 = t3; + + p = (sword32)zeta16_0 * (sword16)(r0 - r2); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta16_0 * (sword16)(r1 - r3); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta16_1 * (sword16)(r4 - r6); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta16_1 * (sword16)(r5 - r7); + t3 = MLKEM_MONT_RED(p); + r0 += r2; + r1 += r3; + r4 += r6; + r5 += r7; + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta32 * (sword16)(r0 - r4); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta32 * (sword16)(r1 - r5); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta32 * (sword16)(r2 - r6); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta32 * (sword16)(r3 - r7); + t3 = MLKEM_MONT_RED(p); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + zeta64_0 = zetas_inv[124]; + zeta64_1 = zetas_inv[125]; + zeta128 = zetas_inv[126]; + zeta256 = zetas_inv[127]; + for (j = 0; j < MLKEM_N / 8; j++) { + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 32]; + sword16 r2 = r[j + 64]; + sword16 r3 = r[j + 96]; + sword16 r4 = r[j + 128]; + sword16 r5 = r[j + 160]; + sword16 r6 = r[j + 192]; + sword16 r7 = r[j + 224]; + + p = (sword32)zeta64_0 * (sword16)(r0 - r2); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta64_0 * (sword16)(r1 - r3); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta64_1 * (sword16)(r4 - r6); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta64_1 * (sword16)(r5 - r7); + t3 = MLKEM_MONT_RED(p); + r0 = MLKEM_BARRETT_RED(r0 + r2); + r1 = MLKEM_BARRETT_RED(r1 + r3); + r4 = MLKEM_BARRETT_RED(r4 + r6); + r5 = MLKEM_BARRETT_RED(r5 + r7); + r2 = t0; + r3 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta128 * (sword16)(r0 - r4); + t0 = MLKEM_MONT_RED(p); + p = (sword32)zeta128 * (sword16)(r1 - r5); + t1 = MLKEM_MONT_RED(p); + p = (sword32)zeta128 * (sword16)(r2 - r6); + t2 = MLKEM_MONT_RED(p); + p = (sword32)zeta128 * (sword16)(r3 - r7); + t3 = MLKEM_MONT_RED(p); + r0 += r4; + r1 += r5; + r2 += r6; + r3 += r7; + r4 = t0; + r5 = t1; + r6 = t2; + r7 = t3; + + p = (sword32)zeta256 * r0; + r0 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r1; + r1 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r2; + r2 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r3; + r3 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r4; + r4 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r5; + r5 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r6; + r6 = MLKEM_MONT_RED(p); + p = (sword32)zeta256 * r7; + r7 = MLKEM_MONT_RED(p); + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } +#endif +} +#endif + +/* Multiplication of polynomials in Zq[X]/(X^2-zeta). + * + * Used for multiplication of elements in Rq in NTT domain. + * + * FIPS 203, Algorithm 12: BaseCaseMultiply(a0, a1, b0, b1, zeta) + * Computes the product of two degree-one polynomials with respect to a + * quadratic modulus. + * 1: c0 <- a0.b0 + a1.b1.zeta + * 2: c1 <- a0.b1 + a1.b0 + * 3: return (c0, c1) + * + * @param [out] r Result polynomial. + * @param [in] a First factor. + * @param [in] b Second factor. + * @param [in] zeta Integer defining the reduction polynomial. + */ +static void mlkem_basemul(sword16* r, const sword16* a, const sword16* b, + sword16 zeta) +{ + sword16 r0; + sword16 a0 = a[0]; + sword16 a1 = a[1]; + sword16 b0 = b[0]; + sword16 b1 = b[1]; + sword32 p1; + sword32 p2; + + /* Step 1 */ + p1 = (sword32)a0 * b0; + p2 = (sword32)a1 * b1; + r0 = MLKEM_MONT_RED(p2); + p2 = (sword32)zeta * r0; + p2 += p1; + r[0] = MLKEM_MONT_RED(p2); + + /* Step 2 */ + p1 = (sword32)a0 * b1; + p2 = (sword32)a1 * b0; + p1 += p2; + r[1] = MLKEM_MONT_RED(p1); +} + +/* Multiply two polynomials in NTT domain. r = a * b. + * + * FIPS 203, Algorithm 11: MultiplyNTTs(f_hat, g_hat) + * Computes the product (in the ring T_q) of two NTT representations. + * 1: for (i <- 0; i < 128; i++) + * 2: (h_hat[2i],h_hat[2i+1]) <- + * BaseCaseMultiply(f_hat[2i],f_hat[2i+1],g_hat[2i],g_hat[2i+1], + * zetas^(BitRev_7(i)+1) + * 3: end for + * 4: return h_hat + * + * @param [out] r Result polynomial. + * @param [in] a First polynomial multiplier. + * @param [in] b Second polynomial multiplier. + */ +static void mlkem_basemul_mont(sword16* r, const sword16* a, const sword16* b) +{ + const sword16* zeta = zetas + 64; + +#if defined(WOLFSSL_MLKEM_SMALL) + /* Two multiplications per loop. */ + unsigned int i; + /* Step 1 */ + for (i = 0; i < MLKEM_N; i += 4, zeta++) { + /* Step 2 */ + mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); + } +#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + /* Four multiplications per loop. */ + unsigned int i; + for (i = 0; i < MLKEM_N; i += 8, zeta += 2) { + mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); + mlkem_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); + } +#else + /* Eight multiplications per loop. */ + unsigned int i; + for (i = 0; i < MLKEM_N; i += 16, zeta += 4) { + mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); + mlkem_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); + mlkem_basemul(r + i + 8, a + i + 8, b + i + 8, zeta[2]); + mlkem_basemul(r + i + 10, a + i + 10, b + i + 10, -zeta[2]); + mlkem_basemul(r + i + 12, a + i + 12, b + i + 12, zeta[3]); + mlkem_basemul(r + i + 14, a + i + 14, b + i + 14, -zeta[3]); + } +#endif +} + +/* Multiply two polynomials in NTT domain and add to result. r += a * b. + * + * FIPS 203, Algorithm 11: MultiplyNTTs(f_hat, g_hat) + * Computes the product (in the ring T_q) of two NTT representations. + * 1: for (i <- 0; i < 128; i++) + * 2: (h_hat[2i],h_hat[2i+1]) <- + * BaseCaseMultiply(f_hat[2i],f_hat[2i+1],g_hat[2i],g_hat[2i+1], + * zetas^(BitRev_7(i)+1) + * 3: end for + * 4: return h_hat + * Add h_hat to r. + * + * @param [in, out] r Result polynomial. + * @param [in] a First polynomial multiplier. + * @param [in] b Second polynomial multiplier. + */ +static void mlkem_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b) +{ + const sword16* zeta = zetas + 64; + +#if defined(WOLFSSL_MLKEM_SMALL) + /* Two multiplications per loop. */ + unsigned int i; + for (i = 0; i < MLKEM_N; i += 4, zeta++) { + sword16 t0[2]; + sword16 t2[2]; + + mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); + + r[i + 0] += t0[0]; + r[i + 1] += t0[1]; + r[i + 2] += t2[0]; + r[i + 3] += t2[1]; + } +#elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + /* Four multiplications per loop. */ + unsigned int i; + for (i = 0; i < MLKEM_N; i += 8, zeta += 2) { + sword16 t0[2]; + sword16 t2[2]; + sword16 t4[2]; + sword16 t6[2]; + + mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); + mlkem_basemul(t4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(t6, a + i + 6, b + i + 6, -zeta[1]); + + r[i + 0] += t0[0]; + r[i + 1] += t0[1]; + r[i + 2] += t2[0]; + r[i + 3] += t2[1]; + r[i + 4] += t4[0]; + r[i + 5] += t4[1]; + r[i + 6] += t6[0]; + r[i + 7] += t6[1]; + } +#else + /* Eight multiplications per loop. */ + unsigned int i; + for (i = 0; i < MLKEM_N; i += 16, zeta += 4) { + sword16 t0[2]; + sword16 t2[2]; + sword16 t4[2]; + sword16 t6[2]; + sword16 t8[2]; + sword16 t10[2]; + sword16 t12[2]; + sword16 t14[2]; + + mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); + mlkem_basemul(t4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(t6, a + i + 6, b + i + 6, -zeta[1]); + mlkem_basemul(t8, a + i + 8, b + i + 8, zeta[2]); + mlkem_basemul(t10, a + i + 10, b + i + 10, -zeta[2]); + mlkem_basemul(t12, a + i + 12, b + i + 12, zeta[3]); + mlkem_basemul(t14, a + i + 14, b + i + 14, -zeta[3]); + + r[i + 0] += t0[0]; + r[i + 1] += t0[1]; + r[i + 2] += t2[0]; + r[i + 3] += t2[1]; + r[i + 4] += t4[0]; + r[i + 5] += t4[1]; + r[i + 6] += t6[0]; + r[i + 7] += t6[1]; + r[i + 8] += t8[0]; + r[i + 9] += t8[1]; + r[i + 10] += t10[0]; + r[i + 11] += t10[1]; + r[i + 12] += t12[0]; + r[i + 13] += t12[1]; + r[i + 14] += t14[0]; + r[i + 15] += t14[1]; + } +#endif +} +#endif + +/* Pointwise multiply elements of a and b, into r, and multiply by 2^-16. + * + * @param [out] r Result polynomial. + * @param [in] a First vector polynomial to multiply with. + * @param [in] b Second vector polynomial to multiply with. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_pointwise_acc_mont(sword16* r, const sword16* a, + const sword16* b, unsigned int k) +{ + unsigned int i; + + mlkem_basemul_mont(r, a, b); +#ifdef WOLFSSL_MLKEM_SMALL + for (i = 1; i < k; ++i) { + mlkem_basemul_mont_add(r, a + i * MLKEM_N, b + i * MLKEM_N); + } +#else + for (i = 1; i < k - 1; ++i) { + mlkem_basemul_mont_add(r, a + i * MLKEM_N, b + i * MLKEM_N); + } + mlkem_basemul_mont_add(r, a + (k - 1) * MLKEM_N, b + (k - 1) * MLKEM_N); +#endif +} + +/******************************************************************************/ + +/* Initialize Kyber implementation. + */ +void mlkem_init(void) +{ +#if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM)) + cpuid_flags = cpuid_get_flags(); +#endif +} + +/******************************************************************************/ + +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY +/* Generate a public-private key pair from randomly generated data. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 16: s_hat <- NTT(s) + * 17: e_hat <- NTT(e) + * 18: t^hat <- A_hat o s_hat + e_hat + * ... + * + * @param [in, out] s Private key vector of polynomials. + * @param [out] t Public key vector of polynomials. + * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in] a Random values in an array of vectors of polynomials. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k) +{ + int i; + +#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH + if (IS_AARCH64_RDM(cpuid_flags)) { + /* Transform private key. All of result used in public key calculation. + * Step 16: s_hat = NTT(s) */ + for (i = 0; i < k; ++i) { + mlkem_ntt_sqrdmlsh(s + i * MLKEM_N); + } + + /* For each polynomial in the vectors. + * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */ + for (i = 0; i < k; ++i) { + /* Multiply a by private into public polynomial. + * Step 18: ... A_hat o s_hat ... */ + mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s, + k); + /* Convert public polynomial to Montgomery form. + * Step 18: ... MontRed(A_hat o s_hat) ... */ + mlkem_to_mont_sqrdmlsh(t + i * MLKEM_N); + /* Transform error values polynomial. + * Step 17: e_hat = NTT(e) */ + mlkem_ntt_sqrdmlsh(e + i * MLKEM_N); + /* Add errors to public key and reduce. + * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ + mlkem_add_reduce(t + i * MLKEM_N, e + i * MLKEM_N); + } + } + else +#endif + { + /* Transform private key. All of result used in public key calculation. + * Step 16: s_hat = NTT(s) */ + for (i = 0; i < k; ++i) { + mlkem_ntt(s + i * MLKEM_N); + } + + /* For each polynomial in the vectors. + * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */ + for (i = 0; i < k; ++i) { + /* Multiply a by private into public polynomial. + * Step 18: ... A_hat o s_hat ... */ + mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s, + k); + /* Convert public polynomial to Montgomery form. + * Step 18: ... MontRed(A_hat o s_hat) ... */ + mlkem_to_mont(t + i * MLKEM_N); + /* Transform error values polynomial. + * Step 17: e_hat = NTT(e) */ + mlkem_ntt(e + i * MLKEM_N); + /* Add errors to public key and reduce. + * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ + mlkem_add_reduce(t + i * MLKEM_N, e + i * MLKEM_N); + } + } +} +#endif /* WOLFSSL_MLKEM_NO_MAKE_KEY */ + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +/* Encapsulate message. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r) + * ... + * Step 18: y_hat <- NTT(y) + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) + * ... + * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) + * ... + * + * @param [in] t Public key vector of polynomials. + * @param [out] u Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] a Array of vector of polynomials. + * @param [in] y Vector of polynomials. + * @param [in] e1 Error Vector of polynomials. + * @param [in] e2 Error polynomial. + * @param [in] m Message polynomial. + * @param [in] k Number of polynomials in vector. + * @return 0 on success. + * + */ +void mlkem_encapsulate(const sword16* t, sword16* u , sword16* v, + const sword16* a, sword16* y, const sword16* e1, const sword16* e2, + const sword16* m, int k) +{ + int i; + +#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH + if (IS_AARCH64_RDM(cpuid_flags)) { + /* Transform y. All of result used in calculation of u and v. + * Step 18: y_hat <- NTT(y) */ + for (i = 0; i < k; ++i) { + mlkem_ntt_sqrdmlsh(y + i * MLKEM_N); + } + + /* For each polynomial in the vectors. + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */ + for (i = 0; i < k; ++i) { + /* Multiply at by y into u polynomial. + * Step 19: ... A_hat_trans o y_hat ... */ + mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y, + k); + /* Inverse transform u polynomial. + * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */ + mlkem_invntt_sqrdmlsh(u + i * MLKEM_N); + /* Add errors to u and reduce. + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */ + mlkem_add_reduce(u + i * MLKEM_N, e1 + i * MLKEM_N); + } + + /* Multiply public key by y into v polynomial. + * Step 21: ... t_hat_trans o y_hat ... */ + mlkem_pointwise_acc_mont(v, t, y, k); + /* Inverse transform v. + * Step 22: ... InvNTT(t_hat_trans o y_hat) ... */ + mlkem_invntt_sqrdmlsh(v); + } + else +#endif + { + /* Transform y. All of result used in calculation of u and v. + * Step 18: y_hat <- NTT(y) */ + for (i = 0; i < k; ++i) { + mlkem_ntt(y + i * MLKEM_N); + } + + /* For each polynomial in the vectors. + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */ + for (i = 0; i < k; ++i) { + /* Multiply at by y into u polynomial. + * Step 19: ... A_hat_trans o y_hat ... */ + mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y, + k); + /* Inverse transform u polynomial. + * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */ + mlkem_invntt(u + i * MLKEM_N); + /* Add errors to u and reduce. + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */ + mlkem_add_reduce(u + i * MLKEM_N, e1 + i * MLKEM_N); + } + + /* Multiply public key by y into v polynomial. + * Step 21: ... t_hat_trans o y_hat ... */ + mlkem_pointwise_acc_mont(v, t, y, k); + /* Inverse transform v. + * Step 22: ... InvNTT(t_hat_trans o y_hat) ... */ + mlkem_invntt(v); + } + /* Add errors and message to v and reduce. + * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) */ + mlkem_add3_reduce(v, e2, m); +} +#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE +/* Decapsulate message. + * + * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c) + * Uses the decryption key to decrypt a ciphertext. + * ... + * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) + * ... + * + * @param [in] s Decryption key as vector of polynomials. + * @param [out] w Message polynomial. + * @param [in] u Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u, + const sword16* v, int k) +{ + int i; + +#ifndef WOLFSSL_AARCH64_NO_SQRDMLSH + if (IS_AARCH64_RDM(cpuid_flags)) { + /* Transform u. All of result used in calculation of w. + * Step 6: ... NTT(u') */ + for (i = 0; i < k; ++i) { + mlkem_ntt_sqrdmlsh(u + i * MLKEM_N); + } + + /* Multiply private key by u into w polynomial. + * Step 6: ... s_hat_trans o NTT(u') */ + mlkem_pointwise_acc_mont(w, s, u, k); + /* Inverse transform w. + * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */ + mlkem_invntt_sqrdmlsh(w); + } + else +#endif + { + /* Transform u. All of result used in calculation of w. + * Step 6: ... NTT(u') */ + for (i = 0; i < k; ++i) { + mlkem_ntt(u + i * MLKEM_N); + } + + /* Multiply private key by u into w polynomial. + * Step 6: ... s_hat_trans o NTT(u') */ + mlkem_pointwise_acc_mont(w, s, u, k); + /* Inverse transform w. + * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */ + mlkem_invntt(w); + } + /* Subtract errors (in w) out of v and reduce into w. + * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */ + mlkem_rsub_reduce(w, v); +} +#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#else + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + +#if !defined(WOLFSSL_MLKEM_SMALL) && !defined(WOLFSSL_MLKEM_NO_LARGE_CODE) +/* Number-Theoretic Transform. + * + * FIPS 203, Algorithm 9: NTT(f) + * Computes the NTT representation f_hat of the given polynomial f element of + * R_q. + * 1: f_hat <- f + * 2: i <- 1 + * 3: for (len <- 128; len >= 2; len <- len/2) + * 4: for (start <- 0; start < 256; start <- start + 2.len) + * 5: zeta <- zetas^BitRev_7(i) mod q + * 6: i <- i + 1 + * 7: for (j <- start; j < start + len; j++) + * 8: t <- zeta.f[j+len] + * 9: f_hat[j+len] <- f_hat[j] - t + * 10: f_hat[j] <- f_hat[j] - t + * 11: end for + * 12: end for + * 13: end for + * 14: return f_hat + * + * @param [in, out] r Polynomial to transform. + */ +static void mlkem_ntt_add_to(sword16* r, sword16* a) +{ +#if defined(WOLFSSL_MLKEM_NTT_UNROLL) + /* Unroll len loop (Step 3). */ + unsigned int k = 1; + unsigned int j; + unsigned int start; + sword16 zeta = zetas[k++]; + + /* len = 128 */ + for (j = 0; j < MLKEM_N / 2; ++j) { + sword32 p = (sword32)zeta * r[j + MLKEM_N / 2]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[j]; + r[j + MLKEM_N / 2] = rj - t; + r[j] = rj + t; + } + /* len = 64 */ + for (start = 0; start < MLKEM_N; start += 2 * 64) { + zeta = zetas[k++]; + for (j = 0; j < 64; ++j) { + sword32 p = (sword32)zeta * r[start + j + 64]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 64] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 32 */ + for (start = 0; start < MLKEM_N; start += 2 * 32) { + zeta = zetas[k++]; + for (j = 0; j < 32; ++j) { + sword32 p = (sword32)zeta * r[start + j + 32]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 32] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 16 */ + for (start = 0; start < MLKEM_N; start += 2 * 16) { + zeta = zetas[k++]; + for (j = 0; j < 16; ++j) { + sword32 p = (sword32)zeta * r[start + j + 16]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 16] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 8 */ + for (start = 0; start < MLKEM_N; start += 2 * 8) { + zeta = zetas[k++]; + for (j = 0; j < 8; ++j) { + sword32 p = (sword32)zeta * r[start + j + 8]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 8] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 4 */ + for (start = 0; start < MLKEM_N; start += 2 * 4) { + zeta = zetas[k++]; + for (j = 0; j < 4; ++j) { + sword32 p = (sword32)zeta * r[start + j + 4]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 4] = rj - t; + r[start + j] = rj + t; + } + } + /* len = 2 */ + for (start = 0; start < MLKEM_N; start += 2 * 2) { + zeta = zetas[k++]; + for (j = 0; j < 2; ++j) { + sword32 p = (sword32)zeta * r[start + j + 2]; + sword16 t = MLKEM_MONT_RED(p); + sword16 rj = r[start + j]; + r[start + j + 2] = rj - t; + r[start + j] = rj + t; + } + } + /* Reduce coefficients with quick algorithm. */ + for (j = 0; j < MLKEM_N; ++j) { + sword16 t = a[j] + r[j]; + a[j] = MLKEM_BARRETT_RED(t); + } +#else /* !WOLFSSL_MLKEM_NTT_UNROLL */ + /* Unroll len (2, 3, 2) and start loops. */ + unsigned int j; + sword16 t0; + sword16 t1; + sword16 t2; + sword16 t3; + + /* len = 128,64 */ + sword16 zeta128 = zetas[1]; + sword16 zeta64_0 = zetas[2]; + sword16 zeta64_1 = zetas[3]; + for (j = 0; j < MLKEM_N / 8; j++) { + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 32]; + sword16 r2 = r[j + 64]; + sword16 r3 = r[j + 96]; + sword16 r4 = r[j + 128]; + sword16 r5 = r[j + 160]; + sword16 r6 = r[j + 192]; + sword16 r7 = r[j + 224]; + + t0 = MLKEM_MONT_RED((sword32)zeta128 * r4); + t1 = MLKEM_MONT_RED((sword32)zeta128 * r5); + t2 = MLKEM_MONT_RED((sword32)zeta128 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta128 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta64_0 * r2); + t1 = MLKEM_MONT_RED((sword32)zeta64_0 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta64_1 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta64_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r[j + 0] = r0; + r[j + 32] = r1; + r[j + 64] = r2; + r[j + 96] = r3; + r[j + 128] = r4; + r[j + 160] = r5; + r[j + 192] = r6; + r[j + 224] = r7; + } + + /* len = 32,16,8 */ + for (j = 0; j < MLKEM_N; j += 64) { + int i; + sword16 zeta32 = zetas[ 4 + j / 64 + 0]; + sword16 zeta16_0 = zetas[ 8 + j / 32 + 0]; + sword16 zeta16_1 = zetas[ 8 + j / 32 + 1]; + sword16 zeta8_0 = zetas[16 + j / 16 + 0]; + sword16 zeta8_1 = zetas[16 + j / 16 + 1]; + sword16 zeta8_2 = zetas[16 + j / 16 + 2]; + sword16 zeta8_3 = zetas[16 + j / 16 + 3]; + for (i = 0; i < 8; i++) { + sword16 r0 = r[j + i + 0]; + sword16 r1 = r[j + i + 8]; + sword16 r2 = r[j + i + 16]; + sword16 r3 = r[j + i + 24]; + sword16 r4 = r[j + i + 32]; + sword16 r5 = r[j + i + 40]; + sword16 r6 = r[j + i + 48]; + sword16 r7 = r[j + i + 56]; + + t0 = MLKEM_MONT_RED((sword32)zeta32 * r4); + t1 = MLKEM_MONT_RED((sword32)zeta32 * r5); + t2 = MLKEM_MONT_RED((sword32)zeta32 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta32 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta16_0 * r2); + t1 = MLKEM_MONT_RED((sword32)zeta16_0 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta16_1 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta16_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta8_0 * r1); + t1 = MLKEM_MONT_RED((sword32)zeta8_1 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta8_2 * r5); + t3 = MLKEM_MONT_RED((sword32)zeta8_3 * r7); + r1 = r0 - t0; + r3 = r2 - t1; + r5 = r4 - t2; + r7 = r6 - t3; + r0 += t0; + r2 += t1; + r4 += t2; + r6 += t3; + + r[j + i + 0] = r0; + r[j + i + 8] = r1; + r[j + i + 16] = r2; + r[j + i + 24] = r3; + r[j + i + 32] = r4; + r[j + i + 40] = r5; + r[j + i + 48] = r6; + r[j + i + 56] = r7; + } + } + + /* len = 4,2 and Final reduction */ + for (j = 0; j < MLKEM_N; j += 8) { + sword16 zeta4 = zetas[32 + j / 8 + 0]; + sword16 zeta2_0 = zetas[64 + j / 4 + 0]; + sword16 zeta2_1 = zetas[64 + j / 4 + 1]; + sword16 r0 = r[j + 0]; + sword16 r1 = r[j + 1]; + sword16 r2 = r[j + 2]; + sword16 r3 = r[j + 3]; + sword16 r4 = r[j + 4]; + sword16 r5 = r[j + 5]; + sword16 r6 = r[j + 6]; + sword16 r7 = r[j + 7]; + + t0 = MLKEM_MONT_RED((sword32)zeta4 * r4); + t1 = MLKEM_MONT_RED((sword32)zeta4 * r5); + t2 = MLKEM_MONT_RED((sword32)zeta4 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta4 * r7); + r4 = r0 - t0; + r5 = r1 - t1; + r6 = r2 - t2; + r7 = r3 - t3; + r0 += t0; + r1 += t1; + r2 += t2; + r3 += t3; + + t0 = MLKEM_MONT_RED((sword32)zeta2_0 * r2); + t1 = MLKEM_MONT_RED((sword32)zeta2_0 * r3); + t2 = MLKEM_MONT_RED((sword32)zeta2_1 * r6); + t3 = MLKEM_MONT_RED((sword32)zeta2_1 * r7); + r2 = r0 - t0; + r3 = r1 - t1; + r6 = r4 - t2; + r7 = r5 - t3; + r0 += t0; + r1 += t1; + r4 += t2; + r5 += t3; + + r0 += a[j + 0]; + r1 += a[j + 1]; + r2 += a[j + 2]; + r3 += a[j + 3]; + r4 += a[j + 4]; + r5 += a[j + 5]; + r6 += a[j + 6]; + r7 += a[j + 7]; + + a[j + 0] = MLKEM_BARRETT_RED(r0); + a[j + 1] = MLKEM_BARRETT_RED(r1); + a[j + 2] = MLKEM_BARRETT_RED(r2); + a[j + 3] = MLKEM_BARRETT_RED(r3); + a[j + 4] = MLKEM_BARRETT_RED(r4); + a[j + 5] = MLKEM_BARRETT_RED(r5); + a[j + 6] = MLKEM_BARRETT_RED(r6); + a[j + 7] = MLKEM_BARRETT_RED(r7); + } +#endif /* !WOLFSSL_MLKEM_NTT_UNROLL */ +} +#endif /* !WOLFSSL_MLKEM_SMALL && !WOLFSSL_MLKEM_NO_LARGE_CODE */ + +#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM +/* Generate a public-private key pair from randomly generated data. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 16: s_hat <- NTT(s) + * 17: e_hat <- NTT(e) + * 18: t^hat <- A_hat o s_hat + e_hat + * ... + * + * @param [in, out] s Private key vector of polynomials. + * @param [out] t Public key vector of polynomials. + * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in] a Random values in an array of vectors of polynomials. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_keygen_c(sword16* s, sword16* t, sword16* e, const sword16* a, + int k) +{ + int i; + + /* Transform private key. All of result used in public key calculation + * Step 16: s_hat = NTT(s) */ + for (i = 0; i < k; ++i) { + mlkem_ntt(s + i * MLKEM_N); + } + + /* For each polynomial in the vectors. + * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */ + for (i = 0; i < k; ++i) { + unsigned int j; + + /* Multiply a by private into public polynomial. + * Step 18: ... A_hat o s_hat ... */ + mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s, k); + /* Convert public polynomial to Montgomery form. + * Step 18: ... MontRed(A_hat o s_hat) ... */ + for (j = 0; j < MLKEM_N; ++j) { + sword32 n = t[i * MLKEM_N + j] * (sword32)MLKEM_F; + t[i * MLKEM_N + j] = MLKEM_MONT_RED(n); + } + /* Transform error values polynomial. + * Step 17: e_hat = NTT(e) */ +#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + mlkem_ntt(e + i * MLKEM_N); + /* Add errors to public key and reduce. + * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ + for (j = 0; j < MLKEM_N; ++j) { + sword16 n = t[i * MLKEM_N + j] + e[i * MLKEM_N + j]; + t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n); + } +#else + /* Add errors to public key and reduce. + * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ + mlkem_ntt_add_to(e + i * MLKEM_N, t + i * MLKEM_N); +#endif + } +} + +/* Generate a public-private key pair from randomly generated data. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 16: s_hat <- NTT(s) + * 17: e_hat <- NTT(e) + * 18: t^hat <- A_hat o s_hat + e_hat + * ... + * + * @param [in, out] s Private key vector of polynomials. + * @param [out] t Public key vector of polynomials. + * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in] a Random values in an array of vectors of polynomials. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_keygen(sword16* s, sword16* t, sword16* e, const sword16* a, int k) +{ +#ifdef USE_INTEL_SPEEDUP + if ((IS_INTEL_AVX2(cpuid_flags)) && (SAVE_VECTOR_REGISTERS2() == 0)) { + /* Alg 13: Steps 16-18 */ + mlkem_keygen_avx2(s, t, e, a, k); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + /* Alg 13: Steps 16-18 */ + mlkem_keygen_c(s, t, e, a, k); + } +} + +#else /* WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM */ + +/* Generate a public-private key pair from randomly generated data. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * 3: for (i <- 0; i < k; i++) > generate matrix A_hat + * ... (generate A[i]) + * 7: end for + * ... + * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) + * ... + * 16: s_hat <- NTT(s) + * 17: e_hat <- NTT(e) + * 18: t^hat <- A_hat o s_hat + e_hat + * ... + * + * @param [in, out] s Private key vector of polynomials. + * @param [out] tv Public key vector of polynomials. + * @param [in] prf XOF object. + * @param [in] tv Temporary vector of polynomials. + * @param [in] k Number of polynomials in vector. + * @param [in] rho Random seed to generate matrix A from. + * @param [in] sigma Random seed to generate noise from. + */ +int mlkem_keygen_seeds(sword16* s, sword16* t, MLKEM_PRF_T* prf, + sword16* tv, int k, byte* rho, byte* sigma) +{ + int i; + int ret = 0; + sword16* ai = tv; + sword16* e = tv; + + /* Transform private key. All of result used in public key calculation + * Step 16: s_hat = NTT(s) */ + for (i = 0; i < k; ++i) { + mlkem_ntt(s + i * MLKEM_N); + } + + /* For each polynomial in the vectors. + * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */ + for (i = 0; i < k; ++i) { + unsigned int j; + + /* Generate a vector of matrix A. + * Steps 4-6: generate A[i] */ + ret = mlkem_gen_matrix_i(prf, ai, k, rho, i, 0); + if (ret != 0) { + break; + } + + /* Multiply a by private into public polynomial. + * Step 18: ... A_hat o s_hat ... */ + mlkem_pointwise_acc_mont(t + i * MLKEM_N, ai, s, k); + /* Convert public polynomial to Montgomery form. + * Step 18: ... MontRed(A_hat o s_hat) ... */ + for (j = 0; j < MLKEM_N; ++j) { + sword32 n = t[i * MLKEM_N + j] * (sword32)MLKEM_F; + t[i * MLKEM_N + j] = MLKEM_MONT_RED(n); + } + + /* Generate noise using PRF. + * Step 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) */ + ret = mlkem_get_noise_i(prf, k, e, sigma, i, 1); + if (ret != 0) { + break; + } + /* Transform error values polynomial. + * Step 17: e_hat = NTT(e) */ +#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + mlkem_ntt(e); + /* Add errors to public key and reduce. + * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ + for (j = 0; j < MLKEM_N; ++j) { + sword16 n = t[i * MLKEM_N + j] + e[j]; + t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n); + } +#else + /* Add errors to public key and reduce. + * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ + mlkem_ntt_add_to(e, t + i * MLKEM_N); +#endif + } + + return ret; +} + +#endif /* WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM */ +#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */ + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM +/* Encapsulate message. + * + * @param [in] pub Public key vector of polynomials. + * @param [out] u Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] a Array of vector of polynomials. + * @param [in] y Vector of polynomials. + * @param [in] e1 Error Vector of polynomials. + * @param [in] e2 Error polynomial. + * @param [in] m Message polynomial. + * @param [in] k Number of polynomials in vector. + * @return 0 on success. + */ +static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v, + const sword16* a, sword16* y, const sword16* e1, const sword16* e2, + const sword16* m, int k) +{ + int i; + + /* Transform y. All of result used in calculation of u and v. */ + for (i = 0; i < k; ++i) { + mlkem_ntt(y + i * MLKEM_N); + } + + /* For each polynomial in the vectors. */ + for (i = 0; i < k; ++i) { + unsigned int j; + + /* Multiply at by y into u polynomial. */ + mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y, k); + /* Inverse transform u polynomial. */ + mlkem_invntt(u + i * MLKEM_N); + /* Add errors to u and reduce. */ +#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + for (j = 0; j < MLKEM_N; ++j) { + sword16 t = u[i * MLKEM_N + j] + e1[i * MLKEM_N + j]; + u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t); + } +#else + for (j = 0; j < MLKEM_N; j += 8) { + sword16 t0 = u[i * MLKEM_N + j + 0] + e1[i * MLKEM_N + j + 0]; + sword16 t1 = u[i * MLKEM_N + j + 1] + e1[i * MLKEM_N + j + 1]; + sword16 t2 = u[i * MLKEM_N + j + 2] + e1[i * MLKEM_N + j + 2]; + sword16 t3 = u[i * MLKEM_N + j + 3] + e1[i * MLKEM_N + j + 3]; + sword16 t4 = u[i * MLKEM_N + j + 4] + e1[i * MLKEM_N + j + 4]; + sword16 t5 = u[i * MLKEM_N + j + 5] + e1[i * MLKEM_N + j + 5]; + sword16 t6 = u[i * MLKEM_N + j + 6] + e1[i * MLKEM_N + j + 6]; + sword16 t7 = u[i * MLKEM_N + j + 7] + e1[i * MLKEM_N + j + 7]; + u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0); + u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1); + u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2); + u[i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3); + u[i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4); + u[i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5); + u[i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6); + u[i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7); + } +#endif + } + + /* Multiply public key by y into v polynomial. */ + mlkem_pointwise_acc_mont(v, pub, y, k); + /* Inverse transform v. */ + mlkem_invntt(v); + /* Add errors and message to v and reduce. */ + for (i = 0; i < MLKEM_N; ++i) { + sword16 t = v[i] + e2[i] + m[i]; + v[i] = MLKEM_BARRETT_RED(t); + } +} + +/* Encapsulate message. + * + * @param [in] pub Public key vector of polynomials. + * @param [out] u Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] a Array of vector of polynomials. + * @param [in] y Vector of polynomials. + * @param [in] e1 Error Vector of polynomials. + * @param [in] e2 Error polynomial. + * @param [in] m Message polynomial. + * @param [in] k Number of polynomials in vector. + * @return 0 on success. + */ +void mlkem_encapsulate(const sword16* pub, sword16* u, sword16* v, + const sword16* a, sword16* y, const sword16* e1, const sword16* e2, + const sword16* m, int k) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_encapsulate_avx2(pub, u, v, a, y, e1, e2, m, k); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_encapsulate_c(pub, u, v, a, y, e1, e2, m, k); + } +} + +#else + +/* Encapsulate message. + * + * @param [in] pub Public key vector of polynomials. + * @param [in] prf XOF object. + * @param [out] u Vector of polynomials. + * @param [in, out] tp Polynomial. + * @param [in] y Vector of polynomials. + * @param [in] k Number of polynomials in vector. + * @param [in] msg Message to encapsulate. + * @param [in] seed Random seed to generate matrix A from. + * @param [in] coins Random seed to generate noise from. + */ +int mlkem_encapsulate_seeds(const sword16* pub, MLKEM_PRF_T* prf, sword16* u, + sword16* tp, sword16* y, int k, const byte* msg, byte* seed, byte* coins) +{ + int ret = 0; + int i; + sword16* a = tp; + sword16* e1 = tp; + sword16* v = tp; + sword16* e2 = tp + MLKEM_N; + sword16* m = y; + + /* Transform y. All of result used in calculation of u and v. */ + for (i = 0; i < k; ++i) { + mlkem_ntt(y + i * MLKEM_N); + } + + /* For each polynomial in the vectors. */ + for (i = 0; i < k; ++i) { + unsigned int j; + + /* Generate a vector of matrix A. */ + ret = mlkem_gen_matrix_i(prf, a, k, seed, i, 1); + if (ret != 0) { + break; + } + + /* Multiply at by y into u polynomial. */ + mlkem_pointwise_acc_mont(u + i * MLKEM_N, a, y, k); + /* Inverse transform u polynomial. */ + mlkem_invntt(u + i * MLKEM_N); + + /* Generate noise using PRF. */ + ret = mlkem_get_noise_i(prf, k, e1, coins, i, 0); + if (ret != 0) { + break; + } + /* Add errors to u and reduce. */ +#if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + for (j = 0; j < MLKEM_N; ++j) { + sword16 t = u[i * MLKEM_N + j] + e1[j]; + u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t); + } +#else + for (j = 0; j < MLKEM_N; j += 8) { + sword16 t0 = u[i * MLKEM_N + j + 0] + e1[j + 0]; + sword16 t1 = u[i * MLKEM_N + j + 1] + e1[j + 1]; + sword16 t2 = u[i * MLKEM_N + j + 2] + e1[j + 2]; + sword16 t3 = u[i * MLKEM_N + j + 3] + e1[j + 3]; + sword16 t4 = u[i * MLKEM_N + j + 4] + e1[j + 4]; + sword16 t5 = u[i * MLKEM_N + j + 5] + e1[j + 5]; + sword16 t6 = u[i * MLKEM_N + j + 6] + e1[j + 6]; + sword16 t7 = u[i * MLKEM_N + j + 7] + e1[j + 7]; + u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0); + u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1); + u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2); + u[i * MLKEM_N + j + 3] = MLKEM_BARRETT_RED(t3); + u[i * MLKEM_N + j + 4] = MLKEM_BARRETT_RED(t4); + u[i * MLKEM_N + j + 5] = MLKEM_BARRETT_RED(t5); + u[i * MLKEM_N + j + 6] = MLKEM_BARRETT_RED(t6); + u[i * MLKEM_N + j + 7] = MLKEM_BARRETT_RED(t7); + } +#endif + } + + /* Multiply public key by y into v polynomial. */ + mlkem_pointwise_acc_mont(v, pub, y, k); + /* Inverse transform v. */ + mlkem_invntt(v); + + mlkem_from_msg(m, msg); + + /* Generate noise using PRF. */ + coins[WC_ML_KEM_SYM_SZ] = 2 * k; + ret = mlkem_get_noise_eta2_c(prf, e2, coins); + if (ret == 0) { + /* Add errors and message to v and reduce. */ + #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) + for (i = 0; i < MLKEM_N; ++i) { + sword16 t = v[i] + e2[i] + m[i]; + v[i] = MLKEM_BARRETT_RED(t); + } + #else + for (i = 0; i < MLKEM_N; i += 8) { + sword16 t0 = v[i + 0] + e2[i + 0] + m[i + 0]; + sword16 t1 = v[i + 1] + e2[i + 1] + m[i + 1]; + sword16 t2 = v[i + 2] + e2[i + 2] + m[i + 2]; + sword16 t3 = v[i + 3] + e2[i + 3] + m[i + 3]; + sword16 t4 = v[i + 4] + e2[i + 4] + m[i + 4]; + sword16 t5 = v[i + 5] + e2[i + 5] + m[i + 5]; + sword16 t6 = v[i + 6] + e2[i + 6] + m[i + 6]; + sword16 t7 = v[i + 7] + e2[i + 7] + m[i + 7]; + v[i + 0] = MLKEM_BARRETT_RED(t0); + v[i + 1] = MLKEM_BARRETT_RED(t1); + v[i + 2] = MLKEM_BARRETT_RED(t2); + v[i + 3] = MLKEM_BARRETT_RED(t3); + v[i + 4] = MLKEM_BARRETT_RED(t4); + v[i + 5] = MLKEM_BARRETT_RED(t5); + v[i + 6] = MLKEM_BARRETT_RED(t6); + v[i + 7] = MLKEM_BARRETT_RED(t7); + } + #endif + } + + return ret; +} +#endif +#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + +/* Decapsulate message. + * + * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c) + * Uses the decryption key to decrypt a ciphertext. + * ... + * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) + * ... + * + * @param [in] s Private key vector of polynomials. + * @param [out] w Message polynomial. + * @param [in] u Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_decapsulate_c(const sword16* s, sword16* w, sword16* u, + const sword16* v, int k) +{ + int i; + + /* Transform u. All of result used in calculation of w. + * Step 6: ... NTT(u') */ + for (i = 0; i < k; ++i) { + mlkem_ntt(u + i * MLKEM_N); + } + + /* Multiply private key by u into w polynomial. + * Step 6: ... s_hat_trans o NTT(u') */ + mlkem_pointwise_acc_mont(w, s, u, k); + /* Inverse transform w. + * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */ + mlkem_invntt(w); + /* Subtract errors (in w) out of v and reduce into w. + * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */ + for (i = 0; i < MLKEM_N; ++i) { + sword16 t = v[i] - w[i]; + w[i] = MLKEM_BARRETT_RED(t); + } +} + +/* Decapsulate message. + * + * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c) + * Uses the decryption key to decrypt a ciphertext. + * ... + * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) + * ... + * + * @param [in] s Private key vector of polynomials. + * @param [out] w Message polynomial. + * @param [in] u Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u, + const sword16* v, int k) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_decapsulate_avx2(s, w, u, v, k); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_decapsulate_c(s, w, u, v, k); + } +} + +#endif /* !WOLFSSL_MLKEM_ NO_DECAPSULATE */ +#endif + +/******************************************************************************/ + +#ifdef USE_INTEL_SPEEDUP +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed) +{ + int i; + byte rand[4 * GEN_MATRIX_SIZE + 2]; + word64 state[25 * 4]; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + unsigned int ctr3; + byte* p; + + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + rand[4 * GEN_MATRIX_SIZE + 0] = 0xff; + rand[4 * GEN_MATRIX_SIZE + 1] = 0xff; + + if (!transposed) { + state[4*4 + 0] = 0x1f0000 + 0x000; + state[4*4 + 1] = 0x1f0000 + 0x001; + state[4*4 + 2] = 0x1f0000 + 0x100; + state[4*4 + 3] = 0x1f0000 + 0x101; + } + else { + state[4*4 + 0] = 0x1f0000 + 0x000; + state[4*4 + 1] = 0x1f0000 + 0x100; + state[4*4 + 2] = 0x1f0000 + 0x001; + state[4*4 + 3] = 0x1f0000 + 0x101; + } + + mlkem_sha3_128_blocksx4_seed_avx2(state, seed); + mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE, + rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE, + rand + 3 * GEN_MATRIX_SIZE); + for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { + sha3_blocksx4_avx2(state); + mlkem_redistribute_21_rand_avx2(state, rand + i + 0 * GEN_MATRIX_SIZE, + rand + i + 1 * GEN_MATRIX_SIZE, rand + i + 2 * GEN_MATRIX_SIZE, + rand + i + 3 * GEN_MATRIX_SIZE); + } + + /* Sample random bytes to create a polynomial. */ + p = rand; + ctr0 = mlkem_rej_uniform_n_avx2(a + 0 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr1 = mlkem_rej_uniform_n_avx2(a + 1 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr2 = mlkem_rej_uniform_n_avx2(a + 2 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr3 = mlkem_rej_uniform_n_avx2(a + 3 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N) || + (ctr3 < MLKEM_N)) { + sha3_blocksx4_avx2(state); + mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE, + rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE, + rand + 3 * GEN_MATRIX_SIZE); + + p = rand; + ctr0 += mlkem_rej_uniform_avx2(a + 0 * MLKEM_N + ctr0, MLKEM_N - ctr0, + p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr1 += mlkem_rej_uniform_avx2(a + 1 * MLKEM_N + ctr1, MLKEM_N - ctr1, + p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr2 += mlkem_rej_uniform_avx2(a + 2 * MLKEM_N + ctr2, MLKEM_N - ctr2, + p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr3 += mlkem_rej_uniform_avx2(a + 3 * MLKEM_N + ctr3, MLKEM_N - ctr3, + p, XOF_BLOCK_SIZE); + } + + return 0; +} +#endif + +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + byte rand[4 * GEN_MATRIX_SIZE + 2]; + word64 state[25 * 4]; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + unsigned int ctr3; + byte* p; + + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + rand[4 * GEN_MATRIX_SIZE + 0] = 0xff; + rand[4 * GEN_MATRIX_SIZE + 1] = 0xff; + + for (k = 0; k < 2; k++) { + for (i = 0; i < 4; i++) { + if (!transposed) { + state[4*4 + i] = 0x1f0000 + (((k*4+i)/3) << 8) + ((k*4+i)%3); + } + else { + state[4*4 + i] = 0x1f0000 + (((k*4+i)%3) << 8) + ((k*4+i)/3); + } + } + + mlkem_sha3_128_blocksx4_seed_avx2(state, seed); + mlkem_redistribute_21_rand_avx2(state, + rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE, + rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE); + for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { + sha3_blocksx4_avx2(state); + mlkem_redistribute_21_rand_avx2(state, + rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE, + rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE); + } + + /* Sample random bytes to create a polynomial. */ + p = rand; + ctr0 = mlkem_rej_uniform_n_avx2(a + 0 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr1 = mlkem_rej_uniform_n_avx2(a + 1 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr2 = mlkem_rej_uniform_n_avx2(a + 2 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr3 = mlkem_rej_uniform_n_avx2(a + 3 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N) || + (ctr3 < MLKEM_N)) { + sha3_blocksx4_avx2(state); + mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE, + rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE, + rand + 3 * GEN_MATRIX_SIZE); + + p = rand; + ctr0 += mlkem_rej_uniform_avx2(a + 0 * MLKEM_N + ctr0, + MLKEM_N - ctr0, p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr1 += mlkem_rej_uniform_avx2(a + 1 * MLKEM_N + ctr1, + MLKEM_N - ctr1, p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr2 += mlkem_rej_uniform_avx2(a + 2 * MLKEM_N + ctr2, + MLKEM_N - ctr2, p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr3 += mlkem_rej_uniform_avx2(a + 3 * MLKEM_N + ctr3, + MLKEM_N - ctr3, p, XOF_BLOCK_SIZE); + } + + a += 4 * MLKEM_N; + } + + readUnalignedWords64(state, seed, 4); + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (2 << 8) + 2; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = W64LIT(0x8000000000000000); + for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) + { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + else { + BlockSha3(state); + } + XMEMCPY(rand + i, state, SHA3_128_BYTES); + } + ctr0 = mlkem_rej_uniform_n_avx2(a, MLKEM_N, rand, GEN_MATRIX_SIZE); + while (ctr0 < MLKEM_N) { + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) + { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + else { + BlockSha3(state); + } + XMEMCPY(rand, state, SHA3_128_BYTES); + ctr0 += mlkem_rej_uniform_avx2(a + ctr0, MLKEM_N - ctr0, rand, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + byte rand[4 * GEN_MATRIX_SIZE + 2]; + word64 state[25 * 4]; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + unsigned int ctr3; + byte* p; + + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + rand[4 * GEN_MATRIX_SIZE + 0] = 0xff; + rand[4 * GEN_MATRIX_SIZE + 1] = 0xff; + + for (k = 0; k < 4; k++) { + for (i = 0; i < 4; i++) { + if (!transposed) { + state[4*4 + i] = 0x1f0000 + (k << 8) + i; + } + else { + state[4*4 + i] = 0x1f0000 + (i << 8) + k; + } + } + + mlkem_sha3_128_blocksx4_seed_avx2(state, seed); + mlkem_redistribute_21_rand_avx2(state, + rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE, + rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE); + for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { + sha3_blocksx4_avx2(state); + mlkem_redistribute_21_rand_avx2(state, + rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE, + rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE); + } + + /* Sample random bytes to create a polynomial. */ + p = rand; + ctr0 = mlkem_rej_uniform_n_avx2(a + 0 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr1 = mlkem_rej_uniform_n_avx2(a + 1 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr2 = mlkem_rej_uniform_n_avx2(a + 2 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + p += GEN_MATRIX_SIZE; + ctr3 = mlkem_rej_uniform_n_avx2(a + 3 * MLKEM_N, MLKEM_N, p, + GEN_MATRIX_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N) || + (ctr3 < MLKEM_N)) { + sha3_blocksx4_avx2(state); + mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE, + rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE, + rand + 3 * GEN_MATRIX_SIZE); + + p = rand; + ctr0 += mlkem_rej_uniform_avx2(a + 0 * MLKEM_N + ctr0, + MLKEM_N - ctr0, p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr1 += mlkem_rej_uniform_avx2(a + 1 * MLKEM_N + ctr1, + MLKEM_N - ctr1, p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr2 += mlkem_rej_uniform_avx2(a + 2 * MLKEM_N + ctr2, + MLKEM_N - ctr2, p, XOF_BLOCK_SIZE); + p += GEN_MATRIX_SIZE; + ctr3 += mlkem_rej_uniform_avx2(a + 3 * MLKEM_N + ctr3, + MLKEM_N - ctr3, p, XOF_BLOCK_SIZE); + } + + a += 4 * MLKEM_N; + } + + return 0; +} +#endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */ +#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) +{ + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + if (!transposed) { + state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0; + state[1*25 + 4] = 0x1f0000 + (0 << 8) + 1; + state[2*25 + 4] = 0x1f0000 + (1 << 8) + 0; + } + else { + state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0; + state[1*25 + 4] = 0x1f0000 + (1 << 8) + 0; + state[2*25 + 4] = 0x1f0000 + (0 << 8) + 1; + } + + mlkem_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = mlkem_rej_uniform_neon(a + 0 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE); + while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N)) { + mlkem_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += mlkem_rej_uniform_neon(a + 0 * MLKEM_N + ctr0, MLKEM_N - ctr0, + p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += mlkem_rej_uniform_neon(a + 1 * MLKEM_N + ctr1, MLKEM_N - ctr1, + p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += mlkem_rej_uniform_neon(a + 2 * MLKEM_N + ctr2, MLKEM_N - ctr2, + p, XOF_BLOCK_SIZE); + } + + a += 3 * MLKEM_N; + + readUnalignedWords64(state, seed, 4); + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (1 << 8) + 1; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = W64LIT(0x8000000000000000); + BlockSha3(state); + p = (byte*)state; + ctr0 = mlkem_rej_uniform_neon(a, MLKEM_N, p, XOF_BLOCK_SIZE); + while (ctr0 < MLKEM_N) { + BlockSha3(state); + ctr0 += mlkem_rej_uniform_neon(a + ctr0, MLKEM_N - ctr0, p, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif + +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + for (k = 0; k < 3; k++) { + for (i = 0; i < 3; i++) { + if (!transposed) { + state[i*25 + 4] = 0x1f0000 + ((k << 8) + i); + } + else { + state[i*25 + 4] = 0x1f0000 + ((i << 8) + k); + } + } + + mlkem_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = mlkem_rej_uniform_neon(a + 0 * MLKEM_N, MLKEM_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p, + XOF_BLOCK_SIZE); + p +=25 * 8; + ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p, + XOF_BLOCK_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N)) { + mlkem_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += mlkem_rej_uniform_neon(a + 0 * MLKEM_N + ctr0, + MLKEM_N - ctr0, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += mlkem_rej_uniform_neon(a + 1 * MLKEM_N + ctr1, + MLKEM_N - ctr1, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += mlkem_rej_uniform_neon(a + 2 * MLKEM_N + ctr2, + MLKEM_N - ctr2, p, XOF_BLOCK_SIZE); + } + + a += 3 * MLKEM_N; + } + + return 0; +} +#endif + +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + for (k = 0; k < 5; k++) { + for (i = 0; i < 3; i++) { + byte bi = ((k * 3) + i) / 4; + byte bj = ((k * 3) + i) % 4; + if (!transposed) { + state[i*25 + 4] = 0x1f0000 + (bi << 8) + bj; + } + else { + state[i*25 + 4] = 0x1f0000 + (bj << 8) + bi; + } + } + + mlkem_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = mlkem_rej_uniform_neon(a + 0 * MLKEM_N, MLKEM_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p, + XOF_BLOCK_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < MLKEM_N) || (ctr1 < MLKEM_N) || (ctr2 < MLKEM_N)) { + mlkem_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += mlkem_rej_uniform_neon(a + 0 * MLKEM_N + ctr0, + MLKEM_N - ctr0, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += mlkem_rej_uniform_neon(a + 1 * MLKEM_N + ctr1, + MLKEM_N - ctr1, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += mlkem_rej_uniform_neon(a + 2 * MLKEM_N + ctr2, + MLKEM_N - ctr2, p, XOF_BLOCK_SIZE); + } + + a += 3 * MLKEM_N; + } + + readUnalignedWords64(state, seed, 4); + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (3 << 8) + 3; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = W64LIT(0x8000000000000000); + BlockSha3(state); + p = (byte*)state; + ctr0 = mlkem_rej_uniform_neon(a, MLKEM_N, p, XOF_BLOCK_SIZE); + while (ctr0 < MLKEM_N) { + BlockSha3(state); + ctr0 += mlkem_rej_uniform_neon(a + ctr0, MLKEM_N - ctr0, p, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif +#endif /* USE_INTEL_SPEEDUP */ + +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) +/* Absorb the seed data for squeezing out pseudo-random data. + * + * FIPS 203, Section 4.1: + * 1. XOF.init() = SHA128.Init(). + * 2. XOF.Absorb(ctx,str) = SHAKE128.Absorb(ctx,str). + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] seed Data to absorb. + * @param [in] len Length of data to absorb in bytes. + * @return 0 on success always. + */ +static int mlkem_xof_absorb(wc_Shake* shake128, byte* seed, int len) +{ + int ret; + + ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_Shake128_Absorb(shake128, seed, len); + } + + return ret; +} + +/* Squeeze the state to produce pseudo-random data. + * + * FIPS 203, Section 4.1: + * 3. XOF.Absorb(ctx,l) = SHAKE128.Squeeze(ctx,8.l). + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [out] out Buffer to write to. + * @param [in] blocks Number of blocks to write. + * @return 0 on success always. + */ +static int mlkem_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks) +{ + return wc_Shake128_SqueezeBlocks(shake128, out, blocks); +} +#endif + +/* New/Initialize SHA-3 object. + * + * FIPS 203, Section 4.1: + * H(s) := SHA3-256(s) + * + * @param [in, out] hash SHA-3 object. + * @param [in] heap Dynamic memory allocator hint. + * @param [in] devId Device id. + * @return 0 on success always. + */ +int mlkem_hash_new(wc_Sha3* hash, void* heap, int devId) +{ + return wc_InitSha3_256(hash, heap, devId); +} + +/* Free SHA-3 object. + * + * FIPS 203, Section 4.1: + * H(s) := SHA3-256(s) + * + * @param [in, out] hash SHA-3 object. + */ +void mlkem_hash_free(wc_Sha3* hash) +{ + wc_Sha3_256_Free(hash); +} + +/* Hash data using SHA3-256 with SHA-3 object. + * + * FIPS 203, Section 4.1: + * H(s) := SHA3-256(s) + * + * @param [in, out] hash SHA-3 object. + * @param [io] data Data to be hashed. + * @param [in] dataLen Length of data in bytes. + * @param [out] out Hash of data. + * @return 0 on success. + */ +int mlkem_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out) +{ + int ret; + + /* Process all data. */ + ret = wc_Sha3_256_Update(hash, data, dataLen); + if (ret == 0) { + /* Calculate Hash of data passed in an re-initialize. */ + ret = wc_Sha3_256_Final(hash, out); + } + + return ret; +} + +/* Hash one or two blocks of data using SHA3-512 with SHA-3 object. + * + * FIPS 203, Section 4.1: + * G(s) := SHA3-512(s) + * + * @param [in, out] hash SHA-3 object. + * @param [io] data1 First block of data to be hashed. + * @param [in] data1Len Length of first block of data in bytes. + * @param [io] data2 Second block of data to be hashed. May be NULL. + * @param [in] data2Len Length of second block of data in bytes. + * @param [out] out Hash of all data. + * @return 0 on success. + */ +int mlkem_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len, + const byte* data2, word32 data2Len, byte* out) +{ + int ret; + + /* Process first block of data. */ + ret = wc_Sha3_512_Update(hash, data1, data1Len); + /* Check if there is a second block of data. */ + if ((ret == 0) && (data2Len > 0)) { + /* Process second block of data. */ + ret = wc_Sha3_512_Update(hash, data2, data2Len); + } + if (ret == 0) { + /* Calculate Hash of data passed in an re-initialize. */ + ret = wc_Sha3_512_Final(hash, out); + } + + return ret; +} + +/* Initialize SHAKE-256 object. + * + * @param [in, out] shake256 SHAKE-256 object. + */ +void mlkem_prf_init(wc_Shake* prf) +{ + XMEMSET(prf->s, 0, sizeof(prf->s)); +} + +/* New/Initialize SHAKE-256 object. + * + * FIPS 203, Section 4.1: + * PRF_eta(s,b) := SHA256(s||b,8.64.eta) + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] heap Dynamic memory allocator hint. + * @param [in] devId Device id. + * @return 0 on success always. + */ +int mlkem_prf_new(wc_Shake* prf, void* heap, int devId) +{ + return wc_InitShake256(prf, heap, devId); +} + +/* Free SHAKE-256 object. + * + * FIPS 203, Section 4.1: + * PRF_eta(s,b) := SHA256(s||b,8.64.eta) + * + * @param [in, out] shake256 SHAKE-256 object. + */ +void mlkem_prf_free(wc_Shake* prf) +{ + wc_Shake256_Free(prf); +} + +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) +/* Create pseudo-random data from the key using SHAKE-256. + * + * FIPS 203, Section 4.1: + * PRF_eta(s,b) := SHA256(s||b,8.64.eta) + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [out] out Buffer to write to. + * @param [in] outLen Number of bytes to write. + * @param [in] key Data to derive from. Must be: + * WC_ML_KEM_SYM_SZ + 1 bytes in length. + * @return 0 on success always. + */ +static int mlkem_prf(wc_Shake* shake256, byte* out, unsigned int outLen, + const byte* key) +{ +#ifdef USE_INTEL_SPEEDUP + word64 state[25]; + + (void)shake256; + + /* Put first WC_ML_KEM_SYM_SZ bytes og key into blank state. */ + readUnalignedWords64(state, key, WC_ML_KEM_SYM_SZ / sizeof(word64)); + /* Last byte in with end of content marker. */ + state[WC_ML_KEM_SYM_SZ / 8] = 0x1f00 | key[WC_ML_KEM_SYM_SZ]; + /* Set rest of state to 0. */ + XMEMSET(state + WC_ML_KEM_SYM_SZ / 8 + 1, 0, + (25 - WC_ML_KEM_SYM_SZ / 8 - 1) * sizeof(word64)); + /* ... except for rate marker. */ + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); + + /* Generate as much output as is required. */ + while (outLen > 0) { + /* Get as much of an output block as is needed. */ + unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE); + + /* Perform a block operation on the state for next block of output. */ + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && + (SAVE_VECTOR_REGISTERS2() == 0)) { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + else { + BlockSha3(state); + } + + /* Copy the state as output. */ + XMEMCPY(out, state, len); + /* Update output pointer and length. */ + out += len; + outLen -= len; + } + + return 0; +#else + int ret; + + /* Process all data. */ + ret = wc_Shake256_Update(shake256, key, WC_ML_KEM_SYM_SZ + 1); + if (ret == 0) { + /* Calculate Hash of data passed in an re-initialize. */ + ret = wc_Shake256_Final(shake256, out, outLen); + } + + return ret; +#endif +} +#endif + +#ifdef WOLFSSL_MLKEM_KYBER +#ifdef USE_INTEL_SPEEDUP +/* Create pseudo-random key from the seed using SHAKE-256. + * + * @param [in] seed Data to derive from. + * @param [in] seedLen Length of data to derive from in bytes. + * @param [out] out Buffer to write to. + * @param [in] outLen Number of bytes to derive. + * @return 0 on success always. + */ +int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen) +{ + word64 state[25]; + word32 len64 = seedLen / 8; + + readUnalignedWords64(state, seed, len64); + state[len64] = 0x1f; + XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); + + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + else { + BlockSha3(state); + } + XMEMCPY(out, state, outLen); + + return 0; +} +#endif + +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) +/* Create pseudo-random key from the seed using SHAKE-256. + * + * @param [in] seed Data to derive from. + * @param [in] seedLen Length of data to derive from in bytes. + * @param [out] out Buffer to write to. + * @param [in] outLen Number of bytes to derive. + * @return 0 on success always. + */ +int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen) +{ + word64 state[25]; + word32 len64 = seedLen / 8; + + readUnalignedWords64(state, seed, len64); + state[len64] = 0x1f; + XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); + + BlockSha3(state); + XMEMCPY(out, state, outLen); + + return 0; +} +#endif +#endif + +#ifndef WOLFSSL_NO_ML_KEM +/* Derive the secret from z and cipher text. + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] z Implicit rejection value. + * @param [in] ct Cipher text. + * @param [in] ctSz Length of cipher text in bytes. + * @param [out] ss Shared secret. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation failed. + * @return Other negative when a hash error occurred. + */ +int mlkem_derive_secret(wc_Shake* shake256, const byte* z, const byte* ct, + word32 ctSz, byte* ss) +{ + int ret; + +#ifdef USE_INTEL_SPEEDUP + XMEMCPY(shake256->t, z, WC_ML_KEM_SYM_SZ); + XMEMCPY(shake256->t, ct, WC_SHA3_256_COUNT * 8 - WC_ML_KEM_SYM_SZ); + shake256->i = WC_ML_KEM_SYM_SZ; + ct += WC_SHA3_256_COUNT * 8 - WC_ML_KEM_SYM_SZ; + ctSz -= WC_SHA3_256_COUNT * 8 - WC_ML_KEM_SYM_SZ; + ret = wc_Shake256_Update(shake256, ct, ctSz); + if (ret == 0) { + ret = wc_Shake256_Final(shake256, ss, WC_ML_KEM_SS_SZ); + } +#else + ret = wc_Shake256_Update(shake256, z, WC_ML_KEM_SYM_SZ); + if (ret == 0) { + ret = wc_Shake256_Update(shake256, ct, ctSz); + } + if (ret == 0) { + ret = wc_Shake256_Final(shake256, ss, WC_ML_KEM_SS_SZ); + } +#endif + + return ret; +} +#endif + +#if !defined(WOLFSSL_ARMASM) +/* Rejection sampling on uniform random bytes to generate uniform random + * integers mod q. + * + * FIPS 203, Algorithm 7: SampleNTT(B) + * Takes a 32-byte seed and two indices as input and outputs a pseudorandom + * element of T_q. + * ... + * 4: while j < 256 do + * 5: (ctx,C) <- XOF.Squeeze(ctx,3) + * 6: d1 <- C[0] + 256.(C[1] mod 16) + * 7: d2 <- lower(C[1] / 16) + 16.C[2] + * 8: if d1 < q then + * 9: a_hat[j] <- d1 + * 10: j <- j + 1 + * 11: end if + * 12: if d2 < q and j < 256 then + * 13: a_hat[j] <- d2 + * 14: j <- j + 1 + * 15: end if + * 16: end while + * ... + * + * @param [out] p Uniform random integers mod q. + * @param [in] len Maximum number of integers. + * @param [in] r Uniform random bytes buffer. + * @param [in] rLen Length of random data in buffer. + * @return Number of integers sampled. + */ +static unsigned int mlkem_rej_uniform_c(sword16* p, unsigned int len, + const byte* r, unsigned int rLen) +{ + unsigned int i; + unsigned int j; + +#if defined(WOLFSSL_MLKEM_SMALL) || !defined(WC_64BIT_CPU) || \ + defined(BIG_ENDIAN_ORDER) + /* Keep sampling until maximum number of integers reached or buffer used up. + * Step 4. */ + for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) { + /* Step 5 - caller generates and now using 3 bytes of it. */ + /* Use 24 bits (3 bytes) as two 12 bits integers. */ + /* Step 6. */ + sword16 v0 = ((r[0] >> 0) | ((word16)r[1] << 8)) & 0xFFF; + /* Step 7. */ + sword16 v1 = ((r[1] >> 4) | ((word16)r[2] << 4)) & 0xFFF; + + /* Reject first 12-bit integer if greater than or equal to q. + * Step 8 */ + if (v0 < MLKEM_Q) { + /* Steps 9-10 */ + p[i++] = v0; + } + /* Check second if we don't have enough integers yet. + * Reject second 12-bit integer if greater than or equal to q. + * Step 12 */ + if ((i < len) && (v1 < MLKEM_Q)) { + /* Steps 13-14 */ + p[i++] = v1; + } + + /* Move over used bytes. */ + r += 3; + } +#else + /* Unroll loops. Minimal work per loop. */ + unsigned int minJ; + + /* Calculate minimum number of 6 byte data blocks to get all required + * numbers assuming no rejections. */ + minJ = len / 4 * 6; + if (minJ > rLen) + minJ = rLen; + i = 0; + for (j = 0; j < minJ; j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; + + p[i] = v0; + i += (v0 < MLKEM_Q); + p[i] = v1; + i += (v1 < MLKEM_Q); + p[i] = v2; + i += (v2 < MLKEM_Q); + p[i] = v3; + i += (v3 < MLKEM_Q); + + /* Move over used bytes. */ + r += 6; + } + /* Check whether we have all the numbers we need. */ + if (j < rLen) { + /* Keep trying until we have less than 4 numbers to find or data is used + * up. */ + for (; (i + 4 < len) && (j < rLen); j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; + + p[i] = v0; + i += (v0 < MLKEM_Q); + p[i] = v1; + i += (v1 < MLKEM_Q); + p[i] = v2; + i += (v2 < MLKEM_Q); + p[i] = v3; + i += (v3 < MLKEM_Q); + + /* Move over used bytes. */ + r += 6; + } + /* Keep trying until we have all the numbers we need or the data is used + * up. */ + for (; (i < len) && (j < rLen); j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; + + /* Reject first 12-bit integer if greater than or equal to q. */ + if (v0 < MLKEM_Q) { + p[i++] = v0; + } + /* Check second if we don't have enough integers yet. + * Reject second 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v1 < MLKEM_Q)) { + p[i++] = v1; + } + /* Check second if we don't have enough integers yet. + * Reject third 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v2 < MLKEM_Q)) { + p[i++] = v2; + } + /* Check second if we don't have enough integers yet. + * Reject fourth 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v3 < MLKEM_Q)) { + p[i++] = v3; + } + + /* Move over used bytes. */ + r += 6; + } + } +#endif + + return i; +} +#endif + +#if !defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \ + !defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM) + +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 3: for (i <- 0; i < k; i++) + * 4: for (j <- 0; j < k; j++) + * 5: A_hat[i,j] <- SampleNTT(rho||j||i) + * 6: end for + * 7: end for + * ... + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 4: for (i <- 0; i < k; i++) + * 5: for (j <- 0; j < k; j++) + * 6: A_hat[i,j] <- SampleNTT(rho||j||i) (Transposed is rho||i||j) + * 7: end for + * 8: end for + * ... + * FIPS 203, Algorithm 7: SampleNTT(B) + * Takes a 32-byte seed and two indices as input and outputs a pseudorandom + * element of T_q. + * 1: ctx <- XOF.init() + * 2: ctx <- XOF.Absorb(ctx,B) + * 3: j <- 0 + * 4: while j < 256 do + * 5: (ctx,C) <- XOF.Squeeze(ctx,3) + * ... + * 16: end while + * 17: return a_hat + * + * @param [in] prf XOF object. + * @param [out] a Matrix of uniform integers. + * @param [in] k Number of dimensions. k x k polynomials. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_c(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed, + int transposed) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* rand; +#else + byte rand[GEN_MATRIX_SIZE + 2]; +#endif + byte extSeed[WC_ML_KEM_SYM_SZ + 2]; + int ret = 0; + int i; + + /* Copy seed into buffer than has space for i and j to be appended. */ + XMEMCPY(extSeed, seed, WC_ML_KEM_SYM_SZ); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Allocate large amount of memory to hold random bytes to be samples. */ + rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (rand == NULL) { + ret = MEMORY_E; + } +#endif + +#if !defined(WOLFSSL_MLKEM_SMALL) && defined(WC_64BIT_CPU) + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + if (ret == 0) { + rand[GEN_MATRIX_SIZE+0] = 0xff; + rand[GEN_MATRIX_SIZE+1] = 0xff; + } +#endif + + /* Generate each vector of polynomials. + * Alg 13, Step 3. Alg 14, Step 4. */ + for (i = 0; (ret == 0) && (i < k); i++, a += k * MLKEM_N) { + int j; + /* Generate each polynomial in vector from seed with indices. + * Alg 13, Step 4. Alg 14, Step 5. */ + for (j = 0; (ret == 0) && (j < k); j++) { + if (transposed) { + /* Alg 14, Step 6: .. rho||i||j ... */ + extSeed[WC_ML_KEM_SYM_SZ + 0] = i; + extSeed[WC_ML_KEM_SYM_SZ + 1] = j; + } + else { + /* Alg 13, Step 5: .. rho||j||i ... */ + extSeed[WC_ML_KEM_SYM_SZ + 0] = j; + extSeed[WC_ML_KEM_SYM_SZ + 1] = i; + } + /* Absorb the index specific seed. + * Alg 7, Step 1-2 */ + ret = mlkem_xof_absorb(prf, extSeed, sizeof(extSeed)); + if (ret == 0) { + /* Create data based on the seed. + * Alg 7, Step 5. Generating enough to, on average, be able to + * get enough valid values. */ + ret = mlkem_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS); + } + if (ret == 0) { + unsigned int ctr; + + /* Sample random bytes to create a polynomial. + * Alg 7, Step 3 - implicitly counter is 0. + * Alg 7, Step 4-16. */ + ctr = mlkem_rej_uniform_c(a + j * MLKEM_N, MLKEM_N, rand, + GEN_MATRIX_SIZE); + /* Create more blocks if too many rejected. + * Alg 7, Step 4. */ + while (ctr < MLKEM_N) { + /* Alg 7, Step 5. */ + mlkem_xof_squeezeblocks(prf, rand, 1); + /* Alg 7, Step 4-16. */ + ctr += mlkem_rej_uniform_c(a + j * MLKEM_N + ctr, + MLKEM_N - ctr, rand, XOF_BLOCK_SIZE); + } + } + } + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Dispose of temporary buffer. */ + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif + +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d), Steps 3-7 + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r), Steps 4-8 + * + * @param [in] prf XOF object. + * @param [out] a Matrix of uniform integers. + * @param [in] k Number of dimensions. k x k polynomials. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed, + int transposed) +{ + int ret; + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (k == WC_ML_KEM_512_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = mlkem_gen_matrix_k2_aarch64(a, seed, transposed); +#else + #ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = mlkem_gen_matrix_k2_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); + } + else + #endif + { + ret = mlkem_gen_matrix_c(prf, a, WC_ML_KEM_512_K, seed, transposed); + } +#endif + } + else +#endif +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (k == WC_ML_KEM_768_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = mlkem_gen_matrix_k3_aarch64(a, seed, transposed); +#else + #ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = mlkem_gen_matrix_k3_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); + } + else + #endif + { + ret = mlkem_gen_matrix_c(prf, a, WC_ML_KEM_768_K, seed, transposed); + } +#endif + } + else +#endif +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (k == WC_ML_KEM_1024_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = mlkem_gen_matrix_k4_aarch64(a, seed, transposed); +#else + #ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = mlkem_gen_matrix_k4_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); + } + else + #endif + { + ret = mlkem_gen_matrix_c(prf, a, WC_ML_KEM_1024_K, seed, + transposed); + } +#endif + } + else +#endif + { + ret = BAD_STATE_E; + } + + (void)prf; + + return ret; +} + +#endif + +#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \ + defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM) + +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 4: for (j <- 0; j < k; j++) + * 5: A_hat[i,j] <- SampleNTT(rho||j||i) + * 6: end for + * ... + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 5: for (j <- 0; j < k; j++) + * 6: A_hat[i,j] <- SampleNTT(rho||j||i) (Transposed is rho||i||j) + * 7: end for + * ... + * + * @param [in] prf XOF object. + * @param [out] a Matrix of uniform integers. + * @param [in] k Number of dimensions. k x k polynomials. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] i Index of vector to generate. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int mlkem_gen_matrix_i(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed, + int i, int transposed) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* rand; +#else + byte rand[GEN_MATRIX_SIZE + 2]; +#endif + byte extSeed[WC_ML_KEM_SYM_SZ + 2]; + int ret = 0; + int j; + + XMEMCPY(extSeed, seed, WC_ML_KEM_SYM_SZ); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Allocate large amount of memory to hold random bytes to be samples. */ + rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (rand == NULL) { + ret = MEMORY_E; + } +#endif + +#if !defined(WOLFSSL_MLKEM_SMALL) && defined(WC_64BIT_CPU) + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + if (ret == 0) { + rand[GEN_MATRIX_SIZE+0] = 0xff; + rand[GEN_MATRIX_SIZE+1] = 0xff; + } +#endif + + /* Generate each polynomial in vector from seed with indices. + * Alg 13, Step 4. Alg 14, Step 5. */ + for (j = 0; (ret == 0) && (j < k); j++) { + if (transposed) { + /* Alg 14, Step 6: .. rho||i||j ... */ + extSeed[WC_ML_KEM_SYM_SZ + 0] = i; + extSeed[WC_ML_KEM_SYM_SZ + 1] = j; + } + else { + /* Alg 13, Step 5: .. rho||j||i ... */ + extSeed[WC_ML_KEM_SYM_SZ + 0] = j; + extSeed[WC_ML_KEM_SYM_SZ + 1] = i; + } + /* Absorb the index specific seed. + * Alg 7, Step 1-2 */ + ret = mlkem_xof_absorb(prf, extSeed, sizeof(extSeed)); + if (ret == 0) { + /* Create out based on the seed. + * Alg 7, Step 5. Generating enough to, on average, be able to get + * enough valid values. */ + ret = mlkem_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS); + } + if (ret == 0) { + unsigned int ctr; + + /* Sample random bytes to create a polynomial. + * Alg 7, Step 3 - implicitly counter is 0. + * Alg 7, Step 4-16. */ + ctr = mlkem_rej_uniform_c(a + j * MLKEM_N, MLKEM_N, rand, + GEN_MATRIX_SIZE); + /* Create more blocks if too many rejected. + * Alg 7, Step 4. */ + while (ctr < MLKEM_N) { + /* Alg 7, Step 5. */ + mlkem_xof_squeezeblocks(prf, rand, 1); + /* Alg 7, Step 4-16. */ + ctr += mlkem_rej_uniform_c(a + j * MLKEM_N + ctr, + MLKEM_N - ctr, rand, XOF_BLOCK_SIZE); + } + } + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Dispose of temporary buffer. */ + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif + + +/******************************************************************************/ + +/* Subtract one 2 bit value from another out of a larger number. + * + * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * Takes a seed as input and outputs a pseudorandom sample from the distribution + * D_eta(R_q). + * + * @param [in] d Value containing sequential 2 bit values. + * @param [in] i Start index of the two values in 2 bits each. + * @return Difference of the two values with range 0..2. + */ +#define ETA2_SUB(d, i) \ + (((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \ + ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3))) + +/* Compute polynomial with coefficients distributed according to a centered + * binomial distribution with parameter eta2 from uniform random bytes. + * + * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * Takes a seed as input and outputs a pseudorandom sample from the distribution + * D_eta(R_q). + * + * @param [out] p Polynomial computed. + * @param [in] r Random bytes. + */ +static void mlkem_cbd_eta2(sword16* p, const byte* r) +{ + unsigned int i; + +#ifndef WORD64_AVAILABLE + /* Calculate eight integer coefficients at a time. */ + for (i = 0; i < MLKEM_N; i += 8) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + #endif + /* Take the next 4 bytes, little endian, as a 32 bit value. */ + #ifdef BIG_ENDIAN_ORDER + word32 t = ByteReverseWord32(*(word32*)r); + #else + word32 t = *(word32*)r; + #endif + word32 d; + /* Add second bits to first. */ + d = (t >> 0) & 0x55555555; + d += (t >> 1) & 0x55555555; + /* Values 0, 1 or 2 in consecutive 2 bits. + * 0 - 1/4, 1 - 2/4, 2 - 1/4. */ + + #ifdef WOLFSSL_MLKEM_SMALL + for (j = 0; j < 8; j++) { + p[i + j] = ETA2_SUB(d, j); + } + #else + p[i + 0] = ETA2_SUB(d, 0); + p[i + 1] = ETA2_SUB(d, 1); + p[i + 2] = ETA2_SUB(d, 2); + p[i + 3] = ETA2_SUB(d, 3); + p[i + 4] = ETA2_SUB(d, 4); + p[i + 5] = ETA2_SUB(d, 5); + p[i + 6] = ETA2_SUB(d, 6); + p[i + 7] = ETA2_SUB(d, 7); + #endif + /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16 */ + + /* Move over used bytes. */ + r += 4; + } +#else + /* Calculate sixteen integer coefficients at a time. */ + for (i = 0; i < MLKEM_N; i += 16) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + #endif + /* Take the next 8 bytes, little endian, as a 64 bit value. */ + #ifdef BIG_ENDIAN_ORDER + word64 t = ByteReverseWord64(readUnalignedWord64(r)); + #else + word64 t = readUnalignedWord64(r); + #endif + word64 d; + /* Add second bits to first. */ + d = (t >> 0) & 0x5555555555555555L; + d += (t >> 1) & 0x5555555555555555L; + /* Values 0, 1 or 2 in consecutive 2 bits. + * 0 - 1/4, 1 - 2/4, 2 - 1/4. */ + + #ifdef WOLFSSL_MLKEM_SMALL + for (j = 0; j < 16; j++) { + p[i + j] = ETA2_SUB(d, j); + } + #else + p[i + 0] = ETA2_SUB(d, 0); + p[i + 1] = ETA2_SUB(d, 1); + p[i + 2] = ETA2_SUB(d, 2); + p[i + 3] = ETA2_SUB(d, 3); + p[i + 4] = ETA2_SUB(d, 4); + p[i + 5] = ETA2_SUB(d, 5); + p[i + 6] = ETA2_SUB(d, 6); + p[i + 7] = ETA2_SUB(d, 7); + p[i + 8] = ETA2_SUB(d, 8); + p[i + 9] = ETA2_SUB(d, 9); + p[i + 10] = ETA2_SUB(d, 10); + p[i + 11] = ETA2_SUB(d, 11); + p[i + 12] = ETA2_SUB(d, 12); + p[i + 13] = ETA2_SUB(d, 13); + p[i + 14] = ETA2_SUB(d, 14); + p[i + 15] = ETA2_SUB(d, 15); + #endif + /* -2 - 1/16, -1 - 4/16, 0 - 6/16, 1 - 4/16, 2 - 1/16 */ + + /* Move over used bytes. */ + r += 8; + } +#endif +} + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) +/* Subtract one 3 bit value from another out of a larger number. + * + * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * Takes a seed as input and outputs a pseudorandom sample from the distribution + * D_eta(R_q). + * + * @param [in] d Value containing sequential 3 bit values. + * @param [in] i Start index of the two values in 3 bits each. + * @return Difference of the two values with range 0..3. + */ +#define ETA3_SUB(d, i) \ + (((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \ + ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7))) + +/* Compute polynomial with coefficients distributed according to a centered + * binomial distribution with parameter eta3 from uniform random bytes. + * + * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * Takes a seed as input and outputs a pseudorandom sample from the distribution + * D_eta(R_q). + * + * @param [out] p Polynomial computed. + * @param [in] r Random bytes. + */ +static void mlkem_cbd_eta3(sword16* p, const byte* r) +{ + unsigned int i; + +#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) || \ + defined(BIG_ENDIAN_ORDER) +#ifndef WORD64_AVAILABLE + /* Calculate four integer coefficients at a time. */ + for (i = 0; i < MLKEM_N; i += 4) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + #endif + /* Take the next 3 bytes, little endian, as a 24 bit value. */ + word32 t = (((word32)(r[0])) << 0) | + (((word32)(r[1])) << 8) | + (((word32)(r[2])) << 16); + word32 d; + /* Add second and third bits to first. */ + d = (t >> 0) & 0x00249249; + d += (t >> 1) & 0x00249249; + d += (t >> 2) & 0x00249249; + /* Values 0, 1, 2 or 3 in consecutive 3 bits. + * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */ + + #ifdef WOLFSSL_MLKEM_SMALL + for (j = 0; j < 4; j++) { + p[i + j] = ETA3_SUB(d, j); + } + #else + p[i + 0] = ETA3_SUB(d, 0); + p[i + 1] = ETA3_SUB(d, 1); + p[i + 2] = ETA3_SUB(d, 2); + p[i + 3] = ETA3_SUB(d, 3); + #endif + /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */ + + /* Move over used bytes. */ + r += 3; + } +#else + /* Calculate eight integer coefficients at a time. */ + for (i = 0; i < MLKEM_N; i += 8) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + #endif + /* Take the next 6 bytes, little endian, as a 48 bit value. */ + word64 t = (((word64)(r[0])) << 0) | + (((word64)(r[1])) << 8) | + (((word64)(r[2])) << 16) | + (((word64)(r[3])) << 24) | + (((word64)(r[4])) << 32) | + (((word64)(r[5])) << 40); + word64 d; + /* Add second and third bits to first. */ + d = (t >> 0) & 0x0000249249249249L; + d += (t >> 1) & 0x0000249249249249L; + d += (t >> 2) & 0x0000249249249249L; + /* Values 0, 1, 2 or 3 in consecutive 3 bits. + * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */ + + #ifdef WOLFSSL_MLKEM_SMALL + for (j = 0; j < 8; j++) { + p[i + j] = ETA3_SUB(d, j); + } + #else + p[i + 0] = ETA3_SUB(d, 0); + p[i + 1] = ETA3_SUB(d, 1); + p[i + 2] = ETA3_SUB(d, 2); + p[i + 3] = ETA3_SUB(d, 3); + p[i + 4] = ETA3_SUB(d, 4); + p[i + 5] = ETA3_SUB(d, 5); + p[i + 6] = ETA3_SUB(d, 6); + p[i + 7] = ETA3_SUB(d, 7); + #endif + /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */ + + /* Move over used bytes. */ + r += 6; + } +#endif /* WORD64_AVAILABLE */ +#else + /* Calculate eight integer coefficients at a time. */ + for (i = 0; i < MLKEM_N; i += 16) { + const word32* r32 = (const word32*)r; + /* Take the next 12 bytes, little endian, as 24 bit values. */ + word32 t0 = r32[0] & 0xffffff; + word32 t1 = ((r32[0] >> 24) | (r32[1] << 8)) & 0xffffff; + word32 t2 = ((r32[1] >> 16) | (r32[2] << 16)) & 0xffffff; + word32 t3 = r32[2] >> 8 ; + word32 d0; + word32 d1; + word32 d2; + word32 d3; + + /* Add second and third bits to first. */ + d0 = (t0 >> 0) & 0x00249249; + d0 += (t0 >> 1) & 0x00249249; + d0 += (t0 >> 2) & 0x00249249; + d1 = (t1 >> 0) & 0x00249249; + d1 += (t1 >> 1) & 0x00249249; + d1 += (t1 >> 2) & 0x00249249; + d2 = (t2 >> 0) & 0x00249249; + d2 += (t2 >> 1) & 0x00249249; + d2 += (t2 >> 2) & 0x00249249; + d3 = (t3 >> 0) & 0x00249249; + d3 += (t3 >> 1) & 0x00249249; + d3 += (t3 >> 2) & 0x00249249; + /* Values 0, 1, 2 or 3 in consecutive 3 bits. + * 0 - 1/8, 1 - 3/8, 2 - 3/8, 3 - 1/8. */ + + p[i + 0] = ETA3_SUB(d0, 0); + p[i + 1] = ETA3_SUB(d0, 1); + p[i + 2] = ETA3_SUB(d0, 2); + p[i + 3] = ETA3_SUB(d0, 3); + p[i + 4] = ETA3_SUB(d1, 0); + p[i + 5] = ETA3_SUB(d1, 1); + p[i + 6] = ETA3_SUB(d1, 2); + p[i + 7] = ETA3_SUB(d1, 3); + p[i + 8] = ETA3_SUB(d2, 0); + p[i + 9] = ETA3_SUB(d2, 1); + p[i + 10] = ETA3_SUB(d2, 2); + p[i + 11] = ETA3_SUB(d2, 3); + p[i + 12] = ETA3_SUB(d3, 0); + p[i + 13] = ETA3_SUB(d3, 1); + p[i + 14] = ETA3_SUB(d3, 2); + p[i + 15] = ETA3_SUB(d3, 3); + /* -3-1/64, -2-6/64, -1-15/64, 0-20/64, 1-15/64, 2-6/64, 3-1/64 */ + + /* Move over used bytes. */ + r += 12; + } +#endif /* WOLFSSL_SMALL_STACK || WOLFSSL_MLKEM_NO_LARGE_CODE || + * BIG_ENDIAN_ORDER */ +} +#endif + +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + +/* Get noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) + * ... + * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) + * ... + * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) + * ... + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 10: y[i] <- SamplePolyCBD_eta_1(PRF_eta_1(r, N)) + * ... + * + * @param [in, out] prf Pseudo-random function object. + * @param [out] p Polynomial. + * @param [in] seed Seed to use when calculating random. + * @param [in] eta1 Size of noise/error integers. + * @return 0 on success. + */ +static int mlkem_get_noise_eta1_c(MLKEM_PRF_T* prf, sword16* p, + const byte* seed, byte eta1) +{ + int ret; + + (void)eta1; + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (eta1 == MLKEM_CBD_ETA3) { + byte rand[ETA3_RAND_SIZE]; + + /* Calculate random bytes from seed with PRF. */ + ret = mlkem_prf(prf, rand, sizeof(rand), seed); + if (ret == 0) { + /* Sample for values in range -3..3 from 3 bits of random. */ + mlkem_cbd_eta3(p, rand); + } + } + else +#endif + { + byte rand[ETA2_RAND_SIZE]; + + /* Calculate random bytes from seed with PRF. */ + ret = mlkem_prf(prf, rand, sizeof(rand), seed); + if (ret == 0) { + /* Sample for values in range -2..2 from 2 bits of random. */ + mlkem_cbd_eta2(p, rand); + } + } + + return ret; +} + +/* Get noise/error by calculating random bytes and sampling to a binomial + * distribution. Values -2..2 + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [in, out] prf Pseudo-random function object. + * @param [out] p Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p, + const byte* seed) +{ + int ret; + byte rand[ETA2_RAND_SIZE]; + + /* Calculate random bytes from seed with PRF. */ + ret = mlkem_prf(prf, rand, sizeof(rand), seed); + if (ret == 0) { + mlkem_cbd_eta2(p, rand); + } + + return ret; +} + +#endif + +#ifdef USE_INTEL_SPEEDUP +#define PRF_RAND_SZ (2 * SHA3_256_BYTES) + +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \ + defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Get the noise/error by calculating random bytes. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void mlkem_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o) +{ + int i; + word64 state[25 * 4]; + + for (i = 0; i < 4; i++) { + state[4*4 + i] = 0x1f00 + i + o; + } + + mlkem_sha3_256_blocksx4_seed_avx2(state, seed); + mlkem_redistribute_16_rand_avx2(state, rand + 0 * ETA2_RAND_SIZE, + rand + 1 * ETA2_RAND_SIZE, rand + 2 * ETA2_RAND_SIZE, + rand + 3 * ETA2_RAND_SIZE); +} +#endif + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Get noise/error by calculating random bytes and sampling to a binomial + * distribution. Values -2..2 + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [in, out] prf Pseudo-random function object. + * @param [out] p Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_eta2_avx2(MLKEM_PRF_T* prf, sword16* p, + const byte* seed) +{ + word64 state[25]; + + (void)prf; + + /* Put first WC_ML_KEM_SYM_SZ bytes og key into blank state. */ + readUnalignedWords64(state, seed, WC_ML_KEM_SYM_SZ / sizeof(word64)); + /* Last byte in with end of content marker. */ + state[WC_ML_KEM_SYM_SZ / 8] = 0x1f00 | seed[WC_ML_KEM_SYM_SZ]; + /* Set rest of state to 0. */ + XMEMSET(state + WC_ML_KEM_SYM_SZ / 8 + 1, 0, + (25 - WC_ML_KEM_SYM_SZ / 8 - 1) * sizeof(word64)); + /* ... except for rate marker. */ + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); + + /* Perform a block operation on the state for next block of output. */ + if (IS_INTEL_BMI2(cpuid_flags)) { + sha3_block_bmi2(state); + } + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + else { + BlockSha3(state); + } + mlkem_cbd_eta2_avx2(p, (byte*)state); + + return 0; +} +#endif + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) +/* Get the noise/error by calculating random bytes. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void mlkem_get_noise_x4_eta3_avx2(byte* rand, byte* seed) +{ + word64 state[25 * 4]; + int i; + + state[4*4 + 0] = 0x1f00 + 0; + state[4*4 + 1] = 0x1f00 + 1; + state[4*4 + 2] = 0x1f00 + 2; + state[4*4 + 3] = 0x1f00 + 3; + + mlkem_sha3_256_blocksx4_seed_avx2(state, seed); + mlkem_redistribute_17_rand_avx2(state, rand + 0 * PRF_RAND_SZ, + rand + 1 * PRF_RAND_SZ, rand + 2 * PRF_RAND_SZ, + rand + 3 * PRF_RAND_SZ); + i = SHA3_256_BYTES; + sha3_blocksx4_avx2(state); + mlkem_redistribute_8_rand_avx2(state, rand + i + 0 * PRF_RAND_SZ, + rand + i + 1 * PRF_RAND_SZ, rand + i + 2 * PRF_RAND_SZ, + rand + i + 3 * PRF_RAND_SZ); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [in, out] prf Pseudo-random function object. + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_k2_avx2(MLKEM_PRF_T* prf, sword16* vec1, + sword16* vec2, sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[4 * PRF_RAND_SZ]; + + mlkem_get_noise_x4_eta3_avx2(rand, seed); + mlkem_cbd_eta3_avx2(vec1 , rand + 0 * PRF_RAND_SZ); + mlkem_cbd_eta3_avx2(vec1 + MLKEM_N, rand + 1 * PRF_RAND_SZ); + if (poly == NULL) { + mlkem_cbd_eta3_avx2(vec2 , rand + 2 * PRF_RAND_SZ); + mlkem_cbd_eta3_avx2(vec2 + MLKEM_N, rand + 3 * PRF_RAND_SZ); + } + else { + mlkem_cbd_eta2_avx2(vec2 , rand + 2 * PRF_RAND_SZ); + mlkem_cbd_eta2_avx2(vec2 + MLKEM_N, rand + 3 * PRF_RAND_SZ); + + seed[WC_ML_KEM_SYM_SZ] = 4; + ret = mlkem_get_noise_eta2_avx2(prf, poly, seed); + } + + return ret; +} +#endif + +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_k3_avx2(sword16* vec1, sword16* vec2, sword16* poly, + byte* seed) +{ + byte rand[4 * ETA2_RAND_SIZE]; + + mlkem_get_noise_x4_eta2_avx2(rand, seed, 0); + mlkem_cbd_eta2_avx2(vec1 , rand + 0 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec1 + 1 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec1 + 2 * MLKEM_N, rand + 2 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec2 , rand + 3 * ETA2_RAND_SIZE); + mlkem_get_noise_x4_eta2_avx2(rand, seed, 4); + mlkem_cbd_eta2_avx2(vec2 + 1 * MLKEM_N, rand + 0 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec2 + 2 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE); + if (poly != NULL) { + mlkem_cbd_eta2_avx2(poly, rand + 2 * ETA2_RAND_SIZE); + } + + return 0; +} +#endif + +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [in, out] prf Pseudo-random function object. + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_k4_avx2(MLKEM_PRF_T* prf, sword16* vec1, + sword16* vec2, sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[4 * ETA2_RAND_SIZE]; + + (void)prf; + + mlkem_get_noise_x4_eta2_avx2(rand, seed, 0); + mlkem_cbd_eta2_avx2(vec1 , rand + 0 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec1 + 1 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec1 + 2 * MLKEM_N, rand + 2 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec1 + 3 * MLKEM_N, rand + 3 * ETA2_RAND_SIZE); + mlkem_get_noise_x4_eta2_avx2(rand, seed, 4); + mlkem_cbd_eta2_avx2(vec2 , rand + 0 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec2 + 1 * MLKEM_N, rand + 1 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec2 + 2 * MLKEM_N, rand + 2 * ETA2_RAND_SIZE); + mlkem_cbd_eta2_avx2(vec2 + 3 * MLKEM_N, rand + 3 * ETA2_RAND_SIZE); + if (poly != NULL) { + seed[WC_ML_KEM_SYM_SZ] = 8; + ret = mlkem_get_noise_eta2_avx2(prf, poly, seed); + } + + return ret; +} +#endif +#endif /* USE_INTEL_SPEEDUP */ + +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + +#define PRF_RAND_SZ (2 * SHA3_256_BYTES) + +/* Get the noise/error by calculating random bytes. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void mlkem_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o) +{ + word64* state = (word64*)rand; + + state[0*25 + 4] = 0x1f00 + 0 + o; + state[1*25 + 4] = 0x1f00 + 1 + o; + state[2*25 + 4] = 0x1f00 + 2 + o; + + mlkem_shake256_blocksx3_seed_neon(state, seed); +} + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) +/* Get the noise/error by calculating random bytes. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void mlkem_get_noise_x3_eta3_aarch64(byte* rand, byte* seed, byte o) +{ + word64 state[3 * 25]; + + state[0*25 + 4] = 0x1f00 + 0 + o; + state[1*25 + 4] = 0x1f00 + 1 + o; + state[2*25 + 4] = 0x1f00 + 2 + o; + + mlkem_shake256_blocksx3_seed_neon(state, seed); + XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, SHA3_256_BYTES); + XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, SHA3_256_BYTES); + XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, SHA3_256_BYTES); + mlkem_sha3_blocksx3_neon(state); + rand += SHA3_256_BYTES; + XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); + XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); + XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); +} + +/* Get the noise/error by calculating random bytes. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + * @return 0 on success. + */ +static void mlkem_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o) +{ + word64 state[25]; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + state[4] = 0x1f00 + o; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[16] = W64LIT(0x8000000000000000); + BlockSha3(state); + XMEMCPY(rand , state, SHA3_256_BYTES); + BlockSha3(state); + XMEMCPY(rand + SHA3_256_BYTES, state, ETA3_RAND_SIZE - SHA3_256_BYTES); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_k2_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[3 * 25 * 8]; + + mlkem_get_noise_x3_eta3_aarch64(rand, seed, 0); + mlkem_cbd_eta3(vec1 , rand + 0 * ETA3_RAND_SIZE); + mlkem_cbd_eta3(vec1 + MLKEM_N, rand + 1 * ETA3_RAND_SIZE); + if (poly == NULL) { + mlkem_cbd_eta3(vec2 , rand + 2 * ETA3_RAND_SIZE); + mlkem_get_noise_eta3_aarch64(rand, seed, 3); + mlkem_cbd_eta3(vec2 + MLKEM_N, rand ); + } + else { + mlkem_get_noise_x3_eta2_aarch64(rand, seed, 2); + mlkem_cbd_eta2(vec2 , rand + 0 * 25 * 8); + mlkem_cbd_eta2(vec2 + MLKEM_N, rand + 1 * 25 * 8); + mlkem_cbd_eta2(poly , rand + 2 * 25 * 8); + } + + return ret; +} +#endif + +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Get the noise/error by calculating random bytes. + * + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * ... + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + * @return 0 on success. + */ +static void mlkem_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o) +{ + word64* state = (word64*)rand; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + /* Transposed value same as not. */ + state[4] = 0x1f00 + o; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[16] = W64LIT(0x8000000000000000); + BlockSha3(state); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_k3_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + byte rand[3 * 25 * 8]; + + mlkem_get_noise_x3_eta2_aarch64(rand, seed, 0); + mlkem_cbd_eta2(vec1 , rand + 0 * 25 * 8); + mlkem_cbd_eta2(vec1 + 1 * MLKEM_N, rand + 1 * 25 * 8); + mlkem_cbd_eta2(vec1 + 2 * MLKEM_N, rand + 2 * 25 * 8); + mlkem_get_noise_x3_eta2_aarch64(rand, seed, 3); + mlkem_cbd_eta2(vec2 , rand + 0 * 25 * 8); + mlkem_cbd_eta2(vec2 + 1 * MLKEM_N, rand + 1 * 25 * 8); + mlkem_cbd_eta2(vec2 + 2 * MLKEM_N, rand + 2 * 25 * 8); + if (poly != NULL) { + mlkem_get_noise_eta2_aarch64(rand, seed, 6); + mlkem_cbd_eta2(poly , rand + 0 * 25 * 8); + } + + return 0; +} +#endif + +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_k4_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[3 * 25 * 8]; + + mlkem_get_noise_x3_eta2_aarch64(rand, seed, 0); + mlkem_cbd_eta2(vec1 , rand + 0 * 25 * 8); + mlkem_cbd_eta2(vec1 + 1 * MLKEM_N, rand + 1 * 25 * 8); + mlkem_cbd_eta2(vec1 + 2 * MLKEM_N, rand + 2 * 25 * 8); + mlkem_get_noise_x3_eta2_aarch64(rand, seed, 3); + mlkem_cbd_eta2(vec1 + 3 * MLKEM_N, rand + 0 * 25 * 8); + mlkem_cbd_eta2(vec2 , rand + 1 * 25 * 8); + mlkem_cbd_eta2(vec2 + 1 * MLKEM_N, rand + 2 * 25 * 8); + mlkem_get_noise_x3_eta2_aarch64(rand, seed, 6); + mlkem_cbd_eta2(vec2 + 2 * MLKEM_N, rand + 0 * 25 * 8); + mlkem_cbd_eta2(vec2 + 3 * MLKEM_N, rand + 1 * 25 * 8); + if (poly != NULL) { + mlkem_cbd_eta2(poly, rand + 2 * 25 * 8); + } + + return ret; +} +#endif +#endif /* __aarch64__ && WOLFSSL_ARMASM */ + +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [in, out] prf Pseudo-random function object. + * @param [in] k Number of polynomials in vector. + * @param [out] vec1 First Vector of polynomials. + * @param [in] eta1 Size of noise/error integers with first vector. + * @param [out] vec2 Second Vector of polynomials. + * @param [in] eta2 Size of noise/error integers with second vector. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int mlkem_get_noise_c(MLKEM_PRF_T* prf, int k, sword16* vec1, int eta1, + sword16* vec2, int eta2, sword16* poly, byte* seed) +{ + int ret = 0; + int i; + + /* First noise generation has a seed with 0x00 appended. */ + seed[WC_ML_KEM_SYM_SZ] = 0; + /* Generate noise as private key. */ + for (i = 0; (ret == 0) && (i < k); i++) { + /* Generate noise for each dimension of vector. */ + ret = mlkem_get_noise_eta1_c(prf, vec1 + i * MLKEM_N, seed, eta1); + /* Increment value of appended byte. */ + seed[WC_ML_KEM_SYM_SZ]++; + } + if ((ret == 0) && (vec2 != NULL)) { + /* Generate noise for error. */ + for (i = 0; (ret == 0) && (i < k); i++) { + /* Generate noise for each dimension of vector. */ + ret = mlkem_get_noise_eta1_c(prf, vec2 + i * MLKEM_N, seed, eta2); + /* Increment value of appended byte. */ + seed[WC_ML_KEM_SYM_SZ]++; + } + } + else { + seed[WC_ML_KEM_SYM_SZ] = 2 * k; + } + if ((ret == 0) && (poly != NULL)) { + /* Generating random error polynomial. */ + ret = mlkem_get_noise_eta2_c(prf, poly, seed); + } + + return ret; +} + +#endif /* __aarch64__ && WOLFSSL_ARMASM */ + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [in, out] prf Pseudo-random function object. + * @param [in] k Number of polynomials in vector. + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +int mlkem_get_noise(MLKEM_PRF_T* prf, int k, sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret; + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if (k == WC_ML_KEM_512_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = mlkem_get_noise_k2_aarch64(vec1, vec2, poly, seed); +#else + #ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = mlkem_get_noise_k2_avx2(prf, vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); + } + else + #endif + if (poly == NULL) { + ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA3, vec2, + MLKEM_CBD_ETA3, NULL, seed); + } + else { + ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA3, vec2, + MLKEM_CBD_ETA2, poly, seed); + } +#endif + } + else +#endif +#if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) + if (k == WC_ML_KEM_768_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = mlkem_get_noise_k3_aarch64(vec1, vec2, poly, seed); +#else + #ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = mlkem_get_noise_k3_avx2(vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); + } + else + #endif + { + ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA2, vec2, + MLKEM_CBD_ETA2, poly, seed); + } +#endif + } + else +#endif +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) + if (k == WC_ML_KEM_1024_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = mlkem_get_noise_k4_aarch64(vec1, vec2, poly, seed); +#else + #ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = mlkem_get_noise_k4_avx2(prf, vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); + } + else + #endif + { + ret = mlkem_get_noise_c(prf, k, vec1, MLKEM_CBD_ETA2, vec2, + MLKEM_CBD_ETA2, poly, seed); + } +#endif + } + else +#endif + { + ret = BAD_STATE_E; + } + + (void)prf; + + return ret; +} + +#if defined(WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM) || \ + defined(WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM) +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [in, out] prf Pseudo-random function object. + * @param [in] k Number of polynomials in vector. + * @param [out] vec2 Second Vector of polynomials. + * @param [in] seed Seed to use when calculating random. + * @param [in] i Index of vector to generate. + * @param [in] make Indicates generation is for making a key. + * @return 0 on success. + */ +static int mlkem_get_noise_i(MLKEM_PRF_T* prf, int k, sword16* vec2, + byte* seed, int i, int make) +{ + int ret; + + /* Initialize the PRF (generating matrix A leaves it in uninitialized + * state). */ + mlkem_prf_init(prf); + + /* Set index of polynomial of second vector into seed. */ + seed[WC_ML_KEM_SYM_SZ] = k + i; +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) + if ((k == WC_ML_KEM_512_K) && make) { + ret = mlkem_get_noise_eta1_c(prf, vec2, seed, MLKEM_CBD_ETA3); + } + else +#endif + { + ret = mlkem_get_noise_eta1_c(prf, vec2, seed, MLKEM_CBD_ETA2); + } + + (void)make; + return ret; +} +#endif + +/******************************************************************************/ + +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) +/* Compare two byte arrays of equal size. + * + * @param [in] a First array to compare. + * @param [in] b Second array to compare. + * @param [in] sz Size of arrays in bytes. + * @return 0 on success. + * @return -1 on failure. + */ +static int mlkem_cmp_c(const byte* a, const byte* b, int sz) +{ + int i; + byte r = 0; + + /* Constant time comparison of the encapsulated message and cipher text. */ + for (i = 0; i < sz; i++) { + r |= a[i] ^ b[i]; + } + return 0 - ((-(word32)r) >> 31); +} +#endif + +/* Compare two byte arrays of equal size. + * + * @param [in] a First array to compare. + * @param [in] b Second array to compare. + * @param [in] sz Size of arrays in bytes. + * @return 0 on success. + * @return -1 on failure. + */ +int mlkem_cmp(const byte* a, const byte* b, int sz) +{ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + return mlkem_cmp_neon(a, b, sz); +#else + int fail; + +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + fail = mlkem_cmp_avx2(a, b, sz); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + fail = mlkem_cmp_c(a, b, sz); + } + + return fail; +#endif +} + +/******************************************************************************/ + +#if !defined(WOLFSSL_ARMASM) + +/* Conditional subtraction of q to each coefficient of a polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in, out] p Polynomial. + */ +static MLKEM_NOINLINE void mlkem_csubq_c(sword16* p) +{ + unsigned int i; + + for (i = 0; i < MLKEM_N; ++i) { + sword16 t = p[i] - MLKEM_Q; + /* When top bit set, -ve number - need to add q back. */ + p[i] = ((t >> 15) & MLKEM_Q) + t; + } +} + +#elif defined(__aarch64__) + +/* Conditional subtraction of q to each coefficient of a polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in, out] p Polynomial. + */ +#define mlkem_csubq_c mlkem_csubq_neon + +#elif defined(WOLFSSL_ARMASM_THUMB2) + +/* Conditional subtraction of q to each coefficient of a polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in, out] p Polynomial. + */ +#define mlkem_csubq_c mlkem_thumb2_csubq + +#else + +/* Conditional subtraction of q to each coefficient of a polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in, out] p Polynomial. + */ +#define mlkem_csubq_c mlkem_arm32_csubq + +#endif + +/******************************************************************************/ + +#if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE) + +/* Compress value. + * + * Uses div operator that may be slow. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @param [in] s Shift amount to apply to value being compressed. + * @param [in] m Mask to apply get the require number of bits. + * @return Compressed value. + */ +#define TO_COMP_WORD_VEC(v, i, j, k, s, m) \ + ((((word32)v[i * MLKEM_N + j + k] << s) + MLKEM_Q_HALF) / MLKEM_Q) & m + +/* Compress value to 10 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_10(v, i, j, k) \ + TO_COMP_WORD_VEC(v, i, j, k, 10, 0x3ff) + +/* Compress value to 11 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_11(v, i, j, k) \ + TO_COMP_WORD_VEC(v, i, j, k, 11, 0x7ff) + +#else + +/* Multiplier that does div q. + * ((1 << 53) + MLKEM_Q_HALF) / MLKEM_Q + */ +#define MLKEM_V53 0x275f6ed0176UL +/* Multiplier times half of q. + * MLKEM_V53 * (MLKEM_Q_HALF + 1) + */ +#define MLKEM_V53_HALF 0x10013afb768076UL + +/* Multiplier that does div q. + * ((1 << 54) + MLKEM_Q_HALF) / MLKEM_Q + */ +#define MLKEM_V54 0x4ebedda02ecUL +/* Multiplier times half of q. + * MLKEM_V54 * (MLKEM_Q_HALF + 1) + */ +#define MLKEM_V54_HALF 0x200275f6ed00ecUL + +/* Compress value to 10 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_10(v, i, j, k) \ + ((((MLKEM_V54 << 10) * (v)[(i) * MLKEM_N + (j) + (k)]) + \ + MLKEM_V54_HALF) >> 54) + +/* Compress value to 11 bits. + * + * Uses mul instead of div. + * Only works for values in range: 0..3228 + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_11(v, i, j, k) \ + ((((MLKEM_V53 << 11) * (v)[(i) * MLKEM_N + (j) + (k)]) + \ + MLKEM_V53_HALF) >> 53) + +#endif /* CONV_WITH_DIV */ + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Compress the vector of polynomials into a byte array with 10 bits each. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] v Vector of polynomials. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_vec_compress_10_c(byte* r, sword16* v, unsigned int k) +{ + unsigned int i; + unsigned int j; + + for (i = 0; i < k; i++) { + /* Reduce each coefficient to mod q. */ + mlkem_csubq_c(v + i * MLKEM_N); + /* All values are now positive. */ + } + + /* Each polynomial. */ + for (i = 0; i < k; i++) { +#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) || \ + defined(BIG_ENDIAN_ORDER) + /* Each 4 polynomial coefficients. */ + for (j = 0; j < MLKEM_N; j += 4) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int l; + sword16 t[4]; + /* Compress four polynomial values to 10 bits each. */ + for (l = 0; l < 4; l++) { + t[l] = TO_COMP_WORD_10(v, i, j, l); + } + + /* Pack four 10-bit values into byte array. */ + r[ 0] = (t[0] >> 0); + r[ 1] = (t[0] >> 8) | (t[1] << 2); + r[ 2] = (t[1] >> 6) | (t[2] << 4); + r[ 3] = (t[2] >> 4) | (t[3] << 6); + r[ 4] = (t[3] >> 2); + #else + /* Compress four polynomial values to 10 bits each. */ + sword16 t0 = TO_COMP_WORD_10(v, i, j, 0); + sword16 t1 = TO_COMP_WORD_10(v, i, j, 1); + sword16 t2 = TO_COMP_WORD_10(v, i, j, 2); + sword16 t3 = TO_COMP_WORD_10(v, i, j, 3); + + /* Pack four 10-bit values into byte array. */ + r[ 0] = (t0 >> 0); + r[ 1] = (t0 >> 8) | (t1 << 2); + r[ 2] = (t1 >> 6) | (t2 << 4); + r[ 3] = (t2 >> 4) | (t3 << 6); + r[ 4] = (t3 >> 2); + #endif + + /* Move over set bytes. */ + r += 5; + } +#else + /* Each 16 polynomial coefficients. */ + for (j = 0; j < MLKEM_N; j += 16) { + /* Compress four polynomial values to 10 bits each. */ + sword16 t0 = TO_COMP_WORD_10(v, i, j, 0); + sword16 t1 = TO_COMP_WORD_10(v, i, j, 1); + sword16 t2 = TO_COMP_WORD_10(v, i, j, 2); + sword16 t3 = TO_COMP_WORD_10(v, i, j, 3); + sword16 t4 = TO_COMP_WORD_10(v, i, j, 4); + sword16 t5 = TO_COMP_WORD_10(v, i, j, 5); + sword16 t6 = TO_COMP_WORD_10(v, i, j, 6); + sword16 t7 = TO_COMP_WORD_10(v, i, j, 7); + sword16 t8 = TO_COMP_WORD_10(v, i, j, 8); + sword16 t9 = TO_COMP_WORD_10(v, i, j, 9); + sword16 t10 = TO_COMP_WORD_10(v, i, j, 10); + sword16 t11 = TO_COMP_WORD_10(v, i, j, 11); + sword16 t12 = TO_COMP_WORD_10(v, i, j, 12); + sword16 t13 = TO_COMP_WORD_10(v, i, j, 13); + sword16 t14 = TO_COMP_WORD_10(v, i, j, 14); + sword16 t15 = TO_COMP_WORD_10(v, i, j, 15); + + word32* r32 = (word32*)r; + /* Pack sixteen 10-bit values into byte array. */ + r32[0] = t0 | ((word32)t1 << 10) | ((word32)t2 << 20) | + ((word32)t3 << 30); + r32[1] = (t3 >> 2) | ((word32)t4 << 8) | ((word32)t5 << 18) | + ((word32)t6 << 28); + r32[2] = (t6 >> 4) | ((word32)t7 << 6) | ((word32)t8 << 16) | + ((word32)t9 << 26); + r32[3] = (t9 >> 6) | ((word32)t10 << 4) | ((word32)t11 << 14) | + ((word32)t12 << 24); + r32[4] = (t12 >> 8) | ((word32)t13 << 2) | ((word32)t14 << 12) | + ((word32)t15 << 22); + + /* Move over set bytes. */ + r += 20; + } +#endif + } +} + +/* Compress the vector of polynomials into a byte array with 10 bits each. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] v Vector of polynomials. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_vec_compress_10(byte* r, sword16* v, unsigned int k) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_compress_10_avx2(r, v, k); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_vec_compress_10_c(r, v, k); + } +} +#endif + +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Compress the vector of polynomials into a byte array with 11 bits each. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] v Vector of polynomials. + */ +static void mlkem_vec_compress_11_c(byte* r, sword16* v) +{ + unsigned int i; + unsigned int j; +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int k; +#endif + + for (i = 0; i < 4; i++) { + /* Reduce each coefficient to mod q. */ + mlkem_csubq_c(v + i * MLKEM_N); + /* All values are now positive. */ + } + + /* Each polynomial. */ + for (i = 0; i < 4; i++) { + /* Each 8 polynomial coefficients. */ + for (j = 0; j < MLKEM_N; j += 8) { + #ifdef WOLFSSL_MLKEM_SMALL + sword16 t[8]; + /* Compress eight polynomial values to 11 bits each. */ + for (k = 0; k < 8; k++) { + t[k] = TO_COMP_WORD_11(v, i, j, k); + } + + /* Pack eight 11-bit values into byte array. */ + r[ 0] = (t[0] >> 0); + r[ 1] = (t[0] >> 8) | (t[1] << 3); + r[ 2] = (t[1] >> 5) | (t[2] << 6); + r[ 3] = (t[2] >> 2); + r[ 4] = (t[2] >> 10) | (t[3] << 1); + r[ 5] = (t[3] >> 7) | (t[4] << 4); + r[ 6] = (t[4] >> 4) | (t[5] << 7); + r[ 7] = (t[5] >> 1); + r[ 8] = (t[5] >> 9) | (t[6] << 2); + r[ 9] = (t[6] >> 6) | (t[7] << 5); + r[10] = (t[7] >> 3); + #else + /* Compress eight polynomial values to 11 bits each. */ + sword16 t0 = TO_COMP_WORD_11(v, i, j, 0); + sword16 t1 = TO_COMP_WORD_11(v, i, j, 1); + sword16 t2 = TO_COMP_WORD_11(v, i, j, 2); + sword16 t3 = TO_COMP_WORD_11(v, i, j, 3); + sword16 t4 = TO_COMP_WORD_11(v, i, j, 4); + sword16 t5 = TO_COMP_WORD_11(v, i, j, 5); + sword16 t6 = TO_COMP_WORD_11(v, i, j, 6); + sword16 t7 = TO_COMP_WORD_11(v, i, j, 7); + + /* Pack eight 11-bit values into byte array. */ + r[ 0] = (t0 >> 0); + r[ 1] = (t0 >> 8) | (t1 << 3); + r[ 2] = (t1 >> 5) | (t2 << 6); + r[ 3] = (t2 >> 2); + r[ 4] = (t2 >> 10) | (t3 << 1); + r[ 5] = (t3 >> 7) | (t4 << 4); + r[ 6] = (t4 >> 4) | (t5 << 7); + r[ 7] = (t5 >> 1); + r[ 8] = (t5 >> 9) | (t6 << 2); + r[ 9] = (t6 >> 6) | (t7 << 5); + r[10] = (t7 >> 3); + #endif + + /* Move over set bytes. */ + r += 11; + } + } +} + +/* Compress the vector of polynomials into a byte array with 11 bits each. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] v Vector of polynomials. + */ +void mlkem_vec_compress_11(byte* r, sword16* v) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_compress_11_avx2(r, v, 4); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_vec_compress_11_c(r, v); + } +} +#endif +#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE +/* Decompress a 10 bit value. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @param [in] t Value to decompress. + * @return Decompressed value. + */ +#define DECOMP_10(v, i, j, k, t) \ + v[(i) * MLKEM_N + 4 * (j) + (k)] = \ + (word16)((((word32)((t) & 0x3ff) * MLKEM_Q) + 512) >> 10) + +/* Decompress an 11 bit value. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @param [in] t Value to decompress. + * @return Decompressed value. + */ +#define DECOMP_11(v, i, j, k, t) \ + v[(i) * MLKEM_N + 8 * (j) + (k)] = \ + (word16)((((word32)((t) & 0x7ff) * MLKEM_Q) + 1024) >> 11) + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Decompress the byte array of packed 10 bits into vector of polynomials. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] v Vector of polynomials. + * @param [in] b Array of bytes. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_vec_decompress_10_c(sword16* v, const byte* b, unsigned int k) +{ + unsigned int i; + unsigned int j; +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int l; +#endif + + /* Each polynomial. */ + for (i = 0; i < k; i++) { + /* Each 4 polynomial coefficients. */ + for (j = 0; j < MLKEM_N / 4; j++) { + #ifdef WOLFSSL_MLKEM_SMALL + word16 t[4]; + /* Extract out 4 values of 10 bits each. */ + t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8); + t[1] = (b[1] >> 2) | ((word16)b[ 2] << 6); + t[2] = (b[2] >> 4) | ((word16)b[ 3] << 4); + t[3] = (b[3] >> 6) | ((word16)b[ 4] << 2); + b += 5; + + /* Decompress 4 values. */ + for (l = 0; l < 4; l++) { + DECOMP_10(v, i, j, l, t[l]); + } + #else + /* Extract out 4 values of 10 bits each. */ + sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8); + sword16 t1 = (b[1] >> 2) | ((word16)b[ 2] << 6); + sword16 t2 = (b[2] >> 4) | ((word16)b[ 3] << 4); + sword16 t3 = (b[3] >> 6) | ((word16)b[ 4] << 2); + b += 5; + + /* Decompress 4 values. */ + DECOMP_10(v, i, j, 0, t0); + DECOMP_10(v, i, j, 1, t1); + DECOMP_10(v, i, j, 2, t2); + DECOMP_10(v, i, j, 3, t3); + #endif + } + } +} + +/* Decompress the byte array of packed 10 bits into vector of polynomials. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] v Vector of polynomials. + * @param [in] b Array of bytes. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_vec_decompress_10(sword16* v, const byte* b, unsigned int k) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_decompress_10_avx2(v, b, k); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_vec_decompress_10_c(v, b, k); + } +} +#endif +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Decompress the byte array of packed 11 bits into vector of polynomials. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] v Vector of polynomials. + * @param [in] b Array of bytes. + */ +static void mlkem_vec_decompress_11_c(sword16* v, const byte* b) +{ + unsigned int i; + unsigned int j; +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int l; +#endif + + /* Each polynomial. */ + for (i = 0; i < 4; i++) { + /* Each 8 polynomial coefficients. */ + for (j = 0; j < MLKEM_N / 8; j++) { + #ifdef WOLFSSL_MLKEM_SMALL + word16 t[8]; + /* Extract out 8 values of 11 bits each. */ + t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8); + t[1] = (b[1] >> 3) | ((word16)b[ 2] << 5); + t[2] = (b[2] >> 6) | ((word16)b[ 3] << 2) | + ((word16)b[4] << 10); + t[3] = (b[4] >> 1) | ((word16)b[ 5] << 7); + t[4] = (b[5] >> 4) | ((word16)b[ 6] << 4); + t[5] = (b[6] >> 7) | ((word16)b[ 7] << 1) | + ((word16)b[8] << 9); + t[6] = (b[8] >> 2) | ((word16)b[ 9] << 6); + t[7] = (b[9] >> 5) | ((word16)b[10] << 3); + b += 11; + + /* Decompress 8 values. */ + for (l = 0; l < 8; l++) { + DECOMP_11(v, i, j, l, t[l]); + } + #else + /* Extract out 8 values of 11 bits each. */ + sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8); + sword16 t1 = (b[1] >> 3) | ((word16)b[ 2] << 5); + sword16 t2 = (b[2] >> 6) | ((word16)b[ 3] << 2) | + ((word16)b[4] << 10); + sword16 t3 = (b[4] >> 1) | ((word16)b[ 5] << 7); + sword16 t4 = (b[5] >> 4) | ((word16)b[ 6] << 4); + sword16 t5 = (b[6] >> 7) | ((word16)b[ 7] << 1) | + ((word16)b[8] << 9); + sword16 t6 = (b[8] >> 2) | ((word16)b[ 9] << 6); + sword16 t7 = (b[9] >> 5) | ((word16)b[10] << 3); + b += 11; + + /* Decompress 8 values. */ + DECOMP_11(v, i, j, 0, t0); + DECOMP_11(v, i, j, 1, t1); + DECOMP_11(v, i, j, 2, t2); + DECOMP_11(v, i, j, 3, t3); + DECOMP_11(v, i, j, 4, t4); + DECOMP_11(v, i, j, 5, t5); + DECOMP_11(v, i, j, 6, t6); + DECOMP_11(v, i, j, 7, t7); + #endif + } + } +} + +/* Decompress the byte array of packed 11 bits into vector of polynomials. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] v Vector of polynomials. + * @param [in] b Array of bytes. + */ +void mlkem_vec_decompress_11(sword16* v, const byte* b) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_decompress_11_avx2(v, b, 4); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_vec_decompress_11_c(v, b); + } +} +#endif +#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#ifdef CONV_WITH_DIV + +/* Compress value. + * + * Uses div operator that may be slow. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] v Vector of polynomials. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @param [in] s Shift amount to apply to value being compressed. + * @param [in] m Mask to apply get the require number of bits. + * @return Compressed value. + */ +#define TO_COMP_WORD(v, i, j, s, m) \ + ((((word32)v[i + j] << s) + MLKEM_Q_HALF) / MLKEM_Q) & m + +/* Compress value to 4 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_4(p, i, j) \ + TO_COMP_WORD(p, i, j, 4, 0xf) + +/* Compress value to 5 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_5(p, i, j) \ + TO_COMP_WORD(p, i, j, 5, 0x1f) + +#else + +/* Multiplier that does div q. */ +#define MLKEM_V28 ((word32)(((1U << 28) + MLKEM_Q_HALF)) / MLKEM_Q) +/* Multiplier times half of q. */ +#define MLKEM_V28_HALF ((word32)(MLKEM_V28 * (MLKEM_Q_HALF + 1))) + +/* Multiplier that does div q. */ +#define MLKEM_V27 ((word32)(((1U << 27) + MLKEM_Q_HALF)) / MLKEM_Q) +/* Multiplier times half of q. */ +#define MLKEM_V27_HALF ((word32)(MLKEM_V27 * MLKEM_Q_HALF)) + +/* Compress value to 4 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_4(p, i, j) \ + ((((MLKEM_V28 << 4) * (p)[(i) + (j)]) + MLKEM_V28_HALF) >> 28) + +/* Compress value to 5 bits. + * + * Uses mul instead of div. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @return Compressed value. + */ +#define TO_COMP_WORD_5(p, i, j) \ + ((((MLKEM_V27 << 5) * (p)[(i) + (j)]) + MLKEM_V27_HALF) >> 27) + +#endif /* CONV_WITH_DIV */ + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Compress a polynomial into byte array - on coefficients into 4 bits. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] p Polynomial. + */ +static void mlkem_compress_4_c(byte* b, sword16* p) +{ + unsigned int i; +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + byte t[8]; +#endif + + /* Reduce each coefficients to mod q. */ + mlkem_csubq_c(p); + /* All values are now positive. */ + + /* Each 8 polynomial coefficients. */ + for (i = 0; i < MLKEM_N; i += 8) { + #ifdef WOLFSSL_MLKEM_SMALL + /* Compress eight polynomial values to 4 bits each. */ + for (j = 0; j < 8; j++) { + t[j] = TO_COMP_WORD_4(p, i, j); + } + + b[0] = t[0] | (t[1] << 4); + b[1] = t[2] | (t[3] << 4); + b[2] = t[4] | (t[5] << 4); + b[3] = t[6] | (t[7] << 4); + #else + /* Compress eight polynomial values to 4 bits each. */ + byte t0 = TO_COMP_WORD_4(p, i, 0); + byte t1 = TO_COMP_WORD_4(p, i, 1); + byte t2 = TO_COMP_WORD_4(p, i, 2); + byte t3 = TO_COMP_WORD_4(p, i, 3); + byte t4 = TO_COMP_WORD_4(p, i, 4); + byte t5 = TO_COMP_WORD_4(p, i, 5); + byte t6 = TO_COMP_WORD_4(p, i, 6); + byte t7 = TO_COMP_WORD_4(p, i, 7); + + /* Pack eight 4-bit values into byte array. */ + b[0] = t0 | (t1 << 4); + b[1] = t2 | (t3 << 4); + b[2] = t4 | (t5 << 4); + b[3] = t6 | (t7 << 4); + #endif + + /* Move over set bytes. */ + b += 4; + } +} + +/* Compress a polynomial into byte array - on coefficients into 4 bits. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] p Polynomial. + */ +void mlkem_compress_4(byte* b, sword16* p) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_compress_4_avx2(b, p); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_compress_4_c(b, p); + } +} +#endif +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Compress a polynomial into byte array - on coefficients into 5 bits. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] p Polynomial. + */ +static void mlkem_compress_5_c(byte* b, sword16* p) +{ + unsigned int i; +#ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + byte t[8]; +#endif + + /* Reduce each coefficients to mod q. */ + mlkem_csubq_c(p); + /* All values are now positive. */ + + for (i = 0; i < MLKEM_N; i += 8) { + #ifdef WOLFSSL_MLKEM_SMALL + /* Compress eight polynomial values to 5 bits each. */ + for (j = 0; j < 8; j++) { + t[j] = TO_COMP_WORD_5(p, i, j); + } + + /* Pack 5 bits into byte array. */ + b[0] = (t[0] >> 0) | (t[1] << 5); + b[1] = (t[1] >> 3) | (t[2] << 2) | (t[3] << 7); + b[2] = (t[3] >> 1) | (t[4] << 4); + b[3] = (t[4] >> 4) | (t[5] << 1) | (t[6] << 6); + b[4] = (t[6] >> 2) | (t[7] << 3); + #else + /* Compress eight polynomial values to 5 bits each. */ + byte t0 = TO_COMP_WORD_5(p, i, 0); + byte t1 = TO_COMP_WORD_5(p, i, 1); + byte t2 = TO_COMP_WORD_5(p, i, 2); + byte t3 = TO_COMP_WORD_5(p, i, 3); + byte t4 = TO_COMP_WORD_5(p, i, 4); + byte t5 = TO_COMP_WORD_5(p, i, 5); + byte t6 = TO_COMP_WORD_5(p, i, 6); + byte t7 = TO_COMP_WORD_5(p, i, 7); + + /* Pack eight 5-bit values into byte array. */ + b[0] = (t0 >> 0) | (t1 << 5); + b[1] = (t1 >> 3) | (t2 << 2) | (t3 << 7); + b[2] = (t3 >> 1) | (t4 << 4); + b[3] = (t4 >> 4) | (t5 << 1) | (t6 << 6); + b[4] = (t6 >> 2) | (t7 << 3); + #endif + + /* Move over set bytes. */ + b += 5; + } +} + +/* Compress a polynomial into byte array - on coefficients into 5 bits. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] b Array of bytes. + * @param [in] p Polynomial. + */ +void mlkem_compress_5(byte* b, sword16* p) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_compress_5_avx2(b, p); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_compress_5_c(b, p); + } +} +#endif +#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE +/* Decompress a 4 bit value. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @param [in] t Value to decompress. + * @return Decompressed value. + */ +#define DECOMP_4(p, i, j, t) \ + p[(i) + (j)] = ((word16)((t) * MLKEM_Q) + 8) >> 4 + +/* Decompress a 5 bit value. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [in] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @param [in] t Value to decompress. + * @return Decompressed value. + */ +#define DECOMP_5(p, i, j, t) \ + p[(i) + (j)] = (((word32)((t) & 0x1f) * MLKEM_Q) + 16) >> 5 + +#if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ + defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) +/* Decompress the byte array of packed 4 bits into polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] p Polynomial. + * @param [in] b Array of bytes. + */ +static void mlkem_decompress_4_c(sword16* p, const byte* b) +{ + unsigned int i; + + /* 2 coefficients at a time. */ + for (i = 0; i < MLKEM_N; i += 2) { + /* 2 coefficients decompressed from one byte. */ + DECOMP_4(p, i, 0, b[0] & 0xf); + DECOMP_4(p, i, 1, b[0] >> 4); + b += 1; + } +} + +/* Decompress the byte array of packed 4 bits into polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] p Polynomial. + * @param [in] b Array of bytes. + */ +void mlkem_decompress_4(sword16* p, const byte* b) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_decompress_4_avx2(p, b); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_decompress_4_c(p, b); + } +} +#endif +#if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) +/* Decompress the byte array of packed 5 bits into polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] p Polynomial. + * @param [in] b Array of bytes. + */ +static void mlkem_decompress_5_c(sword16* p, const byte* b) +{ + unsigned int i; + + /* Each 8 polynomial coefficients. */ + for (i = 0; i < MLKEM_N; i += 8) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + byte t[8]; + + /* Extract out 8 values of 5 bits each. */ + t[0] = (b[0] >> 0); + t[1] = (b[0] >> 5) | (b[1] << 3); + t[2] = (b[1] >> 2); + t[3] = (b[1] >> 7) | (b[2] << 1); + t[4] = (b[2] >> 4) | (b[3] << 4); + t[5] = (b[3] >> 1); + t[6] = (b[3] >> 6) | (b[4] << 2); + t[7] = (b[4] >> 3); + b += 5; + + /* Decompress 8 values. */ + for (j = 0; j < 8; j++) { + DECOMP_5(p, i, j, t[j]); + } + #else + /* Extract out 8 values of 5 bits each. */ + byte t0 = (b[0] >> 0); + byte t1 = (b[0] >> 5) | (b[1] << 3); + byte t2 = (b[1] >> 2); + byte t3 = (b[1] >> 7) | (b[2] << 1); + byte t4 = (b[2] >> 4) | (b[3] << 4); + byte t5 = (b[3] >> 1); + byte t6 = (b[3] >> 6) | (b[4] << 2); + byte t7 = (b[4] >> 3); + b += 5; + + /* Decompress 8 values. */ + DECOMP_5(p, i, 0, t0); + DECOMP_5(p, i, 1, t1); + DECOMP_5(p, i, 2, t2); + DECOMP_5(p, i, 3, t3); + DECOMP_5(p, i, 4, t4); + DECOMP_5(p, i, 5, t5); + DECOMP_5(p, i, 6, t6); + DECOMP_5(p, i, 7, t7); + #endif + } +} + +/* Decompress the byte array of packed 5 bits into polynomial. + * + * FIPS 203, Section 4.2.1, Compression and decompression + * + * @param [out] p Polynomial. + * @param [in] b Array of bytes. + */ +void mlkem_decompress_5(sword16* p, const byte* b) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_decompress_5_avx2(p, b); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_decompress_5_c(p, b); + } +} +#endif +#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +/******************************************************************************/ + +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +/* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2. + * + * Constant time implementation. + * XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed + * with MLKEM_Q_1_HALF and can't optimize to non-constant time code. + * + * FIPS 203, Algorithm 6: ByteDecode_d(B) + * + * @param [out] p Polynomial to hold converted value. + * @param [in] msg Message to get bit from byte from. + * @param [in] i Index of byte from message. + * @param [in] j Index of bit in byte. + */ +#define FROM_MSG_BIT(p, msg, i, j) \ + ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \ + mlkem_opt_blocker) & MLKEM_Q_1_HALF) + +/* Convert message to polynomial. + * + * FIPS 203, Algorithm 6: ByteDecode_d(B) + * + * @param [out] p Polynomial. + * @param [in] msg Message as a byte array. + */ +static void mlkem_from_msg_c(sword16* p, const byte* msg) +{ + unsigned int i; + + /* For each byte of the message. */ + for (i = 0; i < MLKEM_N / 8; i++) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + /* For each bit of the message. */ + for (j = 0; j < 8; j++) { + FROM_MSG_BIT(p, msg, i, j); + } + #else + FROM_MSG_BIT(p, msg, i, 0); + FROM_MSG_BIT(p, msg, i, 1); + FROM_MSG_BIT(p, msg, i, 2); + FROM_MSG_BIT(p, msg, i, 3); + FROM_MSG_BIT(p, msg, i, 4); + FROM_MSG_BIT(p, msg, i, 5); + FROM_MSG_BIT(p, msg, i, 6); + FROM_MSG_BIT(p, msg, i, 7); + #endif + } +} + +/* Convert message to polynomial. + * + * FIPS 203, Algorithm 6: ByteDecode_d(B) + * + * @param [out] p Polynomial. + * @param [in] msg Message as a byte array. + */ +void mlkem_from_msg(sword16* p, const byte* msg) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + mlkem_from_msg_avx2(p, msg); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_from_msg_c(p, msg); + } +} +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE +#ifdef CONV_WITH_DIV + +/* Convert to value to bit. + * + * Uses div operator that may be slow. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] m Message. + * @param [in] p Polynomial. + * @param [in] i Index of byte in message. + * @param [in] j Index of bit in byte. + */ +#define TO_MSG_BIT(m, p, i, j) \ + m[i] |= (((((sword16)p[8 * i + j] << 1) + MLKEM_Q_HALF) / MLKEM_Q) & 1) << j + +#else + +/* Multiplier that does div q. */ +#define MLKEM_V31 (((1U << 31) + (MLKEM_Q / 2)) / MLKEM_Q) +/* 2 * multiplier that does div q. Only need bit 32 of result. */ +#define MLKEM_V31_2 ((word32)(MLKEM_V31 * 2)) +/* Multiplier times half of q. */ +#define MLKEM_V31_HALF ((word32)(MLKEM_V31 * MLKEM_Q_HALF)) + +/* Convert to value to bit. + * + * Uses mul instead of div. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] m Message. + * @param [in] p Polynomial. + * @param [in] i Index of byte in message. + * @param [in] j Index of bit in byte. + */ +#define TO_MSG_BIT(m, p, i, j) \ + (m)[i] |= ((word32)((MLKEM_V31_2 * (p)[8 * (i) + (j)]) + \ + MLKEM_V31_HALF) >> 31) << (j) + +#endif /* CONV_WITH_DIV */ + +/* Convert polynomial to message. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] msg Message as a byte array. + * @param [in] p Polynomial. + */ +static void mlkem_to_msg_c(byte* msg, sword16* p) +{ + unsigned int i; + + /* Reduce each coefficient to mod q. */ + mlkem_csubq_c(p); + /* All values are now in range. */ + + for (i = 0; i < MLKEM_N / 8; i++) { + #ifdef WOLFSSL_MLKEM_SMALL + unsigned int j; + msg[i] = 0; + for (j = 0; j < 8; j++) { + TO_MSG_BIT(msg, p, i, j); + } + #else + msg[i] = 0; + TO_MSG_BIT(msg, p, i, 0); + TO_MSG_BIT(msg, p, i, 1); + TO_MSG_BIT(msg, p, i, 2); + TO_MSG_BIT(msg, p, i, 3); + TO_MSG_BIT(msg, p, i, 4); + TO_MSG_BIT(msg, p, i, 5); + TO_MSG_BIT(msg, p, i, 6); + TO_MSG_BIT(msg, p, i, 7); + #endif + } +} + +/* Convert polynomial to message. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] msg Message as a byte array. + * @param [in] p Polynomial. + */ +void mlkem_to_msg(byte* msg, sword16* p) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + /* Convert the polynomial into a array of bytes (message). */ + mlkem_to_msg_avx2(msg, p); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_to_msg_c(msg, p); + } +} +#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */ +#else +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +/* Convert message to polynomial. + * + * FIPS 203, Algorithm 6: ByteDecode_d(B) + * + * @param [out] p Polynomial. + * @param [in] msg Message as a byte array. + */ +void mlkem_from_msg(sword16* p, const byte* msg) +{ + mlkem_from_msg_neon(p, msg); +} +#endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */ + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE +/* Convert polynomial to message. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] msg Message as a byte array. + * @param [in] p Polynomial. + */ +void mlkem_to_msg(byte* msg, sword16* p) +{ + mlkem_to_msg_neon(msg, p); +} +#endif /* WOLFSSL_MLKEM_NO_DECAPSULATE */ +#endif /* !(__aarch64__ && WOLFSSL_ARMASM) */ + +/******************************************************************************/ + +/* Convert bytes to polynomial. + * + * Consecutive 12 bits hold each coefficient of polynomial. + * Used in decoding private and public keys. + * + * FIPS 203, Algorithm 6: ByteDecode_d(B) + * + * @param [out] p Vector of polynomials. + * @param [in] b Array of bytes. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_from_bytes_c(sword16* p, const byte* b, int k) +{ + int i; + int j; + + for (j = 0; j < k; j++) { + for (i = 0; i < MLKEM_N / 2; i++) { + p[2 * i + 0] = ((b[3 * i + 0] >> 0) | + ((word16)b[3 * i + 1] << 8)) & 0xfff; + p[2 * i + 1] = ((b[3 * i + 1] >> 4) | + ((word16)b[3 * i + 2] << 4)) & 0xfff; + } + p += MLKEM_N; + b += WC_ML_KEM_POLY_SIZE; + } +} + +/* Convert bytes to polynomial. + * + * Consecutive 12 bits hold each coefficient of polynomial. + * Used in decoding private and public keys. + * + * FIPS 203, Algorithm 6: ByteDecode_d(B) + * + * @param [out] p Vector of polynomials. + * @param [in] b Array of bytes. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_from_bytes(sword16* p, const byte* b, int k) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + int i; + + for (i = 0; i < k; i++) { + mlkem_from_bytes_avx2(p, b); + p += MLKEM_N; + b += WC_ML_KEM_POLY_SIZE; + } + + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_from_bytes_c(p, b, k); + } +} + +/* Convert polynomial to bytes. + * + * Consecutive 12 bits hold each coefficient of polynomial. + * Used in encoding private and public keys. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] b Array of bytes. + * @param [in] p Polynomial. + * @param [in] k Number of polynomials in vector. + */ +static void mlkem_to_bytes_c(byte* b, sword16* p, int k) +{ + int i; + int j; + + /* Reduce each coefficient to mod q. */ + mlkem_csubq_c(p); + /* All values are now positive. */ + + for (j = 0; j < k; j++) { + for (i = 0; i < MLKEM_N / 2; i++) { + word16 t0 = p[2 * i]; + word16 t1 = p[2 * i + 1]; + b[3 * i + 0] = (t0 >> 0); + b[3 * i + 1] = (t0 >> 8) | t1 << 4; + b[3 * i + 2] = (t1 >> 4); + } + p += MLKEM_N; + b += WC_ML_KEM_POLY_SIZE; + } +} + +/* Convert polynomial to bytes. + * + * Consecutive 12 bits hold each coefficient of polynomial. + * Used in encoding private and public keys. + * + * FIPS 203, Algorithm 6: ByteEncode_d(F) + * + * @param [out] b Array of bytes. + * @param [in] p Polynomial. + * @param [in] k Number of polynomials in vector. + */ +void mlkem_to_bytes(byte* b, sword16* p, int k) +{ +#ifdef USE_INTEL_SPEEDUP + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + int i; + + for (i = 0; i < k; i++) { + mlkem_to_bytes_avx2(b, p); + p += MLKEM_N; + b += WC_ML_KEM_POLY_SIZE; + } + + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + mlkem_to_bytes_c(b, p, k); + } +} + +#endif /* WOLFSSL_WC_MLKEM */ diff --git a/src/wolfcrypt/src/wc_pkcs11.c b/src/wolfcrypt/src/wc_pkcs11.c index b3df75c..efacd74 100644 --- a/src/wolfcrypt/src/wc_pkcs11.c +++ b/src/wolfcrypt/src/wc_pkcs11.c @@ -1,6 +1,6 @@ /* wc_pkcs11.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #ifdef HAVE_PKCS11 @@ -32,9 +28,7 @@ #endif #include -#include #include -#include #ifndef NO_RSA #include #endif diff --git a/src/wolfcrypt/src/wc_port.c b/src/wolfcrypt/src/wc_port.c index 2ee85e3..a757852 100644 --- a/src/wolfcrypt/src/wc_port.c +++ b/src/wolfcrypt/src/wc_port.c @@ -1,6 +1,6 @@ /* port.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,20 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif +#include #ifdef __APPLE__ #include #endif -#include -#include -#include -#include -#include #ifdef HAVE_ECC #include #endif @@ -658,11 +650,13 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) if (name) *name = NULL; + if (ctx != NULL) + XMEMSET(ctx, 0, sizeof(ReadDirCtx)); + if (ctx == NULL || path == NULL) { return BAD_FUNC_ARG; } - XMEMSET(ctx, 0, sizeof(ReadDirCtx)); pathLen = (int)XSTRLEN(path); #ifdef USE_WINDOWS_API @@ -1041,6 +1035,15 @@ int z_fs_close(XFILE file) return ret; } +/* Rewind the file pointer to the beginning of the file */ +/* This is not a 'rewind' is not supported in Zephyr so */ +/* use fs_seek to move the file pointer to the beginning of the file */ +/* calling it z_fs_rewind to avoid future conflicts if rewind is added */ +int z_fs_rewind(XFILE file) +{ + return fs_seek(file, 0, FS_SEEK_SET); +} + #endif /* !NO_FILESYSTEM && !WOLFSSL_ZEPHYR */ #if !defined(WOLFSSL_USER_MUTEX) @@ -1657,6 +1660,99 @@ int wolfSSL_HwPkMutexUnLock(void) return 0; } +#elif defined(__WATCOMC__) + + int wc_InitMutex(wolfSSL_Mutex* m) + { + #ifdef __OS2__ + DosCreateMutexSem( NULL, m, 0, FALSE ); + #elif defined(__NT__) + InitializeCriticalSection(m); + #elif defined(__LINUX__) + if (pthread_mutex_init(m, NULL) ) + return BAD_MUTEX_E; + #endif + return 0; + } + + int wc_FreeMutex(wolfSSL_Mutex* m) + { + #ifdef __OS2__ + DosCloseMutexSem(*m); + #elif defined(__NT__) + DeleteCriticalSection(m); + #elif defined(__LINUX__) + if (pthread_mutex_destroy(m) ) + return BAD_MUTEX_E; + #endif + return 0; + } + + int wc_LockMutex(wolfSSL_Mutex* m) + { + #ifdef __OS2__ + DosRequestMutexSem(*m, SEM_INDEFINITE_WAIT); + #elif defined(__NT__) + EnterCriticalSection(m); + #elif defined(__LINUX__) + if (pthread_mutex_lock(m) ) + return BAD_MUTEX_E; + #endif + return 0; + } + + int wc_UnLockMutex(wolfSSL_Mutex* m) + { + #ifdef __OS2__ + DosReleaseMutexSem(*m); + #elif defined(__NT__) + LeaveCriticalSection(m); + #elif defined(__LINUX__) + if (pthread_mutex_unlock(m) ) + return BAD_MUTEX_E; + #endif + return 0; + } + + #if defined(WOLFSSL_USE_RWLOCK) && defined(__LINUX__) + + int wc_InitRwLock(wolfSSL_RwLock* m) + { + if (pthread_rwlock_init(m, NULL) ) + return BAD_MUTEX_E; + return 0; + } + + int wc_FreeRwLock(wolfSSL_RwLock* m) + { + if (pthread_rwlock_destroy(m) ) + return BAD_MUTEX_E; + return 0; + } + + int wc_LockRwLock_Wr(wolfSSL_RwLock* m) + { + if (pthread_rwlock_wrlock(m) ) + return BAD_MUTEX_E; + return 0; + } + + int wc_LockRwLock_Rd(wolfSSL_RwLock* m) + { + if (pthread_rwlock_rdlock(m) ) + return BAD_MUTEX_E; + return 0; + } + + int wc_UnLockRwLock(wolfSSL_RwLock* m) + { + if (pthread_rwlock_unlock(m) == 0) + return BAD_MUTEX_E; + return 0; + } + + #endif + #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \ defined(FREESCALE_FREE_RTOS) @@ -2422,6 +2518,10 @@ int wolfSSL_HwPkMutexUnLock(void) int wc_InitMutex(wolfSSL_Mutex* m) { + #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2)) + if (wolfCrypt_GetMode_fips() == FIPS_MODE_INIT) + return 0; + #endif if (_mutex_init(m, NULL) == MQX_EOK) return 0; else @@ -2438,6 +2538,13 @@ int wolfSSL_HwPkMutexUnLock(void) int wc_LockMutex(wolfSSL_Mutex* m) { + #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2)) + if (m->VALID != MUTEX_VALID) { + if (_mutex_init(m, NULL) != MQX_EOK) + return BAD_MUTEX_E; + } + #endif + if (_mutex_lock(m) == MQX_EOK) return 0; else @@ -2446,6 +2553,13 @@ int wolfSSL_HwPkMutexUnLock(void) int wc_UnLockMutex(wolfSSL_Mutex* m) { + #if (defined(HAVE_FIPS) && FIPS_VERSION_EQ(5,2)) + if (m->VALID != MUTEX_VALID) { + if (_mutex_init(m, NULL) != MQX_EOK) + return BAD_MUTEX_E; + } + #endif + if (_mutex_unlock(m) == MQX_EOK) return 0; else @@ -2710,7 +2824,9 @@ int wolfSSL_HwPkMutexUnLock(void) #elif defined(WOLFSSL_CMSIS_RTOS) - #define CMSIS_NMUTEX 10 + #ifndef CMSIS_NMUTEX + #define CMSIS_NMUTEX 10 + #endif osMutexDef(wolfSSL_mt0); osMutexDef(wolfSSL_mt1); osMutexDef(wolfSSL_mt2); osMutexDef(wolfSSL_mt3); osMutexDef(wolfSSL_mt4); osMutexDef(wolfSSL_mt5); osMutexDef(wolfSSL_mt6); osMutexDef(wolfSSL_mt7); osMutexDef(wolfSSL_mt8); @@ -2726,6 +2842,11 @@ int wolfSSL_HwPkMutexUnLock(void) int wc_InitMutex(wolfSSL_Mutex* m) { int i; + + if(!osKernelRunning()) { + return 0; + } + for (i=0; imutex, 0, FALSE ); + DosCreateEventSem( NULL, &cond->cond, DCE_POSTONE, FALSE ); + #elif defined(__NT__) + cond->cond = CreateEventA(NULL, FALSE, FALSE, NULL); + if (cond->cond == NULL) + return MEMORY_E; + + if (wc_InitMutex(&cond->mutex) != 0) { + if (CloseHandle(cond->cond) == 0) + return MEMORY_E; + return MEMORY_E; + } + #elif defined(__LINUX__) + if (pthread_mutex_init(&cond->mutex, NULL) != 0) + return MEMORY_E; + + if (pthread_cond_init(&cond->cond, NULL) != 0) { + /* Keep compilers happy that we are using the return code */ + if (pthread_mutex_destroy(&cond->mutex) != 0) + return MEMORY_E; + return MEMORY_E; + } + #endif + return 0; + } + + int wolfSSL_CondFree(COND_TYPE* cond) + { + if (cond == NULL) + return BAD_FUNC_ARG; + #if defined(__OS2__) + DosCloseMutexSem(cond->mutex); + DosCloseEventSem(cond->cond); + #elif defined(__NT__) + if (CloseHandle(cond->cond) == 0) + return MEMORY_E; + #elif defined(__LINUX__) + if (pthread_mutex_destroy(&cond->mutex) != 0) + return MEMORY_E; + + if (pthread_cond_destroy(&cond->cond) != 0) + return MEMORY_E; + #endif + return 0; + } + + int wolfSSL_CondStart(COND_TYPE* cond) + { + if (cond == NULL) + return BAD_FUNC_ARG; + #if defined(__OS2__) + #elif defined(__NT__) + if (wc_LockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + #elif defined(__LINUX__) + if (pthread_mutex_lock(&cond->mutex) != 0) + return BAD_MUTEX_E; + #endif + return 0; + } + + int wolfSSL_CondSignal(COND_TYPE* cond) + { + if (cond == NULL) + return BAD_FUNC_ARG; + #if defined(__OS2__) + #elif defined(__NT__) + if (wc_UnLockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + + if (SetEvent(cond->cond) == 0) + return MEMORY_E; + + if (wc_LockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + #elif defined(__LINUX__) + if (pthread_cond_signal(&cond->cond) != 0) + return MEMORY_E; + #endif + return 0; + } + + int wolfSSL_CondWait(COND_TYPE* cond) + { + if (cond == NULL) + return BAD_FUNC_ARG; + #if defined(__OS2__) + #elif defined(__NT__) + if (wc_UnLockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + + if (WaitForSingleObject(cond->cond, INFINITE) == WAIT_FAILED) + return MEMORY_E; + + if (wc_LockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + #elif defined(__LINUX__) + if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0) + return MEMORY_E; + #endif + return 0; + } + + int wolfSSL_CondEnd(COND_TYPE* cond) + { + if (cond == NULL) + return BAD_FUNC_ARG; + #if defined(__OS2__) + #elif defined(__NT__) + if (wc_UnLockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + #elif defined(__LINUX__) + if (pthread_mutex_unlock(&cond->mutex) != 0) + return BAD_MUTEX_E; + #endif + return 0; + } + #endif /* WOLFSSL_COND */ + + +#elif defined(USE_WINDOWS_API) && !defined(WOLFSSL_PTHREADS) && \ !defined(_WIN32_WCE) int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg) diff --git a/src/wolfcrypt/src/wc_xmss.c b/src/wolfcrypt/src/wc_xmss.c index 6546597..51b308b 100644 --- a/src/wolfcrypt/src/wc_xmss.c +++ b/src/wolfcrypt/src/wc_xmss.c @@ -1,6 +1,6 @@ /* wc_xmss.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,13 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include +#include #ifdef WOLFSSL_HAVE_XMSS #include diff --git a/src/wolfcrypt/src/wc_xmss_impl.c b/src/wolfcrypt/src/wc_xmss_impl.c index 80ca967..15b2184 100644 --- a/src/wolfcrypt/src/wc_xmss_impl.c +++ b/src/wolfcrypt/src/wc_xmss_impl.c @@ -1,6 +1,6 @@ /* wc_xmss_impl.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,13 +29,7 @@ * (https://ece.engr.uvic.ca/~raltawy/SAC2021/9.pdf) */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include +#include #include #include @@ -2653,6 +2647,9 @@ static int wc_xmss_bds_state_alloc(const XmssParams* params, BdsState** bds) if (*bds == NULL) { ret = MEMORY_E; } + else { + XMEMSET(*bds, 0, sizeof(BdsState) * cnt); + } } return ret; @@ -2675,7 +2672,7 @@ static void wc_xmss_bds_state_free(BdsState* bds) * @param [out] bds BDS states. * @param [out] wots_sigs WOTS signatures when XMSS^MT. */ -static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, +static int wc_xmss_bds_state_load(const XmssState* state, byte* sk, BdsState* bds, byte** wots_sigs) { const XmssParams* params = state->params; @@ -2689,6 +2686,9 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, /* Skip past standard SK = idx || wots_sk || SK_PRF || root || SEED; */ sk += params->idx_len + 4 * n; + if (2 * (int)params->d - 1 <= 0) + return WC_FAILURE; + for (i = 0; i < 2 * (int)params->d - 1; i++) { /* Set pointers into SK. */ bds[i].stack = sk; @@ -2715,6 +2715,8 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, if (wots_sigs != NULL) { *wots_sigs = sk; } + + return 0; } /* Store the BDS state into the secret/private key. @@ -2723,7 +2725,7 @@ static void wc_xmss_bds_state_load(const XmssState* state, byte* sk, * @param [in, out] sk Secret/private key. * @param [in] bds BDS states. */ -static void wc_xmss_bds_state_store(const XmssState* state, byte* sk, +static int wc_xmss_bds_state_store(const XmssState* state, byte* sk, BdsState* bds) { int i; @@ -2743,15 +2745,20 @@ static void wc_xmss_bds_state_store(const XmssState* state, byte* sk, /* Ignore standard SK = idx || wots_sk || SK_PRF || root || SEED; */ sk += params->idx_len + 4 * n; + if (2 * (int)params->d - 1 <= 0) + return WC_FAILURE; + for (i = 0; i < 2 * (int)params->d - 1; i++) { /* Skip pointers into sk. */ sk += skip; /* Save values - big-endian encoded. */ - c32to24(bds[i].next, sk); + c32to24(bds[i].next, sk); /* NOLINT(clang-analyzer-core.CallAndMessage) */ sk += 3; sk[0] = bds[i].offset; sk += 1; } + + return 0; } /******************************************** @@ -2821,6 +2828,10 @@ static void wc_xmss_bds_next_idx(XmssState* state, BdsState* bds, /* HDSS, Section 4.5, 1: AUTH[h] = v[h][1], h = 0,...,H-1. * Cache left node if on authentication path. */ if ((i >> h) == 1) { + if (bds->authPath == NULL) { + state->ret = WC_FAILURE; + return; + } XMEMCPY(bds->authPath + h * n, node, n); } /* This is a right node. */ @@ -2900,8 +2911,10 @@ static void wc_xmss_bds_treehash_initial(XmssState* state, BdsState* bds, bds->offset = 0; bds->next = 0; /* Reset the hash tree status. */ - for (i = 0; i < hsk; i++) { - wc_xmss_bds_state_treehash_init(bds, i); + if (bds->treeHash != NULL) { + for (i = 0; i < hsk; i++) { + wc_xmss_bds_state_treehash_init(bds, i); + } } /* Copy hash address into local. */ @@ -3036,6 +3049,11 @@ static word8 wc_xmss_bds_treehash_updates(XmssState* state, BdsState* bds, const word8 hs = params->sub_h; const word8 hsk = params->sub_h - params->bds_k; + if (bds->treeHash == NULL) { + state->ret = WC_FAILURE; + return 0; + } + while (updates > 0) { word8 minH = hs; word8 h = hsk; @@ -3106,6 +3124,10 @@ static void wc_xmss_bds_update(XmssState* state, BdsState* bds, HashAddress addrCopy; XMSS_ADDR_OTS_SET_SUBTREE(addrCopy, addr); + if (bds->height == NULL) { + state->ret = WC_FAILURE; + return; + } wc_xmss_bds_next_idx(state, bds, sk_seed, pk_seed, addrCopy, bds->next, bds->height, &bds->offset, &sp); bds->offset++; @@ -3162,6 +3184,11 @@ static void wc_xmss_bds_auth_path(XmssState* state, BdsState* bds, byte* node = state->encMsg; word8 parent; + if ((bds->keep == NULL) || (bds->authPath == NULL)) { + state->ret = WC_FAILURE; + return; + } + /* Step 1. Find the height of first left node in authentication path. */ tau = wc_xmss_lowest_zero_bit_index(leafIdx, hs, &parent); if (tau == 0) { @@ -3297,6 +3324,10 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed, if (ret == 0) #endif { + /* Setup pointers into sk - assumes sk is initialized to zeros. */ + ret = wc_xmss_bds_state_load(state, sk, bds, NULL); + } + if (ret == 0) { /* Offsets into seed. */ const byte* seed_priv = seed; const byte* seed_pub = seed + 2 * n; @@ -3306,9 +3337,6 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed, /* Offsets into public key. */ byte* pk_seed = pk + n; - /* Setup pointers into sk - assumes sk is initialized to zeros. */ - wc_xmss_bds_state_load(state, sk, bds, NULL); - /* Set first index to 0 in private key. idx_len always 4. */ *sk_idx = 0; /* Set private key seed and private key for PRF in to private key. */ @@ -3333,7 +3361,7 @@ int wc_xmss_keygen(XmssState* state, const unsigned char* seed, XMEMCPY(sk_root, pk_root, 2 * n); /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } #ifdef WOLFSSL_SMALL_STACK @@ -3412,8 +3440,9 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, #endif { /* Load the BDS state from secret/private key. */ - wc_xmss_bds_state_load(state, sk, bds, NULL); - + ret = wc_xmss_bds_state_load(state, sk, bds, NULL); + } + if (ret == 0) { /* Copy the index into the signature data: Sig = idx_sig || ... */ *((word32*)sig) = *((word32*)sk); /* Read index from the secret key. */ @@ -3490,7 +3519,7 @@ int wc_xmss_sign(XmssState* state, const unsigned char* m, word32 mlen, } if (ret == 0) { /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } #ifdef WOLFSSL_SMALL_STACK @@ -3580,14 +3609,15 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed, /* Allocate memory for BDS states and tree hash instances. */ ret = wc_xmss_bds_state_alloc(params, &bds); + if (ret == 0) { + /* Load the BDS state from secret/private key. */ + ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); + } if (ret == 0) { /* Offsets into seed. */ const byte* seed_priv = seed; const byte* seed_pub = seed + 2 * params->n; - /* Load the BDS state from secret/private key. */ - wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); - /* Set first index to 0 in private key. */ XMEMSET(sk, 0, params->idx_len); /* Set private key seed and private key for PRF in to private key. */ @@ -3630,7 +3660,7 @@ int wc_xmssmt_keygen(XmssState* state, const unsigned char* seed, XMEMCPY(sk_root, pk_root, 2 * n); /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } /* Dispose of allocated data of BDS states. */ @@ -3825,10 +3855,16 @@ static int wc_xmssmt_sign_msg(XmssState* state, BdsState* bds, XmssIdx idx, } if (ret == 0) { word8 i; + byte *authPath; sig += params->wots_sig_len; /* Add authentication path. */ - XMEMCPY(sig, bds[BDS_IDX(idx, 0, hs, params->d)].authPath, hs * n); + authPath = bds[BDS_IDX(idx, 0, hs, params->d)].authPath; + if (authPath == NULL) { + state->ret = WC_FAILURE; + return state->ret; + } + XMEMCPY(sig, authPath, hs * n); sig += hs * n; /* Remaining iterations from storage. */ @@ -3838,7 +3874,12 @@ static int wc_xmssmt_sign_msg(XmssState* state, BdsState* bds, XmssIdx idx, params->wots_sig_len); sig += params->wots_sig_len; /* Add authentication path (auth) and calc new root. */ - XMEMCPY(sig, bds[BDS_IDX(idx, i, hs, params->d)].authPath, hs * n); + authPath = bds[BDS_IDX(idx, i, hs, params->d)].authPath; + if (authPath == NULL) { + state->ret = WC_FAILURE; + return state->ret; + } + XMEMCPY(sig, authPath, hs * n); sig += hs * n; } ret = state->ret; @@ -4000,8 +4041,9 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen, ret = wc_xmss_bds_state_alloc(params, &bds); if (ret == 0) { /* Load the BDS state from secret/private key. */ - wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); - + ret = wc_xmss_bds_state_load(state, sk, bds, &wots_sigs); + } + if (ret == 0) { /* Copy the index into the signature data: Sig_MT = idx_sig. */ XMEMCPY(sig_mt, sk, idx_len); @@ -4032,7 +4074,7 @@ int wc_xmssmt_sign(XmssState* state, const unsigned char* m, word32 mlen, if (ret == 0) { /* Store BDS state back into secret/private key. */ - wc_xmss_bds_state_store(state, sk, bds); + ret = wc_xmss_bds_state_store(state, sk, bds); } /* Dispose of allocated data of BDS states. */ diff --git a/src/wolfcrypt/src/wolfevent.c b/src/wolfcrypt/src/wolfevent.c index bf155c1..34d5740 100644 --- a/src/wolfcrypt/src/wolfevent.c +++ b/src/wolfcrypt/src/wolfevent.c @@ -1,6 +1,6 @@ /* wolfevent.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,18 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - +#include #ifdef HAVE_WOLF_EVENT #include #include -#include #include diff --git a/src/wolfcrypt/src/wolfmath.c b/src/wolfcrypt/src/wolfmath.c index 9a6e312..9f14d01 100644 --- a/src/wolfcrypt/src/wolfmath.c +++ b/src/wolfcrypt/src/wolfmath.c @@ -1,6 +1,6 @@ /* wolfmath.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,15 +26,9 @@ * NO_BIG_INT: Disable support for all multi-precision math libraries */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -/* in case user set USE_FAST_MATH there */ -#include #include -#include -#include #ifdef WOLFSSL_ASYNC_CRYPT #include diff --git a/src/wolfssl-arduino.cpp b/src/wolfssl-arduino.cpp new file mode 100644 index 0000000..3d3c787 --- /dev/null +++ b/src/wolfssl-arduino.cpp @@ -0,0 +1,33 @@ +/* wolfssl-arduino.cpp + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include "wolfssl.h" + +/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages. + * See wolfssl/wolfcrypt/logging.c */ + +int wolfSSL_Arduino_Serial_Print(const char* const s) +{ + /* Reminder: Serial.print is only available in C++ */ + Serial.println(F(s)); + return 0; +}; diff --git a/src/wolfssl.h b/src/wolfssl.h index c7e39d4..8b29806 100644 --- a/src/wolfssl.h +++ b/src/wolfssl.h @@ -1,6 +1,6 @@ /* wolfssl.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,6 +22,7 @@ /* Edit with caution. This is an Arduino-library specific header for wolfSSL */ #ifndef WOLFSSL_USER_SETTINGS + /* Should already be defined in settings.h for #if defined(ARDUINO) */ #define WOLFSSL_USER_SETTINGS #endif @@ -39,9 +40,10 @@ #include #include -int wolfSSL_Arduino_Serial_Print(const char *const s) -{ - /* See wolfssl/wolfcrypt/logging.c */ - Serial.println(F(s)); - return 0; -}; +#ifndef WOLFSSL_ARDUINO_H +#define WOLFSSL_ARDUINO_H + +/* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */ +int wolfSSL_Arduino_Serial_Print(const char* const s); + +#endif /* WOLFSSL_ARDUINO_H */ diff --git a/src/wolfssl/bio.c b/src/wolfssl/bio.c index b265456..0b52a6c 100644 --- a/src/wolfssl/bio.c +++ b/src/wolfssl/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,11 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#include #if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */ #define _GNU_SOURCE 1 @@ -142,7 +139,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } - XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, sz); + XMEMCPY(buf, bio->mem_buf->data + bio->rdIdx, (size_t)sz); bio->rdIdx += sz; if (bio->rdIdx >= bio->wrSz) { @@ -167,14 +164,14 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) /* Resize the memory so we are not taking up more than necessary. * memmove reverts internally to memcpy if areas don't overlap */ XMEMMOVE(bio->mem_buf->data, bio->mem_buf->data + bio->rdIdx, - bio->wrSz - bio->rdIdx); + (long unsigned int)bio->wrSz - (size_t)bio->rdIdx); bio->wrSz -= bio->rdIdx; bio->rdIdx = 0; /* Resize down to WOLFSSL_BIO_RESIZE_THRESHOLD for fewer * allocations. */ if (wolfSSL_BUF_MEM_resize(bio->mem_buf, - bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? bio->wrSz : - WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { + bio->wrSz > WOLFSSL_BIO_RESIZE_THRESHOLD ? + (size_t)bio->wrSz : WOLFSSL_BIO_RESIZE_THRESHOLD) == 0) { WOLFSSL_MSG("wolfSSL_BUF_MEM_resize error"); return WOLFSSL_BIO_ERROR; } @@ -389,6 +386,10 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #endif break; + case WOLFSSL_BIO_NULL: + ret = 0; + break; + } /* switch */ } @@ -564,7 +565,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_MSG("Error in wolfSSL_BIO_nwrite"); return sz1; } - XMEMCPY(buf, data, sz1); + XMEMCPY(buf, data, (size_t)sz1); data = (char*)data + sz1; len -= sz1; @@ -572,7 +573,7 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data, /* try again to see if maybe we wrapped around the ring buffer */ sz2 = wolfSSL_BIO_nwrite(bio, &buf, len); if (sz2 > 0) { - XMEMCPY(buf, data, sz2); + XMEMCPY(buf, data, (size_t)sz2); sz1 += sz2; if (len > sz2) bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY; @@ -610,8 +611,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, if (len == 0) return WOLFSSL_SUCCESS; /* Return early to make logic simpler */ - if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, bio->wrSz + len, 0) - == 0) { + if (wolfSSL_BUF_MEM_grow_ex(bio->mem_buf, ((size_t)bio->wrSz) + + ((size_t)len), 0) == 0) { WOLFSSL_MSG("Error growing memory area"); return WOLFSSL_FAILURE; } @@ -621,7 +622,7 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, return WOLFSSL_FAILURE; } - XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); + XMEMCPY(bio->mem_buf->data + bio->wrSz, data, (size_t)len); bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->num.length = bio->mem_buf->max; bio->wrSz += len; @@ -813,6 +814,10 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #endif break; + case WOLFSSL_BIO_NULL: + ret = len; + break; + } /* switch */ } @@ -1138,7 +1143,7 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) ret = wolfSSL_BIO_nread(bio, &c, cSz); if (ret > 0 && ret < sz) { - XMEMCPY(buf, c, ret); + XMEMCPY(buf, c, (size_t)ret); } break; } @@ -1161,6 +1166,10 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) break; #endif /* WOLFCRYPT_ONLY */ + case WOLFSSL_BIO_NULL: + ret = 0; + break; + default: WOLFSSL_MSG("BIO type not supported yet with wolfSSL_BIO_gets"); } @@ -1256,13 +1265,13 @@ size_t wolfSSL_BIO_wpending(const WOLFSSL_BIO *bio) return 0; if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz; + return (size_t)bio->wrSz; } /* type BIO_BIO then check paired buffer */ if (bio->type == WOLFSSL_BIO_BIO && bio->pair != NULL) { WOLFSSL_BIO* pair = bio->pair; - return pair->wrIdx; + return (size_t)pair->wrIdx; } return 0; @@ -1308,12 +1317,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) #ifndef WOLFCRYPT_ONLY if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { - return (long)wolfSSL_pending(bio->ptr.ssl); + return (size_t)wolfSSL_pending(bio->ptr.ssl); } #endif if (bio->type == WOLFSSL_BIO_MEMORY) { - return bio->wrSz - bio->rdIdx; + return (size_t)(bio->wrSz - bio->rdIdx); } /* type BIO_BIO then check paired buffer */ @@ -1322,11 +1331,12 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) if (pair->wrIdx > 0 && pair->wrIdx <= pair->rdIdx) { /* in wrap around state where beginning of buffer is being * overwritten */ - return pair->wrSz - pair->rdIdx + pair->wrIdx; + return ((size_t)pair->wrSz) - ((size_t)pair->rdIdx) + + ((size_t)pair->wrIdx); } else { /* simple case where has not wrapped around */ - return pair->wrIdx - pair->rdIdx; + return (size_t)(pair->wrIdx - pair->rdIdx); } } return 0; @@ -1423,7 +1433,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + bio->ptr.mem_buf_data = (byte*)XMALLOC((size_t)size, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); @@ -1439,7 +1449,7 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num.length = size; + bio->num.length = (size_t)size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1908,7 +1918,7 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v) int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio) { - int len; + int len = 0; #ifndef NO_FILESYSTEM long memSz = 0; XFILE file; @@ -2309,6 +2319,15 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return &meth; } + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_NULL); + + WOLFSSL_ENTER("wolfSSL_BIO_s_null"); + + return &meth; + } WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) { @@ -2353,7 +2372,6 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); if (bio) { - bio->type = WOLFSSL_BIO_DGRAM; bio->shutdown = (byte)closeF; bio->num.fd = (SOCKET_T)fd; } @@ -2381,10 +2399,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) else port = str + XSTRLEN(str); /* point to null terminator */ - bio->ip = (char*)XMALLOC((port - str) + 1, /* +1 for null char */ + bio->ip = (char*)XMALLOC( + (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->ip != NULL) { - XMEMCPY(bio->ip, str, port - str); + XMEMCPY(bio->ip, str, (size_t)(port - str)); bio->ip[port - str] = '\0'; bio->type = WOLFSSL_BIO_SOCKET; } @@ -2770,9 +2789,23 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else { size_t currLen = XSTRLEN(b->ip); + #ifdef WOLFSSL_NO_REALLOC + char* tmp = NULL; + #endif + if (currLen != newLen) { + #ifdef WOLFSSL_NO_REALLOC + tmp = b->ip; + b->ip = (char*)XMALLOC(newLen+1, b->heap, DYNAMIC_TYPE_OPENSSL); + if (b->ip != NULL && tmp != NULL) { + XMEMCPY(b->ip, tmp, newLen); + XFREE(tmp, b->heap, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; + } + #else b->ip = (char*)XREALLOC(b->ip, newLen + 1, b->heap, DYNAMIC_TYPE_OPENSSL); + #endif if (b->ip == NULL) { WOLFSSL_MSG("Hostname realloc failed."); return WOLFSSL_FAILURE; @@ -2926,7 +2959,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->wrSz = len; bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; if (len > 0 && bio->ptr.mem_buf_data != NULL) { - XMEMCPY(bio->ptr.mem_buf_data, buf, len); + XMEMCPY(bio->ptr.mem_buf_data, buf, (size_t)len); bio->flags |= WOLFSSL_BIO_FLAG_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -3295,11 +3328,11 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) count = XVSNPRINTF(NULL, 0, format, args); if (count >= 0) { - pt = (char*)XMALLOC(count + 1, bio->heap, + pt = (char*)XMALLOC((size_t)count + 1, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt != NULL) { - count = XVSNPRINTF(pt, count + 1, format, copy); + count = XVSNPRINTF(pt, (size_t)count + 1, format, copy); if (count >= 0) { ret = wolfSSL_BIO_write(bio, pt, count); @@ -3369,18 +3402,20 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%02x ", (unsigned char)buf[i]); else - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), + " "); if (i == 7) - (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); + (void)XSNPRINTF(line + o + 2, (size_t)((int)sizeof(line) - + (o + 2)), "-"); o += 3; } - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", + (void)XSNPRINTF(line + o, (size_t)((int)sizeof(line) - o), "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/wolfssl/callbacks.h b/src/wolfssl/callbacks.h index dc3ad89..a75e483 100644 --- a/src/wolfssl/callbacks.h +++ b/src/wolfssl/callbacks.h @@ -1,6 +1,6 @@ /* callbacks.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/crl.h b/src/wolfssl/crl.h index cdf52f3..56f5003 100644 --- a/src/wolfssl/crl.h +++ b/src/wolfssl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/error-ssl.h b/src/wolfssl/error-ssl.h index 2d4d802..bc3e641 100644 --- a/src/wolfssl/error-ssl.h +++ b/src/wolfssl/error-ssl.h @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/evp.c b/src/wolfssl/evp.c index c3eb12e..7054f80 100644 --- a/src/wolfssl/evp.c +++ b/src/wolfssl/evp.c @@ -1,6 +1,6 @@ /* evp.c * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,12 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include +#include #if !defined(WOLFSSL_EVP_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN @@ -52,67 +47,67 @@ static const struct s_ent { const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, WC_NID_md4, "MD4"}, + {WC_HASH_TYPE_MD4, WC_NID_md4, WC_SN_md4}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, WC_NID_md5, "MD5"}, + {WC_HASH_TYPE_MD5, WC_NID_md5, WC_SN_md5}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA1"}, + {WC_HASH_TYPE_SHA, WC_NID_sha1, WC_SN_sha1}, {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */ #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, WC_NID_sha224, "SHA224"}, + {WC_HASH_TYPE_SHA224, WC_NID_sha224, WC_SN_sha224}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, WC_NID_sha256, "SHA256"}, + {WC_HASH_TYPE_SHA256, WC_NID_sha256, WC_SN_sha256}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, WC_NID_sha384, "SHA384"}, + {WC_HASH_TYPE_SHA384, WC_NID_sha384, WC_SN_sha384}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, WC_NID_sha512, "SHA512"}, + {WC_HASH_TYPE_SHA512, WC_NID_sha512, WC_SN_sha512}, #endif /* WOLFSSL_SHA512 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, "SHA512_224"}, + {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, WC_SN_sha512_224}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, "SHA512_256"}, + {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, WC_SN_sha512_256}, #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, WC_SN_sha3_224}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, WC_SN_sha3_256}, #endif #ifndef WOLFSSL_NOSHA3_384 - {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, WC_SN_sha3_384}, #endif #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, WC_SN_sha3_512}, #endif #ifdef WOLFSSL_SM3 - {WC_HASH_TYPE_SM3, WC_NID_sm3, "SM3"}, + {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3}, #endif /* WOLFSSL_SHA512 */ #ifdef HAVE_BLAKE2 - {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, "BLAKE2B512"}, + {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512}, #endif #ifdef HAVE_BLAKE2S - {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, "BLAKE2S256"}, + {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, WC_SN_blake2s256}, #endif #ifdef WOLFSSL_SHAKE128 - {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, "SHAKE128"}, + {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, WC_SN_shake128}, #endif #ifdef WOLFSSL_SHAKE256 - {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, "SHAKE256"}, + {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, WC_SN_shake256}, #endif {WC_HASH_TYPE_NONE, 0, NULL} }; @@ -1059,6 +1054,14 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, } switch (ctx->cipherType) { + case WC_NULL_CIPHER_TYPE: + if (out == NULL) { + WOLFSSL_MSG("Bad argument"); + return WOLFSSL_FAILURE; + } + XMEMMOVE(out, in, inl); + *outl = inl; + return WOLFSSL_SUCCESS; #if !defined(NO_AES) && defined(HAVE_AESGCM) case WC_AES_128_GCM_TYPE: case WC_AES_192_GCM_TYPE: @@ -2046,6 +2049,165 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) else return 0; } +/* Getter function for cipher type string + * + * cipherType cipherType enum value to get string for + * + * Returns string representation of the cipher type or NULL if not found + */ +const char* wolfSSL_EVP_CIPHER_type_string(unsigned int cipherType) +{ + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_type_string"); + + switch (cipherType) { +#ifndef NO_DES3 + case WC_DES_CBC_TYPE: return EVP_DES_CBC; + case WC_DES_EDE3_CBC_TYPE: return EVP_DES_EDE3_CBC; + case WC_DES_ECB_TYPE: return EVP_DES_ECB; + case WC_DES_EDE3_ECB_TYPE: return EVP_DES_EDE3_ECB; +#endif +#if !defined(NO_AES) + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CBC_TYPE: return EVP_AES_128_CBC; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CBC_TYPE: return EVP_AES_192_CBC; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CBC_TYPE: return EVP_AES_256_CBC; + #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ + #if defined(WOLFSSL_AES_CFB) + #ifndef WOLFSSL_NO_AES_CFB_1_8 + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CFB1_TYPE: return EVP_AES_128_CFB1; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CFB1_TYPE: return EVP_AES_192_CFB1; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CFB1_TYPE: return EVP_AES_256_CFB1; + #endif + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CFB8_TYPE: return EVP_AES_128_CFB8; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CFB8_TYPE: return EVP_AES_192_CFB8; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CFB8_TYPE: return EVP_AES_256_CFB8; + #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CFB128_TYPE: return EVP_AES_128_CFB128; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CFB128_TYPE: return EVP_AES_192_CFB128; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CFB128_TYPE: return EVP_AES_256_CFB128; + #endif + #endif /* WOLFSSL_AES_CFB */ + #if defined(WOLFSSL_AES_OFB) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_OFB_TYPE: return EVP_AES_128_OFB; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_OFB_TYPE: return EVP_AES_192_OFB; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_OFB_TYPE: return EVP_AES_256_OFB; + #endif + #endif /* WOLFSSL_AES_OFB */ + #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_XTS_TYPE: return EVP_AES_128_XTS; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_XTS_TYPE: return EVP_AES_256_XTS; + #endif + #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ + #if defined(HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_GCM_TYPE: return EVP_AES_128_GCM; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_GCM_TYPE: return EVP_AES_192_GCM; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_GCM_TYPE: return EVP_AES_256_GCM; + #endif + #endif /* HAVE_AESGCM */ + #if defined(HAVE_AESCCM) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CCM_TYPE: return EVP_AES_128_CCM; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CCM_TYPE: return EVP_AES_192_CCM; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CCM_TYPE: return EVP_AES_256_CCM; + #endif + #endif /* HAVE_AESCCM */ + #if defined(WOLFSSL_AES_COUNTER) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_CTR_TYPE: return EVP_AES_128_CTR; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_CTR_TYPE: return EVP_AES_192_CTR; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_CTR_TYPE: return EVP_AES_256_CTR; + #endif + #endif /* WOLFSSL_AES_COUNTER */ + #if defined(HAVE_AES_ECB) + #ifdef WOLFSSL_AES_128 + case WC_AES_128_ECB_TYPE: return EVP_AES_128_ECB; + #endif + #ifdef WOLFSSL_AES_192 + case WC_AES_192_ECB_TYPE: return EVP_AES_192_ECB; + #endif + #ifdef WOLFSSL_AES_256 + case WC_AES_256_ECB_TYPE: return EVP_AES_256_ECB; + #endif + #endif /* HAVE_AES_ECB */ +#endif /* !NO_AES */ +#if defined(HAVE_ARIA) + case WC_ARIA_128_GCM_TYPE: return EVP_ARIA_128_GCM; + case WC_ARIA_192_GCM_TYPE: return EVP_ARIA_192_GCM; + case WC_ARIA_256_GCM_TYPE: return EVP_ARIA_256_GCM; +#endif /* HAVE_ARIA */ +#ifndef NO_RC4 + case WC_ARC4_TYPE: return EVP_ARC4; +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + case WC_CHACHA20_POLY1305_TYPE: return EVP_CHACHA20_POLY1305; +#endif +#ifdef HAVE_CHACHA + case WC_CHACHA20_TYPE: return EVP_CHACHA20; +#endif +#ifdef WOLFSSL_SM4_ECB + case WC_SM4_ECB_TYPE: return EVP_SM4_ECB; +#endif +#ifdef WOLFSSL_SM4_CBC + case WC_SM4_CBC_TYPE: return EVP_SM4_CBC; +#endif +#ifdef WOLFSSL_SM4_CTR + case WC_SM4_CTR_TYPE: return EVP_SM4_CTR; +#endif +#ifdef WOLFSSL_SM4_GCM + case WC_SM4_GCM_TYPE: return EVP_SM4_GCM; +#endif +#ifdef WOLFSSL_SM4_CCM + case WC_SM4_CCM_TYPE: return EVP_SM4_CCM; +#endif + case WC_NULL_CIPHER_TYPE: return EVP_NULL; + default: + return NULL; + } +} + int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) @@ -2633,7 +2795,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_FAILURE; } if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) { - if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, + if (wc_HKDF((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, (word32)*keylen) != 0) { @@ -2642,7 +2804,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ } } else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) { - if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt, + if (wc_HKDF_Extract((int)hkdfHashType, ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, key) != 0) { WOLFSSL_MSG("wc_HKDF_Extract failed."); @@ -2659,7 +2821,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ } } else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) { - if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey, + if (wc_HKDF_Expand((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key, (word32)*keylen) != 0) { @@ -3316,14 +3478,44 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, */ int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey) { - int bytes; + int ret = 0; - if (pkey == NULL) return 0; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits"); - if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0; - if (bytes < 0) + if (pkey == NULL) return 0; - return bytes*8; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits"); + + switch (pkey->type) { +#ifndef NO_RSA + case WC_EVP_PKEY_RSA: + ret = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); + break; +#endif /* !NO_RSA */ + +#ifndef NO_DSA + case WC_EVP_PKEY_DSA: + if (pkey->dsa == NULL || + (!pkey->dsa->exSet && + SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS)) + break; + ret = wolfSSL_BN_num_bytes(pkey->dsa->p); + break; +#endif + +#ifdef HAVE_ECC + case WC_EVP_PKEY_EC: + if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { + WOLFSSL_MSG("No ECC key has been set"); + break; + } + ret = wc_ecc_size((ecc_key*)(pkey->ecc->internal)); + break; +#endif /* HAVE_ECC */ + + default: + break; + } + return ret > 0 ? ret * 8 : 0; } @@ -3530,12 +3722,11 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, return ret; } -/* Get the size in bytes for WOLFSSL_EVP_PKEY key +/* Get the maximum suitable size for the operations that can be done with pkey * * pkey WOLFSSL_EVP_PKEY structure to get key size of * - * returns the size of a key on success which is the maximum size of a - * signature + * returns the recommended size of buffers */ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) { @@ -3563,7 +3754,7 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) WOLFSSL_MSG("No ECC key has been set"); break; } - return wc_ecc_size((ecc_key*)(pkey->ecc->internal)); + return wc_ecc_sig_size((ecc_key*)(pkey->ecc->internal)); #endif /* HAVE_ECC */ default: @@ -3732,7 +3923,6 @@ int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) { int ret = -1; /* failure */ - int a_sz = 0, b_sz = 0; if (a == NULL || b == NULL) return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); @@ -3745,40 +3935,47 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) switch (a->type) { #ifndef NO_RSA case WC_EVP_PKEY_RSA: - a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)); - b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)); + if (wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)) <= 0 || + wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)) <= 0) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } + + if (mp_cmp(&((RsaKey*)a->rsa->internal)->n, + &((RsaKey*)b->rsa->internal)->n) != MP_EQ) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } + + if (mp_cmp(&((RsaKey*)a->rsa->internal)->e, + &((RsaKey*)b->rsa->internal)->e) != MP_EQ) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } break; #endif /* !NO_RSA */ #ifdef HAVE_ECC case WC_EVP_PKEY_EC: if (a->ecc == NULL || a->ecc->internal == NULL || - b->ecc == NULL || b->ecc->internal == NULL) { + b->ecc == NULL || b->ecc->internal == NULL || + wc_ecc_size((ecc_key*)a->ecc->internal) <= 0 || + wc_ecc_size((ecc_key*)b->ecc->internal) <= 0 || + a->ecc->group == NULL || b->ecc->group == NULL) { return ret; } - a_sz = wc_ecc_size((ecc_key*)(a->ecc->internal)); - b_sz = wc_ecc_size((ecc_key*)(b->ecc->internal)); + + /* check curve */ + if (a->ecc->group->curve_idx != b->ecc->group->curve_idx) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } + + if (wc_ecc_cmp_point(&((ecc_key*)a->ecc->internal)->pubkey, + &((ecc_key*)b->ecc->internal)->pubkey) != 0) { + return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); + } break; #endif /* HAVE_ECC */ default: return WS_RETURN_CODE(ret, -2); } /* switch (a->type) */ - /* check size */ - if (a_sz <= 0 || b_sz <= 0 || a_sz != b_sz) { - return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); - } - - /* check public key size */ - if (a->pkey_sz > 0 && b->pkey_sz > 0 && a->pkey_sz != b->pkey_sz) { - return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); - } - - /* check public key */ - if (a->pkey.ptr && b->pkey.ptr) { - if (XMEMCMP(a->pkey.ptr, b->pkey.ptr, (size_t)a->pkey_sz) != 0) { - return WS_RETURN_CODE(ret, WOLFSSL_FAILURE); - } - } #if defined(WOLFSSL_ERROR_CODE_OPENSSL) ret = 1; /* the keys match */ #else @@ -3795,18 +3992,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) static int DH_param_check(WOLFSSL_DH* dh_key) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_BN_CTX* ctx = NULL; WOLFSSL_BIGNUM *num1 = NULL; WOLFSSL_BIGNUM *num2 = NULL; WOLFSSL_ENTER("DH_param_check"); - ctx = wolfSSL_BN_CTX_new(); - if (ctx == NULL) { - WOLFSSL_MSG("failed to allocate memory"); - return WOLFSSL_FAILURE; - } - num1 = wolfSSL_BN_new(); num2 = wolfSSL_BN_new(); if (num1 == NULL || num2 == NULL) { @@ -3840,7 +4030,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) dh_key->q != NULL) { if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) + wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("BN_mod_exp failed"); @@ -3855,7 +4045,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /* test if the number q is prime. */ if (ret == WOLFSSL_SUCCESS && - (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) { + (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) { WOLFSSL_MSG("dh_key->q is not prime or error during check."); ret = WOLFSSL_FAILURE; } /* else TODO check q div q - 1. need BN_div */ @@ -3863,7 +4053,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key) } /* clean up */ - wolfSSL_BN_CTX_free(ctx); wolfSSL_BN_free(num1); wolfSSL_BN_free(num2); @@ -4043,9 +4232,13 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, pkey->ecc); if (ecdsaSig == NULL) return WOLFSSL_FAILURE; + /* get signature length only */ ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL); - if (ret <= 0 || ret > (int)*siglen) + if (ret <= 0 || ret > (int)*siglen) { + wolfSSL_ECDSA_SIG_free(ecdsaSig); return WOLFSSL_FAILURE; + } + /* perform validation of signature */ ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret); wolfSSL_ECDSA_SIG_free(ecdsaSig); if (ret <= 0 || ret > (int)*siglen) @@ -4262,69 +4455,69 @@ static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type, int ret = 0; #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { *hashType = WC_SHA256; } else #endif #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { *hashType = WC_SHA; } else #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { *hashType = WC_SHA224; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { *hashType = WC_SHA384; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { *hashType = WC_SHA512; } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { *hashType = WC_SHA3_224; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { *hashType = WC_SHA3_256; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { *hashType = WC_SHA3_384; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { *hashType = WC_SHA3_512; } else #endif #endif #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { *hashType = WC_SM3; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { *hashType = WC_MD5; } else @@ -4644,7 +4837,9 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, ctx->pctx->pkey->ecc); if (ecdsaSig == NULL) break; - len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig); + len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL); + if (len > 0 && (size_t)len <= *siglen) + len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig); wolfSSL_ECDSA_SIG_free(ecdsaSig); if (len == 0) break; @@ -4867,6 +5062,7 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, { const char *nostring = ""; int ret = 0; + enum wc_HashType pbkdf2HashType; if (pass == NULL) { passlen = 0; @@ -4875,8 +5071,10 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, passlen = (int)XSTRLEN(pass); } + pbkdf2HashType = EvpMd2MacType(digest); + ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, EvpMd2MacType(digest)); + iter, keylen, pbkdf2HashType); if (ret == 0) return WOLFSSL_SUCCESS; else @@ -6299,14 +6497,16 @@ void wolfSSL_EVP_init(void) case WC_AES_256_OFB_TYPE: #endif wc_AesFree(&ctx->cipher.aes); - ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; + ctx->flags &= + (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #if defined(WOLFSSL_AES_XTS) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) case WC_AES_128_XTS_TYPE: case WC_AES_256_XTS_TYPE: wc_AesXtsFree(&ctx->cipher.xts); - ctx->flags &= ~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; + ctx->flags &= + (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED; break; #endif #endif /* AES */ @@ -6875,7 +7075,7 @@ void wolfSSL_EVP_init(void) ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY); break; default: - WOLFSSL_MSG("Not implemented cipherType"); + WOLFSSL_MSG("Unimplemented cipherType"); return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */ } if (ret != 0) { @@ -8258,9 +8458,9 @@ void wolfSSL_EVP_init(void) } #endif /* !NO_AES || !NO_DES3 */ - static int IsCipherTypeAEAD(unsigned char cipherType) + static int IsCipherTypeAEAD(unsigned int type) { - switch (cipherType) { + switch (type) { case WC_AES_128_GCM_TYPE: case WC_AES_192_GCM_TYPE: case WC_AES_256_GCM_TYPE: @@ -9367,22 +9567,22 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); if (type != NULL) { - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { ret = WC_NID_md5WithRSAEncryption; } - else if (XSTRCMP(type, "SHA1") == 0) { + else if (XSTRCMP(type, WC_SN_sha1) == 0) { ret = WC_NID_sha1WithRSAEncryption; } - else if (XSTRCMP(type, "SHA224") == 0) { + else if (XSTRCMP(type, WC_SN_sha224) == 0) { ret = WC_NID_sha224WithRSAEncryption; } - else if (XSTRCMP(type, "SHA256") == 0) { + else if (XSTRCMP(type, WC_SN_sha256) == 0) { ret = WC_NID_sha256WithRSAEncryption; } - else if (XSTRCMP(type, "SHA384") == 0) { + else if (XSTRCMP(type, WC_SN_sha384) == 0) { ret = WC_NID_sha384WithRSAEncryption; } - else if (XSTRCMP(type, "SHA512") == 0) { + else if (XSTRCMP(type, WC_SN_sha512) == 0) { ret = WC_NID_sha512WithRSAEncryption; } } @@ -9936,54 +10136,44 @@ static const struct alias { const char *alias; } digest_alias_tbl[] = { - {"MD4", "md4"}, - {"MD5", "md5"}, - {"SHA1", "sha1"}, - {"SHA1", "SHA"}, - {"SHA224", "sha224"}, - {"SHA256", "sha256"}, - {"SHA384", "sha384"}, - {"SHA512", "sha512"}, - {"SHA512_224", "sha512_224"}, - {"SHA3_224", "sha3_224"}, - {"SHA3_256", "sha3_256"}, - {"SHA3_384", "sha3_384"}, - {"SHA3_512", "sha3_512"}, - {"SM3", "sm3"}, - {"BLAKE2B512", "blake2b512"}, - {"BLAKE2S256", "blake2s256"}, - {"SHAKE128", "shake128"}, - {"SHAKE256", "shake256"}, + {WC_SN_md4, "md4"}, + {WC_SN_md5, "md5"}, + {WC_SN_sha1, "sha1"}, + {WC_SN_sha1, "SHA"}, + {WC_SN_sha224, "sha224"}, + {WC_SN_sha256, "sha256"}, + {WC_SN_sha384, "sha384"}, + {WC_SN_sha512, "sha512"}, + {WC_SN_sha512_224, "sha512_224"}, + {WC_SN_sha3_224, "sha3_224"}, + {WC_SN_sha3_256, "sha3_256"}, + {WC_SN_sha3_384, "sha3_384"}, + {WC_SN_sha3_512, "sha3_512"}, + {WC_SN_sm3, "sm3"}, + {WC_SN_blake2b512, "blake2b512"}, + {WC_SN_blake2s256, "blake2s256"}, + {WC_SN_shake128, "shake128"}, + {WC_SN_shake256, "shake256"}, { NULL, NULL} }; const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) { - char nameUpper[15]; /* 15 bytes should be enough for any name */ - size_t i; - const struct alias *al; const struct s_ent *ent; - for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { - nameUpper[i] = (char)XTOUPPER((unsigned char) name[i]); - } - if (i < sizeof(nameUpper)) - nameUpper[i] = '\0'; - else - return NULL; - - name = nameUpper; - for (al = digest_alias_tbl; al->name != NULL; al++) + for (al = digest_alias_tbl; al->name != NULL; al++) { if(XSTRCMP(name, al->alias) == 0) { name = al->name; break; } + } - for (ent = md_tbl; ent->name != NULL; ent++) + for (ent = md_tbl; ent->name != NULL; ent++) { if(XSTRCMP(name, ent->name) == 0) { return (WOLFSSL_EVP_MD *)ent->name; } + } return NULL; } @@ -10017,7 +10207,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) { WOLFSSL_ENTER("EVP_md4"); - return wolfSSL_EVP_get_digestbyname("MD4"); + return wolfSSL_EVP_get_digestbyname(WC_SN_md4); } #endif /* !NO_MD4 */ @@ -10028,7 +10218,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { WOLFSSL_ENTER("EVP_md5"); - return wolfSSL_EVP_get_digestbyname("MD5"); + return wolfSSL_EVP_get_digestbyname(WC_SN_md5); } #endif /* !NO_MD5 */ @@ -10040,8 +10230,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) */ const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void) { - WOLFSSL_ENTER("EVP_blake2b512"); - return wolfSSL_EVP_get_digestbyname("BLAKE2b512"); + WOLFSSL_ENTER("wolfSSL_EVP_blake2b512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_blake2b512); } #endif @@ -10080,7 +10270,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { WOLFSSL_ENTER("EVP_sha1"); - return wolfSSL_EVP_get_digestbyname("SHA1"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha1); } #endif /* NO_SHA */ @@ -10089,7 +10279,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { WOLFSSL_ENTER("EVP_sha224"); - return wolfSSL_EVP_get_digestbyname("SHA224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha224); } #endif /* WOLFSSL_SHA224 */ @@ -10098,7 +10288,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) { WOLFSSL_ENTER("EVP_sha256"); - return wolfSSL_EVP_get_digestbyname("SHA256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha256); } #ifdef WOLFSSL_SHA384 @@ -10106,7 +10296,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { WOLFSSL_ENTER("EVP_sha384"); - return wolfSSL_EVP_get_digestbyname("SHA384"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha384); } #endif /* WOLFSSL_SHA384 */ @@ -10116,7 +10306,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { WOLFSSL_ENTER("EVP_sha512"); - return wolfSSL_EVP_get_digestbyname("SHA512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512); } #ifndef WOLFSSL_NOSHA512_224 @@ -10124,7 +10314,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void) { WOLFSSL_ENTER("EVP_sha512_224"); - return wolfSSL_EVP_get_digestbyname("SHA512_224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_224); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10133,7 +10323,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void) { WOLFSSL_ENTER("EVP_sha512_256"); - return wolfSSL_EVP_get_digestbyname("SHA512_256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_256); } #endif /* !WOLFSSL_NOSHA512_224 */ @@ -10145,7 +10335,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) { WOLFSSL_ENTER("EVP_sha3_224"); - return wolfSSL_EVP_get_digestbyname("SHA3_224"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_224); } #endif /* WOLFSSL_NOSHA3_224 */ @@ -10154,7 +10344,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) { WOLFSSL_ENTER("EVP_sha3_256"); - return wolfSSL_EVP_get_digestbyname("SHA3_256"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_256); } #endif /* WOLFSSL_NOSHA3_256 */ @@ -10162,7 +10352,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) { WOLFSSL_ENTER("EVP_sha3_384"); - return wolfSSL_EVP_get_digestbyname("SHA3_384"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_384); } #endif /* WOLFSSL_NOSHA3_384 */ @@ -10170,7 +10360,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) { WOLFSSL_ENTER("EVP_sha3_512"); - return wolfSSL_EVP_get_digestbyname("SHA3_512"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_512); } #endif /* WOLFSSL_NOSHA3_512 */ @@ -10196,7 +10386,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void) { WOLFSSL_ENTER("EVP_sm3"); - return wolfSSL_EVP_get_digestbyname("SM3"); + return wolfSSL_EVP_get_digestbyname(WC_SN_sm3); } #endif /* WOLFSSL_SM3 */ @@ -10482,17 +10672,21 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) /* Not an error since an unused struct could be free'd or * reset. */ break; - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + wc_Shake128_Free(&ctx->hash.digest.shake); + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + wc_Shake256_Free(&ctx->hash.digest.shake); + break; #endif + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: default: ret = WOLFSSL_FAILURE; break; @@ -10526,76 +10720,92 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher)); } else #ifndef NO_SHA - if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, "SHA1") == 0)) { + if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, WC_SN_sha1) == 0)) { ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); } else #endif #ifndef NO_SHA256 - if (XSTRCMP(md, "SHA256") == 0) { + if (XSTRCMP(md, WC_SN_sha256) == 0) { ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(md, "SHA224") == 0) { + if (XSTRCMP(md, WC_SN_sha224) == 0) { ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(md, "SHA384") == 0) { + if (XSTRCMP(md, WC_SN_sha384) == 0) { ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); } else #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - if (XSTRCMP(md, "SHA512_224") == 0) { + if (XSTRCMP(md, WC_SN_sha512_224) == 0) { ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512)); } else #endif #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - if (XSTRCMP(md, "SHA512_256") == 0) { + if (XSTRCMP(md, WC_SN_sha512_256) == 0) { ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512)); } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(md, "SHA512") == 0) { + if (XSTRCMP(md, WC_SN_sha512) == 0) { ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); } else #endif #ifndef NO_MD4 - if (XSTRCMP(md, "MD4") == 0) { + if (XSTRCMP(md, WC_SN_md4) == 0) { wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); } else #endif #ifndef NO_MD5 - if (XSTRCMP(md, "MD5") == 0) { + if (XSTRCMP(md, WC_SN_md5) == 0) { ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(md, "SHA3_224") == 0) { + if (XSTRCMP(md, WC_SN_sha3_224) == 0) { ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(md, "SHA3_256") == 0) { + if (XSTRCMP(md, WC_SN_sha3_256) == 0) { ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(md, "SHA3_384") == 0) { + if (XSTRCMP(md, WC_SN_sha3_384) == 0) { ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(md, "SHA3_512") == 0) { + if (XSTRCMP(md, WC_SN_sha3_512) == 0) { ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); } else #endif + #ifdef WOLFSSL_SHAKE128 + if (XSTRCMP(md, WC_SN_shake128) == 0) { + if (wc_InitShake128(&(ctx->hash.digest.shake), NULL, + INVALID_DEVID) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif + #ifdef WOLFSSL_SHAKE256 + if (XSTRCMP(md, WC_SN_shake256) == 0) { + if (wc_InitShake256(&(ctx->hash.digest.shake), NULL, + INVALID_DEVID) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif #endif #ifdef WOLFSSL_SM3 - if (XSTRCMP(md, "SM3") == 0) { + if (XSTRCMP(md, WC_SN_sm3) == 0) { ret = wc_InitSm3(&ctx->hash.digest.sm3, NULL, INVALID_DEVID); if (ret == 0) { ret = WOLFSSL_SUCCESS; @@ -10723,17 +10933,28 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } break; #endif - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + if (wc_Shake128_Update(&ctx->hash.digest.shake, + (const byte*)data, (word32)sz) == 0) { + + ret = WOLFSSL_SUCCESS; + } + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + if (wc_Shake256_Update(&ctx->hash.digest.shake, + (const byte*)data, (word32)sz) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; #endif + case WC_HASH_TYPE_NONE: + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: default: return WOLFSSL_FAILURE; } @@ -10742,14 +10963,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) + static int wolfSSL_EVP_DigestFinal_Common(WOLFSSL_EVP_MD_CTX* ctx, + unsigned char* md, unsigned int* s, enum wc_HashType macType) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - enum wc_HashType macType; - WOLFSSL_ENTER("EVP_DigestFinal"); - macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); switch (macType) { case WC_HASH_TYPE_MD4: #ifndef NO_MD4 @@ -10847,23 +11065,84 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } if (s) *s = WC_SM3_DIGEST_SIZE; break; + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + case WC_HASH_TYPE_SHAKE128: + if (wc_Shake128_Final(&ctx->hash.digest.shake, md, *s) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + case WC_HASH_TYPE_SHAKE256: + if (wc_Shake256_Final(&ctx->hash.digest.shake, md, *s) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + default: + return WOLFSSL_FAILURE; + } + + return ret; + } + + int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, + unsigned int* s) + { + enum wc_HashType macType; + + WOLFSSL_ENTER("wolfSSL_EVP_DigestFinal"); + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); + switch (macType) { + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5: + case WC_HASH_TYPE_SHA: + case WC_HASH_TYPE_SHA224: + case WC_HASH_TYPE_SHA256: + case WC_HASH_TYPE_SHA384: + case WC_HASH_TYPE_SHA512: + #ifndef WOLFSSL_NOSHA512_224 + case WC_HASH_TYPE_SHA512_224: + #endif /* !WOLFSSL_NOSHA512_224 */ + #ifndef WOLFSSL_NOSHA512_256 + case WC_HASH_TYPE_SHA512_256: + #endif /* !WOLFSSL_NOSHA512_256 */ + case WC_HASH_TYPE_SHA3_224: + case WC_HASH_TYPE_SHA3_256: + case WC_HASH_TYPE_SHA3_384: + case WC_HASH_TYPE_SHA3_512: + #ifdef WOLFSSL_SM3 + case WC_HASH_TYPE_SM3: + #endif + case WC_HASH_TYPE_NONE: + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + break; + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + *s = 16; /* if mixing up XOF with plain digest 128 bit is + * default for SHAKE128 */ + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + *s = 32; /* if mixing up XOF with plain digest 256 bit is + * default for SHAKE256 */ + break; #endif default: return WOLFSSL_FAILURE; } - - return ret; + return wolfSSL_EVP_DigestFinal_Common(ctx, md, s, macType); } /* WOLFSSL_SUCCESS on ok */ @@ -10874,6 +11153,46 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return wolfSSL_EVP_DigestFinal(ctx, md, s); } + + /* XOF stands for extendable-output functions. This is used for algos such + * as SHAKE256. + * + * returns 1 (WOLFSSL_SUCCESS) on success and 0 (WOLFSSL_FAILURE) on fail */ + int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *md, + size_t sz) + { + unsigned int len; + enum wc_HashType macType; + + WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF"); + len = (unsigned int)sz; + + macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx)); + return wolfSSL_EVP_DigestFinal_Common(ctx, md, &len, macType); + } + + + unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md) + { + enum wc_HashType macType; + + macType = EvpMd2MacType(md); + switch ((int)macType) { + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + case WC_HASH_TYPE_SHAKE128: + #endif + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + case WC_HASH_TYPE_SHAKE256: + #endif + return WOLFSSL_EVP_MD_FLAG_XOF; + default: + return 0; + } + } + + void wolfSSL_EVP_cleanup(void) { /* nothing to do here */ @@ -10884,6 +11203,10 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) WOLFSSL_MSG("wolfSSL_get_digestbynid"); switch(id) { +#ifndef NO_MD4 + case WC_NID_md4: + return wolfSSL_EVP_md4(); +#endif #ifndef NO_MD5 case WC_NID_md5: return wolfSSL_EVP_md5(); @@ -10928,64 +11251,64 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) } #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { return WC_SHA_BLOCK_SIZE; } else #endif #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { return WC_SHA256_BLOCK_SIZE; } else #endif #ifndef NO_MD4 - if (XSTRCMP(type, "MD4") == 0) { + if (XSTRCMP(type, WC_SN_md4) == 0) { return WC_MD4_BLOCK_SIZE; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { return WC_MD5_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { return WC_SHA224_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { return WC_SHA384_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { return WC_SHA512_BLOCK_SIZE; } else #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { return WC_SHA3_224_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { return WC_SHA3_256_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { return WC_SHA3_384_BLOCK_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { return WC_SHA3_512_BLOCK_SIZE; - } + } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { return WC_SM3_BLOCK_SIZE; } else #endif @@ -11003,74 +11326,74 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) } #ifndef NO_SHA - if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) { + if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) { return WC_SHA_DIGEST_SIZE; } else #endif #ifndef NO_SHA256 - if (XSTRCMP(type, "SHA256") == 0) { + if (XSTRCMP(type, WC_SN_sha256) == 0) { return WC_SHA256_DIGEST_SIZE; } else #endif #ifndef NO_MD4 - if (XSTRCMP(type, "MD4") == 0) { + if (XSTRCMP(type, WC_SN_md4) == 0) { return WC_MD4_DIGEST_SIZE; } else #endif #ifndef NO_MD5 - if (XSTRCMP(type, "MD5") == 0) { + if (XSTRCMP(type, WC_SN_md5) == 0) { return WC_MD5_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP(type, "SHA224") == 0) { + if (XSTRCMP(type, WC_SN_sha224) == 0) { return WC_SHA224_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP(type, "SHA384") == 0) { + if (XSTRCMP(type, WC_SN_sha384) == 0) { return WC_SHA384_DIGEST_SIZE; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP(type, "SHA512") == 0) { + if (XSTRCMP(type, WC_SN_sha512) == 0) { return WC_SHA512_DIGEST_SIZE; } else #ifndef WOLFSSL_NOSHA512_224 - if (XSTRCMP(type, "SHA512_224") == 0) { + if (XSTRCMP(type, WC_SN_sha512_224) == 0) { return WC_SHA512_224_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA512_256 - if (XSTRCMP(type, "SHA512_256") == 0) { + if (XSTRCMP(type, WC_SN_sha512_256) == 0) { return WC_SHA512_256_DIGEST_SIZE; } else #endif #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP(type, "SHA3_224") == 0) { + if (XSTRCMP(type, WC_SN_sha3_224) == 0) { return WC_SHA3_224_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP(type, "SHA3_256") == 0) { + if (XSTRCMP(type, WC_SN_sha3_256) == 0) { return WC_SHA3_256_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP(type, "SHA3_384") == 0) { + if (XSTRCMP(type, WC_SN_sha3_384) == 0) { return WC_SHA3_384_DIGEST_SIZE; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP(type, "SHA3_512") == 0) { + if (XSTRCMP(type, WC_SN_sha3_512) == 0) { return WC_SHA3_512_DIGEST_SIZE; } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP(type, "SM3") == 0) { + if (XSTRCMP(type, WC_SN_sm3) == 0) { return WC_SM3_DIGEST_SIZE; } #endif @@ -12182,7 +12505,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_RSA: #if !defined(NO_RSA) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyRSA( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12198,7 +12521,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_EC: #if defined(HAVE_ECC) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyEC( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12214,7 +12537,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_DSA: #if !defined(NO_DSA) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyDSA( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12230,7 +12553,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case WC_EVP_PKEY_DH: #if defined(WOLFSSL_DH_EXTRA) - keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey); res = PrintPubKeyDH( out, (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ @@ -12263,64 +12586,64 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, } #ifndef NO_SHA - if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP("SHA1", evp) == 0)) { + if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP(WC_SN_sha1, evp) == 0)) { hash = WC_HASH_TYPE_SHA; } else #endif #ifdef WOLFSSL_SHA224 - if (XSTRCMP("SHA224", evp) == 0) { + if (XSTRCMP(WC_SN_sha224, evp) == 0) { hash = WC_HASH_TYPE_SHA224; } else #endif #ifndef NO_SHA256 - if (XSTRCMP("SHA256", evp) == 0) { + if (XSTRCMP(WC_SN_sha256, evp) == 0) { hash = WC_HASH_TYPE_SHA256; } else #endif #ifdef WOLFSSL_SHA384 - if (XSTRCMP("SHA384", evp) == 0) { + if (XSTRCMP(WC_SN_sha384, evp) == 0) { hash = WC_HASH_TYPE_SHA384; } else #endif #ifdef WOLFSSL_SHA512 - if (XSTRCMP("SHA512", evp) == 0) { + if (XSTRCMP(WC_SN_sha512, evp) == 0) { hash = WC_HASH_TYPE_SHA512; } else #ifndef WOLFSSL_NOSHA512_224 - if (XSTRCMP("SHA512_224", evp) == 0) { + if (XSTRCMP(WC_SN_sha512_224, evp) == 0) { hash = WC_HASH_TYPE_SHA512_224; } else #endif #ifndef WOLFSSL_NOSHA512_256 - if (XSTRCMP("SHA512_256", evp) == 0) { + if (XSTRCMP(WC_SN_sha512_256, evp) == 0) { hash = WC_HASH_TYPE_SHA512_256; } else #endif #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - if (XSTRCMP("SHA3_224", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_224, evp) == 0) { hash = WC_HASH_TYPE_SHA3_224; } else #endif #ifndef WOLFSSL_NOSHA3_256 - if (XSTRCMP("SHA3_256", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_256, evp) == 0) { hash = WC_HASH_TYPE_SHA3_256; } else #endif #ifndef WOLFSSL_NOSHA3_384 - if (XSTRCMP("SHA3_384", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_384, evp) == 0) { hash = WC_HASH_TYPE_SHA3_384; } else #endif #ifndef WOLFSSL_NOSHA3_512 - if (XSTRCMP("SHA3_512", evp) == 0) { + if (XSTRCMP(WC_SN_sha3_512, evp) == 0) { hash = WC_HASH_TYPE_SHA3_512; } else #endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 - if (XSTRCMP("SM3", evp) == 0) { + if (XSTRCMP(WC_SN_sm3, evp) == 0) { hash = WC_HASH_TYPE_SM3; } else #endif @@ -12330,12 +12653,12 @@ int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, } else #endif #ifndef NO_MD4 - if (XSTRCMP("MD4", evp) == 0) { + if (XSTRCMP(WC_SN_md4, evp) == 0) { hash = WC_HASH_TYPE_MD4; } else #endif #ifndef NO_MD5 - if (XSTRCMP("MD5", evp) == 0) { + if (XSTRCMP(WC_SN_md5, evp) == 0) { hash = WC_HASH_TYPE_MD5; } else #endif diff --git a/src/wolfssl/internal.h b/src/wolfssl/internal.h index 37a381a..9cdbdb6 100644 --- a/src/wolfssl/internal.h +++ b/src/wolfssl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -151,15 +151,25 @@ #include #endif -#ifdef USE_WINDOWS_API +#ifdef __WATCOMC__ + #if defined(__OS2__) + #elif defined(__NT__) + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ + #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ + #elif defined(__LINUX__) + #ifndef SINGLE_THREADED + #define WOLFSSL_PTHREADS + #include + #endif + #endif +#elif defined(USE_WINDOWS_API) #ifdef WOLFSSL_GAME_BUILD #include "system/xtl.h" #else - #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) - /* On WinCE winsock2.h must be included before windows.h */ - #include - #endif + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ #endif #elif defined(THREADX) #ifndef SINGLE_THREADED @@ -232,7 +242,7 @@ #endif #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) #ifdef FUSION_RTOS - #include + #include #else #include /* for close of BIO */ #endif @@ -1827,20 +1837,23 @@ enum Misc { SM2_SA_MAJOR = 7, /* Most significant byte for SM2 with SM3 */ SM2_SA_MINOR = 8, /* Least significant byte for SM2 with SM3 */ - PQC_SA_MAJOR = 0xFE,/* Most significant byte used with PQC sig algs */ + FALCON_SA_MAJOR = 0xFE,/* Most significant byte used with falcon sig algs */ + DILITHIUM_SA_MAJOR = 0x09,/* Most significant byte used with dilithium sig algs */ - /* These values for falcon and dilithium match what OQS has defined. */ + /* These values for falcon match what OQS has defined. */ FALCON_LEVEL1_SA_MAJOR = 0xFE, FALCON_LEVEL1_SA_MINOR = 0xAE, FALCON_LEVEL5_SA_MAJOR = 0xFE, FALCON_LEVEL5_SA_MINOR = 0xB1, - DILITHIUM_LEVEL2_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL2_SA_MINOR = 0xD0, - DILITHIUM_LEVEL3_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL3_SA_MINOR = 0xD1, - DILITHIUM_LEVEL5_SA_MAJOR = 0xFE, - DILITHIUM_LEVEL5_SA_MINOR = 0xD2, + /* these values for MLDSA (Dilithium) correspond to what is proposed in the + * IETF. */ + DILITHIUM_LEVEL2_SA_MAJOR = 0x09, + DILITHIUM_LEVEL2_SA_MINOR = 0x04, + DILITHIUM_LEVEL3_SA_MAJOR = 0x09, + DILITHIUM_LEVEL3_SA_MINOR = 0x05, + DILITHIUM_LEVEL5_SA_MAJOR = 0x09, + DILITHIUM_LEVEL5_SA_MINOR = 0x06, MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */ MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */ @@ -1893,15 +1906,17 @@ enum Misc { #define AEAD_AUTH_DATA_SZ 13 #endif -#define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \ - (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) -#ifdef WOLFSSL_HAVE_KYBER -#define WOLFSSL_NAMED_GROUP_IS_PQC(group) \ - ((WOLFSSL_PQC_SIMPLE_MIN <= (group) && (group) <= WOLFSSL_PQC_SIMPLE_MAX) || \ - (WOLFSSL_PQC_HYBRID_MIN <= (group) && (group) <= WOLFSSL_PQC_HYBRID_MAX)) +#define WOLFSSL_NAMED_GROUP_IS_FFDHE(group) \ + (WOLFSSL_FFDHE_START <= (group) && (group) <= WOLFSSL_FFDHE_END) +#ifdef WOLFSSL_HAVE_MLKEM +WOLFSSL_LOCAL int NamedGroupIsPqc(int group); +WOLFSSL_LOCAL int NamedGroupIsPqcHybrid(int group); +#define WOLFSSL_NAMED_GROUP_IS_PQC(group) NamedGroupIsPqc(group) +#define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) NamedGroupIsPqcHybrid(group) #else -#define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0) -#endif /* WOLFSSL_HAVE_KYBER */ +#define WOLFSSL_NAMED_GROUP_IS_PQC(group) ((void)(group), 0) +#define WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) ((void)(group), 0) +#endif /* WOLFSSL_HAVE_MLKEM */ /* minimum Downgrade Minor version */ #ifndef WOLFSSL_MIN_DOWNGRADE @@ -2207,7 +2222,7 @@ WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz, int sniff); #endif -WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, +WOLFSSL_TEST_VIS int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff); /* TLS v1.3 needs these */ WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, Suites* clSuites); @@ -2420,8 +2435,7 @@ typedef struct CipherSuite { #endif } CipherSuite; -/* use wolfSSL_API visibility to be able to test in tests/api.c */ -WOLFSSL_API void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have, +WOLFSSL_TEST_VIS void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have, int tls1_2, int keySz, word16* len); WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl); @@ -2622,6 +2636,9 @@ struct WOLFSSL_CRL { THREAD_TYPE tid; /* monitoring thread */ wolfSSL_CRL_mfd_t mfd; int setup; /* thread is setup predicate */ +#endif +#ifdef OPENSSL_ALL + wolfSSL_Ref ref; #endif void* heap; /* heap hint for dynamic memory */ }; @@ -3099,6 +3116,7 @@ typedef struct RpkState { #endif /* HAVE_RPK */ #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) +#define ECH_ACCEPT_CONFIRMATION_SZ 8 typedef enum { ECH_TYPE_OUTER = 0, @@ -3133,11 +3151,13 @@ typedef struct WOLFSSL_EchConfig { typedef struct WOLFSSL_ECH { Hpke* hpke; + HpkeBaseContext* hpkeContext; const byte* aad; void* ephemeralKey; WOLFSSL_EchConfig* echConfig; byte* innerClientHello; byte* outerClientPayload; + byte* confBuf; EchCipherSuite cipherSuite; word16 aadLen; word16 paddingLen; @@ -3148,12 +3168,17 @@ typedef struct WOLFSSL_ECH { byte type; byte configId; byte enc[HPKE_Npk_MAX]; + byte innerCount; } WOLFSSL_ECH; WOLFSSL_LOCAL int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config); WOLFSSL_LOCAL int TLSX_FinalizeEch(WOLFSSL_ECH* ech, byte* aad, word32 aadLen); + +WOLFSSL_LOCAL int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap, + const byte* echConfigs, word32 echConfigsLen); + WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen); @@ -3368,9 +3393,9 @@ WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl); #endif #if defined(WOLFSSL_PUBLIC_ASN) && defined(HAVE_PK_CALLBACKS) -/* Internal callback guarded by WOLFSSL_PUBLIC_ASN because of DecodedCert. */ +/* Internal callback guarded by WOLFSSL_TEST_VIS because of DecodedCert. */ typedef int (*CallbackProcessPeerCert)(WOLFSSL* ssl, DecodedCert* p_cert); -WOLFSSL_API void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, +WOLFSSL_TEST_VIS void wolfSSL_CTX_SetProcessPeerCertCb(WOLFSSL_CTX* ctx, CallbackProcessPeerCert cb); #endif /* DecodedCert && HAVE_PK_CALLBACKS */ @@ -3589,9 +3614,9 @@ typedef struct KeyShareEntry { word32 keyLen; /* Key size (bytes) */ byte* pubKey; /* Public key */ word32 pubKeyLen; /* Public key length */ -#if !defined(NO_DH) || defined(WOLFSSL_HAVE_KYBER) - byte* privKey; /* Private key - DH and PQ KEMs only */ - word32 privKeyLen;/* Only for PQ KEMs. */ +#if !defined(NO_DH) || defined(WOLFSSL_HAVE_MLKEM) + byte* privKey; /* Private key */ + word32 privKeyLen;/* Private key length - PQC only */ #endif #ifdef WOLFSSL_ASYNC_CRYPT int lastRet; @@ -4143,6 +4168,8 @@ struct WOLFSSL_CTX { CallbackGenPreMaster GenPreMasterCb; /* User generate master secret handler */ CallbackGenMasterSecret GenMasterCb; + /* User generate Extended master secret handler */ + CallbackGenExtMasterSecret GenExtMasterCb; /* User generate session key handler */ CallbackGenSessionKey GenSessionKeyCb; /* User setting encrypt keys handler */ @@ -4672,8 +4699,7 @@ WOLFSSL_LOCAL WOLFSSL_SESSION* wolfSSL_GetSession( WOLFSSL* ssl, byte* masterSecret, byte restoreSessionCerts); WOLFSSL_LOCAL void SetupSession(WOLFSSL* ssl); WOLFSSL_LOCAL void AddSession(WOLFSSL* ssl); -/* use wolfSSL_API visibility to be able to test in tests/api.c */ -WOLFSSL_API int AddSessionToCache(WOLFSSL_CTX* ctx, +WOLFSSL_TEST_VIS int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, const byte* id, byte idSz, int* sessionIndex, int side, word16 useTicket, ClientSession** clientCacheEntry); #ifndef NO_CLIENT_CACHE @@ -4689,8 +4715,7 @@ WOLFSSL_LOCAL int TlsSessionCacheGetAndRdLock(const byte *id, WOLFSSL_LOCAL int TlsSessionCacheGetAndWrLock(const byte *id, WOLFSSL_SESSION **sess, word32 *lockedRow, byte side); WOLFSSL_LOCAL void EvictSessionFromCache(WOLFSSL_SESSION* session); -/* WOLFSSL_API to test it in tests/api.c */ -WOLFSSL_API int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output); +WOLFSSL_TEST_VIS int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output); WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session); WOLFSSL_LOCAL void wolfSSL_FreeSession(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session); @@ -4799,9 +4824,9 @@ typedef struct Buffers { buffer clearOutputBuffer; buffer sig; /* signature data */ buffer digest; /* digest data */ - int prevSent; /* previous plain text bytes sent + word32 prevSent; /* previous plain text bytes sent when got WANT_WRITE */ - int plainSz; /* plain text bytes in buffer to send + word32 plainSz; /* plain text bytes in buffer to send when got WANT_WRITE */ byte weOwnCert; /* SSL own cert flag */ byte weOwnCertChain; /* SSL own cert chain flag */ @@ -5072,7 +5097,8 @@ struct Options { word16 useDtlsCID:1; #endif /* WOLFSSL_DTLS_CID */ #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - word16 useEch:1; /* Do we have a valid config */ + word16 useEch:1; + word16 echAccepted:1; byte disableECH:1; /* Did the user disable ech */ #endif #ifdef WOLFSSL_SEND_HRR_COOKIE @@ -5385,6 +5411,7 @@ struct WOLFSSL_X509 { byte keyUsageCrit:1; byte extKeyUsageCrit:1; byte subjKeyIdSet:1; + byte pathLengthSet:1; byte subjKeyIdCrit:1; byte basicConstSet:1; @@ -5437,6 +5464,10 @@ struct WOLFSSL_X509 { /* Alternative Signature Value */ byte *altSigValDer; int altSigValLen; + + byte sapkiCrit:1; + byte altSigAlgCrit:1; + byte altSigValCrit:1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ }; @@ -5780,16 +5811,16 @@ struct WOLFSSL { WOLFSSL_CTX* initial_ctx; /* preserve session key materials */ #endif Suites* suites; /* Only need during handshake. Can be NULL when - * re-using the context's object. When WOLFSSL + * reusing the context's object. When WOLFSSL * object needs separate instance of suites use * AllocateSuites(). */ -#ifdef OPENSSL_EXTRA - const Suites* clSuites; -#endif + Suites* clSuites; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLF_STACK_OF(WOLFSSL_CIPHER)* suitesStack; /* stack of available cipher * suites */ + WOLF_STACK_OF(WOLFSSL_CIPHER)* clSuitesStack; /* stack of client cipher + * suites */ #endif Arrays* arrays; #ifdef WOLFSSL_TLS13 @@ -5799,6 +5830,7 @@ struct WOLFSSL { HS_Hashes* hsHashes; #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) HS_Hashes* hsHashesEch; + HS_Hashes* hsHashesEchInner; #endif void* IOCB_ReadCtx; void* IOCB_WriteCtx; @@ -6118,12 +6150,10 @@ struct WOLFSSL { void* ocspIOCtx; byte ocspProducedDate[MAX_DATE_SZ]; int ocspProducedDateFormat; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) byte* ocspResp; int ocspRespSz; - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) - char* url; - #endif + char* url; #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) word32 response_idx; @@ -6190,6 +6220,7 @@ struct WOLFSSL { #endif /* NO_RSA */ void* GenPreMasterCtx; /* Generate Premaster Callback Context */ void* GenMasterCtx; /* Generate Master Callback Context */ + void* GenExtMasterCtx; /* Generate Extended Master Callback Context */ void* GenSessionKeyCtx; /* Generate Session Key Callback Context */ void* EncryptKeysCtx; /* Set Encrypt keys Callback Context */ void* TlsFinishedCtx; /* Generate Tls Finished Callback Context */ @@ -6224,6 +6255,7 @@ struct WOLFSSL { #if defined(OPENSSL_EXTRA) WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ + WOLFSSL_STACK* verifiedChain; /* peer cert chain to CA */ #ifdef KEEP_OUR_CERT WOLFSSL_STACK* ourCertChain; /* Used in wolfSSL_add1_chain_cert */ #endif @@ -6347,7 +6379,7 @@ WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); WOLFSSL_LOCAL int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); WOLFSSL_LOCAL int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup); WOLFSSL_LOCAL void FreeSSL(WOLFSSL* ssl, void* heap); -WOLFSSL_API void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ +WOLFSSL_TEST_VIS void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ #ifndef OPENSSL_COEXIST #define SSL_ResourceFree wolfSSL_ResourceFree #endif @@ -6496,7 +6528,7 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk, WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); #endif /* HAVE_SESSION_TICKET */ -WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz); +WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, size_t sz); #ifdef WOLFSSL_THREADED_CRYPT WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl); #endif @@ -6517,7 +6549,7 @@ WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL* ssl); WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL* ssl); WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL int SendBuffered(WOLFSSL* ssl); -WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek); +WOLFSSL_LOCAL int ReceiveData(WOLFSSL* ssl, byte* output, size_t sz, int peek); WOLFSSL_LOCAL int SendFinished(WOLFSSL* ssl); WOLFSSL_LOCAL int RetrySendAlert(WOLFSSL* ssl); WOLFSSL_LOCAL int SendAlert(WOLFSSL* ssl, int severity, int type); @@ -6713,18 +6745,15 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); #ifdef WOLFSSL_DTLS WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap); - /* Use WOLFSSL_API to enable src/api.c testing */ - WOLFSSL_API void DtlsMsgListDelete(DtlsMsg* head, void* heap); + WOLFSSL_TEST_VIS void DtlsMsgListDelete(DtlsMsg* head, void* heap); WOLFSSL_LOCAL void DtlsTxMsgListClean(WOLFSSL* ssl); WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg* msg, word32 seq, word16 epoch, const byte* data, byte type, word32 fragOffset, word32 fragSz, void* heap, word32 totalLen, byte encrypted); - /* Use WOLFSSL_API to enable src/api.c testing */ - WOLFSSL_API DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq); + WOLFSSL_TEST_VIS DtlsMsg* DtlsMsgFind(DtlsMsg* head, word16 epoch, word32 seq); - /* Use WOLFSSL_API to enable src/api.c testing */ - WOLFSSL_API void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq, + WOLFSSL_TEST_VIS void DtlsMsgStore(WOLFSSL* ssl, word16 epoch, word32 seq, const byte* data, word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap); @@ -6914,8 +6943,7 @@ WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, int sizeOnly, int asyncOkay, int epochOrder); #ifdef WOLFSSL_TLS13 -/* Use WOLFSSL_API to use this function in tests/api.c */ -WOLFSSL_API int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, +WOLFSSL_TEST_VIS int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay); WOLFSSL_LOCAL int Tls13UpdateKeys(WOLFSSL* ssl); #endif @@ -6972,7 +7000,7 @@ WOLFSSL_LOCAL word32 nid2oid(int nid, int grp); #endif #ifdef WOLFSSL_DTLS -WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo, +WOLFSSL_TEST_VIS int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo, word16* next_hi, word32* next_lo, word32 *window); WOLFSSL_LOCAL int DtlsUpdateWindow(WOLFSSL* ssl); WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl); @@ -6982,8 +7010,7 @@ WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl); #ifdef WOLFSSL_DTLS13 -/* Use WOLFSSL_API to use this function in tests/api.c */ -WOLFSSL_API struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl, +WOLFSSL_TEST_VIS struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl, w64wrapper epochNumber); WOLFSSL_LOCAL void Dtls13SetOlderEpochSide(WOLFSSL* ssl, w64wrapper epochNumber, int side); @@ -7019,6 +7046,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeSend(WOLFSSL* ssl, byte* output, word16 output_size, word16 length, enum HandShakeType handshake_type, int hash_output); WOLFSSL_LOCAL int Dtls13RecordRecvd(WOLFSSL* ssl); +WOLFSSL_TEST_VIS int Dtls13CheckEpoch(WOLFSSL* ssl, enum HandShakeType type); WOLFSSL_LOCAL int Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, @@ -7032,7 +7060,10 @@ WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, w64wrapper* epoch); WOLFSSL_LOCAL int Dtls13ReconstructSeqNumber(WOLFSSL* ssl, Dtls13UnifiedHdrInfo* hdrInfo, w64wrapper* out); +WOLFSSL_TEST_VIS int Dtls13WriteAckMessage(WOLFSSL* ssl, + Dtls13RecordNumber* recordNumberList, word32* length); WOLFSSL_LOCAL int SendDtls13Ack(WOLFSSL* ssl); +WOLFSSL_TEST_VIS int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq); WOLFSSL_LOCAL int Dtls13RtxProcessingCertificate(WOLFSSL* ssl, byte* input, word32 inputSize); WOLFSSL_LOCAL int Dtls13HashHandshake(WOLFSSL* ssl, const byte* input, @@ -7073,9 +7104,8 @@ typedef struct CRYPTO_EX_cb_ctx { struct CRYPTO_EX_cb_ctx* next; } CRYPTO_EX_cb_ctx; -/* use wolfSSL_API visibility to be able to clear in tests/api.c */ -WOLFSSL_API extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session; -WOLFSSL_API void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx); +WOLFSSL_TEST_VIS extern CRYPTO_EX_cb_ctx* crypto_ex_cb_ctx_session; +WOLFSSL_TEST_VIS void crypto_ex_cb_free(CRYPTO_EX_cb_ctx* cb_ctx); WOLFSSL_LOCAL void crypto_ex_cb_setup_new_data(void *new_obj, CRYPTO_EX_cb_ctx* cb_ctx, WOLFSSL_CRYPTO_EX_DATA* ex_data); WOLFSSL_LOCAL void crypto_ex_cb_free_data(void *obj, CRYPTO_EX_cb_ctx* cb_ctx, @@ -7157,6 +7187,7 @@ WOLFSSL_LOCAL int TranslateErrorToAlert(int err); #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type); +WOLFSSL_LOCAL void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type); WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, diff --git a/src/wolfssl/ocsp.h b/src/wolfssl/ocsp.h index f2e234f..69b5c14 100644 --- a/src/wolfssl/ocsp.h +++ b/src/wolfssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/aes.h b/src/wolfssl/openssl/aes.h index 25110c8..4710f72 100644 --- a/src/wolfssl/openssl/aes.h +++ b/src/wolfssl/openssl/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/asn1.h b/src/wolfssl/openssl/asn1.h index 5b4f25a..b9e2c19 100644 --- a/src/wolfssl/openssl/asn1.h +++ b/src/wolfssl/openssl/asn1.h @@ -1,6 +1,6 @@ /* asn1.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,6 +39,7 @@ #define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT #define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT +#define V_ASN1_BIT_STRING WOLFSSL_V_ASN1_BIT_STRING #define V_ASN1_INTEGER WOLFSSL_V_ASN1_INTEGER #define V_ASN1_NEG WOLFSSL_V_ASN1_NEG #define V_ASN1_NEG_INTEGER WOLFSSL_V_ASN1_NEG_INTEGER @@ -218,11 +219,11 @@ typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM; mtype##_member_data, \ sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \ sizeof(mtype) ,\ - OFFSETOF(mtype, type) \ + WC_OFFSETOF(mtype, type) \ }; #define ASN1_TYPE(type, member, tag, first_byte, exp, seq) \ - OFFSETOF(type, member), tag, first_byte, exp, seq + WC_OFFSETOF(type, member), tag, first_byte, exp, seq /* Function callbacks need to be defined immediately otherwise we will * incorrectly expand the type. Ex: ASN1_INTEGER -> WOLFSSL_ASN1_INTEGER */ diff --git a/src/wolfssl/openssl/asn1t.h b/src/wolfssl/openssl/asn1t.h index e74ee26..2a52b3b 100644 --- a/src/wolfssl/openssl/asn1t.h +++ b/src/wolfssl/openssl/asn1t.h @@ -1,6 +1,6 @@ /* asn1t.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/bio.h b/src/wolfssl/openssl/bio.h index cf6571b..73214ab 100644 --- a/src/wolfssl/openssl/bio.h +++ b/src/wolfssl/openssl/bio.h @@ -1,6 +1,6 @@ /* bio.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -104,6 +104,7 @@ #endif #define BIO_int_ctrl wolfSSL_BIO_int_ctrl #define BIO_reset wolfSSL_BIO_reset +#define BIO_s_null wolfSSL_BIO_s_null #define BIO_s_file wolfSSL_BIO_s_file #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket diff --git a/src/wolfssl/openssl/bn.h b/src/wolfssl/openssl/bn.h index ed8ae43..45411f5 100644 --- a/src/wolfssl/openssl/bn.h +++ b/src/wolfssl/openssl/bn.h @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,7 @@ typedef struct WOLFSSL_BIGNUM { int neg; /* openssh deference */ void *internal; /* our big num */ -#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) +#if !defined(NO_BIG_INT) mp_int mpi; #endif } WOLFSSL_BIGNUM; @@ -77,8 +77,15 @@ typedef struct WOLFSSL_BIGNUM { #define WOLFSSL_BN_MAX_VAL ((BN_ULONG)-1) -typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; -typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; +struct WOLFSSL_BN_CTX_LIST { + WOLFSSL_BIGNUM* bn; + struct WOLFSSL_BN_CTX_LIST* next; +}; +typedef struct WOLFSSL_BN_CTX { + struct WOLFSSL_BN_CTX_LIST* list; +} WOLFSSL_BN_CTX; +typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX; +typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void); WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx); @@ -151,6 +158,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn, WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_div_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); @@ -184,6 +192,13 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse( const WOLFSSL_BIGNUM *n, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API WOLFSSL_BN_MONT_CTX* wolfSSL_BN_MONT_CTX_new(void); +WOLFSSL_API void wolfSSL_BN_MONT_CTX_free(WOLFSSL_BN_MONT_CTX *mont); +WOLFSSL_API int wolfSSL_BN_MONT_CTX_set(WOLFSSL_BN_MONT_CTX *mont, + const WOLFSSL_BIGNUM *mod, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API int wolfSSL_BN_mod_exp_mont_word(WOLFSSL_BIGNUM *r, + WOLFSSL_BN_ULONG a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, + WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_MONT_CTX *mont); #if !defined(OPENSSL_COEXIST) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) @@ -194,13 +209,19 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse( #define BN_RAND_BOTTOM_ANY WOLFSSL_BN_RAND_BOTTOM_ANY #define BN_RAND_BOTTOM_ODD WOLFSSL_BN_RAND_BOTTOM_ODD -typedef WOLFSSL_BIGNUM BIGNUM; -typedef WOLFSSL_BN_CTX BN_CTX; -typedef WOLFSSL_BN_GENCB BN_GENCB; +typedef WOLFSSL_BIGNUM BIGNUM; +typedef WOLFSSL_BN_CTX BN_CTX; +typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX; +typedef WOLFSSL_BN_GENCB BN_GENCB; +#ifndef NO_WOLFSSL_BN_CTX #define BN_CTX_new wolfSSL_BN_CTX_new #define BN_CTX_init wolfSSL_BN_CTX_init #define BN_CTX_free wolfSSL_BN_CTX_free +#else +#define BN_CTX_new() ((BN_CTX*)-1) +#define BN_CTX_free(x) ((void)(x)) +#endif #define BN_new wolfSSL_BN_new #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT) @@ -228,6 +249,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_mod wolfSSL_BN_mod #define BN_mod_exp wolfSSL_BN_mod_exp +#define BN_mod_exp_mont(a,b,c,d,e,f) \ + ((void)(f), wolfSSL_BN_mod_exp((a),(b),(c),(d),(e))) #define BN_mod_mul wolfSSL_BN_mod_mul #define BN_sub wolfSSL_BN_sub #define BN_mul wolfSSL_BN_mul @@ -257,6 +280,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_add_word wolfSSL_BN_add_word #define BN_mul_word wolfSSL_BN_mul_word #define BN_sub_word wolfSSL_BN_sub_word +#define BN_div_word wolfSSL_BN_div_word #define BN_add wolfSSL_BN_add #define BN_mod_add wolfSSL_BN_mod_add #define BN_set_word wolfSSL_BN_set_word @@ -290,6 +314,11 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_prime_checks 0 +#define BN_MONT_CTX_new wolfSSL_BN_MONT_CTX_new +#define BN_MONT_CTX_free wolfSSL_BN_MONT_CTX_free +#define BN_MONT_CTX_set wolfSSL_BN_MONT_CTX_set +#define BN_mod_exp_mont_word wolfSSL_BN_mod_exp_mont_word + #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ diff --git a/src/wolfssl/openssl/buffer.h b/src/wolfssl/openssl/buffer.h index c4195cf..548d744 100644 --- a/src/wolfssl/openssl/buffer.h +++ b/src/wolfssl/openssl/buffer.h @@ -1,6 +1,6 @@ /* buffer.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/camellia.h b/src/wolfssl/openssl/camellia.h index 0cad9c9..fe5b17c 100644 --- a/src/wolfssl/openssl/camellia.h +++ b/src/wolfssl/openssl/camellia.h @@ -1,6 +1,6 @@ /* camellia.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/cmac.h b/src/wolfssl/openssl/cmac.h index 120fd1d..489396c 100644 --- a/src/wolfssl/openssl/cmac.h +++ b/src/wolfssl/openssl/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/cms.h b/src/wolfssl/openssl/cms.h index 7febb67..291c08d 100644 --- a/src/wolfssl/openssl/cms.h +++ b/src/wolfssl/openssl/cms.h @@ -1,6 +1,6 @@ /* cms.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/compat_types.h b/src/wolfssl/openssl/compat_types.h index 00bfde1..58113c4 100644 --- a/src/wolfssl/openssl/compat_types.h +++ b/src/wolfssl/openssl/compat_types.h @@ -1,6 +1,6 @@ /* compat_types.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/conf.h b/src/wolfssl/openssl/conf.h index 411a3e0..d2e2eb4 100644 --- a/src/wolfssl/openssl/conf.h +++ b/src/wolfssl/openssl/conf.h @@ -1,6 +1,6 @@ /* conf.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/crypto.h b/src/wolfssl/openssl/crypto.h index 33a279a..e05468e 100644 --- a/src/wolfssl/openssl/crypto.h +++ b/src/wolfssl/openssl/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/des.h b/src/wolfssl/openssl/des.h index 6db0df7..9554c2a 100644 --- a/src/wolfssl/openssl/des.h +++ b/src/wolfssl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/dh.h b/src/wolfssl/openssl/dh.h index 60fe59f..70b1087 100644 --- a/src/wolfssl/openssl/dh.h +++ b/src/wolfssl/openssl/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/dsa.h b/src/wolfssl/openssl/dsa.h index 1d24ceb..d5f64bb 100644 --- a/src/wolfssl/openssl/dsa.h +++ b/src/wolfssl/openssl/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ec.h b/src/wolfssl/openssl/ec.h index 4067cff..d68217b 100644 --- a/src/wolfssl/openssl/ec.h +++ b/src/wolfssl/openssl/ec.h @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ec25519.h b/src/wolfssl/openssl/ec25519.h index 0421ce8..92cf807 100644 --- a/src/wolfssl/openssl/ec25519.h +++ b/src/wolfssl/openssl/ec25519.h @@ -1,6 +1,6 @@ /* ec25519.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ec448.h b/src/wolfssl/openssl/ec448.h index 89a9e1c..ce2cc7c 100644 --- a/src/wolfssl/openssl/ec448.h +++ b/src/wolfssl/openssl/ec448.h @@ -1,6 +1,6 @@ /* ec448.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ecdh.h b/src/wolfssl/openssl/ecdh.h index 74b8c91..7fbc5a3 100644 --- a/src/wolfssl/openssl/ecdh.h +++ b/src/wolfssl/openssl/ecdh.h @@ -1,6 +1,6 @@ /* ecdh.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ecdsa.h b/src/wolfssl/openssl/ecdsa.h index f9ba1ec..12d003f 100644 --- a/src/wolfssl/openssl/ecdsa.h +++ b/src/wolfssl/openssl/ecdsa.h @@ -1,6 +1,6 @@ /* ecdsa.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ed25519.h b/src/wolfssl/openssl/ed25519.h index d4c1b1b..9d67c6f 100644 --- a/src/wolfssl/openssl/ed25519.h +++ b/src/wolfssl/openssl/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ed448.h b/src/wolfssl/openssl/ed448.h index 3c97862..793e66f 100644 --- a/src/wolfssl/openssl/ed448.h +++ b/src/wolfssl/openssl/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/err.h b/src/wolfssl/openssl/err.h index 708498a..6723ded 100644 --- a/src/wolfssl/openssl/err.h +++ b/src/wolfssl/openssl/err.h @@ -1,6 +1,6 @@ /* err.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/evp.h b/src/wolfssl/openssl/evp.h index 02b5c8b..3192dbf 100644 --- a/src/wolfssl/openssl/evp.h +++ b/src/wolfssl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -221,6 +221,9 @@ typedef union { #ifdef WOLFSSL_SM3 wc_Sm3 sm3; #endif + #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) + wc_Shake shake; + #endif } WOLFSSL_Hasher; @@ -798,6 +801,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void); WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type); WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type); +WOLFSSL_API unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md); WOLFSSL_API int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type); WOLFSSL_API int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type); @@ -823,6 +827,8 @@ WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* unsigned int* s); WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); +WOLFSSL_API int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX* ctx, + unsigned char* md, size_t sz); WOLFSSL_API int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, unsigned int cnt); WOLFSSL_API int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, @@ -1096,6 +1102,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, unsigned int* outSz, const WOLFSSL_EVP_MD* evp, WOLFSSL_ENGINE* eng); +WOLFSSL_API const char* wolfSSL_EVP_CIPHER_type_string(unsigned int type); WOLFSSL_API int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, WOLFSSL_ENGINE *impl, @@ -1144,6 +1151,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define WOLFSSL_EVP_CTRL_CCM_SET_TAG WOLFSSL_EVP_CTRL_AEAD_SET_TAG #define WOLFSSL_EVP_CTRL_CCM_SET_L 0x14 #define WOLFSSL_EVP_CTRL_CCM_SET_MSGLEN 0x15 +#define WOLFSSL_EVP_MD_FLAG_XOF 0x2 #define WOLFSSL_NO_PADDING_BLOCK_SIZE 1 @@ -1256,12 +1264,15 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_MD_CTX_set_flags(ctx, flags) WC_DO_NOTHING #endif +#define EVP_MD_FLAG_XOF WOLFSSL_EVP_MD_FLAG_XOF + #define EVP_Digest wolfSSL_EVP_Digest #define EVP_DigestInit wolfSSL_EVP_DigestInit #define EVP_DigestInit_ex wolfSSL_EVP_DigestInit_ex #define EVP_DigestUpdate wolfSSL_EVP_DigestUpdate #define EVP_DigestFinal wolfSSL_EVP_DigestFinal #define EVP_DigestFinal_ex wolfSSL_EVP_DigestFinal_ex +#define EVP_DigestFinalXOF wolfSSL_EVP_DigestFinalXOF #define EVP_DigestSignInit wolfSSL_EVP_DigestSignInit #define EVP_DigestSignUpdate wolfSSL_EVP_DigestSignUpdate #define EVP_DigestSignFinal wolfSSL_EVP_DigestSignFinal @@ -1311,6 +1322,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_get_cipherbynid wolfSSL_EVP_get_cipherbynid #define EVP_get_digestbynid wolfSSL_EVP_get_digestbynid #define EVP_MD_nid wolfSSL_EVP_MD_type +#define EVP_MD_flags wolfSSL_EVP_MD_flags #define EVP_PKEY_assign wolfSSL_EVP_PKEY_assign #define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA diff --git a/src/wolfssl/openssl/fips_rand.h b/src/wolfssl/openssl/fips_rand.h index 58f21b3..4142e7e 100644 --- a/src/wolfssl/openssl/fips_rand.h +++ b/src/wolfssl/openssl/fips_rand.h @@ -1,6 +1,6 @@ /* fips_rand.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/hmac.h b/src/wolfssl/openssl/hmac.h index 1a2c304..b29d4fc 100644 --- a/src/wolfssl/openssl/hmac.h +++ b/src/wolfssl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/kdf.h b/src/wolfssl/openssl/kdf.h index 295c99f..f36aedc 100644 --- a/src/wolfssl/openssl/kdf.h +++ b/src/wolfssl/openssl/kdf.h @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/lhash.h b/src/wolfssl/openssl/lhash.h index 4c1637a..6a86992 100644 --- a/src/wolfssl/openssl/lhash.h +++ b/src/wolfssl/openssl/lhash.h @@ -1,6 +1,6 @@ /* lhash.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/md4.h b/src/wolfssl/openssl/md4.h index 9181e8d..3d0549f 100644 --- a/src/wolfssl/openssl/md4.h +++ b/src/wolfssl/openssl/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/md5.h b/src/wolfssl/openssl/md5.h index 452b6a4..709c03f 100644 --- a/src/wolfssl/openssl/md5.h +++ b/src/wolfssl/openssl/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/modes.h b/src/wolfssl/openssl/modes.h index e6a584c..50342bd 100644 --- a/src/wolfssl/openssl/modes.h +++ b/src/wolfssl/openssl/modes.h @@ -1,6 +1,6 @@ /* modes.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/obj_mac.h b/src/wolfssl/openssl/obj_mac.h index b4d4013..3304158 100644 --- a/src/wolfssl/openssl/obj_mac.h +++ b/src/wolfssl/openssl/obj_mac.h @@ -1,6 +1,6 @@ /* obj_mac.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,6 +59,27 @@ #define NID_sect571k1 WC_NID_sect571k1 #define NID_sect571r1 WC_NID_sect571r1 +/* mapping of short names */ +#define SN_md4 WC_SN_md4 +#define SN_md5 WC_SN_md5 +#define SN_sha1 WC_SN_sha1 +#define SN_sha224 WC_SN_sha224 +#define SN_sha256 WC_SN_sha256 +#define SN_sha384 WC_SN_sha384 +#define SN_sha512 WC_SN_sha512 +#define SN_sha512_224 WC_SN_sha512_224 +#define SN_sha512_256 WC_SN_sha512_256 +#define SN_sha3_224 WC_SN_sha3_224 +#define SN_sha3_256 WC_SN_sha3_256 +#define SN_sha3_384 WC_SN_sha3_384 +#define SN_sha3_512 WC_SN_sha3_512 +#define SN_shake128 WC_SN_shake128 +#define SN_shake256 WC_SN_shake256 +#define SN_blake2s256 WC_SN_blake2s256 +#define SN_blake2s512 WC_SN_blake2s512 +#define SN_blake2b512 WC_SN_blake2b512 +#define SN_sm3 WC_SN_sm3 + #endif /* !OPENSSL_COEXIST */ /* the definition is for Qt Unit test */ diff --git a/src/wolfssl/openssl/objects.h b/src/wolfssl/openssl/objects.h index 1b6ce80..3325c83 100644 --- a/src/wolfssl/openssl/objects.h +++ b/src/wolfssl/openssl/objects.h @@ -1,6 +1,6 @@ /* objects.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,8 @@ #include #endif /* OPENSSL_EXTRA_SSL_GUARD */ +#include + #ifdef __cplusplus extern "C" { #endif diff --git a/src/wolfssl/openssl/ocsp.h b/src/wolfssl/openssl/ocsp.h index a6bae66..67ae0f1 100644 --- a/src/wolfssl/openssl/ocsp.h +++ b/src/wolfssl/openssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/opensslv.h b/src/wolfssl/openssl/opensslv.h index 481f74e..e643a64 100644 --- a/src/wolfssl/openssl/opensslv.h +++ b/src/wolfssl/openssl/opensslv.h @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ossl_typ.h b/src/wolfssl/openssl/ossl_typ.h index 8214fa3..084558d 100644 --- a/src/wolfssl/openssl/ossl_typ.h +++ b/src/wolfssl/openssl/ossl_typ.h @@ -1,6 +1,6 @@ /* ossl_typ.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/pem.h b/src/wolfssl/openssl/pem.h index 3666ab5..1cf4247 100644 --- a/src/wolfssl/openssl/pem.h +++ b/src/wolfssl/openssl/pem.h @@ -1,6 +1,6 @@ /* pem.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/pkcs12.h b/src/wolfssl/openssl/pkcs12.h index 7da2b98..a59798c 100644 --- a/src/wolfssl/openssl/pkcs12.h +++ b/src/wolfssl/openssl/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/pkcs7.h b/src/wolfssl/openssl/pkcs7.h index 9a53b89..84ae285 100644 --- a/src/wolfssl/openssl/pkcs7.h +++ b/src/wolfssl/openssl/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/rand.h b/src/wolfssl/openssl/rand.h index 71d6810..4c41ed7 100644 --- a/src/wolfssl/openssl/rand.h +++ b/src/wolfssl/openssl/rand.h @@ -1,6 +1,6 @@ /* rand.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/rc4.h b/src/wolfssl/openssl/rc4.h index fb51128..309174b 100644 --- a/src/wolfssl/openssl/rc4.h +++ b/src/wolfssl/openssl/rc4.h @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ripemd.h b/src/wolfssl/openssl/ripemd.h index a7c4247..0e80bb3 100644 --- a/src/wolfssl/openssl/ripemd.h +++ b/src/wolfssl/openssl/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/rsa.h b/src/wolfssl/openssl/rsa.h index c414fdf..111a89e 100644 --- a/src/wolfssl/openssl/rsa.h +++ b/src/wolfssl/openssl/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/safestack.h b/src/wolfssl/openssl/safestack.h index ee1f872..e059a6e 100644 --- a/src/wolfssl/openssl/safestack.h +++ b/src/wolfssl/openssl/safestack.h @@ -1,6 +1,6 @@ /* safestack.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/sha.h b/src/wolfssl/openssl/sha.h index 34a1962..4644a33 100644 --- a/src/wolfssl/openssl/sha.h +++ b/src/wolfssl/openssl/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/sha3.h b/src/wolfssl/openssl/sha3.h index c2f5535..a970bfd 100644 --- a/src/wolfssl/openssl/sha3.h +++ b/src/wolfssl/openssl/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/srp.h b/src/wolfssl/openssl/srp.h index d0e6123..978e05d 100644 --- a/src/wolfssl/openssl/srp.h +++ b/src/wolfssl/openssl/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ssl.h b/src/wolfssl/openssl/ssl.h index 959d1e6..da16168 100644 --- a/src/wolfssl/openssl/ssl.h +++ b/src/wolfssl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -289,6 +289,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSLv23_client_method wolfSSLv23_client_method #define SSLv2_client_method wolfSSLv2_client_method #define SSLv2_server_method wolfSSLv2_server_method +#define SSLv3_method wolfSSLv3_method #define SSLv3_server_method wolfSSLv3_server_method #define SSLv3_client_method wolfSSLv3_client_method #define TLS_client_method wolfTLS_client_method @@ -352,7 +353,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_write_early_data(ssl, d, dLen, len) wolfSSL_write_early_data(ssl, d, (int)(dLen), (int *)(len)) #define SSL_write wolfSSL_write +#define SSL_write_ex wolfSSL_write_ex #define SSL_read wolfSSL_read +#define SSL_read_ex wolfSSL_read_ex #define SSL_peek wolfSSL_peek #define SSL_accept wolfSSL_accept #define SSL_CTX_free wolfSSL_CTX_free @@ -432,6 +435,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_get_version wolfSSL_get_version #define SSL_get_current_cipher wolfSSL_get_current_cipher +#define SSL_get_client_ciphers wolfSSL_get_client_ciphers /* use wolfSSL_get_cipher_name for its return format */ #define SSL_get_cipher wolfSSL_get_cipher_name @@ -461,6 +465,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ + #define X509_OBJECT_set1_X509 wolfSSL_X509_OBJECT_set1_X509 + #define X509_OBJECT_set1_X509_CRL wolfSSL_X509_OBJECT_set1_X509_CRL + #define sk_X509_OBJECT_deep_copy wolfSSL_sk_X509_OBJECT_deep_copy #define X509_cmp wolfSSL_X509_cmp #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical @@ -688,6 +695,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_NAME_entry_count wolfSSL_X509_NAME_entry_count #define X509_NAME_get_entry wolfSSL_X509_NAME_get_entry +#define X509_NAME_ENTRY_set wolfSSL_X509_NAME_ENTRY_set #define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define X509_NAME_ENTRY_get_object wolfSSL_X509_NAME_ENTRY_get_object @@ -717,6 +725,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_VP_FLAG_LOCKED WOLFSSL_VPARAM_LOCKED #define X509_VP_FLAG_ONCE WOLFSSL_VPARAM_ONCE +#define X509_STORE_lock(x) 1 +#define X509_STORE_unlock(x) 1 + #define X509_STORE_CTX_get_current_cert wolfSSL_X509_STORE_CTX_get_current_cert #define X509_STORE_CTX_set_verify_cb wolfSSL_X509_STORE_CTX_set_verify_cb #define X509_STORE_CTX_new wolfSSL_X509_STORE_CTX_new @@ -779,6 +790,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_VERIFY_PARAM_lookup wolfSSL_X509_VERIFY_PARAM_lookup #define X509_VERIFY_PARAM_inherit wolfSSL_X509_VERIFY_PARAM_inherit #define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations +#define X509_STORE_set_default_paths wolfSSL_X509_STORE_set_default_paths #define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param #define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir @@ -1104,6 +1116,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_psk_server_callback wolfSSL_CTX_set_psk_server_callback #define SSL_set_psk_server_callback wolfSSL_set_psk_server_callback +#if !defined(USE_WINDOWS_API) && !defined(INVALID_SOCKET) + #define INVALID_SOCKET (-1) +#endif + /* system file ints for ERR_put_error */ #define SYS_F_ACCEPT WOLFSSL_SYS_ACCEPT #define SYS_F_BIND WOLFSSL_SYS_BIND @@ -1430,6 +1446,11 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ +#ifndef WOLFSSL_ALLOW_SSLV3 + #undef OPENSSL_NO_SSL3 + #define OPENSSL_NO_SSL3 +#endif + /* Used as message callback types */ #define SSL3_RT_CHANGE_CIPHER_SPEC 20 #define SSL3_RT_ALERT 21 @@ -1810,6 +1831,8 @@ typedef WOLFSSL_CONF_CTX SSL_CONF_CTX; #define SSL_CONF_cmd wolfSSL_CONF_cmd #define SSL_CONF_cmd_value_type wolfSSL_CONF_cmd_value_type +#define SSL_OP_LEGACY_SERVER_CONNECT 0 + #endif /* !OPENSSL_COEXIST && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ diff --git a/src/wolfssl/openssl/stack.h b/src/wolfssl/openssl/stack.h index fe697c4..16f71d3 100644 --- a/src/wolfssl/openssl/stack.h +++ b/src/wolfssl/openssl/stack.h @@ -1,6 +1,6 @@ /* stack.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/tls1.h b/src/wolfssl/openssl/tls1.h index 1f8895c..b1992fc 100644 --- a/src/wolfssl/openssl/tls1.h +++ b/src/wolfssl/openssl/tls1.h @@ -1,6 +1,6 @@ /* tls1.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/txt_db.h b/src/wolfssl/openssl/txt_db.h index b8aa56f..aa05d92 100644 --- a/src/wolfssl/openssl/txt_db.h +++ b/src/wolfssl/openssl/txt_db.h @@ -1,6 +1,6 @@ /* txt_db.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/x509.h b/src/wolfssl/openssl/x509.h index f2bfb1b..e1eb78e 100644 --- a/src/wolfssl/openssl/x509.h +++ b/src/wolfssl/openssl/x509.h @@ -1,6 +1,6 @@ /* x509.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -111,6 +111,8 @@ #define X509_V_ERR_UNABLE_TO_GET_CRL WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL #define X509_V_ERR_CRL_HAS_EXPIRED WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0 +#define X509_V_FLAG_X509_STRICT 0 /* * Not all of these X509_V_ERR values are used in wolfSSL. Some are included to @@ -212,6 +214,7 @@ #define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 #define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_KEY_VALUES_MISMATCH WC_KEY_MISMATCH_E #define X509_EXTENSION_set_critical wolfSSL_X509_EXTENSION_set_critical #define X509_EXTENSION_set_object wolfSSL_X509_EXTENSION_set_object diff --git a/src/wolfssl/openssl/x509_vfy.h b/src/wolfssl/openssl/x509_vfy.h index 977e0c0..c26b94d 100644 --- a/src/wolfssl/openssl/x509_vfy.h +++ b/src/wolfssl/openssl/x509_vfy.h @@ -1,6 +1,6 @@ /* x509_vfy.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/x509v3.h b/src/wolfssl/openssl/x509v3.h index a84077d..c0ae5cc 100644 --- a/src/wolfssl/openssl/x509v3.h +++ b/src/wolfssl/openssl/x509v3.h @@ -1,6 +1,6 @@ /* x509v3.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/quic.h b/src/wolfssl/quic.h index 70ae61c..da8c50a 100644 --- a/src/wolfssl/quic.h +++ b/src/wolfssl/quic.h @@ -1,6 +1,6 @@ /* quic.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/sniffer.h b/src/wolfssl/sniffer.h index 3eabd42..929fcdc 100644 --- a/src/wolfssl/sniffer.h +++ b/src/wolfssl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/sniffer_error.h b/src/wolfssl/sniffer_error.h index 1794ba8..bb574b4 100644 --- a/src/wolfssl/sniffer_error.h +++ b/src/wolfssl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/ssl.h b/src/wolfssl/ssl.h index 8b7ebed..908d5c6 100644 --- a/src/wolfssl/ssl.h +++ b/src/wolfssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,7 +76,7 @@ #endif #ifdef OPENSSL_ALL - #ifndef WOLFSSL_HAVE_BIO_ADDR + #if !defined(WOLFSSL_HAVE_BIO_ADDR) && !defined(WOLFSSL_NO_SOCK) #define WOLFSSL_HAVE_BIO_ADDR #endif #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU) @@ -117,7 +117,6 @@ #include #include #include - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ FIPS_VERSION3_GE(5,2,0)) #include @@ -125,24 +124,15 @@ #include #include #include - #include #include #include - #include - #include #include #include #include #include #include - #include #include - #include - #include - #include #include - #include - #include #include #include #include @@ -152,26 +142,21 @@ #include #include #include - #include - #include #include #include #include #include - #include - #include #include #include #include #include #include #include - #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(7,0,0) + #if defined(HAVE_FIPS_VERSION) && FIPS_VERSION3_LT(6,0,0) /* clear conflicting name */ #undef RSA_PKCS1_PADDING_SIZE #endif #include - #include #include #include #include @@ -180,6 +165,26 @@ #include #include #include + + #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + #include + #include + #include + #include + #include + #include + #if OPENSSL_VERSION_NUMBER >= 0x30200000L + #include + #endif + #include + #include + #include + #include + #include + #include + #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ + #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */ #endif @@ -327,6 +332,7 @@ typedef int (*WOLFSSL_X509_STORE_CTX_get_crl_cb)(WOLFSSL_X509_STORE_CTX *, typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *, WOLFSSL_X509_CRL *); +#define WOLFSSL_V_ASN1_BIT_STRING 0x03 #define WOLFSSL_V_ASN1_INTEGER 0x02 #define WOLFSSL_V_ASN1_NEG 0x100 #define WOLFSSL_V_ASN1_NEG_INTEGER (2 | WOLFSSL_V_ASN1_NEG) @@ -603,7 +609,7 @@ struct WOLFSSL_EVP_PKEY { typedef struct WOLFSSL_BUFFER_INFO { unsigned char* buffer; - unsigned int length; + word32 length; } WOLFSSL_BUFFER_INFO; typedef struct WOLFSSL_BUF_MEM { @@ -706,7 +712,8 @@ enum BIO_TYPE { WOLFSSL_BIO_FILE = 6, WOLFSSL_BIO_BASE64 = 7, WOLFSSL_BIO_MD = 8, - WOLFSSL_BIO_DGRAM = 9 + WOLFSSL_BIO_DGRAM = 9, + WOLFSSL_BIO_NULL = 10 }; enum BIO_FLAGS { @@ -903,7 +910,7 @@ typedef struct WOLFSSL_ALERT_HISTORY { /* Valid Alert types from page 16/17 - * Add alert string to the function wolfSSL_alert_type_string_long in src/ssl.c + * Add alert string to the function AlertTypeToString in src/ssl.c */ enum AlertDescription { invalid_alert = -1, @@ -1174,6 +1181,12 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); WOLFSSL_API int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, word16 kemId, word16 kdfId, word16 aeadId); +WOLFSSL_API int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, + const char* echConfigs64, word32 echConfigs64Len); + +WOLFSSL_API int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, + const byte* echConfigs, word32 echConfigsLen); + WOLFSSL_API int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, word32* outputLen); @@ -1364,7 +1377,10 @@ WOLFSSL_API int wolfSSL_get_wfd(const WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_connect(WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API int wolfSSL_write( WOLFSSL* ssl, const void* data, int sz); +WOLFSSL_API int wolfSSL_write_ex(WOLFSSL* ssl, const void* data, size_t sz, + size_t* wr); WOLFSSL_ABI WOLFSSL_API int wolfSSL_read(WOLFSSL* ssl, void* data, int sz); +WOLFSSL_API int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd); WOLFSSL_API int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); WOLFSSL_ABI WOLFSSL_API int wolfSSL_accept(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz); @@ -1837,6 +1853,7 @@ WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx); +WOLFSSL_API void* wolfSSL_sk_pop(WOLFSSL_STACK* sk); #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) WOLFSSL_API int wolfSSL_sk_ACCESS_DESCRIPTION_push( @@ -2043,6 +2060,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_null(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); @@ -2262,9 +2280,8 @@ WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx( WOLFSSL_X509_STORE_CTX *ctx); WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag); -WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store); -WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, - int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj); +WOLFSSL_API int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, + int idx, WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_CTX_get0_param( WOLFSSL_X509_STORE_CTX *ctx); WOLFSSL_API int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, @@ -2666,6 +2683,7 @@ enum { #define SSL_WRITING WOLFSSL_WRITING #define SSL_READING WOLFSSL_READING #define SSL_MAX_SSL_SESSION_ID_LENGTH WOLFSSL_MAX_SSL_SESSION_ID_LENGTH +#define SSL_MAX_SID_CTX_LENGTH WOLFSSL_MAX_SSL_SESSION_ID_LENGTH #ifdef HAVE_OCSP /* OCSP Flags */ @@ -2814,6 +2832,10 @@ WOLFSSL_API int wolfSSL_SESSION_set_cipher(WOLFSSL_SESSION* session, WOLFSSL_API int wolfSSL_is_init_finished(const WOLFSSL* ssl); WOLFSSL_API const char* wolfSSL_get_version(const WOLFSSL* ssl); +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_get_client_ciphers( + WOLFSSL* ssl); +#endif WOLFSSL_API int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl); WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len); @@ -2968,23 +2990,49 @@ enum { /* ssl Constants */ (WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE | WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP), - /* These values match OpenSSL values for corresponding names. */ + /* These values match OpenSSL values for corresponding names.*/ WOLFSSL_ERROR_SSL = 1, + + /* Operation did not complete; call this API again.*/ WOLFSSL_ERROR_WANT_READ = 2, + + /* Operation did not complete; call this API again.*/ WOLFSSL_ERROR_WANT_WRITE = 3, + + /* Operation did not complete; callback needs this API to be called again.*/ WOLFSSL_ERROR_WANT_X509_LOOKUP = 4, + + /* Some sort of system I/O error happened.*/ WOLFSSL_ERROR_SYSCALL = 5, + + /* The connection has been closed with a closure alert.*/ WOLFSSL_ERROR_ZERO_RETURN = 6, + + /* Underlying protocol connection not started yet, call this API again.*/ WOLFSSL_ERROR_WANT_CONNECT = 7, + + /* Underlying protocol connection not started yet, call this API again.*/ WOLFSSL_ERROR_WANT_ACCEPT = 8, + /* Close notify alert was sent to the peer.*/ WOLFSSL_SENT_SHUTDOWN = 1, + + /* Close notify or fatal error was received from the peer.*/ WOLFSSL_RECEIVED_SHUTDOWN = 2, + + /* Let library know that write buffer might move to different addresses.*/ WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = 4, + /* The handshake failed. */ WOLFSSL_R_SSL_HANDSHAKE_FAILURE = 101, + + /* The issuer CA certificate is unknown. */ WOLFSSL_R_TLSV1_ALERT_UNKNOWN_CA = 102, + + /* Unable to validate the certificate. */ WOLFSSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN = 103, + + /* There was a problem parsing the certificate. */ WOLFSSL_R_SSLV3_ALERT_BAD_CERTIFICATE = 104, WOLF_PEM_BUFSIZE = 1024 @@ -4059,6 +4107,13 @@ WOLFSSL_API void wolfSSL_CTX_SetGenMasterSecretCb(WOLFSSL_CTX* ctx, WOLFSSL_API void wolfSSL_SetGenMasterSecretCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetGenMasterSecretCtx(WOLFSSL* ssl); +typedef int (*CallbackGenExtMasterSecret)(WOLFSSL* ssl, byte* hash, + word32 hashsz, void* ctx); +WOLFSSL_API void wolfSSL_CTX_SetGenExtMasterSecretCb(WOLFSSL_CTX* ctx, + CallbackGenExtMasterSecret cb); +WOLFSSL_API void wolfSSL_SetGenExtMasterSecretCtx(WOLFSSL* ssl, void *ctx); +WOLFSSL_API void* wolfSSL_GetGenExtMasterSecretCtx(WOLFSSL* ssl); + typedef int (*CallbackGenPreMaster)(WOLFSSL* ssl, byte *premaster, word32 preSz, void* ctx); WOLFSSL_API void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx, @@ -4520,62 +4575,54 @@ enum { WOLFSSL_FFDHE_4096 = 258, WOLFSSL_FFDHE_6144 = 259, WOLFSSL_FFDHE_8192 = 260, + WOLFSSL_FFDHE_END = 511, #ifdef HAVE_PQC - /* These group numbers were taken from OQS's openssl provider, see: + +#ifdef WOLFSSL_MLKEM_KYBER + /* Old code points to keep compatibility with Kyber Round 3. + * Taken from OQS's openssl provider, see: * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/ - * oqs-kem-info.md. - * - * The levels in the group name refer to the claimed NIST level of each - * parameter set. The associated parameter set name is listed as a comment - * beside the group number. Please see the NIST PQC Competition's submitted - * papers for more details. - * - * LEVEL1 means that an attack on that parameter set would require the same - * or more resources as a key search on AES 128. LEVEL3 would require the - * same or more resources as a key search on AES 192. LEVEL5 would require - * the same or more resources as a key search on AES 256. None of the - * algorithms have LEVEL2 and LEVEL4 because none of these submissions - * included them. */ - -#ifdef WOLFSSL_KYBER_ORIGINAL - WOLFSSL_PQC_MIN = 570, - WOLFSSL_PQC_SIMPLE_MIN = 570, + * oqs-kem-info.md + */ WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ WOLFSSL_KYBER_LEVEL3 = 572, /* KYBER_768 */ WOLFSSL_KYBER_LEVEL5 = 573, /* KYBER_1024 */ -#ifdef WOLFSSL_NO_ML_KEM - WOLFSSL_PQC_SIMPLE_MAX = 573, -#endif - WOLFSSL_PQC_HYBRID_MIN = 12090, WOLFSSL_P256_KYBER_LEVEL1 = 12090, WOLFSSL_P384_KYBER_LEVEL3 = 12092, WOLFSSL_P521_KYBER_LEVEL5 = 12093, -#ifdef WOLFSSL_NO_ML_KEM - WOLFSSL_PQC_HYBRID_MAX = 12093, - WOLFSSL_PQC_MAX = 12093, -#endif -#endif + WOLFSSL_X25519_KYBER_LEVEL1 = 12089, + WOLFSSL_X448_KYBER_LEVEL3 = 12176, + WOLFSSL_X25519_KYBER_LEVEL3 = 25497, + WOLFSSL_P256_KYBER_LEVEL3 = 25498, +#endif /* WOLFSSL_MLKEM_KYBER */ #ifndef WOLFSSL_NO_ML_KEM -#ifndef WOLFSSL_KYBER_ORIGINAL - WOLFSSL_PQC_MIN = 583, - WOLFSSL_PQC_SIMPLE_MIN = 583, -#endif - WOLFSSL_ML_KEM_512 = 583, /* ML-KEM 512 */ - WOLFSSL_ML_KEM_768 = 584, /* ML-KEM 768 */ - WOLFSSL_ML_KEM_1024 = 585, /* ML-KEM 1024 */ - WOLFSSL_PQC_SIMPLE_MAX = 585, - -#ifndef WOLFSSL_KYBER_ORIGINAL - WOLFSSL_PQC_HYBRID_MIN = 12103, -#endif - WOLFSSL_P256_ML_KEM_512 = 12103, - WOLFSSL_P384_ML_KEM_768 = 12104, - WOLFSSL_P521_ML_KEM_1024 = 12105, - WOLFSSL_PQC_HYBRID_MAX = 12105, - WOLFSSL_PQC_MAX = 12105, -#endif /* !WOLFSSL_NO_ML_KEM */ + /* Taken from draft-connolly-tls-mlkem-key-agreement, see: + * https://github.com/dconnolly/draft-connolly-tls-mlkem-key-agreement/ + */ + WOLFSSL_ML_KEM_512 = 512, + WOLFSSL_ML_KEM_768 = 513, + WOLFSSL_ML_KEM_1024 = 514, + + /* Taken from draft-kwiatkowski-tls-ecdhe-mlkem. see: + * https://github.com/post-quantum-cryptography/ + * draft-kwiatkowski-tls-ecdhe-mlkem/ + */ + WOLFSSL_P256_ML_KEM_768 = 4587, + WOLFSSL_X25519_ML_KEM_768 = 4588, + WOLFSSL_P384_ML_KEM_1024 = 4589, + + /* Taken from OQS's openssl provider, see: + * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/ + * oqs-kem-info.md + */ + WOLFSSL_P256_ML_KEM_512 = 12107, + WOLFSSL_P384_ML_KEM_768 = 12108, + WOLFSSL_P521_ML_KEM_1024 = 12109, + WOLFSSL_X25519_ML_KEM_512 = 12214, + WOLFSSL_X448_ML_KEM_768 = 12215, +#endif /* WOLFSSL_NO_ML_KEM */ #endif /* HAVE_PQC */ WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H) }; @@ -4968,6 +5015,10 @@ WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, const WOLFSSL_ASN1_OBJECT *obj, int lastpos); +WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509(WOLFSSL_X509_OBJECT *a, + WOLFSSL_X509 *obj); +WOLFSSL_API int wolfSSL_X509_OBJECT_set1_X509_CRL(WOLFSSL_X509_OBJECT *a, + WOLFSSL_X509_CRL *obj); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void); @@ -5109,6 +5160,7 @@ struct WOLFSSL_CONF_CTX { }; WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); +WOLFSSL_API int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) \ @@ -5280,6 +5332,12 @@ WOLFSSL_API void wolfSSL_sk_X509_OBJECT_pop_free(WOLFSSL_STACK* s, void (*f) (WOLFSSL_X509_OBJECT*)); WOLFSSL_API int wolfSSL_sk_X509_OBJECT_push(WOLFSSL_STACK* sk, WOLFSSL_X509_OBJECT* obj); +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* + wolfSSL_sk_X509_OBJECT_deep_copy( + const WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, + WOLFSSL_X509_OBJECT* (*c)(const WOLFSSL_X509_OBJECT*), + void (*f)(WOLFSSL_X509_OBJECT*)); + WOLFSSL_API WOLFSSL_X509_INFO *wolfSSL_X509_INFO_new(void); WOLFSSL_API void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info); @@ -5729,6 +5787,7 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_COMP) *WOLFSSL_COMP_get_compression_methods(vo #define SSL_COMP_get_compression_methods WOLFSSL_COMP_get_compression_methods #endif WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); +WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE *str); WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_find( diff --git a/src/wolfssl/test.h b/src/wolfssl/test.h index 478a905..fa84ab0 100644 --- a/src/wolfssl/test.h +++ b/src/wolfssl/test.h @@ -1,6 +1,6 @@ /* test.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -85,11 +85,50 @@ #endif /* HAVE_ECC */ #endif /*HAVE_PK_CALLBACKS */ -#ifdef USE_WINDOWS_API +#ifdef __WATCOMC__ + #define SNPRINTF snprintf + #if defined(__NT__) + #include + #include + #include + #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ + #include + #endif + #define SOCKET_T SOCKET + #define XSLEEP_MS(t) Sleep(t) + #elif defined(__OS2__) + #include + #include + #include + #define SOCKET_T int + #elif defined(__UNIX__) + #include + #include + #include + #ifndef WOLFSSL_NDS + #include + #endif + #include + #include + #ifdef HAVE_PTHREAD + #include + #endif + #define SOCKET_T int + #ifndef SO_NOSIGPIPE + #include /* ignore SIGPIPE */ + #endif + + #define XSLEEP_MS(m) \ + { \ + struct timespec req = { (m)/1000, ((m) % 1000) * 1000 }; \ + nanosleep( &req, NULL ); \ + } + #endif +#elif defined(USE_WINDOWS_API) #include + #include #include #ifdef TEST_IPV6 /* don't require newer SDK for IPV4 */ - #include #include #endif #define SOCKET_T SOCKET @@ -680,16 +719,6 @@ void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb, void test_wolfSSL_client_server_nofail(callback_functions* client_cb, callback_functions* server_cb); -/* Return - * tmpDir on success - * NULL on failure */ -char* create_tmp_dir(char* tmpDir, int len); -/* Remaining functions return - * 0 on success - * -1 on failure */ -int rem_dir(const char* dirName); -int rem_file(const char* fileName); -int copy_file(const char* in, const char* out); #if defined(__MACH__) || defined(__FreeBSD__) int link_file(const char* in, const char* out); @@ -1156,13 +1185,13 @@ static WC_INLINE void ShowX509Chain(WOLFSSL_X509_CHAIN* chain, int count, { int i; int length; - unsigned char buffer[3072]; + unsigned char certPem[3072]; WOLFSSL_X509* chainX509; for (i = 0; i < count; i++) { - wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length); - buffer[length] = 0; - printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, buffer); + wolfSSL_get_chain_cert_pem(chain, i, certPem, sizeof(certPem), &length); + certPem[length] = 0; + printf("\n%s: %d has length %d data = \n%s\n", hdr, i, length, certPem); chainX509 = wolfSSL_get_chain_X509(chain, i); if (chainX509) @@ -1439,7 +1468,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) err_sys_with_errno("socket failed\n"); } -#ifndef USE_WINDOWS_API +#if !defined(USE_WINDOWS_API) && !defined(__WATCOMC__) && !defined(__OS2__) #ifdef SO_NOSIGPIPE { int on = 1; @@ -1449,7 +1478,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) err_sys_with_errno("setsockopt SO_NOSIGPIPE failed\n"); } #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\ - defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR) + defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR) /* nothing to define */ #elif defined(NETOS) /* TODO: signal(SIGPIPE, SIG_IGN); */ @@ -1467,7 +1496,7 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) err_sys_with_errno("setsockopt TCP_NODELAY failed\n"); } #endif -#endif /* USE_WINDOWS_API */ +#endif /* !defined(USE_WINDOWS_API) && !defined(__WATCOMC__) && ... */ } #if defined(WOLFSSL_WOLFSENTRY_HOOKS) && defined(WOLFSENTRY_H) @@ -1521,7 +1550,7 @@ static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx) fd_set* recvfds = NULL; fd_set* sendfds = NULL; SOCKET_T nfds = socketfd + 1; -#if !defined(__INTEGRITY) +#if !defined(__INTEGRITY) && !defined(__WATCOMC__) struct timeval timeout = {(to_sec > 0) ? to_sec : 0, 0}; #else struct timeval timeout; @@ -1538,8 +1567,9 @@ static WC_INLINE int tcp_select_ex(SOCKET_T socketfd, int to_sec, int rx) else sendfds = &fds; -#if defined(__INTEGRITY) - timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0, 0; +#if defined(__INTEGRITY) || defined(__WATCOMC__) + timeout.tv_sec = (long long)(to_sec > 0) ? to_sec : 0; + timeout.tv_usec = 0; #endif result = select(nfds, recvfds, sendfds, &errfds, &timeout); @@ -1810,6 +1840,10 @@ static WC_INLINE void tcp_set_nonblocking(SOCKET_T* sockfd) || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \ || defined(WOLFSSL_ZEPHYR) /* non blocking not supported, for now */ + #elif defined(__WATCOMC__) && defined(__OS2__) + int blocking = 1; + if (ioctl(*sockfd, FIONBIO, &blocking) == -1) + err_sys_with_errno("ioctl failed"); #else int flags = fcntl(*sockfd, F_GETFL, 0); if (flags < 0) @@ -1831,6 +1865,10 @@ static WC_INLINE void tcp_set_blocking(SOCKET_T* sockfd) || defined (WOLFSSL_TIRTOS)|| defined(WOLFSSL_VXWORKS) \ || defined(WOLFSSL_ZEPHYR) /* non blocking not supported, for now */ + #elif defined(__WATCOMC__) && defined(__OS2__) + int blocking = 0; + if (ioctl(*sockfd, FIONBIO, &blocking) == -1) + err_sys_with_errno("ioctl failed"); #else int flags = fcntl(*sockfd, F_GETFL, 0); if (flags < 0) @@ -2131,7 +2169,9 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl, #elif defined(USE_WINDOWS_API) #define WIN32_LEAN_AND_MEAN + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ static WC_INLINE double current_time(int reset) { @@ -2423,7 +2463,7 @@ static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR; static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) { - char buffer[WOLFSSL_MAX_ERROR_SZ]; + char err_buffer[WOLFSSL_MAX_ERROR_SZ]; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_X509* peer; #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \ @@ -2450,7 +2490,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) */ fprintf(stderr, "In verification callback, error = %d, %s\n", store->error, - wolfSSL_ERR_error_string((unsigned long) store->error, buffer)); + wolfSSL_ERR_error_string((unsigned long) store->error, err_buffer)); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) peer = store->current_cert; if (peer) { @@ -4220,6 +4260,25 @@ static WC_INLINE int myGenMaster(WOLFSSL* ssl, void* ctx) return ret; } +static WC_INLINE int myGenExtMaster(WOLFSSL* ssl, byte* hash, word32 hashSz, + void* ctx) +{ + int ret; + PkCbInfo* cbInfo = (PkCbInfo*)ctx; + + (void)ssl; + (void)cbInfo; + (void)hash; + (void)hashSz; + + WOLFSSL_PKMSG("Gen Extended Master"); + /* fall through to original routine */ + ret = PROTOCOLCB_UNAVAILABLE; + WOLFSSL_PKMSG("Gen Extended Master: ret %d\n", ret); + + return ret; +} + static WC_INLINE int myGenPreMaster(WOLFSSL* ssl, byte *premaster, word32 preSz, void* ctx) { @@ -4372,6 +4431,7 @@ static WC_INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx) #ifndef NO_CERTS wolfSSL_CTX_SetGenMasterSecretCb(ctx, myGenMaster); + wolfSSL_CTX_SetGenExtMasterSecretCb(ctx, myGenExtMaster); wolfSSL_CTX_SetGenPreMasterCb(ctx, myGenPreMaster); wolfSSL_CTX_SetGenSessionKeyCb(ctx, myGenSessionKey); wolfSSL_CTX_SetEncryptKeysCb(ctx, mySetEncryptKeys); @@ -4427,6 +4487,7 @@ static WC_INLINE void SetupPkCallbackContexts(WOLFSSL* ssl, void* myCtx) #ifndef NO_CERTS wolfSSL_SetGenMasterSecretCtx(ssl, myCtx); + wolfSSL_SetGenExtMasterSecretCtx(ssl, myCtx); wolfSSL_SetGenPreMasterCtx(ssl, myCtx); wolfSSL_SetGenSessionKeyCtx(ssl, myCtx); wolfSSL_SetEncryptKeysCtx(ssl, myCtx); @@ -4487,7 +4548,7 @@ static WC_INLINE int SimulateWantWriteIOSendCb(WOLFSSL *ssl, char *buf, int sz, #endif /* USE_WOLFSSL_IO */ #if defined(__hpux__) || defined(__MINGW32__) || defined (WOLFSSL_TIRTOS) \ - || defined(_MSC_VER) + || defined(_MSC_VER) || defined(__WATCOMC__) /* HP/UX doesn't have strsep, needed by test/suites.c */ static WC_INLINE char* strsep(char **stringp, const char *delim) diff --git a/src/wolfssl/version.h b/src/wolfssl/version.h index d7a1985..c128a21 100644 --- a/src/wolfssl/version.h +++ b/src/wolfssl/version.h @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.6" -#define LIBWOLFSSL_VERSION_HEX 0x05007006 +#define LIBWOLFSSL_VERSION_STRING "5.8.0" +#define LIBWOLFSSL_VERSION_HEX 0x05008000 #ifdef __cplusplus } diff --git a/src/wolfssl/wolfcrypt/aes.h b/src/wolfssl/wolfcrypt/aes.h index d1b71e5..128611c 100644 --- a/src/wolfssl/wolfcrypt/aes.h +++ b/src/wolfssl/wolfcrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -303,12 +303,21 @@ struct Aes { #endif #ifdef WOLFSSL_AESNI byte use_aesni; + #if defined(WOLFSSL_LINUXKM) || defined(WC_WANT_FLAG_DONT_USE_AESNI) + /* Note, we can't support WC_FLAG_DONT_USE_AESNI by default because we + * need to support legacy applications that call wc_AesSetKey() on + * uninited struct Aes. For details see the software implementation of + * wc_AesSetKeyLocal() (aes.c). + */ + #define WC_FLAG_DONT_USE_AESNI 2 + #endif #endif /* WOLFSSL_AESNI */ #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) byte use_aes_hw_crypto; #ifdef HAVE_AESGCM byte use_pmull_hw_crypto; + byte use_sha3_hw_crypto; #endif #endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ #ifdef WOLF_CRYPTO_CB @@ -325,7 +334,8 @@ struct Aes { WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) word32 left; /* unused bytes left from last call */ #endif #ifdef WOLFSSL_XILINX_CRYPT @@ -416,6 +426,9 @@ struct Aes { * trackable by sanitizers. */ #endif +#ifdef WOLFSSL_AES_CTS + byte ctsBlock[WC_AES_BLOCK_SIZE * 2]; +#endif }; #ifndef WC_AES_TYPE_DEFINED @@ -587,7 +600,7 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); - WOLFSSL_API int wc_AesGcmDecrypt(Aes* aes, byte* out, + WOLFSSL_API WARN_UNUSED_RESULT int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -609,8 +622,8 @@ WOLFSSL_API int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len, const byte* iv, word32 ivSz); WOLFSSL_API int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, const byte* authIn, word32 authInSz); -WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, - word32 authTagSz); +WOLFSSL_API WARN_UNUSED_RESULT int wc_AesGcmDecryptFinal(Aes* aes, + const byte* authTag, word32 authTagSz); #endif #ifndef WC_NO_RNG @@ -647,7 +660,7 @@ WOLFSSL_API int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, const byte* nonce, word32 nonceSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz); - WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, + WOLFSSL_API WARN_UNUSED_RESULT int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* nonce, word32 nonceSz, const byte* authTag, word32 authTagSz, @@ -760,7 +773,7 @@ WOLFSSL_API int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out); -WOLFSSL_API +WOLFSSL_API WARN_UNUSED_RESULT int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out); @@ -769,7 +782,7 @@ WOLFSSL_API int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc, word32 numAssoc, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out); -WOLFSSL_API +WOLFSSL_API WARN_UNUSED_RESULT int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc, word32 numAssoc, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out); @@ -804,7 +817,8 @@ WOLFSSL_API int wc_AesEaxEncryptAuth(const byte* key, word32 keySz, byte* out, /* input data to authenticate (header) */ const byte* authIn, word32 authInSz); -WOLFSSL_API int wc_AesEaxDecryptAuth(const byte* key, word32 keySz, byte* out, +WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEaxDecryptAuth(const byte* key, + word32 keySz, byte* out, const byte* in, word32 inSz, const byte* nonce, word32 nonceSz, /* auth tag to verify against */ @@ -832,15 +846,38 @@ WOLFSSL_API int wc_AesEaxAuthDataUpdate(AesEax* eax, WOLFSSL_API int wc_AesEaxEncryptFinal(AesEax* eax, byte* authTag, word32 authTagSz); -WOLFSSL_API int wc_AesEaxDecryptFinal(AesEax* eax, +WOLFSSL_API WARN_UNUSED_RESULT int wc_AesEaxDecryptFinal(AesEax* eax, const byte* authIn, word32 authInSz); WOLFSSL_API int wc_AesEaxFree(AesEax* eax); #endif /* WOLFSSL_AES_EAX */ +#ifdef WOLFSSL_AES_CTS +/* Ciphertext stealing encryption compatible with RFC2040 and RFC3962. */ + +/* One-shot API */ +WOLFSSL_API int wc_AesCtsEncrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv); +WOLFSSL_API int wc_AesCtsDecrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv); + +/* Incremental API */ +WOLFSSL_API int wc_AesCtsEncryptUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz); +WOLFSSL_API int wc_AesCtsDecryptUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz); +WOLFSSL_API int wc_AesCtsEncryptFinal(Aes* aes, byte* out, word32* outSz); +WOLFSSL_API int wc_AesCtsDecryptFinal(Aes* aes, byte* out, word32* outSz); + + +#endif + #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + /* GHASH one block of data. * * XOR block into tag and GMULT with H. @@ -848,7 +885,7 @@ WOLFSSL_API int wc_AesEaxFree(AesEax* eax); * @param [in, out] aes AES GCM object. * @param [in] block Block of AAD or cipher text. */ -#define GHASH_ONE_BLOCK(aes, block) \ +#define GHASH_ONE_BLOCK_AARCH64(aes, block) \ do { \ xorbuf(AES_TAG(aes), block, WC_AES_BLOCK_SIZE); \ GMULT_AARCH64(AES_TAG(aes), aes->gcm.H); \ diff --git a/src/wolfssl/wolfcrypt/arc4.h b/src/wolfssl/wolfcrypt/arc4.h index 0dc29d3..cdddde8 100644 --- a/src/wolfssl/wolfcrypt/arc4.h +++ b/src/wolfssl/wolfcrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ascon.h b/src/wolfssl/wolfcrypt/ascon.h new file mode 100644 index 0000000..196a8ca --- /dev/null +++ b/src/wolfssl/wolfcrypt/ascon.h @@ -0,0 +1,109 @@ +/* ascon.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLF_CRYPT_ASCON_H +#define WOLF_CRYPT_ASCON_H + +#ifdef HAVE_ASCON + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define ASCON_HASH256_SZ 32 + +#define ASCON_AEAD128_KEY_SZ 16 +#define ASCON_AEAD128_NONCE_SZ 16 +#define ASCON_AEAD128_TAG_SZ 16 + +typedef union AsconState { +#ifdef WORD64_AVAILABLE + word64 s64[5]; +#endif + word32 s32[10]; + word16 s16[20]; + byte s8[40]; +} AsconState; + +typedef struct wc_AsconHash256 { + AsconState state; + byte lastBlkSz; +} wc_AsconHash256; + +enum { + ASCON_AEAD128_NOTSET = 0, + ASCON_AEAD128_ENCRYPT = 1, + ASCON_AEAD128_DECRYPT = 2 +}; + +typedef struct wc_AsconAEAD128 { + /* needed throughout both encrypt and decrypt */ +#ifdef WORD64_AVAILABLE + word64 key[ASCON_AEAD128_KEY_SZ/sizeof(word64)]; +#endif + AsconState state; + byte lastBlkSz; + byte keySet:1; /* has the key been processed */ + byte nonceSet:1; /* has the nonce been processed */ + byte adSet:1; /* has the associated data been processed */ + byte op:2; /* 0 for not set, 1 for encrypt, 2 for decrypt */ +} wc_AsconAEAD128; + +/* AsconHash API */ + +WOLFSSL_API wc_AsconHash256* wc_AsconHash256_New(void); +WOLFSSL_API void wc_AsconHash256_Free(wc_AsconHash256* a); +WOLFSSL_API int wc_AsconHash256_Init(wc_AsconHash256* a); +WOLFSSL_API void wc_AsconHash256_Clear(wc_AsconHash256* a); +WOLFSSL_API int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, + word32 dataSz); +WOLFSSL_API int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash); + +WOLFSSL_API wc_AsconAEAD128* wc_AsconAEAD128_New(void); +WOLFSSL_API void wc_AsconAEAD128_Free(wc_AsconAEAD128* a); +WOLFSSL_API int wc_AsconAEAD128_Init(wc_AsconAEAD128* a); +WOLFSSL_API void wc_AsconAEAD128_Clear(wc_AsconAEAD128* a); + +/* AsconAEAD API */ + +WOLFSSL_API int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key); +WOLFSSL_API int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce); +WOLFSSL_API int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad, + word32 adSz); + +WOLFSSL_API int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out, + const byte* in, word32 inSz); +WOLFSSL_API int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag); + +WOLFSSL_API int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out, + const byte* in, word32 inSz); +WOLFSSL_API int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, + const byte* tag); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* HAVE_ASCON */ + +#endif /* WOLF_CRYPT_ASCON_H */ diff --git a/src/wolfssl/wolfcrypt/asn.h b/src/wolfssl/wolfcrypt/asn.h index 12a6023..e553059 100644 --- a/src/wolfssl/wolfcrypt/asn.h +++ b/src/wolfssl/wolfcrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -853,6 +853,26 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* short names */ +#define WC_SN_md4 "MD4" +#define WC_SN_md5 "MD5" +#define WC_SN_sha1 "SHA1" +#define WC_SN_sha224 "SHA224" +#define WC_SN_sha256 "SHA256" +#define WC_SN_sha384 "SHA384" +#define WC_SN_sha512 "SHA512" +#define WC_SN_sha512_224 "SHA512-224" +#define WC_SN_sha512_256 "SHA512-256" +#define WC_SN_sha3_224 "SHA3-224" +#define WC_SN_sha3_256 "SHA3-256" +#define WC_SN_sha3_384 "SHA3-384" +#define WC_SN_sha3_512 "SHA3-512" +#define WC_SN_shake128 "SHAKE128" +#define WC_SN_shake256 "SHAKE256" +#define WC_SN_blake2s256 "BLAKE2s256" +#define WC_SN_blake2s512 "BLAKE2s512" +#define WC_SN_blake2b512 "BLAKE2b512" +#define WC_SN_sm3 "SM3" /* NIDs */ #define WC_NID_netscape_cert_type WC_NID_undef @@ -1249,6 +1269,7 @@ enum Oid_Types { enum Hash_Sum { MD2h = 646, + MD4h = 648, MD5h = 649, SHAh = 88, SHA224h = 417, @@ -1403,11 +1424,165 @@ enum Extensions_Sum { enum CertificatePolicy_Sum { CP_ANY_OID = 146, /* id-ce 32 0 */ + CP_ISRG_DOMAIN_VALID = 430, /* 1.3.6.1.4.1.44947.1.1.1 */ #ifdef WOLFSSL_FPKI - CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ - CP_FPKI_PIV_AUTH_OID = 453, /* 2.16.840.1.101.3.2.1.3.40 */ - CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ - CP_FPKI_PIVI_AUTH_OID = 458, /* 2.16.840.1.101.3.2.1.3.45 */ + /* Federal PKI OIDs */ + CP_FPKI_HIGH_ASSURANCE_OID = 417, /* 2.16.840.1.101.3.2.1.3.4 */ + CP_FPKI_COMMON_HARDWARE_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ + CP_FPKI_MEDIUM_HARDWARE_OID = 425, /* 2.16.840.1.101.3.2.1.3.12 */ + CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ + CP_FPKI_COMMON_HIGH_OID = 429, /* 2.16.840.1.101.3.2.1.3.16 */ + CP_FPKI_PIVI_HARDWARE_OID = 431, /* 2.16.840.1.101.3.2.1.3.18 */ + CP_FPKI_PIVI_CONTENT_SIGNING_OID = 433, /* 2.16.840.1.101.3.2.1.3.20 */ + CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */ + CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, /* 2.16.840.1.101.3.2.1.3.38 */ + CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ + CP_FPKI_PIV_AUTH_OID = 453, /* 2.16.840.1.101.3.2.1.3.40 */ + CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ + CP_FPKI_PIVI_AUTH_OID = 458, /* 2.16.840.1.101.3.2.1.3.45 */ + CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, /* 2.16.840.1.101.3.2.1.3.47 */ + + /* Federal PKI Test OIDs */ + CP_FPKI_AUTH_TEST_OID = 469, /* 2.16.840.1.101.3.2.1.48.11 */ + CP_FPKI_CARDAUTH_TEST_OID = 471, /* 2.16.840.1.101.3.2.1.48.13 */ + CP_FPKI_PIV_CONTENT_TEST_OID = 544, /* 2.16.840.1.101.3.2.1.48.86 */ + CP_FPKI_PIV_AUTH_DERIVED_TEST_OID = 567, /* 2.16.840.1.101.3.2.1.48.109 */ + CP_FPKI_PIV_AUTH_DERIVED_HW_TEST_OID = 568, /* 2.16.840.1.101.3.2.1.48.110 */ + + /* DoD PKI OIDs */ + CP_DOD_MEDIUM_OID = 423, /* 2.16.840.1.101.2.1.11.5 */ + CP_DOD_MEDIUM_HARDWARE_OID = 427, /* 2.16.840.1.101.2.1.11.9 */ + CP_DOD_PIV_AUTH_OID = 428, /* 2.16.840.1.101.2.1.11.10 */ + CP_DOD_MEDIUM_NPE_OID = 435, /* 2.16.840.1.101.2.1.11.17 */ + CP_DOD_MEDIUM_2048_OID = 436, /* 2.16.840.1.101.2.1.11.18 */ + CP_DOD_MEDIUM_HARDWARE_2048_OID = 437, /* 2.16.840.1.101.2.1.11.19 */ + CP_DOD_PIV_AUTH_2048_OID = 438, /* 2.16.840.1.101.2.1.11.20 */ + CP_DOD_PEER_INTEROP_OID = 100449, /* 2.16.840.1.101.2.1.11.31 */ + CP_DOD_MEDIUM_NPE_112_OID = 100454, /* 2.16.840.1.101.2.1.11.36 */ + CP_DOD_MEDIUM_NPE_128_OID = 455, /* 2.16.840.1.101.2.1.11.37 */ + CP_DOD_MEDIUM_NPE_192_OID = 456, /* 2.16.840.1.101.2.1.11.38 */ + CP_DOD_MEDIUM_112_OID = 457, /* 2.16.840.1.101.2.1.11.39 */ + CP_DOD_MEDIUM_128_OID = 100458, /* 2.16.840.1.101.2.1.11.40 */ + CP_DOD_MEDIUM_192_OID = 459, /* 2.16.840.1.101.2.1.11.41 */ + CP_DOD_MEDIUM_HARDWARE_112_OID = 100460, /* 2.16.840.1.101.2.1.11.42 */ + CP_DOD_MEDIUM_HARDWARE_128_OID = 461, /* 2.16.840.1.101.2.1.11.43 */ + CP_DOD_MEDIUM_HARDWARE_192_OID = 462, /* 2.16.840.1.101.2.1.11.44 */ + CP_DOD_ADMIN_OID = 477, /* 2.16.840.1.101.2.1.11.59 */ + CP_DOD_INTERNAL_NPE_112_OID = 478, /* 2.16.840.1.101.2.1.11.60 */ + CP_DOD_INTERNAL_NPE_128_OID = 479, /* 2.16.840.1.101.2.1.11.61 */ + CP_DOD_INTERNAL_NPE_192_OID = 480, /* 2.16.840.1.101.2.1.11.62 */ + + /* ECA PKI OIDs */ + CP_ECA_MEDIUM_OID = 100423, /* 2.16.840.1.101.3.2.1.12.1 */ + CP_ECA_MEDIUM_HARDWARE_OID = 424, /* 2.16.840.1.101.3.2.1.12.2 */ + CP_ECA_MEDIUM_TOKEN_OID = 100425, /* 2.16.840.1.101.3.2.1.12.3 */ + CP_ECA_MEDIUM_SHA256_OID = 100426, /* 2.16.840.1.101.3.2.1.12.4 */ + CP_ECA_MEDIUM_TOKEN_SHA256_OID = 100427, /* 2.16.840.1.101.3.2.1.12.5 */ + CP_ECA_MEDIUM_HARDWARE_PIVI_OID = 100428, /* 2.16.840.1.101.3.2.1.12.6 */ + CP_ECA_CONTENT_SIGNING_PIVI_OID = 100430, /* 2.16.840.1.101.3.2.1.12.8 */ + CP_ECA_MEDIUM_DEVICE_SHA256_OID = 431, /* 2.16.840.1.101.3.2.1.12.9 */ + CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 432, /* 2.16.840.1.101.3.2.1.12.10 */ + + /* Department of State PKI OIDs */ + CP_STATE_BASIC_OID = 100417, /* 2.16.840.1.101.3.2.1.6.1 */ + CP_STATE_LOW_OID = 418, /* 2.16.840.1.101.3.2.1.6.2 */ + CP_STATE_MODERATE_OID = 100419, /* 2.16.840.1.101.3.2.1.6.3 */ + CP_STATE_HIGH_OID = 100420, /* 2.16.840.1.101.3.2.1.6.4 */ + CP_STATE_MEDHW_OID = 101428, /* 2.16.840.1.101.3.2.1.6.12 */ + CP_STATE_MEDDEVHW_OID = 101454, /* 2.16.840.1.101.3.2.1.6.38 */ + + /* U.S. Treasury SSP PKI OIDs */ + CP_TREAS_MEDIUMHW_OID = 419, /* 2.16.840.1.101.3.2.1.5.4 */ + CP_TREAS_HIGH_OID = 101420, /* 2.16.840.1.101.3.2.1.5.5 */ + CP_TREAS_PIVI_HW_OID = 101425, /* 2.16.840.1.101.3.2.1.5.10 */ + CP_TREAS_PIVI_CONTENT_OID = 101427, /* 2.16.840.1.101.3.2.1.5.12 */ + + /* Boeing PKI OIDs */ + CP_BOEING_MEDIUMHW_SHA256_OID = 159, /* 1.3.6.1.4.1.73.15.3.1.12 */ + CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID = 164, /* 1.3.6.1.4.1.73.15.3.1.17 */ + + /* Carillon Federal Services OIDs */ + CP_CARILLON_MEDIUMHW_256_OID = 467, /* 1.3.6.1.4.1.45606.3.1.12 */ + CP_CARILLON_AIVHW_OID = 475, /* 1.3.6.1.4.1.45606.3.1.20 */ + CP_CARILLON_AIVCONTENT_OID = 100477, /* 1.3.6.1.4.1.45606.3.1.22 */ + + /* Carillon Information Security OIDs */ + CP_CIS_MEDIUMHW_256_OID = 489, /* 1.3.6.1.4.1.25054.3.1.12 */ + CP_CIS_MEDDEVHW_256_OID = 491, /* 1.3.6.1.4.1.25054.3.1.14 */ + CP_CIS_ICECAP_HW_OID = 497, /* 1.3.6.1.4.1.25054.3.1.20 */ + CP_CIS_ICECAP_CONTENT_OID = 499, /* 1.3.6.1.4.1.25054.3.1.22 */ + + /* CertiPath Bridge OIDs */ + CP_CERTIPATH_MEDIUMHW_OID = 100459, /* 1.3.6.1.4.1.24019.1.1.1.2 */ + CP_CERTIPATH_HIGHHW_OID = 101460, /* 1.3.6.1.4.1.24019.1.1.1.3 */ + CP_CERTIPATH_ICECAP_HW_OID = 464, /* 1.3.6.1.4.1.24019.1.1.1.7 */ + CP_CERTIPATH_ICECAP_CONTENT_OID = 466, /* 1.3.6.1.4.1.24019.1.1.1.9 */ + CP_CERTIPATH_VAR_MEDIUMHW_OID = 100475, /* 1.3.6.1.4.1.24019.1.1.1.18 */ + CP_CERTIPATH_VAR_HIGHHW_OID = 476, /* 1.3.6.1.4.1.24019.1.1.1.19 */ + + /* TSCP Bridge OIDs */ + CP_TSCP_MEDIUMHW_OID = 442, /* 1.3.6.1.4.1.38099.1.1.1.2 */ + CP_TSCP_PIVI_OID = 445, /* 1.3.6.1.4.1.38099.1.1.1.5 */ + CP_TSCP_PIVI_CONTENT_OID = 447, /* 1.3.6.1.4.1.38099.1.1.1.7 */ + + /* DigiCert NFI PKI OIDs */ + CP_DIGICERT_NFSSP_MEDIUMHW_OID = 796, /* 2.16.840.1.113733.1.7.23.3.1.7 */ + CP_DIGICERT_NFSSP_AUTH_OID = 802, /* 2.16.840.1.113733.1.7.23.3.1.13 */ + CP_DIGICERT_NFSSP_PIVI_HW_OID = 807, /* 2.16.840.1.113733.1.7.23.3.1.18 */ + CP_DIGICERT_NFSSP_PIVI_CONTENT_OID = 809, /* 2.16.840.1.113733.1.7.23.3.1.20 */ + CP_DIGICERT_NFSSP_MEDDEVHW_OID = 825, /* 2.16.840.1.113733.1.7.23.3.1.36 */ + + /* Entrust Managed Services NFI PKI OIDs */ + CP_ENTRUST_NFSSP_MEDIUMHW_OID = 1017, /* 2.16.840.1.114027.200.3.10.7.2 */ + CP_ENTRUST_NFSSP_MEDAUTH_OID = 1019, /* 2.16.840.1.114027.200.3.10.7.4 */ + CP_ENTRUST_NFSSP_PIVI_HW_OID = 1021, /* 2.16.840.1.114027.200.3.10.7.6 */ + CP_ENTRUST_NFSSP_PIVI_CONTENT_OID = 1024, /* 2.16.840.1.114027.200.3.10.7.9 */ + CP_ENTRUST_NFSSP_MEDDEVHW_OID = 1031, /* 2.16.840.1.114027.200.3.10.7.16 */ + + /* Exostar LLC PKI OIDs */ + CP_EXOSTAR_MEDIUMHW_SHA2_OID = 100424, /* 1.3.6.1.4.1.13948.1.1.1.6 */ + + /* IdenTrust NFI OIDs */ + CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, /* 2.16.840.1.113839.0.100.12.1 */ + CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, /* 2.16.840.1.113839.0.100.12.2 */ + CP_IDENTRUST_PIVI_HW_ID_OID = 851, /* 2.16.840.1.113839.0.100.18.0 */ + CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, /* 2.16.840.1.113839.0.100.18.1 */ + CP_IDENTRUST_PIVI_HW_ENC_OID = 853, /* 2.16.840.1.113839.0.100.18.2 */ + CP_IDENTRUST_PIVI_CONTENT_OID = 854, /* 2.16.840.1.113839.0.100.20.1 */ + + /* Lockheed Martin PKI OIDs */ + CP_LOCKHEED_MEDIUMHW_OID = 266, /* 1.3.6.1.4.1.103.100.1.1.3.3 */ + + /* Northrop Grumman PKI OIDs */ + CP_NORTHROP_MEDIUM_256_HW_OID = 654, /* 1.3.6.1.4.1.16334.509.2.8 */ + CP_NORTHROP_PIVI_256_HW_OID = 655, /* 1.3.6.1.4.1.16334.509.2.9 */ + CP_NORTHROP_PIVI_256_CONTENT_OID = 657, /* 1.3.6.1.4.1.16334.509.2.11 */ + CP_NORTHROP_MEDIUM_384_HW_OID = 660, /* 1.3.6.1.4.1.16334.509.2.14 */ + + /* Raytheon PKI OIDs */ + CP_RAYTHEON_MEDIUMHW_OID = 251, /* 1.3.6.1.4.1.1569.10.1.12 */ + CP_RAYTHEON_MEDDEVHW_OID = 257, /* 1.3.6.1.4.1.1569.10.1.18 */ + CP_RAYTHEON_SHA2_MEDIUMHW_OID = 433, /* 1.3.6.1.4.1.26769.10.1.12 */ + CP_RAYTHEON_SHA2_MEDDEVHW_OID = 439, /* 1.3.6.1.4.1.26769.10.1.18 */ + + /* WidePoint NFI PKI OIDs */ + CP_WIDEPOINT_MEDIUMHW_OID = 310, /* 1.3.6.1.4.1.3922.1.1.1.12 */ + CP_WIDEPOINT_PIVI_HW_OID = 316, /* 1.3.6.1.4.1.3922.1.1.1.18 */ + CP_WIDEPOINT_PIVI_CONTENT_OID = 318, /* 1.3.6.1.4.1.3922.1.1.1.20 */ + CP_WIDEPOINT_MEDDEVHW_OID = 336, /* 1.3.6.1.4.1.3922.1.1.1.38 */ + + /* Australian Defence Organisation PKI OIDs */ + CP_ADO_MEDIUM_OID = 293, /* 1.2.36.1.334.1.2.1.2 */ + CP_ADO_HIGH_OID = 294, /* 1.2.36.1.334.1.2.1.3 */ + CP_ADO_RESOURCE_MEDIUM_OID = 100294, /* 1.2.36.1.334.1.2.2.2 */ + + /* Comodo Ltd PKI OID */ + CP_COMODO_OID = 100293, /* 1.3.6.1.4.1.6449.1.2.1.3.4 */ + + /* Netherlands Ministry of Defence PKI OIDs */ + CP_NL_MOD_AUTH_OID = 496, /* 2.16.528.1.1003.1.2.5.1 */ + CP_NL_MOD_IRREFUT_OID = 100497, /* 2.16.528.1.1003.1.2.5.2 */ + CP_NL_MOD_CONFID_OID = 498, /* 2.16.528.1.1003.1.2.5.3 */ #endif /* WOLFSSL_FPKI */ WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum) }; @@ -2112,11 +2287,6 @@ struct DecodedCert { #ifdef WOLFSSL_SUBJ_INFO_ACC WC_BITFIELD extSubjInfoAccSet:1; #endif -#ifdef WOLFSSL_DUAL_ALG_CERTS - WC_BITFIELD extSapkiSet:1; - WC_BITFIELD extAltSigAlgSet:1; - WC_BITFIELD extAltSigValSet:1; -#endif /* WOLFSSL_DUAL_ALG_CERTS */ #ifdef WOLFSSL_SEP WC_BITFIELD extCertPolicyCrit:1; #endif @@ -2143,6 +2313,13 @@ struct DecodedCert { /* Alternative Signature Value */ byte *altSigValDer; int altSigValLen; + + WC_BITFIELD extSapkiSet:1; + WC_BITFIELD extAltSigAlgSet:1; + WC_BITFIELD extAltSigValSet:1; + WC_BITFIELD extSapkiCrit:1; + WC_BITFIELD extAltSigAlgCrit:1; + WC_BITFIELD extAltSigValCrit:1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ }; @@ -2326,19 +2503,17 @@ WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, word32 pubKeySz, int pubKeyOID); #endif /* OPENSSL_EXTRA || WOLFSSL_SMALL_CERT_VERIFY */ -#ifdef WOLFSSL_DUAL_ALG_CERTS -WOLFSSL_LOCAL int wc_ConfirmAltSignature( - const byte* buf, word32 bufSz, - const byte* key, word32 keySz, word32 keyOID, - const byte* sig, word32 sigSz, word32 sigOID, - void *heap); -#endif /* WOLFSSL_DUAL_ALG_CERTS */ #if (defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) || \ (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT))) WOLFSSL_LOCAL int wc_CertGetPubKey(const byte* cert, word32 certSz, const unsigned char** pubKey, word32* pubKeySz); #endif - +WOLFSSL_LOCAL int ConfirmSignature(SignatureCtx* sigCtx, + const byte* buf, word32 bufSz, + const byte* key, word32 keySz, word32 keyOID, + const byte* sig, word32 sigSz, word32 sigOID, + const byte* sigParams, word32 sigParamsSz, + byte* rsaKeyIdx); #ifdef WOLFSSL_CERT_REQ WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); @@ -2355,6 +2530,7 @@ WOLFSSL_LOCAL int TryDecodeRPKToKey(DecodedCert* cert); WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate); WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); +WOLFSSL_LOCAL Signer* findSignerByKeyHash(Signer *list, byte *hash); WOLFSSL_LOCAL Signer* findSignerByName(Signer *list, byte *hash); WOLFSSL_LOCAL int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der); WOLFSSL_LOCAL Signer* MakeSigner(void* heap); @@ -2687,6 +2863,14 @@ struct CertStatus { typedef struct OcspEntry OcspEntry; +#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) +#define OCSP_DIGEST WC_HASH_TYPE_SM3 +#elif defined(NO_SHA) +#define OCSP_DIGEST WC_HASH_TYPE_SHA256 +#else +#define OCSP_DIGEST WC_HASH_TYPE_SHA +#endif + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) #define OCSP_DIGEST_SIZE WC_SM3_DIGEST_SIZE #elif defined(NO_SHA) @@ -2712,6 +2896,17 @@ struct OcspEntry WC_BITFIELD used:1; /* entry used */ }; +#define OCSP_RESPONDER_ID_KEY_SZ 20 +#if !defined(NO_SHA) +#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA +#else +#define OCSP_RESPONDER_ID_HASH_TYPE WC_SHA256 +#endif +enum responderIdType { + OCSP_RESPONDER_ID_INVALID = 0, + OCSP_RESPONDER_ID_NAME = 1, + OCSP_RESPONDER_ID_KEY = 2, +}; /* TODO: Long-term, it would be helpful if we made this struct and other OCSP structs conform to the ASN spec as described in RFC 6960. It will help with readability and with implementing OpenSSL compatibility API @@ -2723,6 +2918,12 @@ struct OcspResponse { byte* response; /* Pointer to beginning of OCSP Response */ word32 responseSz; /* length of the OCSP Response */ + enum responderIdType responderIdType; + union { + byte keyHash[OCSP_RESPONDER_ID_KEY_SZ]; + byte nameHash[KEYID_SIZE]; + } responderId ; + byte producedDate[MAX_DATE_SIZE]; /* Date at which this response was signed */ byte producedDateFormat; /* format of the producedDate */ @@ -2734,6 +2935,9 @@ struct OcspResponse { word32 sigSz; /* Length in octets for the sig */ word32 sigOID; /* OID for hash used for sig */ + byte* sigParams; + word32 sigParamsSz; + OcspEntry* single; /* chain of OCSP single responses */ byte* nonce; /* pointer to nonce inside ASN.1 response */ @@ -2742,9 +2946,6 @@ struct OcspResponse { byte* source; /* pointer to source buffer, not owned */ word32 maxIdx; /* max offset based on init size */ Signer* pendingCAs; -#ifdef OPENSSL_EXTRA - int verifyError; -#endif void* heap; }; @@ -2774,7 +2975,7 @@ WOLFSSL_LOCAL void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, byte* source, word32 inSz, void* heap); WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse* resp); WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, - int noVerify); + int noVerifyCert, int noVerifySignature); WOLFSSL_LOCAL int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce, void* heap); @@ -2786,7 +2987,8 @@ WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp); - +WOLFSSL_LOCAL int OcspDecodeCertID(const byte* input, word32* inOutIdx, word32 inSz, + OcspEntry* entry); #endif /* HAVE_OCSP */ diff --git a/src/wolfssl/wolfcrypt/asn_public.h b/src/wolfssl/wolfcrypt/asn_public.h index 1196c6a..08d9cc9 100644 --- a/src/wolfssl/wolfcrypt/asn_public.h +++ b/src/wolfssl/wolfcrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -182,7 +182,8 @@ enum CertType { SPHINCS_SMALL_LEVEL5_TYPE, ECC_PARAM_TYPE, CHAIN_CERT_TYPE, - PKCS7_TYPE + PKCS7_TYPE, + TRUSTED_CERT_TYPE }; @@ -526,12 +527,15 @@ typedef struct Cert { /* Subject Alternative Public Key Info */ byte *sapkiDer; int sapkiLen; + byte sapkiCrit; /* Alternative Signature Algorithm */ byte *altSigAlgDer; int altSigAlgLen; + byte altSigAlgCrit; /* Alternative Signature Value */ byte *altSigValDer; int altSigValLen; + byte altSigValCrit; #endif /* WOLFSSL_DUAL_ALG_CERTS */ #ifdef WOLFSSL_CERT_REQ char challengePw[CTC_NAME_SIZE]; @@ -550,6 +554,7 @@ typedef struct Cert { byte* der; /* Pointer to buffer of current DecodedCert cache */ void* heap; /* heap hint */ WC_BITFIELD basicConstSet:1; /* Indicator for when Basic Constraint is set */ + byte basicConstCrit; /* Indicator of criticality of Basic Constraints extension */ #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */ #endif @@ -728,6 +733,8 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); word32 outputSz, byte *cipherIno, int type); #endif +WOLFSSL_API word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz); + #ifndef NO_RSA WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz); diff --git a/src/wolfssl/wolfcrypt/blake2-impl.h b/src/wolfssl/wolfcrypt/blake2-impl.h index 1a0db32..3f509c7 100644 --- a/src/wolfssl/wolfcrypt/blake2-impl.h +++ b/src/wolfssl/wolfcrypt/blake2-impl.h @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/blake2-int.h b/src/wolfssl/wolfcrypt/blake2-int.h index b048ca5..ec22921 100644 --- a/src/wolfssl/wolfcrypt/blake2-int.h +++ b/src/wolfssl/wolfcrypt/blake2-int.h @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/blake2.h b/src/wolfssl/wolfcrypt/blake2.h index 1f4ac77..5d42c15 100644 --- a/src/wolfssl/wolfcrypt/blake2.h +++ b/src/wolfssl/wolfcrypt/blake2.h @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,10 +49,12 @@ enum { #ifdef HAVE_BLAKE2B BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, BLAKE2B_256 = 32, /* 256 bit type, SSL default */ + WC_BLAKE2B_DIGEST_SIZE = 64, #endif #ifdef HAVE_BLAKE2S BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S, - BLAKE2S_256 = 32 /* 256 bit type */ + BLAKE2S_256 = 32, /* 256 bit type */ + WC_BLAKE2S_DIGEST_SIZE = 32 #endif }; diff --git a/src/wolfssl/wolfcrypt/camellia.h b/src/wolfssl/wolfcrypt/camellia.h index efd187e..a31f764 100644 --- a/src/wolfssl/wolfcrypt/camellia.h +++ b/src/wolfssl/wolfcrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/chacha.h b/src/wolfssl/wolfcrypt/chacha.h index 1c6ae17..892b6ce 100644 --- a/src/wolfssl/wolfcrypt/chacha.h +++ b/src/wolfssl/wolfcrypt/chacha.h @@ -1,6 +1,6 @@ /* chacha.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/chacha20_poly1305.h b/src/wolfssl/wolfcrypt/chacha20_poly1305.h index ffa4031..7f9ac16 100644 --- a/src/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/src/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -1,6 +1,6 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -95,7 +95,7 @@ int wc_ChaCha20Poly1305_Encrypt( byte* outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); -WOLFSSL_ABI WOLFSSL_API +WOLFSSL_ABI WOLFSSL_API WARN_UNUSED_RESULT int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], @@ -104,7 +104,7 @@ int wc_ChaCha20Poly1305_Decrypt( const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte* outPlaintext); -WOLFSSL_API +WOLFSSL_API WARN_UNUSED_RESULT int wc_ChaCha20Poly1305_CheckTag( const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); @@ -121,7 +121,7 @@ WOLFSSL_API int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead, const byte* inAAD, word32 inAADLen); WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead, const byte* inData, byte* outData, word32 dataLen); -WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead, +WOLFSSL_API WARN_UNUSED_RESULT int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); #ifdef HAVE_XCHACHA @@ -140,7 +140,7 @@ WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt( const byte *nonce, size_t nonce_len, const byte *key, size_t key_len); -WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt( +WOLFSSL_API WARN_UNUSED_RESULT int wc_XChaCha20Poly1305_Decrypt( byte *dst, size_t dst_space, const byte *src, size_t src_len, const byte *ad, size_t ad_len, diff --git a/src/wolfssl/wolfcrypt/cmac.h b/src/wolfssl/wolfcrypt/cmac.h index 3dc6d9c..dd6e5b7 100644 --- a/src/wolfssl/wolfcrypt/cmac.h +++ b/src/wolfssl/wolfcrypt/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/coding.h b/src/wolfssl/wolfcrypt/coding.h index 5aef5b1..ef87ab4 100644 --- a/src/wolfssl/wolfcrypt/coding.h +++ b/src/wolfssl/wolfcrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,9 @@ WOLFSSL_API int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen); +WOLFSSL_API int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, + word32* outLen); + #if defined(OPENSSL_EXTRA) || defined(SESSION_CERTS) || defined(WOLFSSL_KEY_GEN) \ || defined(WOLFSSL_CERT_GEN) || defined(HAVE_WEBSERVER) || !defined(NO_DSA) #ifndef WOLFSSL_BASE64_ENCODE diff --git a/src/wolfssl/wolfcrypt/compress.h b/src/wolfssl/wolfcrypt/compress.h index 2886b2b..c4d5c25 100644 --- a/src/wolfssl/wolfcrypt/compress.h +++ b/src/wolfssl/wolfcrypt/compress.h @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/cpuid.h b/src/wolfssl/wolfcrypt/cpuid.h index b7a5714..bb883cb 100644 --- a/src/wolfssl/wolfcrypt/cpuid.h +++ b/src/wolfssl/wolfcrypt/cpuid.h @@ -1,6 +1,6 @@ /* cpuid.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/cryptocb.h b/src/wolfssl/wolfcrypt/cryptocb.h index 976332f..f47cb0a 100644 --- a/src/wolfssl/wolfcrypt/cryptocb.h +++ b/src/wolfssl/wolfcrypt/cryptocb.h @@ -1,6 +1,6 @@ /* cryptocb.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -74,12 +74,12 @@ #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) #include #endif -#ifdef WOLFSSL_HAVE_KYBER - #include -#ifdef WOLFSSL_WC_KYBER - #include +#ifdef WOLFSSL_HAVE_MLKEM + #include +#ifdef WOLFSSL_WC_MLKEM + #include #elif defined(HAVE_LIBOQS) - #include + #include #endif #endif #if defined(HAVE_DILITHIUM) @@ -101,6 +101,38 @@ enum wc_CryptoCbCmdType { }; #endif + +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) +typedef struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + const byte* nonce; + word32 nonceSz; + const byte* iv; + word32 ivSz; + byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; +} wc_CryptoCb_AesAuthEnc; +typedef struct { + Aes* aes; + byte* out; + const byte* in; + word32 sz; + const byte* nonce; + word32 nonceSz; + const byte* iv; + word32 ivSz; + const byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; +} wc_CryptoCb_AesAuthDec; +#endif + /* Crypto Information Structure for callbacks */ typedef struct wc_CryptoInfo { int algo_type; /* enum wc_AlgoType */ @@ -222,7 +254,7 @@ typedef struct wc_CryptoInfo { byte contextLen; } ed25519verify; #endif - #if defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_HAVE_MLKEM) struct { WC_RNG* rng; int size; @@ -262,6 +294,9 @@ typedef struct wc_CryptoInfo { WC_RNG* rng; void* key; int type; /* enum wc_PqcSignatureType */ + const byte* context; + byte contextLen; + word32 preHashType; /* enum wc_HashType */ } pqc_sign; struct { const byte* sig; @@ -271,6 +306,9 @@ typedef struct wc_CryptoInfo { int* res; void* key; int type; /* enum wc_PqcSignatureType */ + const byte* context; + byte contextLen; + word32 preHashType; /* enum wc_HashType */ } pqc_verify; struct { void* key; @@ -291,56 +329,12 @@ typedef struct wc_CryptoInfo { union { #endif #ifdef HAVE_AESGCM - struct { - Aes* aes; - byte* out; - const byte* in; - word32 sz; - const byte* iv; - word32 ivSz; - byte* authTag; - word32 authTagSz; - const byte* authIn; - word32 authInSz; - } aesgcm_enc; - struct { - Aes* aes; - byte* out; - const byte* in; - word32 sz; - const byte* iv; - word32 ivSz; - const byte* authTag; - word32 authTagSz; - const byte* authIn; - word32 authInSz; - } aesgcm_dec; + wc_CryptoCb_AesAuthEnc aesgcm_enc; + wc_CryptoCb_AesAuthDec aesgcm_dec; #endif /* HAVE_AESGCM */ #ifdef HAVE_AESCCM - struct { - Aes* aes; - byte* out; - const byte* in; - word32 sz; - const byte* nonce; - word32 nonceSz; - byte* authTag; - word32 authTagSz; - const byte* authIn; - word32 authInSz; - } aesccm_enc; - struct { - Aes* aes; - byte* out; - const byte* in; - word32 sz; - const byte* nonce; - word32 nonceSz; - const byte* authTag; - word32 authTagSz; - const byte* authIn; - word32 authInSz; - } aesccm_dec; + wc_CryptoCb_AesAuthEnc aesccm_enc; + wc_CryptoCb_AesAuthDec aesccm_dec; #endif /* HAVE_AESCCM */ #if defined(HAVE_AES_CBC) struct { @@ -381,7 +375,7 @@ typedef struct wc_CryptoInfo { } cipher; #endif /* !NO_AES || !NO_DES3 */ #if !defined(NO_SHA) || !defined(NO_SHA256) || \ - defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3) struct { int type; /* enum wc_HashType */ const byte* in; @@ -550,7 +544,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_Ed25519Verify(const byte* sig, word32 sigLen, const byte* context, byte contextLen); #endif /* HAVE_ED25519 */ -#if defined(WOLFSSL_HAVE_KYBER) +#if defined(WOLFSSL_HAVE_MLKEM) WOLFSSL_LOCAL int wc_CryptoCb_PqcKemGetDevId(int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_MakePqcKemKey(WC_RNG* rng, int type, @@ -563,7 +557,7 @@ WOLFSSL_LOCAL int wc_CryptoCb_PqcEncapsulate(byte* ciphertext, WOLFSSL_LOCAL int wc_CryptoCb_PqcDecapsulate(const byte* ciphertext, word32 ciphertextLen, byte* sharedSecret, word32 sharedSecretLen, int type, void* key); -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_MLKEM */ #if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) WOLFSSL_LOCAL int wc_CryptoCb_PqcSigGetDevId(int type, void* key); @@ -572,10 +566,12 @@ WOLFSSL_LOCAL int wc_CryptoCb_MakePqcSignatureKey(WC_RNG* rng, int type, int keySize, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcSign(const byte* in, word32 inlen, byte* out, - word32 *outlen, WC_RNG* rng, int type, void* key); + word32 *outlen, const byte* context, byte contextLen, word32 preHashType, + WC_RNG* rng, int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcVerify(const byte* sig, word32 siglen, - const byte* msg, word32 msglen, int* res, int type, void* key); + const byte* msg, word32 msglen, const byte* context, byte contextLen, + word32 preHashType, int* res, int type, void* key); WOLFSSL_LOCAL int wc_CryptoCb_PqcSignatureCheckPrivKey(void* key, int type, const byte* pubKey, word32 pubKeySz); diff --git a/src/wolfssl/wolfcrypt/curve25519.h b/src/wolfssl/wolfcrypt/curve25519.h index 4d18c56..f1bb574 100644 --- a/src/wolfssl/wolfcrypt/curve25519.h +++ b/src/wolfssl/wolfcrypt/curve25519.h @@ -1,6 +1,6 @@ /* curve25519.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,6 +44,7 @@ #define CURVE25519_KEYSIZE 32 #define CURVE25519_PUB_KEY_SIZE 32 +#define CURVE25519_MAX_KEY_TO_DER_SZ 82 /* for exported DER keys temp buffer */ #ifdef WOLFSSL_NAMES_STATIC typedef char curve25519_str[12]; @@ -91,6 +92,9 @@ struct curve25519_key { int devId; #endif void *heap; +#ifdef WOLFSSL_CURVE25519_BLINDING + WC_RNG* rng; +#endif #ifdef WOLFSSL_SE050 word32 keyId; byte keyIdSet; @@ -109,11 +113,23 @@ enum { WOLFSSL_API int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, const byte* priv); +#ifdef WOLFSSL_CURVE25519_BLINDING +WOLFSSL_API +int wc_curve25519_make_pub_blind(int public_size, byte* pub, int private_size, + const byte* priv, WC_RNG* rng); +#endif WOLFSSL_API int wc_curve25519_generic(int public_size, byte* pub, int private_size, const byte* priv, int basepoint_size, const byte* basepoint); +#ifdef WOLFSSL_CURVE25519_BLINDING +WOLFSSL_API +int wc_curve25519_generic_blind(int public_size, byte* pub, + int private_size, const byte* priv, + int basepoint_size, const byte* basepoint, + WC_RNG* rng); +#endif WOLFSSL_API int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv); @@ -139,13 +155,17 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); +#ifdef WOLFSSL_CURVE25519_BLINDING +WOLFSSL_API +int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng); +#endif + #ifndef WC_NO_CONSTRUCTORS WOLFSSL_API curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code); WOLFSSL_API int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p); #endif -WOLFSSL_API /* raw key helpers */ WOLFSSL_API diff --git a/src/wolfssl/wolfcrypt/curve448.h b/src/wolfssl/wolfcrypt/curve448.h index b722727..756c8a3 100644 --- a/src/wolfssl/wolfcrypt/curve448.h +++ b/src/wolfssl/wolfcrypt/curve448.h @@ -1,6 +1,6 @@ /* curve448.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/des3.h b/src/wolfssl/wolfcrypt/des3.h index 78a5164..2568857 100644 --- a/src/wolfssl/wolfcrypt/des3.h +++ b/src/wolfssl/wolfcrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/dh.h b/src/wolfssl/wolfcrypt/dh.h index 865baa3..81c5623 100644 --- a/src/wolfssl/wolfcrypt/dh.h +++ b/src/wolfssl/wolfcrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/dilithium.h b/src/wolfssl/wolfcrypt/dilithium.h index c43bc7e..306cef1 100644 --- a/src/wolfssl/wolfcrypt/dilithium.h +++ b/src/wolfssl/wolfcrypt/dilithium.h @@ -1,6 +1,6 @@ /* dilithium.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -117,6 +117,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334 #define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588 +#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344 #define DILITHIUM_LEVEL3_KEY_SIZE 4032 #define DILITHIUM_LEVEL3_SIG_SIZE 3309 @@ -126,7 +130,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974 #define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060 - +#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204 #define DILITHIUM_LEVEL5_KEY_SIZE 4896 #define DILITHIUM_LEVEL5_SIG_SIZE 4627 @@ -136,6 +143,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 #define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 +#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239 #define ML_DSA_LEVEL2_KEY_SIZE 2560 #define ML_DSA_LEVEL2_SIG_SIZE 2420 @@ -145,6 +156,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL3_KEY_SIZE 4032 #define ML_DSA_LEVEL3_SIG_SIZE 3309 @@ -154,6 +169,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL5_KEY_SIZE 4896 #define ML_DSA_LEVEL5_SIG_SIZE 4627 @@ -163,6 +182,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE @@ -524,6 +547,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE 1334 #define DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE 2588 +#define DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE 3904 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE 5344 #define DILITHIUM_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key #define DILITHIUM_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature @@ -533,6 +560,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE 1974 #define DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE 4060 +#define DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE 6016 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE 8204 #define DILITHIUM_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key #define DILITHIUM_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature @@ -542,7 +573,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 #define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 - +#define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520 +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239 #define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key #define ML_DSA_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature @@ -552,6 +586,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL2_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL2_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL2_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL2_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key #define ML_DSA_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature @@ -561,6 +599,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL3_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL3_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL3_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL3_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE #define ML_DSA_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key #define ML_DSA_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature @@ -570,6 +612,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE #endif @@ -580,6 +626,10 @@ /* Buffer sizes large enough to store exported DER encoded keys */ #define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and + * the footer "-----END PRIVATE KEY-----" */ +#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE #ifdef WOLF_PRIVATE_KEY_ID @@ -813,6 +863,10 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); #endif +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 +WOLFSSL_LOCAL int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat); +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + #ifndef WOLFSSL_DILITHIUM_NO_ASN1 #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input, @@ -894,6 +948,13 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) +#define wc_MlDsaKey_PublicKeyToDer(key, output, len, withAlg) \ + wc_Dilithium_PublicKeyToDer(key, output, len, withAlg) + +#define wc_MlDsaKey_PrivateKeyToDer(key, output, len) \ + wc_Dilithium_PrivateKeyToDer(key, output, len) + + WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); diff --git a/src/wolfssl/wolfcrypt/dsa.h b/src/wolfssl/wolfcrypt/dsa.h index 1e92fd5..4ae42c3 100644 --- a/src/wolfssl/wolfcrypt/dsa.h +++ b/src/wolfssl/wolfcrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ecc.h b/src/wolfssl/wolfcrypt/ecc.h index 71a7a8b..04a7a66 100644 --- a/src/wolfssl/wolfcrypt/ecc.h +++ b/src/wolfssl/wolfcrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -287,7 +287,8 @@ typedef byte ecc_oid_t; #endif -#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API) +#if !defined(WOLFSSL_ECC_CURVE_STATIC) && defined(USE_WINDOWS_API) && \ + !defined(__WATCOMC__) /* MSC does something different with the pointers to the arrays than GCC, * and it causes the FIPS checksum to fail. In the case of windows builds, * store everything as arrays instead of pointers to strings. */ diff --git a/src/wolfssl/wolfcrypt/eccsi.h b/src/wolfssl/wolfcrypt/eccsi.h index 34e10bf..5136d13 100644 --- a/src/wolfssl/wolfcrypt/eccsi.h +++ b/src/wolfssl/wolfcrypt/eccsi.h @@ -1,6 +1,6 @@ /* eccsi.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ed25519.h b/src/wolfssl/wolfcrypt/ed25519.h index 8c660b2..f7367b5 100644 --- a/src/wolfssl/wolfcrypt/ed25519.h +++ b/src/wolfssl/wolfcrypt/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -187,7 +187,6 @@ ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); WOLFSSL_API int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p); #endif -WOLFSSL_API #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API diff --git a/src/wolfssl/wolfcrypt/ed448.h b/src/wolfssl/wolfcrypt/ed448.h index 9e2e890..e79a048 100644 --- a/src/wolfssl/wolfcrypt/ed448.h +++ b/src/wolfssl/wolfcrypt/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/error-crypt.h b/src/wolfssl/wolfcrypt/error-crypt.h index 5668783..f466e29 100644 --- a/src/wolfssl/wolfcrypt/error-crypt.h +++ b/src/wolfssl/wolfcrypt/error-crypt.h @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -135,7 +135,8 @@ enum wolfCrypt_ErrorCodes { ED25519_KAT_FIPS_E = -163, /* Ed25519 Known answer test failure */ ED448_KAT_FIPS_E = -164, /* Ed448 Known answer test failure */ PBKDF2_KAT_FIPS_E = -165, /* PBKDF2 Known answer test failure */ - /* -166..-169 unused. */ + WC_KEY_MISMATCH_E = -166, /* Error for private/public key mismatch */ + /* -167..-169 unused. */ ECC_BAD_ARG_E = -170, /* ECC input argument of wrong type */ ASN_ECC_KEY_E = -171, /* ASN ECC bad input */ @@ -302,11 +303,12 @@ enum wolfCrypt_ErrorCodes { WC_SPAN2_FIRST_E = -1000, DEADLOCK_AVERTED_E = -1000, /* Deadlock averted -- retry the call */ + ASCON_AUTH_E = -1001, /* ASCON Authentication check failure */ - WC_SPAN2_LAST_E = -1000, /* Update to indicate last used error code */ + WC_SPAN2_LAST_E = -1001, /* Update to indicate last used error code */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ - WC_LAST_E = -1000, /* the last code used either here or in + WC_LAST_E = -1001, /* the last code used either here or in * error-ssl.h */ @@ -325,7 +327,7 @@ wc_static_assert((int)MIN_CODE_E <= (int)WC_SPAN2_MIN_CODE_E); #ifdef NO_ERROR_STRINGS #define wc_GetErrorString(error) "no support for error strings built in" #define wc_ErrorString(err, buf) \ - (void)err; XSTRNCPY((buf), wc_GetErrorString((err)), \ + (void)(err); XSTRNCPY((buf), wc_GetErrorString(err), \ WOLFSSL_MAX_ERROR_SZ); #else diff --git a/src/wolfssl/wolfcrypt/ext_lms.h b/src/wolfssl/wolfcrypt/ext_lms.h index 4120335..2c7d116 100644 --- a/src/wolfssl/wolfcrypt/ext_lms.h +++ b/src/wolfssl/wolfcrypt/ext_lms.h @@ -1,6 +1,6 @@ /* ext_lms.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ext_mlkem.h b/src/wolfssl/wolfcrypt/ext_mlkem.h new file mode 100644 index 0000000..53c6c7d --- /dev/null +++ b/src/wolfssl/wolfcrypt/ext_mlkem.h @@ -0,0 +1,74 @@ +/* ext_mlkem.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef EXT_KYBER_H +#define EXT_KYBER_H + +#ifdef WOLF_CRYPTO_CB + #include +#endif + +#ifdef WOLFSSL_HAVE_MLKEM +#include + +#if !defined(HAVE_LIBOQS) +#error "This code requires liboqs" +#endif + +#if defined(WOLFSSL_WC_MLKEM) +#error "This code is incompatible with wolfCrypt's implementation of Kyber." +#endif + +#if defined (HAVE_LIBOQS) + #include + + #ifndef WOLFSSL_NO_ML_KEM + #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_ml_kem_1024_length_secret_key + #define EXT_KYBER_MAX_PUB_SZ OQS_KEM_ml_kem_1024_length_public_key + #elif defined(WOLFSSL_MLKEM_KYBER) + #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key + #define EXT_KYBER_MAX_PUB_SZ OQS_KEM_kyber_1024_length_public_key + #endif +#endif + +struct KyberKey { + /* Type of key: KYBER_LEVEL1 + * KYBER_LEVEL3 + * KYBER_LEVEL5 + * + * Note we don't save the variant (SHAKE vs AES) as that is decided at + * configuration time. */ + int type; + +#ifdef WOLF_CRYPTO_CB + void* devCtx; + int devId; +#endif + + byte priv[EXT_KYBER_MAX_PRIV_SZ]; + byte pub[EXT_KYBER_MAX_PUB_SZ]; +}; + +#if defined (HAVE_LIBOQS) +WOLFSSL_LOCAL int ext_mlkem_enabled(int id); +#endif +#endif /* WOLFSSL_HAVE_MLKEM */ +#endif /* EXT_KYBER_H */ diff --git a/src/wolfssl/wolfcrypt/ext_xmss.h b/src/wolfssl/wolfcrypt/ext_xmss.h index cb041bc..1c7ed35 100644 --- a/src/wolfssl/wolfcrypt/ext_xmss.h +++ b/src/wolfssl/wolfcrypt/ext_xmss.h @@ -1,6 +1,6 @@ /* ext_xmss.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/falcon.h b/src/wolfssl/wolfcrypt/falcon.h index a103034..45ae673 100644 --- a/src/wolfssl/wolfcrypt/falcon.h +++ b/src/wolfssl/wolfcrypt/falcon.h @@ -1,6 +1,6 @@ /* falcon.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/fe_448.h b/src/wolfssl/wolfcrypt/fe_448.h index 09ff150..fef9d17 100644 --- a/src/wolfssl/wolfcrypt/fe_448.h +++ b/src/wolfssl/wolfcrypt/fe_448.h @@ -1,6 +1,6 @@ /* fe448_448.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,7 +29,8 @@ #include -#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT) +#if defined(HAVE___UINT128_T) && !defined(NO_CURVED448_128BIT) && \ + !defined(NO_INT128) #define CURVED448_128BIT #endif diff --git a/src/wolfssl/wolfcrypt/fe_operations.h b/src/wolfssl/wolfcrypt/fe_operations.h index 23928f2..dd029ec 100644 --- a/src/wolfssl/wolfcrypt/fe_operations.h +++ b/src/wolfssl/wolfcrypt/fe_operations.h @@ -1,6 +1,6 @@ /* fe_operations.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,6 +76,10 @@ Bounds on each t[i] vary depending on context. WOLFSSL_LOCAL void fe_init(void); WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); +#ifdef WOLFSSL_CURVE25519_BLINDING +WOLFSSL_LOCAL int curve25519_blind(byte * q, const byte * n, const byte* mask, + const byte * p, const byte* rz); +#endif #endif /* default to be faster but take more memory */ diff --git a/src/wolfssl/wolfcrypt/fips_test.h b/src/wolfssl/wolfcrypt/fips_test.h index 6523753..16f170b 100644 --- a/src/wolfssl/wolfcrypt/fips_test.h +++ b/src/wolfssl/wolfcrypt/fips_test.h @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -72,7 +72,9 @@ enum FipsCastId { FIPS_CAST_ED25519 = 16, FIPS_CAST_ED448 = 17, FIPS_CAST_PBKDF2 = 18, - FIPS_CAST_COUNT = 19 + /* v7.0.0 + */ + FIPS_CAST_AES_ECB = 19, + FIPS_CAST_COUNT = 20 }; enum FipsCastStateId { diff --git a/src/wolfssl/wolfcrypt/ge_448.h b/src/wolfssl/wolfcrypt/ge_448.h index a9d4d47..82665cf 100644 --- a/src/wolfssl/wolfcrypt/ge_448.h +++ b/src/wolfssl/wolfcrypt/ge_448.h @@ -1,6 +1,6 @@ /* ge_448.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ge_operations.h b/src/wolfssl/wolfcrypt/ge_operations.h index 75d4b07..9a4d995 100644 --- a/src/wolfssl/wolfcrypt/ge_operations.h +++ b/src/wolfssl/wolfcrypt/ge_operations.h @@ -1,6 +1,6 @@ /* ge_operations.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/hash.h b/src/wolfssl/wolfcrypt/hash.h index ee001a9..02d99d4 100644 --- a/src/wolfssl/wolfcrypt/hash.h +++ b/src/wolfssl/wolfcrypt/hash.h @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -83,16 +83,6 @@ enum wc_MACAlgorithm { sm3_mac }; -enum wc_HashFlags { - WC_HASH_FLAG_NONE = 0x00000000, - WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */ - WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */ -#ifdef WOLFSSL_SHA3 - WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */ -#endif - WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) -}; - /* hash union */ typedef union { #ifndef NO_MD5 diff --git a/src/wolfssl/wolfcrypt/hmac.h b/src/wolfssl/wolfcrypt/hmac.h index fd5d8d3..96da94c 100644 --- a/src/wolfssl/wolfcrypt/hmac.h +++ b/src/wolfssl/wolfcrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -124,6 +124,10 @@ typedef wc_Hashes wc_HmacHash; /* Hmac digest */ struct Hmac { wc_HmacHash hash; +#ifdef WOLFSSL_HMAC_COPY_HASH + wc_HmacHash i_hash; + wc_HmacHash o_hash; +#endif word32 ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ word32 opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; word32 innerHash[WC_MAX_DIGEST_SIZE / sizeof(word32)]; diff --git a/src/wolfssl/wolfcrypt/hpke.h b/src/wolfssl/wolfcrypt/hpke.h index 3bf61e5..cacfca6 100644 --- a/src/wolfssl/wolfcrypt/hpke.h +++ b/src/wolfssl/wolfcrypt/hpke.h @@ -1,6 +1,6 @@ /* hpke.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -120,9 +120,18 @@ WOLFSSL_API int wc_HpkeDeserializePublicKey(Hpke* hpke, void** key, const byte* in, word16 inSz); WOLFSSL_API void wc_HpkeFreeKey(Hpke* hpke, word16 kem, void* keypair, void* heap); +WOLFSSL_API int wc_HpkeInitSealContext(Hpke* hpke, HpkeBaseContext* context, + void* ephemeralKey, void* receiverKey, byte* info, word32 infoSz); +WOLFSSL_API int wc_HpkeContextSealBase(Hpke* hpke, HpkeBaseContext* context, + byte* aad, word32 aadSz, byte* plaintext, word32 ptSz, byte* out); WOLFSSL_API int wc_HpkeSealBase(Hpke* hpke, void* ephemeralKey, void* receiverKey, byte* info, word32 infoSz, byte* aad, word32 aadSz, byte* plaintext, word32 ptSz, byte* ciphertext); +WOLFSSL_API int wc_HpkeInitOpenContext(Hpke* hpke, HpkeBaseContext* context, + void* receiverKey, const byte* pubKey, word16 pubKeySz, byte* info, + word32 infoSz); +WOLFSSL_API int wc_HpkeContextOpenBase(Hpke* hpke, HpkeBaseContext* context, + byte* aad, word32 aadSz, byte* ciphertext, word32 ctSz, byte* out); WOLFSSL_API int wc_HpkeOpenBase(Hpke* hpke, void* receiverKey, const byte* pubKey, word16 pubKeySz, byte* info, word32 infoSz, byte* aad, word32 aadSz, byte* ciphertext, word32 ctSz, byte* plaintext); diff --git a/src/wolfssl/wolfcrypt/integer.h b/src/wolfssl/wolfcrypt/integer.h index e98cd35..68bda1f 100644 --- a/src/wolfssl/wolfcrypt/integer.h +++ b/src/wolfssl/wolfcrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/kdf.h b/src/wolfssl/wolfcrypt/kdf.h index 66b3a7a..d2fd388 100644 --- a/src/wolfssl/wolfcrypt/kdf.h +++ b/src/wolfssl/wolfcrypt/kdf.h @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/libwolfssl_sources.h b/src/wolfssl/wolfcrypt/libwolfssl_sources.h new file mode 100644 index 0000000..474cbe1 --- /dev/null +++ b/src/wolfssl/wolfcrypt/libwolfssl_sources.h @@ -0,0 +1,50 @@ +/* libwolfssl_sources.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* In wolfSSL library sources, #include this file before any other #includes, to + * assure BUILDING_WOLFSSL is defined. + * + * This file also includes the common headers needed by all sources. + */ + +#ifndef LIBWOLFSSL_SOURCES_H +#define LIBWOLFSSL_SOURCES_H + +#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \ + defined(WOLF_CRYPT_SETTINGS_H) && \ + !defined(LIBWOLFSSL_SOURCES_ASM_H) + #error settings.h included before libwolfssl_sources.h. +#endif + +#ifndef BUILDING_WOLFSSL + #define BUILDING_WOLFSSL +#endif + +#if defined(HAVE_CONFIG_H) && !defined(WC_CONFIG_H_INCLUDED) + #include + #define WC_CONFIG_H_INCLUDED +#endif + +#include +#include +#include + +#endif /* LIBWOLFSSL_SOURCES_H */ diff --git a/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h b/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h new file mode 100644 index 0000000..a3d85c9 --- /dev/null +++ b/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h @@ -0,0 +1,48 @@ +/* libwolfssl_sources_asm.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* In wolfSSL library sources, #include this file before any other #includes, to + * assure BUILDING_WOLFSSL is defined. + * + * This file also includes the common headers needed by all sources. + */ + +#ifndef LIBWOLFSSL_SOURCES_ASM_H +#define LIBWOLFSSL_SOURCES_ASM_H + +#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \ + defined(WOLF_CRYPT_SETTINGS_H) && \ + !defined(LIBWOLFSSL_SOURCES_H) + #error settings.h included before libwolfssl_sources_asm.h. +#endif + +#ifndef BUILDING_WOLFSSL + #define BUILDING_WOLFSSL +#endif + +#if defined(HAVE_CONFIG_H) && !defined(WC_CONFIG_H_INCLUDED) + #include + #define WC_CONFIG_H_INCLUDED +#endif + +#include + +#endif /* LIBWOLFSSL_SOURCES_ASM_H */ diff --git a/src/wolfssl/wolfcrypt/lms.h b/src/wolfssl/wolfcrypt/lms.h index 1534fb1..ee4ccc5 100644 --- a/src/wolfssl/wolfcrypt/lms.h +++ b/src/wolfssl/wolfcrypt/lms.h @@ -1,6 +1,6 @@ /* lms.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -127,6 +127,9 @@ enum wc_LmsParm { WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42, WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43, WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44, + WC_LMS_PARM_SHA256_192_L1_H20_W2 = 53, + WC_LMS_PARM_SHA256_192_L1_H20_W4 = 54, + WC_LMS_PARM_SHA256_192_L1_H20_W8 = 55, WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45, WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46, WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47, @@ -183,6 +186,9 @@ WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, const byte * msg, int msgSz); WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm); WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc); + +WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, + word32 privSz); #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/logging.h b/src/wolfssl/wolfcrypt/logging.h index a60f70b..49de701 100644 --- a/src/wolfssl/wolfcrypt/logging.h +++ b/src/wolfssl/wolfcrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -135,7 +135,7 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); WOLFSSL_LOCAL unsigned long wc_PeekErrorNodeLineData( const char **file, int *line, const char **data, int *flags, int (*ignore_err)(int err)); - WOLFSSL_LOCAL unsigned long wc_GetErrorNodeErr(void); + WOLFSSL_LOCAL int wc_GetErrorNodeErr(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); WOLFSSL_API void wc_ERR_print_errors_cb(int (*cb)(const char *str, @@ -174,7 +174,7 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); #define WOLFSSL_STUB(m) \ WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented)) WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void); -#if defined(XVSNPRINTF) +#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX) WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...); #define HAVE_WOLFSSL_MSG_EX #else diff --git a/src/wolfssl/wolfcrypt/md2.h b/src/wolfssl/wolfcrypt/md2.h index 73be110..8fb5076 100644 --- a/src/wolfssl/wolfcrypt/md2.h +++ b/src/wolfssl/wolfcrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/md4.h b/src/wolfssl/wolfcrypt/md4.h index b253f8d..78c4275 100644 --- a/src/wolfssl/wolfcrypt/md4.h +++ b/src/wolfssl/wolfcrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/md5.h b/src/wolfssl/wolfcrypt/md5.h index 59d1f8d..93b906d 100644 --- a/src/wolfssl/wolfcrypt/md5.h +++ b/src/wolfssl/wolfcrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/mem_track.h b/src/wolfssl/wolfcrypt/mem_track.h index a69d1f0..205ec57 100644 --- a/src/wolfssl/wolfcrypt/mem_track.h +++ b/src/wolfssl/wolfcrypt/mem_track.h @@ -1,6 +1,6 @@ /* mem_track.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -596,7 +596,7 @@ static WC_INLINE int StackSizeCheck(struct func_args* args, thread_func tf) #endif #ifdef PTHREAD_STACK_MIN - if (stackSize < PTHREAD_STACK_MIN) + if (stackSize < (size_t)PTHREAD_STACK_MIN) stackSize = PTHREAD_STACK_MIN; #endif @@ -677,7 +677,7 @@ static WC_INLINE int StackSizeCheck_launch(struct func_args* args, struct stack_size_debug_context* shim_args; #ifdef PTHREAD_STACK_MIN - if (stackSize < PTHREAD_STACK_MIN) + if (stackSize < (size_t)PTHREAD_STACK_MIN) stackSize = PTHREAD_STACK_MIN; #endif diff --git a/src/wolfssl/wolfcrypt/memory.h b/src/wolfssl/wolfcrypt/memory.h index 179a8fd..5170a8c 100644 --- a/src/wolfssl/wolfcrypt/memory.h +++ b/src/wolfssl/wolfcrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/misc.h b/src/wolfssl/wolfcrypt/misc.h index 579c536..561c9a2 100644 --- a/src/wolfssl/wolfcrypt/misc.h +++ b/src/wolfssl/wolfcrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -134,6 +134,9 @@ WOLFSSL_LOCAL int CharIsWhiteSpace(char ch); WOLFSSL_LOCAL byte ctMaskGT(int a, int b); WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); WOLFSSL_LOCAL int ctMaskIntGTE(int a, int b); +#ifdef WORD64_AVAILABLE +WOLFSSL_LOCAL word32 ctMaskWord32GTE(word32 a, word32 b); +#endif WOLFSSL_LOCAL byte ctMaskLT(int a, int b); WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); WOLFSSL_LOCAL byte ctMaskEq(int a, int b); diff --git a/src/wolfssl/wolfcrypt/mlkem.h b/src/wolfssl/wolfcrypt/mlkem.h new file mode 100644 index 0000000..4a922a1 --- /dev/null +++ b/src/wolfssl/wolfcrypt/mlkem.h @@ -0,0 +1,374 @@ +/* mlkem.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/mlkem.h + */ + +#ifndef WOLF_CRYPT_MLKEM_H +#define WOLF_CRYPT_MLKEM_H + +#include +#include + +#ifdef WOLFSSL_HAVE_MLKEM + +/* Number of co-efficients in polynomial. */ +#define MLKEM_N 256 + +/* Define algorithm type when not excluded. */ +#ifndef WOLFSSL_NO_ML_KEM + #if !defined(WOLFSSL_NO_ML_KEM_512) + #define WOLFSSL_WC_ML_KEM_512 + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) + #define WOLFSSL_WC_ML_KEM_768 + #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) + #define WOLFSSL_WC_ML_KEM_1024 + #endif + + #if !defined(WOLFSSL_WC_ML_KEM_512) && !defined(WOLFSSL_WC_ML_KEM_768) && \ + !defined(WOLFSSL_WC_ML_KEM_1024) + #error "No ML-KEM key size chosen." + #endif +#endif + +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + #define WOLFSSL_KYBER512 + #define WOLFSSL_WC_ML_KEM_512 + #endif + #ifndef WOLFSSL_NO_KYBER768 + #define WOLFSSL_KYBER768 + #define WOLFSSL_WC_ML_KEM_768 + #endif + #ifndef WOLFSSL_NO_KYBER1024 + #define WOLFSSL_KYBER1024 + #define WOLFSSL_WC_ML_KEM_1024 + #endif + + #if !defined(WOLFSSL_KYBER512) && !defined(WOLFSSL_KYBER768) && \ + !defined(WOLFSSL_KYBER1024) + #error "No Kyber key size chosen." + #endif +#endif + +/* Size of a polynomial vector based on dimensions. */ +#define MLKEM_POLY_VEC_SZ(k) ((k) * WC_ML_KEM_POLY_SIZE) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define MLKEM_POLY_COMPRESSED_SZ(b) ((b) * (MLKEM_N / 8)) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define MLKEM_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (MLKEM_N / 8))) + +#ifdef WOLFSSL_WC_ML_KEM_512 +#define WC_ML_KEM_512_K 2 +/* Size of a polynomial vector. */ +#define WC_ML_KEM_512_POLY_VEC_SZ MLKEM_POLY_VEC_SZ(WC_ML_KEM_512_K) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define WC_ML_KEM_512_POLY_COMPRESSED_SZ MLKEM_POLY_COMPRESSED_SZ(4) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ \ + MLKEM_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_512_K, 10) + +/* Public key size. */ +#define WC_ML_KEM_512_PUBLIC_KEY_SIZE \ + (WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_SYM_SZ) +/* Private key size. */ +#define WC_ML_KEM_512_PRIVATE_KEY_SIZE \ + (WC_ML_KEM_512_POLY_VEC_SZ + WC_ML_KEM_512_PUBLIC_KEY_SIZE + \ + 2 * WC_ML_KEM_SYM_SZ) +/* Cipher text size. */ +#define WC_ML_KEM_512_CIPHER_TEXT_SIZE \ + (WC_ML_KEM_512_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_512_POLY_COMPRESSED_SZ) +#endif + +#ifdef WOLFSSL_WC_ML_KEM_768 +#define WC_ML_KEM_768_K 3 + +/* Size of a polynomial vector. */ +#define WC_ML_KEM_768_POLY_VEC_SZ MLKEM_POLY_VEC_SZ(WC_ML_KEM_768_K) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define WC_ML_KEM_768_POLY_COMPRESSED_SZ MLKEM_POLY_COMPRESSED_SZ(4) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ \ + MLKEM_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_768_K, 10) + +/* Public key size. */ +#define WC_ML_KEM_768_PUBLIC_KEY_SIZE \ + (WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_SYM_SZ) +/* Private key size. */ +#define WC_ML_KEM_768_PRIVATE_KEY_SIZE \ + (WC_ML_KEM_768_POLY_VEC_SZ + WC_ML_KEM_768_PUBLIC_KEY_SIZE + \ + 2 * WC_ML_KEM_SYM_SZ) +/* Cipher text size. */ +#define WC_ML_KEM_768_CIPHER_TEXT_SIZE \ + (WC_ML_KEM_768_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_768_POLY_COMPRESSED_SZ) +#endif + +#ifdef WOLFSSL_WC_ML_KEM_1024 +#define WC_ML_KEM_1024_K 4 + +/* Size of a polynomial vector. */ +#define WC_ML_KEM_1024_POLY_VEC_SZ MLKEM_POLY_VEC_SZ(WC_ML_KEM_1024_K) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define WC_ML_KEM_1024_POLY_COMPRESSED_SZ MLKEM_POLY_COMPRESSED_SZ(5) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ \ + MLKEM_POLY_VEC_COMPRESSED_SZ(WC_ML_KEM_1024_K, 11) + +/* Public key size. */ +#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE \ + (WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_SYM_SZ) +/* Private key size. */ +#define WC_ML_KEM_1024_PRIVATE_KEY_SIZE \ + (WC_ML_KEM_1024_POLY_VEC_SZ + WC_ML_KEM_1024_PUBLIC_KEY_SIZE + \ + 2 * WC_ML_KEM_SYM_SZ) +/* Cipher text size. */ +#define WC_ML_KEM_1024_CIPHER_TEXT_SIZE \ + (WC_ML_KEM_1024_POLY_VEC_COMPRESSED_SZ + WC_ML_KEM_1024_POLY_COMPRESSED_SZ) +#endif + +#ifndef WC_ML_KEM_MAX_K +#ifdef WOLFSSL_WC_ML_KEM_1024 +#define WC_ML_KEM_MAX_K WC_ML_KEM_1024_K +#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE WC_ML_KEM_1024_PRIVATE_KEY_SIZE +#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE WC_ML_KEM_1024_PUBLIC_KEY_SIZE +#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE WC_ML_KEM_1024_CIPHER_TEXT_SIZE +#elif defined(WOLFSSL_WC_ML_KEM_768) +#define WC_ML_KEM_MAX_K WC_ML_KEM_768_K +#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE WC_ML_KEM_768_PRIVATE_KEY_SIZE +#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE WC_ML_KEM_768_PUBLIC_KEY_SIZE +#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE WC_ML_KEM_768_CIPHER_TEXT_SIZE +#elif defined(WOLFSSL_WC_ML_KEM_512) +#define WC_ML_KEM_MAX_K WC_ML_KEM_512_K +#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE WC_ML_KEM_512_PRIVATE_KEY_SIZE +#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE WC_ML_KEM_512_PUBLIC_KEY_SIZE +#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE WC_ML_KEM_512_CIPHER_TEXT_SIZE +#endif +#endif /* WC_ML_KEM_MAX_K */ + +#define KYBER_N MLKEM_N + +/* Size of a polynomial vector based on dimensions. */ +#define KYBER_POLY_VEC_SZ(k) ((k) * KYBER_POLY_SIZE) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define KYBER_POLY_COMPRESSED_SZ(b) ((b) * (KYBER_N / 8)) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define KYBER_POLY_VEC_COMPRESSED_SZ(k, b) ((k) * ((b) * (KYBER_N / 8))) + + +/* Kyber-512 parameters */ +/* Number of polynomials in a vector and vectors in a matrix. */ +#define KYBER512_K 2 + +/* Size of a polynomial vector. */ +#define KYBER512_POLY_VEC_SZ KYBER_POLY_VEC_SZ(KYBER512_K) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define KYBER512_POLY_COMPRESSED_SZ KYBER_POLY_COMPRESSED_SZ(4) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define KYBER512_POLY_VEC_COMPRESSED_SZ \ + KYBER_POLY_VEC_COMPRESSED_SZ(KYBER512_K, 10) + +/* Public key size. */ +#define KYBER512_PUBLIC_KEY_SIZE \ + (KYBER512_POLY_VEC_SZ + KYBER_SYM_SZ) +/* Private key size. */ +#define KYBER512_PRIVATE_KEY_SIZE \ + (KYBER512_POLY_VEC_SZ + KYBER512_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ) +/* Cipher text size. */ +#define KYBER512_CIPHER_TEXT_SIZE \ + (KYBER512_POLY_VEC_COMPRESSED_SZ + KYBER512_POLY_COMPRESSED_SZ) + +/* Kyber-768 parameters */ +/* Number of polynomials in a vector and vectors in a matrix. */ +#define KYBER768_K 3 + +/* Size of a polynomial vector. */ +#define KYBER768_POLY_VEC_SZ KYBER_POLY_VEC_SZ(KYBER768_K) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define KYBER768_POLY_COMPRESSED_SZ KYBER_POLY_COMPRESSED_SZ(4) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define KYBER768_POLY_VEC_COMPRESSED_SZ \ + KYBER_POLY_VEC_COMPRESSED_SZ(KYBER768_K, 10) + +/* Public key size. */ +#define KYBER768_PUBLIC_KEY_SIZE \ + (KYBER768_POLY_VEC_SZ + KYBER_SYM_SZ) +/* Private key size. */ +#define KYBER768_PRIVATE_KEY_SIZE \ + (KYBER768_POLY_VEC_SZ + KYBER768_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ) +/* Cipher text size. */ +#define KYBER768_CIPHER_TEXT_SIZE \ + (KYBER768_POLY_VEC_COMPRESSED_SZ + KYBER768_POLY_COMPRESSED_SZ) + +/* Kyber-1024 parameters */ +/* Number of polynomials in a vector and vectors in a matrix. */ +#define KYBER1024_K 4 + +/* Size of a polynomial vector. */ +#define KYBER1024_POLY_VEC_SZ KYBER_POLY_VEC_SZ(KYBER1024_K) +/* Size of a compressed polynomial based on bits per coefficient. */ +#define KYBER1024_POLY_COMPRESSED_SZ KYBER_POLY_COMPRESSED_SZ(5) +/* Size of a compressed vector polynomial based on dimensions and bits per + * coefficient. */ +#define KYBER1024_POLY_VEC_COMPRESSED_SZ \ + KYBER_POLY_VEC_COMPRESSED_SZ(KYBER1024_K, 11) + +/* Public key size. */ +#define KYBER1024_PUBLIC_KEY_SIZE \ + (KYBER1024_POLY_VEC_SZ + KYBER_SYM_SZ) +/* Private key size. */ +#define KYBER1024_PRIVATE_KEY_SIZE \ + (KYBER1024_POLY_VEC_SZ + KYBER1024_PUBLIC_KEY_SIZE + 2 * KYBER_SYM_SZ) +/* Cipher text size. */ +#define KYBER1024_CIPHER_TEXT_SIZE \ + (KYBER1024_POLY_VEC_COMPRESSED_SZ + KYBER1024_POLY_COMPRESSED_SZ) + + +/* Maximum dimensions and sizes of supported key types. */ +#ifdef WOLFSSL_KYBER1024 +#define KYBER_MAX_K KYBER1024_K +#define KYBER_MAX_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE +#define KYBER_MAX_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE +#define KYBER_MAX_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE +#elif defined(WOLFSSL_KYBER768) +#define KYBER_MAX_K KYBER768_K +#define KYBER_MAX_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE +#define KYBER_MAX_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE +#define KYBER_MAX_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE +#elif defined(WOLFSSL_KYBER512) +#define KYBER_MAX_K KYBER512_K +#define KYBER_MAX_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE +#define KYBER_MAX_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE +#define KYBER_MAX_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE +#endif + +#define KYBER_SYM_SZ WC_ML_KEM_SYM_SZ +#define KYBER_SS_SZ WC_ML_KEM_SS_SZ +#define KYBER_MAKEKEY_RAND_SZ WC_ML_KEM_MAKEKEY_RAND_SZ +#define KYBER_ENC_RAND_SZ WC_ML_KEM_ENC_RAND_SZ +#define KYBER_POLY_SIZE WC_ML_KEM_POLY_SIZE + + +enum { + /* Types of Kyber keys. */ + WC_ML_KEM_512 = 0, + WC_ML_KEM_768 = 1, + WC_ML_KEM_1024 = 2, + + MLKEM_KYBER = 0x10, + KYBER512 = 0 | MLKEM_KYBER, + KYBER768 = 1 | MLKEM_KYBER, + KYBER1024 = 2 | MLKEM_KYBER, + + KYBER_LEVEL1 = KYBER512, + KYBER_LEVEL3 = KYBER768, + KYBER_LEVEL5 = KYBER1024, + + /* Symmetric data size. */ + WC_ML_KEM_SYM_SZ = 32, + /* Shared secret size. */ + WC_ML_KEM_SS_SZ = 32, + /* Size of random required for making a key. */ + WC_ML_KEM_MAKEKEY_RAND_SZ = 2 * WC_ML_KEM_SYM_SZ, + /* Size of random required for encapsulation. */ + WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ, + + /* Encoded polynomial size. */ + WC_ML_KEM_POLY_SIZE = 384, +}; + + +/* Different structures for different implementations. */ +typedef struct MlKemKey MlKemKey; + + +#ifdef __cplusplus + extern "C" { +#endif + +WOLFSSL_API int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap, + int devId); +WOLFSSL_API int wc_MlKemKey_Free(MlKemKey* key); + +WOLFSSL_API int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng); +WOLFSSL_API int wc_MlKemKey_MakeKeyWithRandom(MlKemKey* key, + const unsigned char* rand, int len); + +WOLFSSL_API int wc_MlKemKey_CipherTextSize(MlKemKey* key, word32* len); +WOLFSSL_API int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len); + +WOLFSSL_API int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* ct, + unsigned char* ss, WC_RNG* rng); +WOLFSSL_API int wc_MlKemKey_EncapsulateWithRandom(MlKemKey* key, + unsigned char* ct, unsigned char* ss, const unsigned char* rand, int len); +WOLFSSL_API int wc_MlKemKey_Decapsulate(MlKemKey* key, unsigned char* ss, + const unsigned char* ct, word32 len); + +WOLFSSL_API int wc_MlKemKey_DecodePrivateKey(MlKemKey* key, + const unsigned char* in, word32 len); +WOLFSSL_API int wc_MlKemKey_DecodePublicKey(MlKemKey* key, + const unsigned char* in, word32 len); + +WOLFSSL_API int wc_MlKemKey_PrivateKeySize(MlKemKey* key, word32* len); +WOLFSSL_API int wc_MlKemKey_PublicKeySize(MlKemKey* key, word32* len); +WOLFSSL_API int wc_MlKemKey_EncodePrivateKey(MlKemKey* key, unsigned char* out, + word32 len); +WOLFSSL_API int wc_MlKemKey_EncodePublicKey(MlKemKey* key, unsigned char* out, + word32 len); + + +#define KyberKey MlKemKey + +#define wc_KyberKey_Init(type, key, heap, devId) \ + wc_MlKemKey_Init(key, type, heap, devId) +#define wc_KyberKey_Free wc_MlKemKey_Free +#define wc_KyberKey_MakeKey wc_MlKemKey_MakeKey +#define wc_KyberKey_MakeKeyWithRandom wc_MlKemKey_MakeKeyWithRandom +#define wc_KyberKey_CipherTextSize wc_MlKemKey_CipherTextSize +#define wc_KyberKey_SharedSecretSize wc_MlKemKey_SharedSecretSize +#define wc_KyberKey_Encapsulate wc_MlKemKey_Encapsulate +#define wc_KyberKey_EncapsulateWithRandom wc_MlKemKey_EncapsulateWithRandom +#define wc_KyberKey_Decapsulate wc_MlKemKey_Decapsulate +#define wc_KyberKey_DecodePrivateKey wc_MlKemKey_DecodePrivateKey +#define wc_KyberKey_DecodePublicKey wc_MlKemKey_DecodePublicKey +#define wc_KyberKey_PrivateKeySize wc_MlKemKey_PrivateKeySize +#define wc_KyberKey_PublicKeySize wc_MlKemKey_PublicKeySize +#define wc_KyberKey_EncodePrivateKey wc_MlKemKey_EncodePrivateKey +#define wc_KyberKey_EncodePublicKey wc_MlKemKey_EncodePublicKey + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_HAVE_MLKEM */ + +#endif /* WOLF_CRYPT_MLKEM_H */ + diff --git a/src/wolfssl/wolfcrypt/mpi_class.h b/src/wolfssl/wolfcrypt/mpi_class.h index 831fae3..4879a61 100644 --- a/src/wolfssl/wolfcrypt/mpi_class.h +++ b/src/wolfssl/wolfcrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/mpi_superclass.h b/src/wolfssl/wolfcrypt/mpi_superclass.h index f27f61a..69dee6b 100644 --- a/src/wolfssl/wolfcrypt/mpi_superclass.h +++ b/src/wolfssl/wolfcrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/pkcs11.h b/src/wolfssl/wolfcrypt/pkcs11.h index f252a00..36cfd9c 100644 --- a/src/wolfssl/wolfcrypt/pkcs11.h +++ b/src/wolfssl/wolfcrypt/pkcs11.h @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/pkcs12.h b/src/wolfssl/wolfcrypt/pkcs12.h index d7bf967..6dc6e9d 100644 --- a/src/wolfssl/wolfcrypt/pkcs12.h +++ b/src/wolfssl/wolfcrypt/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,6 +55,9 @@ WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz); WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, WC_DerCertList** ca); +WOLFSSL_API int wc_PKCS12_parse_ex(WC_PKCS12* pkcs12, const char* psw, + byte** pkey, word32* pkeySz, byte** cert, word32* certSz, + WC_DerCertList** ca, int keepKeyHeader); WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12, const byte* psw, word32 pswSz); WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, diff --git a/src/wolfssl/wolfcrypt/pkcs7.h b/src/wolfssl/wolfcrypt/pkcs7.h index bc34147..efce67c 100644 --- a/src/wolfssl/wolfcrypt/pkcs7.h +++ b/src/wolfssl/wolfcrypt/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -243,6 +243,7 @@ typedef int (*CallbackRsaSignRawDigest)(wc_PKCS7* pkcs7, byte* digest, int devId, int hashOID); #endif + /* Public Structure Warning: * Existing members must not be changed to maintain backwards compatibility! */ @@ -258,6 +259,7 @@ struct wc_PKCS7 { #ifdef ASN_BER_TO_DER byte* der; /* DER encoded version of message */ word32 derSz; + byte indefDepth; CallbackGetContent getContentCb; CallbackStreamOut streamOutCb; void* streamCtx; /* passed to getcontentCb and streamOutCb */ @@ -372,6 +374,19 @@ struct wc_PKCS7 { byte* customSKID; word16 customSKIDSz; + +#if !defined(NO_DES3) || !defined(NO_AES) + union { + #ifndef NO_AES + Aes* aes; + #endif + #ifndef NO_DES3 + Des* des; + Des3* des3; + #endif + } decryptKey; +#endif + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; diff --git a/src/wolfssl/wolfcrypt/poly1305.h b/src/wolfssl/wolfcrypt/poly1305.h index d4db487..c6adb0e 100644 --- a/src/wolfssl/wolfcrypt/poly1305.h +++ b/src/wolfssl/wolfcrypt/poly1305.h @@ -1,6 +1,6 @@ /* poly1305.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,7 +98,18 @@ typedef struct Poly1305 { word64 leftover; unsigned char buffer[POLY1305_BLOCK_SIZE]; unsigned char finished; +#elif defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_THUMB2) && \ + !defined(WOLFSSL_ARMASM_NO_NEON) + /* NEON implementation for ARM32 */ + word32 r[4]; + word32 h[6]; + word32 pad[4]; + word32 leftover; + unsigned char buffer[4*POLY1305_BLOCK_SIZE]; + word32 r_21[10]; + word32 r_43[10]; #elif defined(WOLFSSL_ARMASM) + /* ARM32 (non-NEON) and Thumb2 */ word32 r[4]; word32 h[5]; word32 pad[4]; @@ -173,7 +184,8 @@ void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m, void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char *m, size_t bytes); void poly1305_block_arm32(Poly1305* ctx, const unsigned char *m); -void poly1305_blocks_arm32_16(Poly1305* ctx, const unsigned char* m, word32 len, +void poly1305_arm32_blocks(Poly1305* ctx, const unsigned char* m, word32 len); +void poly1305_arm32_blocks_16(Poly1305* ctx, const unsigned char* m, word32 len, int notLast); #endif void poly1305_set_key(Poly1305* ctx, const byte* key); diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h index de37936..4ae38a9 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -1,6 +1,6 @@ /* esp-sdk-lib.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index d49ef3e..ac48d97 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1,6 +1,6 @@ /* esp32-crypt.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -216,8 +216,11 @@ enum { ** Turns on diagnostic messages for SHA mutex. Note that given verbosity, ** there may be TLS timing issues encountered. Use with caution. ** +** DEBUG_WOLFSSL_ESP32_HEAP +** Prints heap memory usage +** ** DEBUG_WOLFSSL_ESP32_UNFINISHED_HW -** This may be interesting in that HW may have been unnessearily locked +** This may be interesting in that HW may have been unnecessarily locked ** for hash that was never completed. (typically encountered at `free1` time) ** ** LOG_LOCAL_LEVEL @@ -234,11 +237,11 @@ enum { ** Shows a warning when mulm falls back for minimum number of bits. ** ** WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS -** Shows a marning when multiplication math bits have exceeded hardware +** Shows a warning when multiplication math bits have exceeded hardware ** capabilities and will fall back to slower software. ** ** WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS -** Shows a marning when modular math bits have exceeded hardware capabilities +** Shows a warning when modular math bits have exceeded hardware capabilities ** and will fall back to slower software. ** ** NO_HW_MATH_TEST @@ -330,7 +333,7 @@ enum { #include #endif - #if ESP_IDF_VERSION_MAJOR >= 4 + #if ESP_IDF_VERSION_MAJOR == 4 || (ESP_IDF_VERSION_MAJOR == 5 && ESP_IDF_VERSION_MINOR < 4) #include #else #include @@ -375,9 +378,7 @@ enum { #include #endif - #if ESP_IDF_VERSION_MAJOR >= 4 - /* #include */ - #else + #if ESP_IDF_VERSION_MAJOR < 4 #include #endif @@ -411,9 +412,7 @@ enum { #include #endif - #if ESP_IDF_VERSION_MAJOR >= 4 - /* #include */ - #else + #if ESP_IDF_VERSION_MAJOR < 4 #include #endif @@ -447,9 +446,7 @@ enum { #include #endif - #if ESP_IDF_VERSION_MAJOR >= 4 - /* #include */ - #else + #if ESP_IDF_VERSION_MAJOR < 4 #include #endif @@ -719,24 +716,16 @@ extern "C" */ #ifndef NO_AES - #if ESP_IDF_VERSION_MAJOR >= 4 - #include "esp32/rom/aes.h" - #elif defined(CONFIG_IDF_TARGET_ESP8266) - /* no hardware includes for ESP8266*/ - #else - /* TODO: Confirm for older versions: */ - /* #include "rom/aes.h" */ - #endif + /* wolfSSL does not use Espressif rom/aes.h */ + struct Aes; /* see wolcrypt/aes.h */ - typedef enum tagES32_AES_PROCESS /* TODO what's this ? */ + typedef enum tagES32_AES_PROCESS { ESP32_AES_LOCKHW = 1, ESP32_AES_UPDATEKEY_ENCRYPT = 2, ESP32_AES_UPDATEKEY_DECRYPT = 3, ESP32_AES_UNLOCKHW = 4 } ESP32_AESPROCESS; - - struct Aes; /* see aes.h */ #if defined(WOLFSSL_HW_METRICS) WOLFSSL_LOCAL int esp_hw_show_aes_metrics(void); WOLFSSL_LOCAL int wc_esp32AesUnupportedLengthCountAdd(void); @@ -780,7 +769,14 @@ extern "C" #define SHA_CTX ETS_SHAContext - #if ESP_IDF_VERSION_MAJOR >= 4 + #if ESP_IDF_VERSION_MAJOR > 5 || (ESP_IDF_VERSION_MAJOR == 5 && ESP_IDF_VERSION_MINOR >= 4) + #include "rom/sha.h" + #if defined(CONFIG_IDF_TARGET_ESP32) + #define WC_ESP_SHA_TYPE enum SHA_TYPE + #else + #define WC_ESP_SHA_TYPE SHA_TYPE + #endif + #elif ESP_IDF_VERSION_MAJOR >= 4 #if defined(CONFIG_IDF_TARGET_ESP32) #include "esp32/rom/sha.h" #define WC_ESP_SHA_TYPE enum SHA_TYPE diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index 6f6e203..cc8f48f 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -1,6 +1,6 @@ /* esp_crt_bundle.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/port/atmel/atmel.h b/src/wolfssl/wolfcrypt/port/atmel/atmel.h index c2f9940..d5c9458 100644 --- a/src/wolfssl/wolfcrypt/port/atmel/atmel.h +++ b/src/wolfssl/wolfcrypt/port/atmel/atmel.h @@ -1,6 +1,6 @@ /* atmel.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/pwdbased.h b/src/wolfssl/wolfcrypt/pwdbased.h index 9535b0a..9013401 100644 --- a/src/wolfssl/wolfcrypt/pwdbased.h +++ b/src/wolfssl/wolfcrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/random.h b/src/wolfssl/wolfcrypt/random.h index cc4c797..3b4533e 100644 --- a/src/wolfssl/wolfcrypt/random.h +++ b/src/wolfssl/wolfcrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/rc2.h b/src/wolfssl/wolfcrypt/rc2.h index 22b2ad1..22eb581 100644 --- a/src/wolfssl/wolfcrypt/rc2.h +++ b/src/wolfssl/wolfcrypt/rc2.h @@ -1,6 +1,6 @@ /* rc2.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ripemd.h b/src/wolfssl/wolfcrypt/ripemd.h index d1a0e6f..54ede0d 100644 --- a/src/wolfssl/wolfcrypt/ripemd.h +++ b/src/wolfssl/wolfcrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/rsa.h b/src/wolfssl/wolfcrypt/rsa.h index dc23839..a01e18d 100644 --- a/src/wolfssl/wolfcrypt/rsa.h +++ b/src/wolfssl/wolfcrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sakke.h b/src/wolfssl/wolfcrypt/sakke.h index 0f7a75c..3ba7968 100644 --- a/src/wolfssl/wolfcrypt/sakke.h +++ b/src/wolfssl/wolfcrypt/sakke.h @@ -1,6 +1,6 @@ /* sakke.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/selftest.h b/src/wolfssl/wolfcrypt/selftest.h index 198013b..08b8884 100644 --- a/src/wolfssl/wolfcrypt/selftest.h +++ b/src/wolfssl/wolfcrypt/selftest.h @@ -1,6 +1,6 @@ /* selftest.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/settings.h b/src/wolfssl/wolfcrypt/settings.h index 50eb0cb..9f4cd66 100644 --- a/src/wolfssl/wolfcrypt/settings.h +++ b/src/wolfssl/wolfcrypt/settings.h @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,6 +47,12 @@ extern "C" { #endif +#if defined(TEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE) && \ + defined(BUILDING_WOLFSSL) && !defined(LIBWOLFSSL_SOURCES_H) && \ + !defined(LIBWOLFSSL_SOURCES_ASM_H) + #error settings.h included before libwolfssl_sources[_asm].h. +#endif + /* WOLFSSL_USE_OPTIONS_H directs wolfSSL to include options.h on behalf of * application code, rather than the application including it directly. This is * not defined when compiling wolfSSL library objects, which are configured @@ -438,9 +444,9 @@ /* old FIPS has only AES_BLOCK_SIZE. */ #if !defined(NO_AES) && (defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0))) + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) #define WC_AES_BLOCK_SIZE AES_BLOCK_SIZE -#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(7,0,0)) */ +#endif /* !NO_AES && (HAVE_SELFTEST || FIPS_VERSION3_LT(6,0,0)) */ #ifdef WOLFSSL_HARDEN_TLS #if WOLFSSL_HARDEN_TLS != 112 && WOLFSSL_HARDEN_TLS != 128 @@ -642,7 +648,7 @@ #define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS #endif - #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL) + #if defined(CONFIG_TLS_STACK_WOLFSSL) /* When using ESP-TLS, some old algorithms such as SHA1 are no longer * enabled in wolfSSL, except for the OpenSSL compatibility. So enable * that here: */ @@ -841,17 +847,19 @@ #endif /* ESP_ENABLE_WOLFSSH */ - /* Experimental Kyber. */ + /* ML-KEM. */ #ifdef CONFIG_ESP_WOLFSSL_ENABLE_KYBER + #define CONFIG_ESP_WOLFSSL_ENABLE_MLKEM + #endif + #ifdef CONFIG_ESP_WOLFSSL_ENABLE_MLKEM /* Kyber typically needs a minimum 10K stack */ - #define WOLFSSL_EXPERIMENTAL_SETTINGS - #define WOLFSSL_HAVE_KYBER - #define WOLFSSL_WC_KYBER + #define WOLFSSL_HAVE_MLKEM + #define WOLFSSL_WC_MLKEM #define WOLFSSL_SHA3 #if defined(CONFIG_IDF_TARGET_ESP8266) /* With limited RAM, we'll disable some of the Kyber sizes: */ - #define WOLFSSL_NO_KYBER1024 - #define WOLFSSL_NO_KYBER768 + #define WOLFSSL_NO_ML_KEM_1024 + #define WOLFSSL_NO_ML_KEM_768 #define NO_SESSION_CACHE #endif #endif @@ -1268,7 +1276,7 @@ #error "https://www.wolfssl.com/docs/porting-guide/" #endif #endif - #define WOLFSSL_USER_IO + #define HAVE_ECC #define NO_DH #define NO_SESSION_CACHE @@ -2090,13 +2098,14 @@ extern void uITRON4_free(void *p) ; #endif /* WOLFSSL_MAXQ1065 || WOLFSSL_MAXQ108X */ -#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ - defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ - defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ - defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \ - defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \ - defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \ - defined(WOLFSSL_STM32G4) || defined(WOLFSSL_STM32MP13) +#if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ + defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ + defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ + defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \ + defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \ + defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \ + defined(WOLFSSL_STM32G4) || defined(WOLFSSL_STM32MP13) || \ + defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32WBA) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -2117,7 +2126,7 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32U5) || \ - defined(WOLFSSL_STM32WL) + defined(WOLFSSL_STM32WL) || defined(WOLFSSL_STM32WBA) #define NO_AES_192 /* hardware does not support 192-bit */ #endif #endif @@ -2144,6 +2153,8 @@ extern void uITRON4_free(void *p) ; #include "stm32f7xx_hal.h" #elif defined(WOLFSSL_STM32F1) #include "stm32f1xx_hal.h" + #elif defined(WOLFSSL_STM32H7S) + #include "stm32h7rsxx_hal.h" #elif defined(WOLFSSL_STM32H7) #include "stm32h7xx_hal.h" #elif defined(WOLFSSL_STM32WB) @@ -2164,6 +2175,8 @@ extern void uITRON4_free(void *p) ; #include "stm32mp13xx_hal.h" #include "stm32mp13xx_hal_conf.h" #endif + #elif defined(WOLFSSL_STM32WBA) + #include "stm32wbaxx_hal.h" #endif #if defined(WOLFSSL_CUBEMX_USE_LL) && defined(WOLFSSL_STM32L4) #include "stm32l4xx_ll_rng.h" @@ -2562,7 +2575,7 @@ extern void uITRON4_free(void *p) ; #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API) #define CONFIG_NET_SOCKETS_POSIX_NAMES #endif -#endif +#endif /* WOLFSSL_ZEPHYR */ #ifdef WOLFSSL_IMX6 #ifndef SIZEOF_LONG_LONG @@ -2840,6 +2853,10 @@ extern void uITRON4_free(void *p) ; /* default is SP Math. */ #define WOLFSSL_SP_MATH_ALL #endif +#elif defined(WOLFCRYPT_FIPS_RAND) + #ifndef NO_BIG_INT + #define NO_BIG_INT + #endif #else /* FIPS 140-2 or older */ /* Default to fast math (tfm.c), but allow heap math (integer.c) */ @@ -3153,6 +3170,11 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_AES_DIRECT #endif #endif + #ifdef WOLFSSL_AES_CTS + #if defined(NO_AES_CBC) || !defined(HAVE_AES_CBC) + #error "AES CTS requires AES CBC" + #endif + #endif #endif #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \ @@ -3596,17 +3618,33 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_OLD_PRIME_CHECK #endif #ifndef WOLFSSL_TEST_SUBROUTINE - #define WOLFSSL_TEST_SUBROUTINE static + #ifdef LINUXKM_LKCAPI_REGISTER + #define WOLFSSL_TEST_SUBROUTINE + #else + #define WOLFSSL_TEST_SUBROUTINE static + #endif + #endif + #ifdef LINUXKM_LKCAPI_REGISTER + #define WC_TEST_EXPORT_SUBTESTS #endif #undef HAVE_PTHREAD + /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */ #undef HAVE_STRINGS_H + /* linuxkm uses linux/limits.h, included by linuxkm_wc_port.h. */ + #undef HAVE_LIMITS_H #undef HAVE_ERRNO_H #undef HAVE_THREAD_LS #undef HAVE_ATEXIT #undef WOLFSSL_HAVE_MIN #undef WOLFSSL_HAVE_MAX - #define SIZEOF_LONG 8 - #define SIZEOF_LONG_LONG 8 + #undef WOLFSSL_HAVE_ASSERT_H + #define WOLFSSL_NO_ASSERT_H + #ifndef SIZEOF_LONG + #define SIZEOF_LONG 8 + #endif + #ifndef SIZEOF_LONG_LONG + #define SIZEOF_LONG_LONG 8 + #endif #define CHAR_BIT 8 #ifndef WOLFSSL_SP_DIV_64 #define WOLFSSL_SP_DIV_64 @@ -3617,6 +3655,40 @@ extern void uITRON4_free(void *p) ; #ifdef __PIE__ #define WC_NO_INTERNAL_FUNCTION_POINTERS #endif + + #ifndef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + #endif + #ifndef NO_OLD_SHA_NAMES + #define NO_OLD_SHA_NAMES + #endif + #ifndef NO_OLD_MD5_NAME + #define NO_OLD_MD5_NAME + #endif + #ifndef OPENSSL_COEXIST + #define OPENSSL_COEXIST + #endif + #ifndef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + #endif + #undef WOLFSSL_MIN_AUTH_TAG_SZ + #define WOLFSSL_MIN_AUTH_TAG_SZ 4 + + #if defined(LINUXKM_LKCAPI_REGISTER) && !defined(WOLFSSL_ASN_INT_LEAD_0_ANY) + /* kernel 5.10 crypto manager tests key(s) that fail unless leading + * bytes are tolerated in GetASN_Integer(). + */ + #define WOLFSSL_ASN_INT_LEAD_0_ANY + #endif + + #ifdef CONFIG_KASAN + #ifndef WC_SANITIZE_DISABLE + #define WC_SANITIZE_DISABLE() kasan_disable_current() + #endif + #ifndef WC_SANITIZE_ENABLE + #define WC_SANITIZE_ENABLE() kasan_enable_current() + #endif + #endif #endif @@ -4074,7 +4146,7 @@ extern void uITRON4_free(void *p) ; #endif #endif -#ifdef WOLFSSL_HAVE_KYBER +#ifdef WOLFSSL_HAVE_MLKEM #define HAVE_PQC #endif @@ -4089,23 +4161,27 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_NO_SPHINCS #define HAVE_SPHINCS #endif -#ifndef WOLFSSL_HAVE_KYBER - #define WOLFSSL_HAVE_KYBER +#ifndef WOLFSSL_HAVE_MLKEM + #define WOLFSSL_HAVE_MLKEM #define WOLFSSL_KYBER512 #define WOLFSSL_KYBER768 #define WOLFSSL_KYBER1024 + #define WOLFSSL_WC_ML_KEM_512 + #define WOLFSSL_WC_ML_KEM_768 + #define WOLFSSL_WC_ML_KEM_1024 #endif #endif #if (defined(HAVE_LIBOQS) || \ defined(HAVE_LIBXMSS) || \ defined(HAVE_LIBLMS) || \ - defined(WOLFSSL_DUAL_ALG_CERTS)) && \ + defined(WOLFSSL_DUAL_ALG_CERTS) || \ + defined(HAVE_ASCON)) && \ !defined(WOLFSSL_EXPERIMENTAL_SETTINGS) #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS #endif -#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_KYBER) +#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_MLKEM) #error Please do not define HAVE_PQC yourself. #endif @@ -4361,6 +4437,11 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ENTROPY_MEMUSE */ +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) +#error "If TLS is enabled please make sure either client or server is enabled." +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/sha.h b/src/wolfssl/wolfcrypt/sha.h index 063784e..54b0833 100644 --- a/src/wolfssl/wolfcrypt/sha.h +++ b/src/wolfssl/wolfcrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sha256.h b/src/wolfssl/wolfcrypt/sha256.h index b5534d4..7a064a0 100644 --- a/src/wolfssl/wolfcrypt/sha256.h +++ b/src/wolfssl/wolfcrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -264,10 +264,14 @@ struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256* sha); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId); WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha, const byte* data, word32 len); + +#if !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH) WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash); +#endif WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, byte* hash); WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256); -#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) +#if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH) WOLFSSL_API int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data); #endif #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) diff --git a/src/wolfssl/wolfcrypt/sha3.h b/src/wolfssl/wolfcrypt/sha3.h index 2491acd..724719a 100644 --- a/src/wolfssl/wolfcrypt/sha3.h +++ b/src/wolfssl/wolfcrypt/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -225,6 +225,7 @@ WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n, word64 c); WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); WOLFSSL_LOCAL void sha3_block_avx2(word64* s); +WOLFSSL_LOCAL void sha3_blocksx4_avx2(word64* s); WOLFSSL_LOCAL void BlockSha3(word64 *s); #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 diff --git a/src/wolfssl/wolfcrypt/sha512.h b/src/wolfssl/wolfcrypt/sha512.h index 5033a2c..593177e 100644 --- a/src/wolfssl/wolfcrypt/sha512.h +++ b/src/wolfssl/wolfcrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -224,7 +224,7 @@ struct wc_Sha512 { #endif /* HAVE_FIPS */ -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) #ifdef WOLFSSL_ARMASM #ifdef __aarch64__ diff --git a/src/wolfssl/wolfcrypt/signature.h b/src/wolfssl/wolfcrypt/signature.h index 51c07af..7d9a1d4 100644 --- a/src/wolfssl/wolfcrypt/signature.h +++ b/src/wolfssl/wolfcrypt/signature.h @@ -1,6 +1,6 @@ /* signature.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/siphash.h b/src/wolfssl/wolfcrypt/siphash.h index 6b75a46..26cd821 100644 --- a/src/wolfssl/wolfcrypt/siphash.h +++ b/src/wolfssl/wolfcrypt/siphash.h @@ -1,6 +1,6 @@ /* siphash.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sm2.h b/src/wolfssl/wolfcrypt/sm2.h index ae9885e..fb90aaa 100644 --- a/src/wolfssl/wolfcrypt/sm2.h +++ b/src/wolfssl/wolfcrypt/sm2.h @@ -1,6 +1,6 @@ /* sm2.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sm3.h b/src/wolfssl/wolfcrypt/sm3.h index b24fcf4..e7e8b0e 100644 --- a/src/wolfssl/wolfcrypt/sm3.h +++ b/src/wolfssl/wolfcrypt/sm3.h @@ -1,6 +1,6 @@ /* sm3.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sm4.h b/src/wolfssl/wolfcrypt/sm4.h index 84a8166..3cebb79 100644 --- a/src/wolfssl/wolfcrypt/sm4.h +++ b/src/wolfssl/wolfcrypt/sm4.h @@ -1,6 +1,6 @@ /* sm4.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sp.h b/src/wolfssl/wolfcrypt/sp.h index 3ede752..9e7a9c9 100644 --- a/src/wolfssl/wolfcrypt/sp.h +++ b/src/wolfssl/wolfcrypt/sp.h @@ -1,6 +1,6 @@ /* sp.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sp_int.h b/src/wolfssl/wolfcrypt/sp_int.h index dc707d2..7385e68 100644 --- a/src/wolfssl/wolfcrypt/sp_int.h +++ b/src/wolfssl/wolfcrypt/sp_int.h @@ -1,6 +1,6 @@ /* sp_int.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -210,8 +210,10 @@ extern "C" { #elif defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_X86_64) #if SP_ULONG_BITS == 64 || SP_ULLONG_BITS == 64 #define SP_WORD_SIZE 64 - #define HAVE_INTEL_AVX1 - #ifndef NO_AVX2_SUPPORT + #ifndef HAVE_INTEL_AVX1 + #define HAVE_INTEL_AVX1 + #endif + #if !defined(NO_AVX2_SUPPORT) && !defined(HAVE_INTEL_AVX2) #define HAVE_INTEL_AVX2 #endif #elif SP_ULONG_BITS == 32 @@ -262,7 +264,7 @@ extern "C" { #define SP_WORD_SIZEOF (SP_WORD_SIZE / 8) /* Define the types used. */ -#ifdef HAVE___UINT128_T +#if defined(HAVE___UINT128_T) && !defined(NO_INT128) #ifdef __SIZEOF_INT128__ typedef __uint128_t sp_uint128; typedef __int128_t sp_int128; @@ -385,11 +387,11 @@ extern "C" { /* Non-blocking ECC operation context. */ typedef struct sp_ecc_ctx { #ifdef WOLFSSL_SP_521 - byte data[66*80]; /* stack data */ + XALIGNED(4) byte data[66*80]; /* stack data */ #elif defined(WOLFSSL_SP_384) - byte data[48*80]; /* stack data */ + XALIGNED(4) byte data[48*80]; /* stack data */ #else - byte data[32*80]; /* stack data */ + XALIGNED(4) byte data[32*80]; /* stack data */ #endif } sp_ecc_ctx_t; #endif @@ -702,7 +704,10 @@ typedef struct sp_ecc_ctx { do { \ int ii; \ if ((a)->used > 0) { \ - for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ + for (ii = (int)(a)->used - 1; ii >= 0; ii--) { \ + if ((a)->dp[ii] != 0) { \ + break; \ + } \ } \ (a)->used = (wc_mp_size_t)(ii + 1); \ } \ diff --git a/src/wolfssl/wolfcrypt/sphincs.h b/src/wolfssl/wolfcrypt/sphincs.h index 6dd3a8e..f1487dd 100644 --- a/src/wolfssl/wolfcrypt/sphincs.h +++ b/src/wolfssl/wolfcrypt/sphincs.h @@ -1,6 +1,6 @@ /* sphincs.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/srp.h b/src/wolfssl/wolfcrypt/srp.h index d1307c7..7607765 100644 --- a/src/wolfssl/wolfcrypt/srp.h +++ b/src/wolfssl/wolfcrypt/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/tfm.h b/src/wolfssl/wolfcrypt/tfm.h index 80b7f0f..718077c 100644 --- a/src/wolfssl/wolfcrypt/tfm.h +++ b/src/wolfssl/wolfcrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/types.h b/src/wolfssl/wolfcrypt/types.h index f8042cf..3ff9ec5 100644 --- a/src/wolfssl/wolfcrypt/types.h +++ b/src/wolfssl/wolfcrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -150,9 +150,17 @@ decouple library dependencies with standard string, memory and so on. /* The C standards don't define empty aggregates, but gcc and clang do. * We need to accommodate them for one of the same reasons C++ does -- * conditionally empty aggregates, e.g. in hash.h. + * + * Nonetheless, in C++, empty aggregates wind up with size 1. If we use + * the [0] construct and the header is compiled by clang++, it warns + * "struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]", despite + * the extern "C" wrapper. We sidestep this warning by recognizing + * here that C++ doesn't support truly empty aggregates. LLVM, for its part, + * deprecates compilation of C code as C++ using clang++. */ #if !defined(WOLF_C89) && defined(__GNUC__) && \ !defined(__STRICT_ANSI__) && \ + !defined(__cplusplus) && \ defined(HAVE_ANONYMOUS_INLINE_AGGREGATES) #define HAVE_EMPTY_AGGREGATES 1 #endif @@ -212,10 +220,10 @@ decouple library dependencies with standard string, memory and so on. /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ #if defined(_WIN32) || defined(HAVE_LIMITS_H) + #include /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, * otherwise causes issues with CTC_SETTINGS */ #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG) - #include #if !defined(SIZEOF_LONG) && defined(ULONG_MAX) && \ (ULONG_MAX == 0xffffffffUL) #define SIZEOF_LONG 4 @@ -244,7 +252,8 @@ decouple library dependencies with standard string, memory and so on. #endif #endif - #if (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + #if (defined(_MSC_VER) && (_MSC_VER == 1200)) || /* MSVC6 */ \ + (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ defined(__BCPLUSPLUS__) || \ (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) /* windows types */ @@ -319,12 +328,15 @@ decouple library dependencies with standard string, memory and so on. #if defined(NO_64BIT) typedef word32 wolfssl_word; + #define WOLFSSL_WORD_SIZE_LOG2 2 #undef WORD64_AVAILABLE #else #ifdef WC_64BIT_CPU typedef word64 wolfssl_word; + #define WOLFSSL_WORD_SIZE_LOG2 3 #else typedef word32 wolfssl_word; + #define WOLFSSL_WORD_SIZE_LOG2 2 #ifdef WORD64_AVAILABLE #define WOLFCRYPT_SLOW_WORD64 #endif @@ -336,12 +348,14 @@ decouple library dependencies with standard string, memory and so on. #undef WORD64_AVAILABLE #endif typedef word16 wolfssl_word; + #define WOLFSSL_WORD_SIZE_LOG2 1 #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ * mp_digit, no 64 bit type so make mp_digit 16 bit */ #else #undef WORD64_AVAILABLE typedef word32 wolfssl_word; + #define WOLFSSL_WORD_SIZE_LOG2 2 #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ * mp_digit, no 64 bit type so make mp_digit 16 bit */ #endif @@ -406,7 +420,7 @@ typedef struct w64wrapper { /* set up thread local storage if available */ #ifdef HAVE_THREAD_LS - #if defined(_MSC_VER) + #if defined(_MSC_VER) || defined(__WATCOMC__) #define THREAD_LS_T __declspec(thread) /* Thread local storage only in FreeRTOS v8.2.1 and higher */ #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \ @@ -754,11 +768,13 @@ typedef struct w64wrapper { #endif #ifndef XSTRCASECMP - #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000) + #if (defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32)) && \ + (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000) /* XC32 supports str[n]casecmp in version >= 1.0 through 4.0. */ #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2)) - #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ - defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24) + #elif defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32) || \ + defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_ZEPHYR) || \ + defined(MICROCHIP_PIC24) /* XC32 version < 1.0 does not support strcasecmp. */ #define USE_WOLF_STRCASECMP #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) @@ -786,11 +802,13 @@ typedef struct w64wrapper { #endif /* !XSTRCASECMP */ #ifndef XSTRNCASECMP - #if defined(MICROCHIP_PIC32) && (__XC32_VERSION >= 1000) + #if (defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32)) && \ + (__XC32_VERSION >= 1000) /* XC32 supports str[n]casecmp in version >= 1.0. */ #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) - #elif defined(MICROCHIP_PIC32) || defined(WOLFSSL_TIRTOS) || \ - defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24) + #elif defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32) || \ + defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_ZEPHYR) || \ + defined(MICROCHIP_PIC24) /* XC32 version < 1.0 does not support strncasecmp. */ #define USE_WOLF_STRNCASECMP #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) @@ -914,6 +932,13 @@ typedef struct w64wrapper { /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + #elif defined(__WATCOMC__) + #if __WATCOMC__ < 1300 + #define USE_WOLF_STRTOK + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + #else + #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) + #endif #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS) #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr)) #else @@ -985,7 +1010,7 @@ typedef struct w64wrapper { #endif #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #define XISALNUM(c) isalnum((c)) - #ifdef NO_STDLIB_ISASCII + #if !defined(HAVE_ISASCII) || defined(NO_STDLIB_ISASCII) #define XISASCII(c) (((c) >= 0 && (c) <= 127) ? 1 : 0) #else #define XISASCII(c) isascii((c)) @@ -996,11 +1021,14 @@ typedef struct w64wrapper { #define XTOLOWER(c) tolower((c)) #endif - #ifndef OFFSETOF + #ifndef WC_OFFSETOF #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4)) - #define OFFSETOF(type, field) __builtin_offsetof(type, field) + #define WC_OFFSETOF(type, field) __builtin_offsetof(type, field) + #elif defined(__WATCOMC__) + #include + #define WC_OFFSETOF offsetof #else - #define OFFSETOF(type, field) ((size_t)&(((type *)0)->field)) + #define WC_OFFSETOF(type, field) ((size_t)&(((type *)0)->field)) #endif #endif @@ -1110,6 +1138,7 @@ typedef struct w64wrapper { DYNAMIC_TYPE_BIO = 102, DYNAMIC_TYPE_X509_ACERT = 103, DYNAMIC_TYPE_OS_BUF = 104, + DYNAMIC_TYPE_ASCON = 105, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, @@ -1228,6 +1257,16 @@ typedef struct w64wrapper { #endif /* HAVE_SELFTEST */ }; + enum wc_HashFlags { + WC_HASH_FLAG_NONE = 0x00000000, + WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */ + WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */ + #ifdef WOLFSSL_SHA3 + WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */ + #endif + WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) + }; + /* cipher types */ enum wc_CipherType { WC_CIPHER_NONE = 0, @@ -1267,7 +1306,7 @@ typedef struct w64wrapper { WC_PK_TYPE_CURVE25519_KEYGEN = 16, WC_PK_TYPE_RSA_GET_SIZE = 17, #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE - #if defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_HAVE_MLKEM) WC_PK_TYPE_PQC_KEM_KEYGEN = 18, WC_PK_TYPE_PQC_KEM_ENCAPS = 19, WC_PK_TYPE_PQC_KEM_DECAPS = 20, @@ -1288,12 +1327,12 @@ typedef struct w64wrapper { WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX }; -#if defined(WOLFSSL_HAVE_KYBER) +#if defined(WOLFSSL_HAVE_MLKEM) /* Post quantum KEM algorithms */ enum wc_PqcKemType { WC_PQC_KEM_TYPE_NONE = 0, #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_NONE - #if defined(WOLFSSL_HAVE_KYBER) + #if defined(WOLFSSL_HAVE_MLKEM) WC_PQC_KEM_TYPE_KYBER = 1, #undef _WC_PQC_KEM_TYPE_MAX #define _WC_PQC_KEM_TYPE_MAX WC_PQC_KEM_TYPE_KYBER @@ -1475,6 +1514,47 @@ typedef struct w64wrapper { * wolfSSL_JoinThread() and wolfSSL_Cond signaling if they want. * Otherwise, those functions are omitted. */ + #elif defined(__WATCOMC__) + #if __WATCOMC__ < 1300 + #define _WCCALLBACK + #endif + #if defined(__NT__) + typedef unsigned THREAD_RETURN; + typedef uintptr_t THREAD_TYPE; + typedef struct COND_TYPE { + wolfSSL_Mutex mutex; + HANDLE cond; + } COND_TYPE; + #define WOLFSSL_COND + #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE)) + #define WOLFSSL_THREAD __stdcall + #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK + #elif defined(__OS2__) + #define WOLFSSL_THREAD_VOID_RETURN + typedef void THREAD_RETURN; + typedef TID THREAD_TYPE; + typedef struct COND_TYPE { + wolfSSL_Mutex mutex; + LHANDLE cond; + } COND_TYPE; + #define WOLFSSL_COND + #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1)) + #define WOLFSSL_THREAD _WCCALLBACK + #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK + #elif defined(__LINUX__) + #include + typedef struct COND_TYPE { + pthread_mutex_t mutex; + pthread_cond_t cond; + } COND_TYPE; + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define WOLFSSL_COND + #define WOLFSSL_THREAD + #ifndef HAVE_SELFTEST + #define WOLFSSL_THREAD_NO_JOIN + #endif + #endif #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \ defined(FREESCALE_MQX) typedef unsigned int THREAD_RETURN; @@ -1587,8 +1667,6 @@ typedef struct w64wrapper { * to check if the value is an invalid thread * WOLFSSL_THREAD - attribute that should be used to declare thread * callbacks - * WOLFSSL_THREAD_NO_JOIN - attribute that should be used to declare - * thread callbacks that don't require cleanup * WOLFSSL_COND - defined if this system supports signaling * COND_TYPE - type that should be passed into the signaling API * WOLFSSL_THREAD_VOID_RETURN - defined if the thread callback has a @@ -1596,8 +1674,16 @@ typedef struct w64wrapper { * WOLFSSL_RETURN_FROM_THREAD - define used to correctly return from a * thread callback * THREAD_CB - thread callback type for regular threading API - * THREAD_CB_NOJOIN - thread callback type for threading API that don't + * + * WOLFSSL_THREAD_NO_JOIN - attribute used to declare thread callbacks + * that do not require cleanup + * THREAD_CB_NOJOIN - thread callback type for thread APIs that do not * require cleanup + * THREAD_RETURN_NOJOIN - return type used to declare thread callbacks + * that do not require cleanup + * RETURN_FROM_THREAD_NOJOIN - define used to correctly return from + * a thread callback that do not require + * cleanup * * Other defines/types are specific for the threading implementation */ @@ -1620,8 +1706,17 @@ typedef struct w64wrapper { /* Create a thread that will be automatically cleaned up. We can't * return a handle/pointer to the new thread because there are no * guarantees for how long it will be valid. */ - typedef THREAD_RETURN (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN) - (void* arg); + #if defined(WOLFSSL_PTHREADS) + #define THREAD_CB_NOJOIN THREAD_CB + #define THREAD_RETURN_NOJOIN THREAD_RETURN + #define RETURN_FROM_THREAD_NOJOIN(x) \ + WOLFSSL_RETURN_FROM_THREAD(x) + #else + #define THREAD_RETURN_NOJOIN void + typedef THREAD_RETURN_NOJOIN + (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)(void* arg); + #define RETURN_FROM_THREAD_NOJOIN(x) return + #endif WOLFSSL_API int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg); #endif @@ -1712,21 +1807,25 @@ typedef struct w64wrapper { #define PRAGMA_DIAG_POP /* null expansion */ #endif - #define WC_CPP_CAT_(a, b) a ## b - #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) + #define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d + #define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d) #if defined(WC_NO_STATIC_ASSERT) #define wc_static_assert(expr) struct wc_static_assert_dummy_struct #define wc_static_assert2(expr, msg) wc_static_assert(expr) #elif !defined(wc_static_assert) + #if defined(WOLFSSL_HAVE_ASSERT_H) && !defined(WOLFSSL_NO_ASSERT_H) + #include + #endif #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ - (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) + (defined(_MSVC_LANG) && (__cpp_static_assert >= 201411L)) /* native variadic static_assert() */ #define wc_static_assert static_assert #ifndef wc_static_assert2 #define wc_static_assert2 static_assert #endif - #elif defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L) + #elif (defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L)) || \ + (defined(_MSVC_LANG) && (__cpp_static_assert >= 200410L)) /* native 2-argument static_assert() */ #define wc_static_assert(expr) static_assert(expr, #expr) #ifndef wc_static_assert2 @@ -1746,11 +1845,16 @@ typedef struct w64wrapper { #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) #endif #else - /* C89-compatible fallback */ - #define wc_static_assert(expr) \ - struct WC_CPP_CAT(wc_static_assert_dummy_struct_L, __LINE__) { \ - char t[(expr) ? 1 : -1]; \ - } + #ifdef __COUNTER__ + #define wc_static_assert(expr) \ + struct WC_CPP_CAT4(wc_static_assert_dummy_struct_L, \ + __LINE__, _, __COUNTER__) { \ + char t[(expr) ? 1 : -1]; \ + } + #else + #define wc_static_assert(expr) \ + struct wc_static_assert_dummy_struct + #endif #ifndef wc_static_assert2 #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif @@ -1783,6 +1887,13 @@ typedef struct w64wrapper { #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif + #ifndef WC_SANITIZE_DISABLE + #define WC_SANITIZE_DISABLE() WC_DO_NOTHING + #endif + #ifndef WC_SANITIZE_ENABLE + #define WC_SANITIZE_ENABLE() WC_DO_NOTHING + #endif + #if FIPS_VERSION_GE(5,1) #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y)) #define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL) diff --git a/src/wolfssl/wolfcrypt/visibility.h b/src/wolfssl/wolfcrypt/visibility.h index 30a19e2..fc7e485 100644 --- a/src/wolfssl/wolfcrypt/visibility.h +++ b/src/wolfssl/wolfcrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,7 +33,7 @@ #if defined(BUILDING_WOLFSSL) #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ - defined(_WIN32_WCE) + defined(_WIN32_WCE) || defined(__WATCOMC__) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllexport) #else @@ -50,8 +50,21 @@ #define WOLFSSL_API #define WOLFSSL_LOCAL #endif /* HAVE_VISIBILITY */ -#else /* BUILDING_WOLFSSL */ - #if defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ + + #ifdef WOLFSSL_PRIVATE_TEST_VIS + #define WOLFSSL_TEST_VIS WOLFSSL_LOCAL + #else + #define WOLFSSL_TEST_VIS WOLFSSL_API + #endif +#else /* !BUILDING_WOLFSSL */ + #if defined(__WATCOMC__) + #if defined(WOLFSSL_DLL) && defined(__NT__) + #define WOLFSSL_API __declspec(dllimport) + #else + #define WOLFSSL_API + #endif + #define WOLFSSL_LOCAL + #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ defined(_WIN32_WCE) #if defined(WOLFSSL_DLL) #define WOLFSSL_API __declspec(dllimport) @@ -63,7 +76,17 @@ #define WOLFSSL_API #define WOLFSSL_LOCAL #endif -#endif /* BUILDING_WOLFSSL */ + + #if defined(WOLFSSL_VIS_FOR_TESTS) + #ifdef WOLFSSL_PRIVATE_TEST_VIS + #error WOLFSSL_VIS_FOR_TESTS is unavailable in WOLFSSL_PRIVATE_TEST_VIS builds. + #endif + #define WOLFSSL_TEST_VIS WOLFSSL_API + #else + #define WOLFSSL_TEST_VIS WOLFSSL_API WC_DEPRECATED("internal use only") + #endif + +#endif /* !BUILDING_WOLFSSL */ /* WOLFSSL_ABI is used for public API symbols that must not change * their signature. This tag is used for all APIs that are a diff --git a/src/wolfssl/wolfcrypt/wc_encrypt.h b/src/wolfssl/wolfcrypt/wc_encrypt.h index e3cf9ad..4dfc84c 100644 --- a/src/wolfssl/wolfcrypt/wc_encrypt.h +++ b/src/wolfssl/wolfcrypt/wc_encrypt.h @@ -1,6 +1,6 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wc_lms.h b/src/wolfssl/wolfcrypt/wc_lms.h index d7317ea..a4880a9 100644 --- a/src/wolfssl/wolfcrypt/wc_lms.h +++ b/src/wolfssl/wolfcrypt/wc_lms.h @@ -1,6 +1,6 @@ /* wc_lms.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -303,13 +303,13 @@ #endif /* Indicates using SHA-256 for hashing. */ -#define LMS_SHA256 0x00 +#define LMS_SHA256 0x0000 /* Indicates using SHA-256/192 for hashing. */ -#define LMS_SHA256_192 0x10 +#define LMS_SHA256_192 0x1000 /* Mask to get hashing algorithm from type. */ -#define LMS_HASH_MASK 0xf0 +#define LMS_HASH_MASK 0xf000 /* Mask to get height or Winternitz width from type. */ -#define LMS_H_W_MASK 0x0f +#define LMS_H_W_MASK 0x0fff /* LMS Parameters. */ /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ @@ -333,24 +333,24 @@ #define LMOTS_SHA256_N32_W8 0x04 /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ -#define LMS_SHA256_M24_H5 (0x05 | LMS_SHA256_192) +#define LMS_SHA256_M24_H5 (0x0a | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ -#define LMS_SHA256_M24_H10 (0x06 | LMS_SHA256_192) +#define LMS_SHA256_M24_H10 (0x0b | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ -#define LMS_SHA256_M24_H15 (0x07 | LMS_SHA256_192) +#define LMS_SHA256_M24_H15 (0x0c | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ -#define LMS_SHA256_M24_H20 (0x08 | LMS_SHA256_192) +#define LMS_SHA256_M24_H20 (0x0d | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ -#define LMS_SHA256_M24_H25 (0x09 | LMS_SHA256_192) +#define LMS_SHA256_M24_H25 (0x0e | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ -#define LMOTS_SHA256_N24_W1 (0x01 | LMS_SHA256_192) +#define LMOTS_SHA256_N24_W1 (0x05 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ -#define LMOTS_SHA256_N24_W2 (0x02 | LMS_SHA256_192) +#define LMOTS_SHA256_N24_W2 (0x06 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ -#define LMOTS_SHA256_N24_W4 (0x03 | LMS_SHA256_192) +#define LMOTS_SHA256_N24_W4 (0x07 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ -#define LMOTS_SHA256_N24_W8 (0x04 | LMS_SHA256_192) +#define LMOTS_SHA256_N24_W8 (0x08 | LMS_SHA256_192) typedef struct LmsParams { /* Number of tree levels. */ diff --git a/src/wolfssl/wolfcrypt/wc_mlkem.h b/src/wolfssl/wolfcrypt/wc_mlkem.h new file mode 100644 index 0000000..f79e188 --- /dev/null +++ b/src/wolfssl/wolfcrypt/wc_mlkem.h @@ -0,0 +1,378 @@ +/* wc_mlkem.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/wc_mlkem.h +*/ + + +#ifndef WOLF_CRYPT_WC_MLKEM_H +#define WOLF_CRYPT_WC_MLKEM_H + +#include +#include +#include +#include + +#ifdef WOLFSSL_HAVE_MLKEM + +#ifdef WOLFSSL_KYBER_NO_MAKE_KEY + #define WOLFSSL_MLKEM_NO_MAKE_KEY +#endif +#ifdef WOLFSSL_KYBER_NO_ENCAPSULATE + #define WOLFSSL_MLKEM_NO_ENCAPSULATE +#endif +#ifdef WOLFSSL_KYBER_NO_DECAPSULATE + #define WOLFSSL_MLKEM_NO_DECAPSULATE +#endif + +#ifdef noinline + #define MLKEM_NOINLINE noinline +#elif defined(_MSC_VER) + #define MLKEM_NOINLINE __declspec(noinline) +#elif defined(__GNUC__) + #define MLKEM_NOINLINE __attribute__((noinline)) +#else + #define MLKEM_NOINLINE +#endif + +enum { + /* Flags of Kyber keys. */ + MLKEM_FLAG_PRIV_SET = 0x0001, + MLKEM_FLAG_PUB_SET = 0x0002, + MLKEM_FLAG_BOTH_SET = 0x0003, + MLKEM_FLAG_H_SET = 0x0004, + MLKEM_FLAG_A_SET = 0x0008, + + /* 2 bits of random used to create noise value. */ + MLKEM_CBD_ETA2 = 2, + /* 3 bits of random used to create noise value. */ + MLKEM_CBD_ETA3 = 3, + + /* Number of bits to compress to. */ + MLKEM_COMP_4BITS = 4, + MLKEM_COMP_5BITS = 5, + MLKEM_COMP_10BITS = 10, + MLKEM_COMP_11BITS = 11, +}; + + +/* SHAKE128 rate. */ +#define XOF_BLOCK_SIZE 168 + +/* Modulus of co-efficients of polynomial. */ +#define MLKEM_Q 3329 + + +/* Kyber-512 parameters */ +#ifdef WOLFSSL_WC_ML_KEM_512 +/* Number of bits of random to create noise from. */ +#define WC_ML_KEM_512_ETA1 MLKEM_CBD_ETA3 +#endif /* WOLFSSL_WC_ML_KEM_512 */ + +/* Kyber-768 parameters */ +#ifdef WOLFSSL_WC_ML_KEM_768 +/* Number of bits of random to create noise from. */ +#define WC_ML_KEM_768_ETA1 MLKEM_CBD_ETA2 +#endif /* WOLFSSL_WC_ML_KEM_768 */ + +/* Kyber-1024 parameters */ +#ifdef WOLFSSL_WC_ML_KEM_1024 +/* Number of bits of random to create noise from. */ +#define WC_ML_KEM_1024_ETA1 MLKEM_CBD_ETA2 +#endif /* WOLFSSL_KYBER1024 */ + + + +/* The data type of the hash function. */ +#define MLKEM_HASH_T wc_Sha3 + +/* The data type of the pseudo-random function. */ +#define MLKEM_PRF_T wc_Shake + +/* ML-KEM key. */ +struct MlKemKey { + /* Type of key: WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024 */ + int type; + /* Dynamic memory allocation hint. */ + void* heap; +#if defined(WOLF_CRYPTO_CB) + /* Device Id. */ + int devId; +#endif + /* Flags indicating what is stored in the key. */ + int flags; + + /* A pseudo-random function object. */ + MLKEM_HASH_T hash; + /* A pseudo-random function object. */ + MLKEM_PRF_T prf; + + /* Private key as a vector. */ + sword16 priv[WC_ML_KEM_MAX_K * MLKEM_N]; + /* Public key as a vector. */ + sword16 pub[WC_ML_KEM_MAX_K * MLKEM_N]; + /* Public seed. */ + byte pubSeed[WC_ML_KEM_SYM_SZ]; + /* Public hash - hash of encoded public key. */ + byte h[WC_ML_KEM_SYM_SZ]; + /* Randomizer for decapsulation. */ + byte z[WC_ML_KEM_SYM_SZ]; +#ifdef WOLFSSL_MLKEM_CACHE_A + /* A matrix from key generation. */ + sword16 a[WC_ML_KEM_MAX_K * WC_ML_KEM_MAX_K * MLKEM_N]; +#endif +}; + +#ifdef __cplusplus + extern "C" { +#endif + +/* For backward compatibility */ +typedef struct MlKemKey KyberKey; + +WOLFSSL_LOCAL +void mlkem_init(void); + +#ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM +WOLFSSL_LOCAL +void mlkem_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, + int kp); +#else +WOLFSSL_LOCAL +int mlkem_keygen_seeds(sword16* priv, sword16* pub, MLKEM_PRF_T* prf, + sword16* e, int kp, byte* seed, byte* noiseSeed); +#endif +#ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM +WOLFSSL_LOCAL +void mlkem_encapsulate(const sword16* pub, sword16* bp, sword16* v, + const sword16* at, sword16* sp, const sword16* ep, const sword16* epp, + const sword16* m, int kp); +#else +WOLFSSL_LOCAL +int mlkem_encapsulate_seeds(const sword16* pub, MLKEM_PRF_T* prf, sword16* bp, + sword16* tp, sword16* sp, int kp, const byte* msg, byte* seed, + byte* coins); +#endif +WOLFSSL_LOCAL +void mlkem_decapsulate(const sword16* priv, sword16* mp, sword16* bp, + const sword16* v, int kp); + +WOLFSSL_LOCAL +int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int kp, byte* seed, + int transposed); +WOLFSSL_LOCAL +int mlkem_get_noise(MLKEM_PRF_T* prf, int kp, sword16* vec1, sword16* vec2, + sword16* poly, byte* seed); + +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(WOLFSSL_ARMASM) && defined(__aarch64__)) +WOLFSSL_LOCAL +int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen); +#endif +WOLFSSL_LOCAL +void mlkem_hash_init(MLKEM_HASH_T* hash); +WOLFSSL_LOCAL +int mlkem_hash_new(MLKEM_HASH_T* hash, void* heap, int devId); +WOLFSSL_LOCAL +void mlkem_hash_free(MLKEM_HASH_T* hash); +WOLFSSL_LOCAL +int mlkem_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out); +WOLFSSL_LOCAL +int mlkem_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len, + const byte* data2, word32 data2Len, byte* out); + +WOLFSSL_LOCAL +int mlkem_derive_secret(MLKEM_PRF_T* prf, const byte* z, const byte* ct, + word32 ctSz, byte* ss); + +WOLFSSL_LOCAL +void mlkem_prf_init(MLKEM_PRF_T* prf); +WOLFSSL_LOCAL +int mlkem_prf_new(MLKEM_PRF_T* prf, void* heap, int devId); +WOLFSSL_LOCAL +void mlkem_prf_free(MLKEM_PRF_T* prf); + +WOLFSSL_LOCAL +int mlkem_cmp(const byte* a, const byte* b, int sz); + +WOLFSSL_LOCAL +void mlkem_vec_compress_10(byte* r, sword16* v, unsigned int kp); +WOLFSSL_LOCAL +void mlkem_vec_compress_11(byte* r, sword16* v); +WOLFSSL_LOCAL +void mlkem_vec_decompress_10(sword16* v, const unsigned char* b, + unsigned int kp); +WOLFSSL_LOCAL +void mlkem_vec_decompress_11(sword16* v, const unsigned char* b); + +WOLFSSL_LOCAL +void mlkem_compress_4(byte* b, sword16* p); +WOLFSSL_LOCAL +void mlkem_compress_5(byte* b, sword16* p); +WOLFSSL_LOCAL +void mlkem_decompress_4(sword16* p, const unsigned char* b); +WOLFSSL_LOCAL +void mlkem_decompress_5(sword16* p, const unsigned char* b); + +WOLFSSL_LOCAL +void mlkem_from_msg(sword16* p, const byte* msg); +WOLFSSL_LOCAL +void mlkem_to_msg(byte* msg, sword16* p); +WOLFSSL_LOCAL +void mlkem_from_bytes(sword16* p, const byte* b, int k); +WOLFSSL_LOCAL +void mlkem_to_bytes(byte* b, sword16* p, int k); + +#ifdef USE_INTEL_SPEEDUP +WOLFSSL_LOCAL +void mlkem_keygen_avx2(sword16* priv, sword16* pub, sword16* e, + const sword16* a, int kp); +WOLFSSL_LOCAL +void mlkem_encapsulate_avx2(const sword16* pub, sword16* bp, sword16* v, + const sword16* at, sword16* sp, const sword16* ep, const sword16* epp, + const sword16* m, int kp); +WOLFSSL_LOCAL +void mlkem_decapsulate_avx2(const sword16* priv, sword16* mp, sword16* bp, + const sword16* v, int kp); + +WOLFSSL_LOCAL +unsigned int mlkem_rej_uniform_n_avx2(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); +WOLFSSL_LOCAL +unsigned int mlkem_rej_uniform_avx2(sword16* p, unsigned int len, const byte* r, + unsigned int rLen); +WOLFSSL_LOCAL +void mlkem_redistribute_21_rand_avx2(const word64* s, byte* r0, byte* r1, + byte* r2, byte* r3); +void mlkem_redistribute_17_rand_avx2(const word64* s, byte* r0, byte* r1, + byte* r2, byte* r3); +void mlkem_redistribute_16_rand_avx2(const word64* s, byte* r0, byte* r1, + byte* r2, byte* r3); +void mlkem_redistribute_8_rand_avx2(const word64* s, byte* r0, byte* r1, + byte* r2, byte* r3); + +WOLFSSL_LOCAL +void mlkem_sha3_128_blocksx4_seed_avx2(word64* s, byte* seed); +WOLFSSL_LOCAL +void mlkem_sha3_256_blocksx4_seed_avx2(word64* s, byte* seed); + +WOLFSSL_LOCAL +void mlkem_cbd_eta2_avx2(sword16* p, const byte* r); +WOLFSSL_LOCAL +void mlkem_cbd_eta3_avx2(sword16* p, const byte* r); + +WOLFSSL_LOCAL +void mlkem_from_msg_avx2(sword16* p, const byte* msg); +WOLFSSL_LOCAL +void mlkem_to_msg_avx2(byte* msg, sword16* p); + +WOLFSSL_LOCAL +void mlkem_from_bytes_avx2(sword16* p, const byte* b); +WOLFSSL_LOCAL +void mlkem_to_bytes_avx2(byte* b, sword16* p); + +WOLFSSL_LOCAL +void mlkem_compress_10_avx2(byte* r, const sword16* p, int n); +WOLFSSL_LOCAL +void mlkem_decompress_10_avx2(sword16* p, const byte* r, int n); +WOLFSSL_LOCAL +void mlkem_compress_11_avx2(byte* r, const sword16* p, int n); +WOLFSSL_LOCAL +void mlkem_decompress_11_avx2(sword16* p, const byte* r, int n); + +WOLFSSL_LOCAL +void mlkem_compress_4_avx2(byte* r, const sword16* p); +WOLFSSL_LOCAL +void mlkem_decompress_4_avx2(sword16* p, const byte* r); +WOLFSSL_LOCAL +void mlkem_compress_5_avx2(byte* r, const sword16* p); +WOLFSSL_LOCAL +void mlkem_decompress_5_avx2(sword16* p, const byte* r); + + +WOLFSSL_LOCAL +int mlkem_cmp_avx2(const byte* a, const byte* b, int sz); +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +WOLFSSL_LOCAL void mlkem_ntt(sword16* r); +WOLFSSL_LOCAL void mlkem_invntt(sword16* r); +WOLFSSL_LOCAL void mlkem_ntt_sqrdmlsh(sword16* r); +WOLFSSL_LOCAL void mlkem_invntt_sqrdmlsh(sword16* r); +WOLFSSL_LOCAL void mlkem_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_add_reduce(sword16* r, const sword16* a); +WOLFSSL_LOCAL void mlkem_add3_reduce(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_rsub_reduce(sword16* r, const sword16* a); +WOLFSSL_LOCAL void mlkem_to_mont(sword16* p); +WOLFSSL_LOCAL void mlkem_to_mont_sqrdmlsh(sword16* p); +WOLFSSL_LOCAL void mlkem_sha3_blocksx3_neon(word64* state); +WOLFSSL_LOCAL void mlkem_shake128_blocksx3_seed_neon(word64* state, byte* seed); +WOLFSSL_LOCAL void mlkem_shake256_blocksx3_seed_neon(word64* state, byte* seed); +WOLFSSL_LOCAL unsigned int mlkem_rej_uniform_neon(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); +WOLFSSL_LOCAL int mlkem_cmp_neon(const byte* a, const byte* b, int sz); +WOLFSSL_LOCAL void mlkem_csubq_neon(sword16* p); +WOLFSSL_LOCAL void mlkem_from_msg_neon(sword16* p, const byte* msg); +WOLFSSL_LOCAL void mlkem_to_msg_neon(byte* msg, sword16* p); +#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM) +#define mlkem_ntt mlkem_thumb2_ntt +#define mlkem_invntt mlkem_thumb2_invntt +#define mlkem_basemul_mont mlkem_thumb2_basemul_mont +#define mlkem_basemul_mont_add mlkem_thumb2_basemul_mont_add +#define mlkem_rej_uniform_c mlkem_thumb2_rej_uniform + +WOLFSSL_LOCAL void mlkem_thumb2_ntt(sword16* r); +WOLFSSL_LOCAL void mlkem_thumb2_invntt(sword16* r); +WOLFSSL_LOCAL void mlkem_thumb2_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_thumb2_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_thumb2_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int mlkem_thumb2_rej_uniform(sword16* p, + unsigned int len, const byte* r, unsigned int rLen); +#elif defined(WOLFSSL_ARMASM) +#define mlkem_ntt mlkem_arm32_ntt +#define mlkem_invntt mlkem_arm32_invntt +#define mlkem_basemul_mont mlkem_arm32_basemul_mont +#define mlkem_basemul_mont_add mlkem_arm32_basemul_mont_add +#define mlkem_rej_uniform_c mlkem_arm32_rej_uniform + +WOLFSSL_LOCAL void mlkem_arm32_ntt(sword16* r); +WOLFSSL_LOCAL void mlkem_arm32_invntt(sword16* r); +WOLFSSL_LOCAL void mlkem_arm32_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_arm32_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void mlkem_arm32_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int mlkem_arm32_rej_uniform(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); +#endif + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_HAVE_MLKEM */ + +#endif /* WOLF_CRYPT_WC_MLKEM_H */ diff --git a/src/wolfssl/wolfcrypt/wc_pkcs11.h b/src/wolfssl/wolfcrypt/wc_pkcs11.h index 0b8942b..fdc51e0 100644 --- a/src/wolfssl/wolfcrypt/wc_pkcs11.h +++ b/src/wolfssl/wolfcrypt/wc_pkcs11.h @@ -1,6 +1,6 @@ /* wc_pkcs11.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wc_port.h b/src/wolfssl/wolfcrypt/wc_port.h index 4be0502..a33fbf4 100644 --- a/src/wolfssl/wolfcrypt/wc_port.h +++ b/src/wolfssl/wolfcrypt/wc_port.h @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,6 +82,25 @@ #endif #endif /* !WC_MAYBE_UNUSED */ +#ifndef WC_DEPRECATED + #ifdef WOLFSSL_ZEPHYR + #define WC_DEPRECATED(msg) /* null expansion */ + #elif ((defined(__GNUC__) && \ + ((__GNUC__ >= 5) || \ + ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))) || \ + defined(__clang__) + #define WC_DEPRECATED(msg) __attribute__((deprecated(msg))) + #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ + defined(_WIN32_WCE) || defined(__WATCOMC__) + #define WC_DEPRECATED(msg) __declspec(deprecated(msg)) + #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ + defined(__IAR_SYSTEMS_ICC__) + #define WC_DEPRECATED(msg) __attribute__((deprecated)) + #else + #define WC_DEPRECATED(msg) /* null expansion */ + #endif +#endif /* !WC_MAYBE_UNUSED */ + /* use inlining if compiler allows */ #ifndef WC_INLINE #ifndef NO_INLINE @@ -122,6 +141,43 @@ /* THREADING/MUTEX SECTION */ #if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM) /* No system headers required for build. */ +#elif defined(__WATCOMC__) + #if defined(SINGLE_THREADED) + #if defined(USE_WINDOWS_API) + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ + #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */ + #ifndef WOLFSSL_USER_IO + #include + #include /* required for InetPton */ + #endif + #elif defined(__OS2__) + #include + #endif + #else + #if defined(USE_WINDOWS_API) + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ + #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */ + #include + #ifndef WOLFSSL_USER_IO + #include + #include /* required for InetPton */ + #endif + #elif defined(__OS2__) + #define INCL_DOSSEMAPHORES + #define INCL_DOSPROCESS + #include + #include + #else + #ifndef WOLFSSL_USER_MUTEX + #define WOLFSSL_PTHREADS + #endif + #if defined(WOLFSSL_PTHREADS) + #include + #endif + #endif + #endif #elif defined(USE_WINDOWS_API) #if defined(WOLFSSL_PTHREADS) #include @@ -133,12 +189,11 @@ #define WIN32_LEAN_AND_MEAN #endif #if !defined(WOLFSSL_SGX) && !defined(WOLFSSL_NOT_WINDOWS_API) - #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN) - /* On WinCE winsock2.h must be included before windows.h */ - #include - #endif + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file. */ #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header */ #ifndef WOLFSSL_USER_IO + #include #include /* required for InetPton */ #endif #endif /* WOLFSSL_SGX */ @@ -284,7 +339,7 @@ #else /* MULTI_THREADED */ /* FREERTOS comes first to enable use of FreeRTOS Windows simulator only */ #if defined(FREERTOS) - #if ESP_IDF_VERSION_MAJOR >= 4 + #if defined(ESP_IDF_VERSION_MAJOR) && (ESP_IDF_VERSION_MAJOR >= 4) typedef SemaphoreHandle_t wolfSSL_Mutex; #else typedef xSemaphoreHandle wolfSSL_Mutex; @@ -371,6 +426,9 @@ /* typedef User_Mutex wolfSSL_Mutex; */ #elif defined(WOLFSSL_LINUXKM) /* definitions are in linuxkm/linuxkm_wc_port.h */ + #elif defined(__WATCOMC__) + /* OS/2 */ + typedef ULONG wolfSSL_Mutex; #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ @@ -395,6 +453,8 @@ #ifdef SINGLE_THREADED typedef int wolfSSL_Atomic_Int; #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) + #define WOLFSSL_ATOMIC_LOAD(x) (x) + #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val) #define WOLFSSL_ATOMIC_OPS #elif defined(HAVE_C___ATOMIC) #ifdef __cplusplus @@ -402,6 +462,8 @@ /* C++ using direct calls to compiler built-in functions */ typedef volatile int wolfSSL_Atomic_Int; #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) + #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), __ATOMIC_CONSUME) + #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), val, __ATOMIC_RELEASE) #define WOLFSSL_ATOMIC_OPS #endif #else @@ -410,6 +472,8 @@ #include typedef atomic_int wolfSSL_Atomic_Int; #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) + #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x)) + #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val) #define WOLFSSL_ATOMIC_OPS #endif /* WOLFSSL_HAVE_ATOMIC_H */ #endif @@ -422,6 +486,8 @@ #endif typedef volatile long wolfSSL_Atomic_Int; #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) + #define WOLFSSL_ATOMIC_LOAD(x) (x) + #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val) #define WOLFSSL_ATOMIC_OPS #endif #endif /* WOLFSSL_NO_ATOMICS */ @@ -757,13 +823,14 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); * make the API more POSIX like. */ XFILE z_fs_open(const char* filename, const char* mode); int z_fs_close(XFILE file); + int z_fs_rewind(XFILE file); #define XFOPEN z_fs_open #define XFCLOSE z_fs_close #define XFFLUSH fs_sync #define XFSEEK fs_seek #define XFTELL fs_tell - #define XFREWIND fs_rewind + #define XFREWIND z_fs_rewind #define XFREAD(P,S,N,F) fs_read(F, P, S*N) #define XFWRITE(P,S,N,F) fs_write(F, P, S*N) #define XSEEK_SET FS_SEEK_SET @@ -887,7 +954,25 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #if !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - #if defined(USE_WINDOWS_API) + #if defined(__WATCOMC__) + #include + #include + #define XWRITE write + #define XREAD read + #define XCLOSE close + #define XSTAT stat + #define XS_ISREG(s) S_ISREG(s) + #if defined(__UNIX__) + #include + #define SEPARATOR_CHAR ':' + #else + #include + #define SEPARATOR_CHAR ';' + #endif + #if defined(__NT__) + #define XALTHOMEVARNAME "USERPROFILE" + #endif + #elif defined(USE_WINDOWS_API) #include #include #ifndef XSTAT @@ -925,9 +1010,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define SEPARATOR_CHAR ':' #else - #ifndef NO_WOLFSSL_DIR - #include - #endif + #include #include #include #define XWRITE write @@ -1178,7 +1261,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XGMTIME(c, t) gmtime((c)) #elif defined(_WIN32_WCE) + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ #include /* For file system */ time_t windows_time(time_t* timer); diff --git a/src/wolfssl/wolfcrypt/wc_xmss.h b/src/wolfssl/wolfcrypt/wc_xmss.h index 21d5fe8..e59df61 100644 --- a/src/wolfssl/wolfcrypt/wc_xmss.h +++ b/src/wolfssl/wolfcrypt/wc_xmss.h @@ -1,6 +1,6 @@ /* wc_xmss.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wolfevent.h b/src/wolfssl/wolfcrypt/wolfevent.h index cb3cb58..d6731d1 100644 --- a/src/wolfssl/wolfcrypt/wolfevent.h +++ b/src/wolfssl/wolfcrypt/wolfevent.h @@ -1,6 +1,6 @@ /* wolfevent.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wolfmath.h b/src/wolfssl/wolfcrypt/wolfmath.h index e012ff6..e2e8545 100644 --- a/src/wolfssl/wolfcrypt/wolfmath.h +++ b/src/wolfssl/wolfcrypt/wolfmath.h @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,16 @@ This library provides big integer math functions. #endif -#if defined(USE_FAST_MATH) +#if defined(NO_BIG_INT) + /* MPI globally disabled -- no PK algorithms supported. */ + #if defined(USE_FAST_MATH) || defined(USE_INTEGER_HEAP_MATH) || \ + defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) || \ + defined(HAVE_WOLF_BIGINT) || defined(WOLFSSL_EXPORT_INT) + #error Conflicting MPI settings. + #endif +#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + #include +#elif defined(USE_FAST_MATH) #include #elif defined(USE_INTEGER_HEAP_MATH) #include @@ -48,7 +57,7 @@ This library provides big integer math functions. #include #endif -#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) +#if !defined(NO_BIG_INT) #include #endif @@ -72,7 +81,7 @@ This library provides big integer math functions. extern const wc_ptr_t wc_off_on_addr[2]; #endif -#if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) +#if !defined(NO_BIG_INT) /* common math functions */ MP_API int get_digit_count(const mp_int* a); MP_API mp_digit get_digit(const mp_int* a, int n); diff --git a/src/wolfssl/wolfcrypt/xmss.h b/src/wolfssl/wolfcrypt/xmss.h index 548700c..9944862 100644 --- a/src/wolfssl/wolfcrypt/xmss.h +++ b/src/wolfssl/wolfcrypt/xmss.h @@ -1,6 +1,6 @@ /* xmss.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfio.h b/src/wolfssl/wolfio.h index 4d1145b..de45a18 100644 --- a/src/wolfssl/wolfio.h +++ b/src/wolfssl/wolfio.h @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2024 wolfSSL Inc. + * Copyright (C) 2006-2025 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,7 +57,32 @@ #include "zlib.h" #endif -#ifndef USE_WINDOWS_API +#if defined(__WATCOMC__) + #if defined(__NT__) + #elif defined(__OS2__) + #include + #include + #include + #include + #include + #include + #include + #include + #include + + typedef int socklen_t; + #elif defined(__LINUX__) + #include + #include + #include + #include + #define XFCNTL(fd, flag, block) fcntl((fd), (flag), (block)) + #include + #include + #include + #endif +#elif defined(USE_WINDOWS_API) +#else #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) /* lwIP needs to be configured to use sockets API in this mode */ /* LWIP_SOCKET 1 in lwip/opt.h or in build */ @@ -204,7 +229,40 @@ #define SOCKET_RECEIVING 1 #define SOCKET_SENDING 2 -#ifdef USE_WINDOWS_API +#ifdef __WATCOMC__ + #if defined(__NT__) + /* no epipe yet */ + #ifndef WSAEPIPE + #define WSAEPIPE -12345 + #endif + #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK + #define SOCKET_EAGAIN WSAETIMEDOUT + #define SOCKET_ETIMEDOUT WSAETIMEDOUT + #define SOCKET_ECONNRESET WSAECONNRESET + #define SOCKET_EINTR WSAEINTR + #define SOCKET_EPIPE WSAEPIPE + #define SOCKET_ECONNREFUSED WSAENOTCONN + #define SOCKET_ECONNABORTED WSAECONNABORTED + #elif defined(__OS2__) + #define SOCKET_EWOULDBLOCK SOCEWOULDBLOCK + #define SOCKET_EAGAIN SOCEAGAIN + #define SOCKET_ETIMEDOUT SOCETIMEDOUT + #define SOCKET_ECONNRESET SOCECONNRESET + #define SOCKET_EINTR SOCEINTR + #define SOCKET_EPIPE SOCEPIPE + #define SOCKET_ECONNREFUSED SOCECONNREFUSED + #define SOCKET_ECONNABORTED SOCECONNABORTED + #elif defined(__UNIX__) + #define SOCKET_EWOULDBLOCK EWOULDBLOCK + #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT ETIMEDOUT + #define SOCKET_ECONNRESET ECONNRESET + #define SOCKET_EINTR EINTR + #define SOCKET_EPIPE EPIPE + #define SOCKET_ECONNREFUSED ECONNREFUSED + #define SOCKET_ECONNABORTED ECONNABORTED + #endif +#elif defined(USE_WINDOWS_API) /* no epipe yet */ #ifndef WSAEPIPE #define WSAEPIPE -12345 @@ -836,21 +894,36 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); #ifndef XINET_NTOP - #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d)) - #ifdef USE_WINDOWS_API /* Windows-friendly definition */ - #undef XINET_NTOP + #if defined(__WATCOMC__) + #if defined(__OS2__) || defined(__NT__) && \ + (NTDDI_VERSION >= NTDDI_VISTA) + #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d)) + #else + #define XINET_NTOP(a,b,c,d) \ + strncpy((c),inet_ntoa(*(unsigned *)(b)),(d)) + #endif + #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */ #define XINET_NTOP(a,b,c,d) InetNtop((a),(b),(c),(d)) + #else + #define XINET_NTOP(a,b,c,d) inet_ntop((a),(b),(c),(d)) #endif #endif #ifndef XINET_PTON - #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) - #ifdef USE_WINDOWS_API /* Windows-friendly definition */ - #undef XINET_PTON + #if defined(__WATCOMC__) + #if defined(__OS2__) || defined(__NT__) && \ + (NTDDI_VERSION >= NTDDI_VISTA) + #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) + #else + #define XINET_PTON(a,b,c) *(unsigned *)(c) = inet_addr((b)) + #endif + #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */ #if defined(__MINGW64__) && !defined(UNICODE) #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) #else #define XINET_PTON(a,b,c) InetPton((a),(PCWSTR)(b),(c)) #endif + #else + #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) #endif #endif From c4052f6637b29160fa801050576a01e480798fce Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 7 May 2025 11:31:48 +0200 Subject: [PATCH 3/8] Apply post-release changes from https://github.com/wolfSSL/wolfssl/pull/8668 --- src/user_settings.h | 4 ++++ src/wolfssl-arduino.cpp | 26 +++++++++++++++++++++++++- src/wolfssl/wolfcrypt/settings.h | 1 + 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/src/user_settings.h b/src/user_settings.h index e2a0196..e8d05fa 100644 --- a/src/user_settings.h +++ b/src/user_settings.h @@ -90,9 +90,13 @@ #elif defined(WOLFSSL_SERVER_EXAMPLE) #define NO_WOLFSSL_CLIENT #elif defined(WOLFSSL_TEMPLATE_EXAMPLE) + #define NO_TLS + #define WOLFCRYPT_ONLY #define NO_WOLFSSL_SERVER #define NO_WOLFSSL_CLIENT #elif defined(WOLFSSL_AES_CTR_EXAMPLE) + #define NO_TLS + #define WOLFCRYPT_ONLY #define NO_WOLFSSL_SERVER #define NO_WOLFSSL_CLIENT #define WOLFSSL_AES diff --git a/src/wolfssl-arduino.cpp b/src/wolfssl-arduino.cpp index 3d3c787..19c50a6 100644 --- a/src/wolfssl-arduino.cpp +++ b/src/wolfssl-arduino.cpp @@ -25,9 +25,33 @@ /* Function to allow wolfcrypt to use Arduino Serial.print for debug messages. * See wolfssl/wolfcrypt/logging.c */ +#if defined(__AVR__) +#include /* Required for PROGMEM handling on AVR */ +#endif + int wolfSSL_Arduino_Serial_Print(const char* const s) { /* Reminder: Serial.print is only available in C++ */ - Serial.println(F(s)); + int is_progmem = 0; + +#if defined(__AVR__) + const char* t; + t = s; + + /* Safely check if `s` is in PROGMEM, 0x8000 is typical for AVR flash */ + if (reinterpret_cast(t) >= 0x8000) { + while (pgm_read_byte(t)) { + Serial.write(pgm_read_byte(t++)); + } + Serial.println(); + is_progmem = 1; + } +#endif + + /* Print normally for non-AVR boards or RAM-stored strings */ + if (!is_progmem) { + Serial.println(s); + } + return 0; }; diff --git a/src/wolfssl/wolfcrypt/settings.h b/src/wolfssl/wolfcrypt/settings.h index 9f4cd66..9008976 100644 --- a/src/wolfssl/wolfcrypt/settings.h +++ b/src/wolfssl/wolfcrypt/settings.h @@ -316,6 +316,7 @@ /* board-specific */ #if defined(__AVR__) + #define WOLFSSL_USER_IO #define WOLFSSL_NO_SOCK #define NO_WRITEV #elif defined(__arm__) From ae219196bb6199b2c15fa5f36242467b72b510e4 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 21 Jul 2025 11:47:03 -0700 Subject: [PATCH 4/8] wolfssl 5.8.2 Release for Arduino --- COPYING | 899 +++-- ChangeLog.md | 201 ++ LICENSING | 4 +- README | 400 +- README.md | 401 +- library.properties | 2 +- src/src/bio.c | 19 +- src/src/conf.c | 2 +- src/src/crl.c | 80 +- src/src/dtls.c | 4 +- src/src/dtls13.c | 17 +- src/src/internal.c | 748 +++- src/src/keys.c | 9 +- src/src/ocsp.c | 2 +- src/src/pk.c | 254 +- src/src/quic.c | 6 +- src/src/sniffer.c | 184 +- src/src/ssl.c | 403 ++- src/src/ssl_asn1.c | 2 +- src/src/ssl_bn.c | 58 +- src/src/ssl_certman.c | 4 +- src/src/ssl_crypto.c | 112 +- src/src/ssl_load.c | 202 +- src/src/ssl_misc.c | 13 +- src/src/ssl_p7p12.c | 31 +- src/src/ssl_sess.c | 12 +- src/src/tls.c | 1667 +++++---- src/src/tls13.c | 125 +- src/src/wolfio.c | 6 +- src/src/x509.c | 224 +- src/src/x509_str.c | 56 +- src/user_settings.h | 2 +- src/wolfcrypt/src/aes.c | 51 +- src/wolfcrypt/src/arc4.c | 2 +- src/wolfcrypt/src/ascon.c | 2 +- src/wolfcrypt/src/asm.c | 2 +- src/wolfcrypt/src/asn.c | 1279 +++++-- src/wolfcrypt/src/bio.c | 19 +- src/wolfcrypt/src/blake2b.c | 6 +- src/wolfcrypt/src/blake2s.c | 2 +- src/wolfcrypt/src/camellia.c | 4 +- src/wolfcrypt/src/chacha.c | 2 +- src/wolfcrypt/src/chacha20_poly1305.c | 2 +- src/wolfcrypt/src/cmac.c | 2 +- src/wolfcrypt/src/coding.c | 2 +- src/wolfcrypt/src/compress.c | 2 +- src/wolfcrypt/src/cpuid.c | 2 +- src/wolfcrypt/src/cryptocb.c | 10 +- src/wolfcrypt/src/curve25519.c | 17 +- src/wolfcrypt/src/curve448.c | 2 +- src/wolfcrypt/src/des3.c | 14 +- src/wolfcrypt/src/dh.c | 234 +- src/wolfcrypt/src/dilithium.c | 614 ++-- src/wolfcrypt/src/dsa.c | 41 +- src/wolfcrypt/src/ecc.c | 45 +- src/wolfcrypt/src/eccsi.c | 2 +- src/wolfcrypt/src/ed25519.c | 2 +- src/wolfcrypt/src/ed448.c | 2 +- src/wolfcrypt/src/error.c | 9 +- src/wolfcrypt/src/evp.c | 68 +- src/wolfcrypt/src/ext_lms.c | 11 +- src/wolfcrypt/src/ext_mlkem.c | 2 +- src/wolfcrypt/src/ext_xmss.c | 2 +- src/wolfcrypt/src/falcon.c | 2 +- src/wolfcrypt/src/fe_448.c | 2 +- src/wolfcrypt/src/fe_low_mem.c | 2 +- src/wolfcrypt/src/fe_operations.c | 8 +- src/wolfcrypt/src/ge_448.c | 2 +- src/wolfcrypt/src/ge_low_mem.c | 2 +- src/wolfcrypt/src/ge_operations.c | 2 +- src/wolfcrypt/src/hash.c | 29 +- src/wolfcrypt/src/hmac.c | 51 +- src/wolfcrypt/src/hpke.c | 17 +- src/wolfcrypt/src/integer.c | 2 +- src/wolfcrypt/src/kdf.c | 50 +- src/wolfcrypt/src/logging.c | 154 +- src/wolfcrypt/src/md2.c | 2 +- src/wolfcrypt/src/md4.c | 2 +- src/wolfcrypt/src/md5.c | 2 +- src/wolfcrypt/src/memory.c | 2 +- src/wolfcrypt/src/misc.c | 25 +- src/wolfcrypt/src/pkcs12.c | 121 +- src/wolfcrypt/src/pkcs7.c | 67 +- src/wolfcrypt/src/poly1305.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_aes.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_mp.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_sha.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_util.c | 17 +- .../src/port/Espressif/esp_sdk_mem_lib.c | 2 +- .../src/port/Espressif/esp_sdk_time_lib.c | 13 +- .../src/port/Espressif/esp_sdk_wifi_lib.c | 2 +- src/wolfcrypt/src/port/atmel/atmel.c | 2 +- src/wolfcrypt/src/pwdbased.c | 2 +- src/wolfcrypt/src/random.c | 429 ++- src/wolfcrypt/src/rc2.c | 2 +- src/wolfcrypt/src/ripemd.c | 2 +- src/wolfcrypt/src/rsa.c | 41 +- src/wolfcrypt/src/sakke.c | 2 +- src/wolfcrypt/src/sha.c | 3 +- src/wolfcrypt/src/sha256.c | 41 +- src/wolfcrypt/src/sha3.c | 14 +- src/wolfcrypt/src/sha512.c | 2 +- src/wolfcrypt/src/signature.c | 2 +- src/wolfcrypt/src/siphash.c | 6 +- src/wolfcrypt/src/sm2.c | 2 +- src/wolfcrypt/src/sm3.c | 2 +- src/wolfcrypt/src/sm4.c | 2 +- src/wolfcrypt/src/sp_arm32.c | 1772 +++++---- src/wolfcrypt/src/sp_arm64.c | 63 +- src/wolfcrypt/src/sp_armthumb.c | 39 +- src/wolfcrypt/src/sp_c32.c | 39 +- src/wolfcrypt/src/sp_c64.c | 39 +- src/wolfcrypt/src/sp_cortexm.c | 1765 +++++---- src/wolfcrypt/src/sp_dsp32.c | 2 +- src/wolfcrypt/src/sp_int.c | 117 +- src/wolfcrypt/src/sp_sm2_arm32.c | 2 +- src/wolfcrypt/src/sp_sm2_arm64.c | 2 +- src/wolfcrypt/src/sp_sm2_armthumb.c | 2 +- src/wolfcrypt/src/sp_sm2_c32.c | 2 +- src/wolfcrypt/src/sp_sm2_c64.c | 2 +- src/wolfcrypt/src/sp_sm2_cortexm.c | 2 +- src/wolfcrypt/src/sp_sm2_x86_64.c | 2 +- src/wolfcrypt/src/sp_x86_64.c | 39 +- src/wolfcrypt/src/sphincs.c | 2 +- src/wolfcrypt/src/srp.c | 2 +- src/wolfcrypt/src/tfm.c | 59 +- src/wolfcrypt/src/wc_dsp.c | 2 +- src/wolfcrypt/src/wc_encrypt.c | 13 +- src/wolfcrypt/src/wc_lms.c | 177 +- src/wolfcrypt/src/wc_lms_impl.c | 55 +- src/wolfcrypt/src/wc_mlkem.c | 21 +- src/wolfcrypt/src/wc_mlkem_poly.c | 113 +- src/wolfcrypt/src/wc_pkcs11.c | 10 +- src/wolfcrypt/src/wc_port.c | 118 +- src/wolfcrypt/src/wc_xmss.c | 8 +- src/wolfcrypt/src/wc_xmss_impl.c | 4 +- src/wolfcrypt/src/wolfevent.c | 2 +- src/wolfcrypt/src/wolfmath.c | 64 +- src/wolfssl-arduino.cpp | 2 +- src/wolfssl.h | 2 +- src/wolfssl/bio.c | 19 +- src/wolfssl/callbacks.h | 2 +- src/wolfssl/crl.h | 2 +- src/wolfssl/error-ssl.h | 3 +- src/wolfssl/evp.c | 68 +- src/wolfssl/internal.h | 58 +- src/wolfssl/ocsp.h | 2 +- src/wolfssl/openssl/aes.h | 2 +- src/wolfssl/openssl/asn1.h | 2 +- src/wolfssl/openssl/asn1t.h | 2 +- src/wolfssl/openssl/bio.h | 2 +- src/wolfssl/openssl/bn.h | 4 +- src/wolfssl/openssl/buffer.h | 2 +- src/wolfssl/openssl/camellia.h | 2 +- src/wolfssl/openssl/cmac.h | 2 +- src/wolfssl/openssl/cms.h | 2 +- src/wolfssl/openssl/compat_types.h | 2 +- src/wolfssl/openssl/conf.h | 2 +- src/wolfssl/openssl/crypto.h | 2 +- src/wolfssl/openssl/des.h | 2 +- src/wolfssl/openssl/dh.h | 2 +- src/wolfssl/openssl/dsa.h | 2 +- src/wolfssl/openssl/ec.h | 2 +- src/wolfssl/openssl/ec25519.h | 2 +- src/wolfssl/openssl/ec448.h | 2 +- src/wolfssl/openssl/ecdh.h | 2 +- src/wolfssl/openssl/ecdsa.h | 2 +- src/wolfssl/openssl/ed25519.h | 2 +- src/wolfssl/openssl/ed448.h | 2 +- src/wolfssl/openssl/err.h | 2 +- src/wolfssl/openssl/evp.h | 12 +- src/wolfssl/openssl/fips_rand.h | 2 +- src/wolfssl/openssl/hmac.h | 3 +- src/wolfssl/openssl/kdf.h | 2 +- src/wolfssl/openssl/lhash.h | 2 +- src/wolfssl/openssl/md4.h | 2 +- src/wolfssl/openssl/md5.h | 2 +- src/wolfssl/openssl/modes.h | 2 +- src/wolfssl/openssl/obj_mac.h | 2 +- src/wolfssl/openssl/objects.h | 2 +- src/wolfssl/openssl/ocsp.h | 2 +- src/wolfssl/openssl/opensslv.h | 2 +- src/wolfssl/openssl/ossl_typ.h | 2 +- src/wolfssl/openssl/pem.h | 2 +- src/wolfssl/openssl/pkcs12.h | 2 +- src/wolfssl/openssl/pkcs7.h | 2 +- src/wolfssl/openssl/rand.h | 2 +- src/wolfssl/openssl/rc4.h | 2 +- src/wolfssl/openssl/ripemd.h | 2 +- src/wolfssl/openssl/rsa.h | 68 +- src/wolfssl/openssl/safestack.h | 2 +- src/wolfssl/openssl/sha.h | 2 +- src/wolfssl/openssl/sha3.h | 2 +- src/wolfssl/openssl/srp.h | 2 +- src/wolfssl/openssl/ssl.h | 3 +- src/wolfssl/openssl/stack.h | 2 +- src/wolfssl/openssl/tls1.h | 2 +- src/wolfssl/openssl/txt_db.h | 2 +- src/wolfssl/openssl/x509.h | 2 +- src/wolfssl/openssl/x509_vfy.h | 2 +- src/wolfssl/openssl/x509v3.h | 9 +- src/wolfssl/quic.h | 2 +- src/wolfssl/sniffer.h | 9 +- src/wolfssl/sniffer_error.h | 2 +- src/wolfssl/ssl.h | 24 +- src/wolfssl/test.h | 27 +- src/wolfssl/version.h | 6 +- src/wolfssl/wolfcrypt/aes.h | 2 +- src/wolfssl/wolfcrypt/arc4.h | 2 +- src/wolfssl/wolfcrypt/ascon.h | 2 +- src/wolfssl/wolfcrypt/asn.h | 649 +--- src/wolfssl/wolfcrypt/asn_public.h | 131 +- src/wolfssl/wolfcrypt/blake2-impl.h | 2 +- src/wolfssl/wolfcrypt/blake2-int.h | 2 +- src/wolfssl/wolfcrypt/blake2.h | 2 +- src/wolfssl/wolfcrypt/camellia.h | 2 +- src/wolfssl/wolfcrypt/chacha.h | 2 +- src/wolfssl/wolfcrypt/chacha20_poly1305.h | 2 +- src/wolfssl/wolfcrypt/cmac.h | 2 +- src/wolfssl/wolfcrypt/coding.h | 2 +- src/wolfssl/wolfcrypt/compress.h | 2 +- src/wolfssl/wolfcrypt/cpuid.h | 20 +- src/wolfssl/wolfcrypt/cryptocb.h | 14 +- src/wolfssl/wolfcrypt/curve25519.h | 2 +- src/wolfssl/wolfcrypt/curve448.h | 2 +- src/wolfssl/wolfcrypt/des3.h | 2 +- src/wolfssl/wolfcrypt/dh.h | 14 +- src/wolfssl/wolfcrypt/dilithium.h | 28 +- src/wolfssl/wolfcrypt/dsa.h | 2 +- src/wolfssl/wolfcrypt/ecc.h | 7 +- src/wolfssl/wolfcrypt/eccsi.h | 2 +- src/wolfssl/wolfcrypt/ed25519.h | 2 +- src/wolfssl/wolfcrypt/ed448.h | 2 +- src/wolfssl/wolfcrypt/error-crypt.h | 7 +- src/wolfssl/wolfcrypt/ext_lms.h | 2 +- src/wolfssl/wolfcrypt/ext_mlkem.h | 2 +- src/wolfssl/wolfcrypt/ext_xmss.h | 2 +- src/wolfssl/wolfcrypt/falcon.h | 2 +- src/wolfssl/wolfcrypt/fe_448.h | 2 +- src/wolfssl/wolfcrypt/fe_operations.h | 2 +- src/wolfssl/wolfcrypt/fips_test.h | 2 +- src/wolfssl/wolfcrypt/ge_448.h | 2 +- src/wolfssl/wolfcrypt/ge_operations.h | 2 +- src/wolfssl/wolfcrypt/hash.h | 13 +- src/wolfssl/wolfcrypt/hmac.h | 3 +- src/wolfssl/wolfcrypt/hpke.h | 2 +- src/wolfssl/wolfcrypt/integer.h | 9 +- src/wolfssl/wolfcrypt/kdf.h | 12 +- src/wolfssl/wolfcrypt/libwolfssl_sources.h | 2 +- .../wolfcrypt/libwolfssl_sources_asm.h | 2 +- src/wolfssl/wolfcrypt/lms.h | 7 +- src/wolfssl/wolfcrypt/logging.h | 100 +- src/wolfssl/wolfcrypt/md2.h | 2 +- src/wolfssl/wolfcrypt/md4.h | 2 +- src/wolfssl/wolfcrypt/md5.h | 2 +- src/wolfssl/wolfcrypt/mem_track.h | 10 +- src/wolfssl/wolfcrypt/memory.h | 47 +- src/wolfssl/wolfcrypt/misc.h | 2 +- src/wolfssl/wolfcrypt/mlkem.h | 2 +- src/wolfssl/wolfcrypt/mpi_class.h | 2 +- src/wolfssl/wolfcrypt/mpi_superclass.h | 2 +- src/wolfssl/wolfcrypt/oid_sum.h | 1903 ++++++++++ src/wolfssl/wolfcrypt/pkcs11.h | 2 +- src/wolfssl/wolfcrypt/pkcs12.h | 2 +- src/wolfssl/wolfcrypt/pkcs7.h | 22 +- src/wolfssl/wolfcrypt/poly1305.h | 2 +- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 2 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 2 +- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 12 +- src/wolfssl/wolfcrypt/port/atmel/atmel.h | 2 +- src/wolfssl/wolfcrypt/pwdbased.h | 2 +- src/wolfssl/wolfcrypt/random.h | 15 +- src/wolfssl/wolfcrypt/rc2.h | 2 +- src/wolfssl/wolfcrypt/ripemd.h | 2 +- src/wolfssl/wolfcrypt/rsa.h | 2 +- src/wolfssl/wolfcrypt/sakke.h | 2 +- src/wolfssl/wolfcrypt/selftest.h | 2 +- src/wolfssl/wolfcrypt/settings.h | 153 +- src/wolfssl/wolfcrypt/sha.h | 2 +- src/wolfssl/wolfcrypt/sha256.h | 2 +- src/wolfssl/wolfcrypt/sha3.h | 32 +- src/wolfssl/wolfcrypt/sha512.h | 2 +- src/wolfssl/wolfcrypt/signature.h | 2 +- src/wolfssl/wolfcrypt/siphash.h | 2 +- src/wolfssl/wolfcrypt/sm2.h | 2 +- src/wolfssl/wolfcrypt/sm3.h | 2 +- src/wolfssl/wolfcrypt/sm4.h | 2 +- src/wolfssl/wolfcrypt/sp.h | 2 +- src/wolfssl/wolfcrypt/sp_int.h | 52 +- src/wolfssl/wolfcrypt/sphincs.h | 2 +- src/wolfssl/wolfcrypt/srp.h | 2 +- src/wolfssl/wolfcrypt/tfm.h | 5 +- src/wolfssl/wolfcrypt/types.h | 3216 +++++++++-------- src/wolfssl/wolfcrypt/visibility.h | 2 +- src/wolfssl/wolfcrypt/wc_encrypt.h | 2 +- src/wolfssl/wolfcrypt/wc_lms.h | 6 +- src/wolfssl/wolfcrypt/wc_mlkem.h | 5 +- src/wolfssl/wolfcrypt/wc_pkcs11.h | 2 +- src/wolfssl/wolfcrypt/wc_port.h | 36 +- src/wolfssl/wolfcrypt/wc_xmss.h | 2 +- src/wolfssl/wolfcrypt/wolfevent.h | 2 +- src/wolfssl/wolfcrypt/wolfmath.h | 14 +- src/wolfssl/wolfcrypt/xmss.h | 2 +- src/wolfssl/wolfio.h | 2 +- 304 files changed, 13627 insertions(+), 7756 deletions(-) create mode 100644 src/wolfssl/wolfcrypt/oid_sum.h diff --git a/COPYING b/COPYING index d159169..94a9ed0 100644 --- a/COPYING +++ b/COPYING @@ -1,281 +1,622 @@ GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 + Version 3, 29 June 2007 - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of this License. - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. END OF TERMS AND CONDITIONS @@ -287,15 +628,15 @@ free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least +state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) - This program is free software; you can redistribute it and/or modify + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -303,37 +644,31 @@ the "copyright" line and a pointer to where the full notice is found. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + You should have received a copy of the GNU General Public License + along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/ChangeLog.md b/ChangeLog.md index a9cdff9..09728ee 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,204 @@ +# wolfSSL Release 5.8.2 (July 17, 2025) + +Release 5.8.2 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * wolfSSL is now GPLv3 instead of GPLv2 + * --enable-heapmath is deprecated + * MD5 is now disabled by default + + +PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. + +## Vulnerabilities + +* [Low] There is the potential for a fault injection attack on ECC and Ed25519 verify operations. In versions of wolfSSL 5.7.6 and later the --enable-faultharden option is available to help mitigate against potential fault injection attacks. The mitigation added in wolfSSL version 5.7.6 is to help harden applications relying on the results of the verify operations, such as when used with wolfBoot. If doing ECC or Ed25519 verify operations on a device at risk for fault injection attacks then --enable-faultharden could be used to help mitigate it. Thanks to Kevin from Fraunhofer AISEC for the report. + +Hardening option added in PR https://github.com/wolfSSL/wolfssl/pull/8289 + + +* [High CVE-2025-7395] When using WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION on an Apple platform, the native trust store verification routine overrides errors produced elsewhere in the wolfSSL certificate verification process including failures due to hostname matching/SNI, OCSP, CRL, etc. This allows any trusted cert chain to override other errors detected during chain verification that should have resulted in termination of the TLS connection. If building wolfSSL on versions after 5.7.6 and before 5.8.2 with use of the system CA support and the apple native cert validation feature enabled on Apple devices (on by default for non-macOS Apple targets when using autotools or CMake) we recommend updating to the latest version of wolfSSL. Thanks to Thomas Leong from ExpressVPN for the report. + +Fixed in PR https://github.com/wolfSSL/wolfssl/pull/8833 + + +* [Med. CVE-2025-7394] In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. + +Fixed in the following PR’s +https://github.com/wolfSSL/wolfssl/pull/8849 +https://github.com/wolfSSL/wolfssl/pull/8867 +https://github.com/wolfSSL/wolfssl/pull/8898 + + + +* [Low CVE-2025-7396] In wolfSSL 5.8.0 the option of hardening the C implementation of Curve25519 private key operations was added with the addition of blinding support (https://www.wolfssl.com/curve25519-blinding-support-added-in-wolfssl-5-8-0/). In wolfSSL release 5.8.2 that blinding support is turned on by default in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the attack would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation. Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris for the report. + +Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 + + +## New Features +* Multiple sessions are now supported in the sniffer due to the removal of a cached check. (PR #8723) +* New API ssl_RemoveSession() has been implemented for sniffer cleanup operations. (PR #8768) +* The new ASN X509 API, `wc_GetSubjectPubKeyInfoDerFromCert`, has been introduced for retrieving public key information from certificates. (PR #8758) +* `wc_PKCS12_create()` has been enhanced to support PBE_AES(256|128)_CBC key and certificate encryptions. (PR #8782, PR #8822, PR #8859) +* `wc_PKCS7_DecodeEncryptedKeyPackage()` has been added for decoding encrypted key packages. (PR #8976) +* All AES, SHA, and HMAC functionality has been implemented within the Linux Kernel Module. (PR #8998) +* Additions to the compatibility layer have been introduced for X.509 extensions and RSA PSS. Adding the API i2d_PrivateKey_bio, BN_ucmp and X509v3_get_ext_by_NID. (PR #8897) +* Added support for STM32N6. (PR #8914) +* Implemented SHA-256 for PPC 32 assembly. (PR #8894) + +## Improvements / Optimizations + +### Linux Kernel Module (LinuxKM) Enhancements +* Registered DH and FFDHE for the Linux Kernel Module. (PR #8707) +* Implemented fixes for standard RNG in the Linux Kernel Module. (PR #8718) +* Added an ECDSA workaround for the Linux Kernel Module. (PR #8727) +* Added more PKCS1 pad SHA variants for RSA in the Linux Kernel Module. (PR #8730) +* Set default priority to 100000 for LKCAPI in the Linux Kernel Module. (PR #8740) +* Ensured ECDH never has FIPS enabled in the Linux Kernel Module. (PR #8751) +* Implemented further Linux Kernel Module and SP tweaks. (PR #8773) +* Added sig_alg support for Linux 6.13 RSA in the Linux Kernel Module. (PR #8796) +* Optimized wc_linuxkm_fpu_state_assoc. (PR #8828) +* Ensured DRBG is multithread-round-1 in the Linux Kernel Module. (PR #8840) +* Prevented toggling of fips_enabled in the Linux Kernel Module. (PR #8873) +* Refactored drbg_ctx clear in the Linux Kernel Module. (PR #8876) +* Set sig_alg max_size and digest_size callbacks for RSA in the Linux Kernel Module. (PR #8915) +* Added get_random_bytes for the Linux Kernel Module. (PR #8943) +* Implemented distro fix for the Linux Kernel Module. (PR #8994) +* Fixed page-flags-h in the Linux Kernel Module. (PR #9001) +* Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) +* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms +* Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) +* Backward compatibility has been implemented for ML_KEM IDs (PR #8827) +* ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) +* Building LMS with verify-only has been fixed (PR #8913) +* Parameters for LMS SHA-256_192 have been corrected (PR #8912) +* State can now be saved with the private key for LMS (PR #8836) +* Support for OpenSSL format has been added for ML-DSA/Dilithium (PR #8947) +* `dilithium_coeff_eta2[]` has been explicitly declared as signed (PR #8955) + +### Build System & Portability +* Prepared for the inclusion of v5.8.0 in the Ada Alire index. (PR #8714) +* Introduced a new build option to allow reuse of the Windows crypt provider handle. (PR #8706) +* Introduced general fixes for various build configurations. (PR #8763) +* Made improvements for portability using older GCC 4.8.2. (PR #8753) +* Macro guards updated to allow tests to build with opensslall and no server. (PR #8776) +* Added a check for STDC_NO_ATOMICS macro before use of atomics. (PR #8885) +* Introduced CMakePresets.json and CMakeSettings.json. (PR #8905) +* Added an option to not use constant time code with min/max. (PR #8830) +* Implemented proper MacOS dispatch for conditional signal/wait. (PR #8928) +* Disabled MD5 by default for both general and CMake builds. (PR #8895, PR #8948) +* Improved to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. (PR #8926) +* Added introspection for Intel and ARM assembly speedups. (PR #8954) +* Fixed cURL config to set HAVE_EX_DATA and HAVE_ALPN. (PR #8973) +* Moved FREESCALE forced algorithm HAVE_ECC to IDE/MQX/user_settings.h. (PR #8977) + +### Testing & Debugging +* Fixed the exit status for testwolfcrypt. (PR #8762) +* Added WOLFSSL_DEBUG_PRINTF and WOLFSSL_DEBUG_CERTIFICATE_LOADS for improved debugging output. (PR #8769, PR #8770) +* Guarded some benchmark tests with NO_SW_BENCH. (PR #8760) +* Added an additional unit test for wolfcrypt PKCS12 file to improve code coverage. (PR #8831) +* Added an additional unit test for increased DH code coverage. (PR #8837) +* Adjusted for warnings with NO_TLS build and added GitHub actions test. (PR #8851) +* Added additional compatibility layer RAND tests. (PR #8852) +* Added an API unit test for checking domain name. (PR #8863) +* Added bind v9.18.33 testing. (PR #8888) +* Fixed issue with benchmark help options and descriptions not lining up. (PR #8957) + +### Certificates & ASN.1 +* Changed the algorithm for sum in ASN.1 OIDs. (PR #8655) +* Updated PKCS7 to use X509 STORE for internal verification. (PR #8748) +* Improved handling of temporary buffer size for X509 extension printing. (PR #8710) +* Marked IP address as WOLFSSL_V_ASN1_OCTET_STRING for ALT_NAMES_OID. (PR #8842) +* Fixed printing empty names in certificates. (PR #8880) +* Allowed CA:FALSE on wolftpm. (PR #8925) +* Fixed several inconsistent function prototype parameter names in wc/asn. (PR #8949) +* Accounted for custom extensions when creating a Cert from a WOLFSSL_X509. (PR #8960) + +### TLS/DTLS & Handshake +* Checked group correctness outside of TLS 1.3 too for TLSX_UseSupportedCurve. (PR #8785) +* Dropped records that span datagrams in DTLS. (PR #8642) +* Implemented WC_NID_netscape_cert_type. (PR #8800) +* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) +* Correctly set the current peer in dtlsProcessPendingPeer. (PR #8848) +* Fixed set_groups for TLS. (PR #8824) +* Allowed trusted_ca_keys with TLSv1.3. (PR #8860) +* Moved Dtls13NewEpoch into DeriveTls13Keys. (PR #8858) +* Cleared tls1_3 on downgrade. (PR #8861) +* Always sent ACKs on detected retransmission for DTLS1.3. (PR #8882) +* Removed DTLS from echo examples. (PR #8889) +* Recalculated suites at SSL initialization. (PR #8757) +* No longer using BIO for ALPN. (PR #8969) +* Fixed wolfSSL_BIO_new_connect's handling of IPV6 addresses. (PR #8815) +* Memory Management & Optimizations +* Performed small stack refactors, improved stack size with mlkem and dilithium, and added additional tests. (PR #8779) +* Implemented FREE_MP_INT_SIZE in heap math. (PR #8881) +* Detected correct MAX_ENCODED_SIG_SZ based on max support in math lib. (PR #8931) +* Fixed improper access of sp_int_minimal using sp_int. (PR #8985) + +### Cryptography & Hash Functions +* Implemented WC_SIPHASH_NO_ASM for not using assembly optimizations with siphash. (PR #8789, PR #8791) +* Added missing DH_MAX_SIZE define for FIPS and corrected wolfssl.rc FILETYPE to VFT_DLL. (PR #8794) +* Implemented WC_SHA3_NO_ASM for not using assembly with SHA3. (PR #8817) +* Improved Aarch64 XFENCE. (PR #8832) +* Omitted frame pointer for ARM32/Thumb2/RISC-V 64 assembly. (PR #8893) +* Fixed branch instruction in ARMv7a ASM. (PR #8933) +* Enabled EVP HMAC to work with WOLFSSL_HMAC_COPY_HASH. (PR #8944) +* Platform-Specific & Hardware Integration +* Added HAVE_HKDF for wolfssl_test and explicit support for ESP32P4. (PR #8742) +* Corrected Espressif default time setting. (PR #8829) +* Made wc_tsip_* APIs public. (PR #8717) +* Improved PlatformIO Certificate Bundle Support. (PR #8847) +* Fixed the TSIP TLS example program. (PR #8857) +* Added crypto callback functions for TROPIC01 secure element. (PR #8812) +* Added Renesas RX TSIP AES CTR support. (PR #8854) +* Fixed TSIP port using crypto callback. (PR #8937) + +### General Improvements & Refactoring +* Attempted wolfssl_read_bio_file in read_bio even when XFSEEK is available. (PR #8703) +* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) +* Updated libspdm from 3.3.0 to 3.7.0. (PR #8906) +* Fixed missing dashes on the end of header and footer for Falcon PEM key. (PR #8904) +* Fixed minor code typos for macos signal and types.h max block size. (PR #8934) +* Make the API wolfSSL_X509_STORE_CTX_get_error accessible to more build configurations for ease of getting the "store" error code and depth with certificate failure callback implementations. (PR #8903) + +## Bug Fixes +* Fixed issues to support _WIN32_WCE (VS 2008 with WinCE 6.0/7.0). (PR #8709) +* Fixed STM32 Hash with IRQ enabled. (PR #8705) +* Fixed raw hash when using crypto instructions on RISC-V 64-bit. (PR #8733) +* Fixed ECDH decode secret in the Linux Kernel Module. (PR #8729) +* Passed in the correct hash type to wolfSSL_RSA_verify_ex. (PR #8726) +* Fixed issues for Intel QuickAssist latest driver (4.28). (PR #8728) +* Speculative fix for CodeSonar overflow issue in ssl_certman.c. (PR #8715) +* Fixed Arduino progmem print and AVR WOLFSSL_USER_IO. (PR #8668) +* Correctly advanced the index in wc_HKDF_Expand_ex. (PR #8737) +* Fixed STM32 hash status check logic, including NO_AES_192 and NO_AES_256. (PR #8732) +* Added missing call to wolfSSL_RefFree in FreeCRL to prevent memory leaks. (PR #8750) +* Fixed sanity check on --group with unit test app and null sanity check with des decrypt. (PR #8711) +* Fixed Curve25519 and static ephemeral issue with blinding. (PR #8766) +* Fixed edge case issue with STM32 AES GCM auth padding. (PR #8745) +* Removed redefinition of MlKemKey and fixed build issue in benchmark. (PR #8755) +* Used proper heap hint when freeing CRL in error case. (PR #8713) +* Added support for no malloc with wc_CheckCertSigPubKey. (PR #8725) +* Fixed C# wrapper Release build. (PR #8802) +* Handled malformed CCS and CCS before CH in TLS1.3. (PR #8788) +* Fixed ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. (PR #8798) +* Fixed AesGcmCrypt_1 no-stream in the Linux Kernel Module. (PR #8814) +* Fixed return value usage for crypto_sig_sign in the Linux Kernel Module. (PR #8816) +* Fixed issue with CSharp and Windows CE with conversion of ASCII and Unicode. (PR #8799) +* Fixed Renesas SCE on RA6M4. (PR #8838) +* Fixed tests for different configs for ML-DSA. (PR #8865) +* Fixed bug in ParseCRL_Extensions around the size of a CRL number handled and CRL number OID. (PR #8587) +* Fixed uninitialized wc_FreeRng in prime_test. (PR #8886) +* Fixed ECC configuration issues with ECC verify only and no RNG. (PR #8901) +* Fixed issues with max size, openssl.test netcat, and clang-tidy. (PR #8909) +* Fixed for casting down and uninit issues in Dilithium/ML-DSA. (PR #8868) +* Fixed memory allocation failure testing and related unit test cases. (PR #8945, PR #8952) +* Fixed build issue with ML-DSA 44 only. (PR #8981) +* Fixed possible memory leak with X509 reference counter when using x509small. (PR #8982) + + # wolfSSL Release 5.8.0 (Apr 24, 2025) Release 5.8.0 has been developed according to wolfSSL's development and QA diff --git a/LICENSING b/LICENSING index 24407d1..cf1d098 100644 --- a/LICENSING +++ b/LICENSING @@ -1,7 +1,7 @@ wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use -under the GPLv2 (or at your option any later version) or a standard commercial -license. For our users who cannot use wolfSSL under GPLv2 +under the GPLv3 (or at your option any later version) or a standard commercial +license. For our users who cannot use wolfSSL under GPLv3 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. diff --git a/README b/README index 582977d..a8e5f76 100644 --- a/README +++ b/README @@ -70,215 +70,205 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.8.0 (Apr 24, 2025) +# wolfSSL Release 5.8.2 (July 17, 2025) -Release 5.8.0 has been developed according to wolfSSL's development and QA +Release 5.8.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is deprecated - -PR stands for Pull Request, and PR references a GitHub pull request - number where the code change was added. - - -## New Feature Additions -* Algorithm registration in the Linux kernel module for all supported FIPS AES, - SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes. -* Implemented various fixes to support building for Open Watcom including OS/2 - support and Open Watcom 1.9 compatibility (PR 8505, 8484) -* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488) -* Added support for STM32WBA (PR 8550) -* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks - build (PR 8303) -* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594) -* Added support for libimobiledevice commit 860ffb (PR 8373) -* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD - (PR 8307) -* Added blinding option when using a Curve25519 private key by defining the - macro WOLFSSL_CURVE25519_BLINDING (PR 8392) - - -## Linux Kernel Module -* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes), - rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256, - P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with - bare and PKCS1 padding -* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552) -* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for - compatibility with FIPS 140-3 Cert #4718. -* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override - macro (PR 8654) -* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit - 7450ebd29c (merged for Linux 6.15) (PR 8667) -* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673) -* Fix for uninitialized build error with fedora (PR 8569) -* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663, - 8646) -* Added force zero shared secret buffer, and clear of old key with ecdh - (PR 8685) -* Update fips-check.sh script to pickup XTS streaming support on aarch64 and - disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546) - - -## Enhancements and Optimizations - -### Security & Cryptography -* Add constant-time implementation improvements for encoding functions. We thank - Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and - reporting several non-constant-time implementations. (PR 8396, 8617) -* Additional support for PKCS7 verify and decode with indefinite lengths - (PR 8520, 834, 8645) -* Add more PQC hybrid key exchange algorithms such as support for combinations - with X25519 and X448 enabling compatibility with the PQC key exchange support - in Chromium browsers and Mozilla Firefox (PR 7821) -* Add short-circuit comparisons to DH key validation for RFC 7919 parameters - (PR 8335) -* Improve FIPS compatibility with various build configurations for more resource - constrained builds (PR 8370) -* Added option to disable ECC public key order checking (PR 8581) -* Allow critical alt and basic constraints extensions (PR 8542) -* New codepoint for MLDSA to help with interoperability (PR 8393) -* Add support for parsing trusted PEM certs having the header - “BEGIN_TRUSTED_CERT” (PR 8400) -* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs - (PR 8599, 8686) -* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c - handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425) - -### Build System, Configuration, CI & Protocols -* Internal refactor for include of config.h and when building with - BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated - function” when trying to improperly use an internal API of wolfSSL in an - external application. (PR 8640, 8647, 8660, 8662, 8664) -* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548) -* Add CMake and Zephyr support for XMSS and LMS (PR 8494) -* Added GitHub CI for CMake builds (PR 8439) -* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382) -* Add MSYS2 build continuous integration test (PR 8504) -* Update DevKitPro doc to list calico dependency with build commands (PR 8607) -* Conversion compiler warning fixes and additional continuous integration test - added (PR 8538) -* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481) -* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds - (PR 8526) - -### Performance Improvements -* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429) -* LMS fixes and improvements adding API to get Key ID from raw private key, - change to identifiers to match standard, and fix for when - WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623) -* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage, - performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619, - 8622, 8588) -* Performance improvements for AES-GCM and when doing multiple HMAC operations - (PR 8445) - -### Assembly and Platform-Specific Enhancements -* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for - Aarch64 use (PR 8344, 8561, 8671) -* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD - (PR 8325, 8348) -* Only perform ARM assembly CPUID checks if support was enabled at build time - (PR 8566) -* Optimizations for ARM32 assembly instructions on platforms less than ARMv7 - (PR 8395) -* Improve MSVC feature detection for static assert macros (PR 8440) -* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402) -* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h - (PR 8422, PR 8641) - -### OpenSSL Compatibility Layer -* Modification to the push/pop to/from in OpenSSL compatibility layer. This is - a pretty major API change in the OpenSSL compatibility stack functions. - Previously the API would push/pop from the beginning of the list but now they - operate on the tail of the list. This matters when using the sk_value with - index values. (PR 8616) -* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498) -* Expand the OpenSSL compatibility layer to include an implementation of - BN_CTX_get (PR 8388) - -### API Additions and Modifications -* Refactor Hpke to allow multiple uses of a context instead of just one shot - mode (PR 6805) -* Add support for PSK client callback with Ada and use with Alire (thanks - @mgrojo, PR 8332, 8606) -* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add - functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to - rotate the server's echConfigs (PR 8556) -* Added the public API wc_PkcsPad to do PKCS padding (PR 8502) -* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518) -* Update Kyber APIs to ML-KEM APIs (PR 8536) -* Add option to disallow automatic use of "default" devId using the macro - WC_NO_DEFAULT_DEVID (PR 8555) -* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk - format (PR 8630) - -### Porting and Language Support -* Update Python port to support version 3.12.6 (PR 8345) -* New additions for MAXQ with wolfPKCS11 (PR 8343) -* Port to ntp 4.2.8p17 additions (PR 8324) -* Add version 0.9.14 to tested libvncserver builds (PR 8337) - -### General Improvements and Cleanups -* Cleanups for STM32 AES GCM (PR 8584) -* Improvements to isascii() and the CMake key log option (PR 8596) -* Arduino documentation updates, comments and spelling corrections (PR 8381, - 8384, 8514) -* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and - --enable-all builds (PR 8369, 8371) - - -## Fixes -* Fix a use after free caused by an early free on error in the X509 store - (PR 8449) -* Fix to account for existing PKCS8 header with - wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612) -* Fixed failing CMake build issue when standard threads support is not found in - the system (PR 8485) -* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with - gcc -march=native -O2 (PR 8329) -* Fix Windows socket API compatibility warning with mingw32 build (PR 8424) -* Fix potential null pointer increments in cipher list parsing (PR 8420) -* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7. - Thanks to the team at Code Intelligence for the report. (PR 8466) -* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379) -* Fixed building with VS2008 and .NET 3.5 (PR 8621) -* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447) -* Fixed SSL_set_mtu compatibility function return code (PR 8330) -* Fixed Renesas RX TSIP (PR 8595) -* Fixed ECC non-blocking tests (PR 8533) -* Fixed CMake on MINGW and MSYS (PR 8377) -* Fixed Watcom compiler and added new CI test (PR 8391) -* Fixed STM32 PKA ECC 521-bit support (PR 8450) -* Fixed STM32 PKA with P521 and shared secret (PR 8601) -* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602) -* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD - (PR 8575) -* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350) -* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407) -* Fix CMake lean_tls build (PR 8460) -* Fix for QUIC callback failure (PR 8475) -* Fix missing alert types in AlertTypeToString for print out with debugging - enabled (PR 8572) -* Fixes for MSVS build issues with PQC configure (PR 8568) -* Fix for SE050 port and minor improvements (PR 8431, 8437) -* Fix for missing rewind function in zephyr and add missing files for compiling - with assembly optimizations (PR 8531, 8541) -* Fix for quic_record_append to return the correct code (PR 8340, 8358) -* Fixes for Bind 9.18.28 port (PR 8331) -* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when - negotiating TLS 1.3 (PR 8487) -* Fix to properly check for signature_algorithms from the client in a TLS 1.3 - server (PR 8356) -* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code - Intelligence for the report (PR 8426) -* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations - (PR 8590, 8635) -* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm - or zmm registers are used (PR 8479) -* Entropy MemUse fix for when block size less than update bits (PR 8675) - +NOTE: * wolfSSL is now GPLv3 instead of GPLv2 + * --enable-heapmath is deprecated + * MD5 is now disabled by default + + +PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. + +## Vulnerabilities + +* [Low] There is the potential for a fault injection attack on ECC and Ed25519 verify operations. In versions of wolfSSL 5.7.6 and later the --enable-faultharden option is available to help mitigate against potential fault injection attacks. The mitigation added in wolfSSL version 5.7.6 is to help harden applications relying on the results of the verify operations, such as when used with wolfBoot. If doing ECC or Ed25519 verify operations on a device at risk for fault injection attacks then --enable-faultharden could be used to help mitigate it. Thanks to Kevin from Fraunhofer AISEC for the report. + +Hardening option added in PR https://github.com/wolfSSL/wolfssl/pull/8289 + + +* [High CVE-2025-7395] When using WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION on an Apple platform, the native trust store verification routine overrides errors produced elsewhere in the wolfSSL certificate verification process including failures due to hostname matching/SNI, OCSP, CRL, etc. This allows any trusted cert chain to override other errors detected during chain verification that should have resulted in termination of the TLS connection. If building wolfSSL on versions after 5.7.6 and before 5.8.2 with use of the system CA support and the apple native cert validation feature enabled on Apple devices (on by default for non-macOS Apple targets when using autotools or CMake) we recommend updating to the latest version of wolfSSL. Thanks to Thomas Leong from ExpressVPN for the report. + +Fixed in PR https://github.com/wolfSSL/wolfssl/pull/8833 + + +* [Med. CVE-2025-7394] In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. + +Fixed in the following PR’s +https://github.com/wolfSSL/wolfssl/pull/8849 +https://github.com/wolfSSL/wolfssl/pull/8867 +https://github.com/wolfSSL/wolfssl/pull/8898 + + + +* [Low CVE-2025-7396] In wolfSSL 5.8.0 the option of hardening the C implementation of Curve25519 private key operations was added with the addition of blinding support (https://www.wolfssl.com/curve25519-blinding-support-added-in-wolfssl-5-8-0/). In wolfSSL release 5.8.2 that blinding support is turned on by default in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the attack would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation. Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris for the report. + +Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 + + +## New Features +* Multiple sessions are now supported in the sniffer due to the removal of a cached check. (PR #8723) +* New API ssl_RemoveSession() has been implemented for sniffer cleanup operations. (PR #8768) +* The new ASN X509 API, `wc_GetSubjectPubKeyInfoDerFromCert`, has been introduced for retrieving public key information from certificates. (PR #8758) +* `wc_PKCS12_create()` has been enhanced to support PBE_AES(256|128)_CBC key and certificate encryptions. (PR #8782, PR #8822, PR #8859) +* `wc_PKCS7_DecodeEncryptedKeyPackage()` has been added for decoding encrypted key packages. (PR #8976) +* All AES, SHA, and HMAC functionality has been implemented within the Linux Kernel Module. (PR #8998) +* Additions to the compatibility layer have been introduced for X.509 extensions and RSA PSS. Adding the API i2d_PrivateKey_bio, BN_ucmp and X509v3_get_ext_by_NID. (PR #8897) +* Added support for STM32N6. (PR #8914) +* Implemented SHA-256 for PPC 32 assembly. (PR #8894) + +## Improvements / Optimizations + +### Linux Kernel Module (LinuxKM) Enhancements +* Registered DH and FFDHE for the Linux Kernel Module. (PR #8707) +* Implemented fixes for standard RNG in the Linux Kernel Module. (PR #8718) +* Added an ECDSA workaround for the Linux Kernel Module. (PR #8727) +* Added more PKCS1 pad SHA variants for RSA in the Linux Kernel Module. (PR #8730) +* Set default priority to 100000 for LKCAPI in the Linux Kernel Module. (PR #8740) +* Ensured ECDH never has FIPS enabled in the Linux Kernel Module. (PR #8751) +* Implemented further Linux Kernel Module and SP tweaks. (PR #8773) +* Added sig_alg support for Linux 6.13 RSA in the Linux Kernel Module. (PR #8796) +* Optimized wc_linuxkm_fpu_state_assoc. (PR #8828) +* Ensured DRBG is multithread-round-1 in the Linux Kernel Module. (PR #8840) +* Prevented toggling of fips_enabled in the Linux Kernel Module. (PR #8873) +* Refactored drbg_ctx clear in the Linux Kernel Module. (PR #8876) +* Set sig_alg max_size and digest_size callbacks for RSA in the Linux Kernel Module. (PR #8915) +* Added get_random_bytes for the Linux Kernel Module. (PR #8943) +* Implemented distro fix for the Linux Kernel Module. (PR #8994) +* Fixed page-flags-h in the Linux Kernel Module. (PR #9001) +* Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) +* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms +* Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) +* Backward compatibility has been implemented for ML_KEM IDs (PR #8827) +* ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) +* Building LMS with verify-only has been fixed (PR #8913) +* Parameters for LMS SHA-256_192 have been corrected (PR #8912) +* State can now be saved with the private key for LMS (PR #8836) +* Support for OpenSSL format has been added for ML-DSA/Dilithium (PR #8947) +* `dilithium_coeff_eta2[]` has been explicitly declared as signed (PR #8955) + +### Build System & Portability +* Prepared for the inclusion of v5.8.0 in the Ada Alire index. (PR #8714) +* Introduced a new build option to allow reuse of the Windows crypt provider handle. (PR #8706) +* Introduced general fixes for various build configurations. (PR #8763) +* Made improvements for portability using older GCC 4.8.2. (PR #8753) +* Macro guards updated to allow tests to build with opensslall and no server. (PR #8776) +* Added a check for STDC_NO_ATOMICS macro before use of atomics. (PR #8885) +* Introduced CMakePresets.json and CMakeSettings.json. (PR #8905) +* Added an option to not use constant time code with min/max. (PR #8830) +* Implemented proper MacOS dispatch for conditional signal/wait. (PR #8928) +* Disabled MD5 by default for both general and CMake builds. (PR #8895, PR #8948) +* Improved to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. (PR #8926) +* Added introspection for Intel and ARM assembly speedups. (PR #8954) +* Fixed cURL config to set HAVE_EX_DATA and HAVE_ALPN. (PR #8973) +* Moved FREESCALE forced algorithm HAVE_ECC to IDE/MQX/user_settings.h. (PR #8977) + +### Testing & Debugging +* Fixed the exit status for testwolfcrypt. (PR #8762) +* Added WOLFSSL_DEBUG_PRINTF and WOLFSSL_DEBUG_CERTIFICATE_LOADS for improved debugging output. (PR #8769, PR #8770) +* Guarded some benchmark tests with NO_SW_BENCH. (PR #8760) +* Added an additional unit test for wolfcrypt PKCS12 file to improve code coverage. (PR #8831) +* Added an additional unit test for increased DH code coverage. (PR #8837) +* Adjusted for warnings with NO_TLS build and added GitHub actions test. (PR #8851) +* Added additional compatibility layer RAND tests. (PR #8852) +* Added an API unit test for checking domain name. (PR #8863) +* Added bind v9.18.33 testing. (PR #8888) +* Fixed issue with benchmark help options and descriptions not lining up. (PR #8957) + +### Certificates & ASN.1 +* Changed the algorithm for sum in ASN.1 OIDs. (PR #8655) +* Updated PKCS7 to use X509 STORE for internal verification. (PR #8748) +* Improved handling of temporary buffer size for X509 extension printing. (PR #8710) +* Marked IP address as WOLFSSL_V_ASN1_OCTET_STRING for ALT_NAMES_OID. (PR #8842) +* Fixed printing empty names in certificates. (PR #8880) +* Allowed CA:FALSE on wolftpm. (PR #8925) +* Fixed several inconsistent function prototype parameter names in wc/asn. (PR #8949) +* Accounted for custom extensions when creating a Cert from a WOLFSSL_X509. (PR #8960) + +### TLS/DTLS & Handshake +* Checked group correctness outside of TLS 1.3 too for TLSX_UseSupportedCurve. (PR #8785) +* Dropped records that span datagrams in DTLS. (PR #8642) +* Implemented WC_NID_netscape_cert_type. (PR #8800) +* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) +* Correctly set the current peer in dtlsProcessPendingPeer. (PR #8848) +* Fixed set_groups for TLS. (PR #8824) +* Allowed trusted_ca_keys with TLSv1.3. (PR #8860) +* Moved Dtls13NewEpoch into DeriveTls13Keys. (PR #8858) +* Cleared tls1_3 on downgrade. (PR #8861) +* Always sent ACKs on detected retransmission for DTLS1.3. (PR #8882) +* Removed DTLS from echo examples. (PR #8889) +* Recalculated suites at SSL initialization. (PR #8757) +* No longer using BIO for ALPN. (PR #8969) +* Fixed wolfSSL_BIO_new_connect's handling of IPV6 addresses. (PR #8815) +* Memory Management & Optimizations +* Performed small stack refactors, improved stack size with mlkem and dilithium, and added additional tests. (PR #8779) +* Implemented FREE_MP_INT_SIZE in heap math. (PR #8881) +* Detected correct MAX_ENCODED_SIG_SZ based on max support in math lib. (PR #8931) +* Fixed improper access of sp_int_minimal using sp_int. (PR #8985) + +### Cryptography & Hash Functions +* Implemented WC_SIPHASH_NO_ASM for not using assembly optimizations with siphash. (PR #8789, PR #8791) +* Added missing DH_MAX_SIZE define for FIPS and corrected wolfssl.rc FILETYPE to VFT_DLL. (PR #8794) +* Implemented WC_SHA3_NO_ASM for not using assembly with SHA3. (PR #8817) +* Improved Aarch64 XFENCE. (PR #8832) +* Omitted frame pointer for ARM32/Thumb2/RISC-V 64 assembly. (PR #8893) +* Fixed branch instruction in ARMv7a ASM. (PR #8933) +* Enabled EVP HMAC to work with WOLFSSL_HMAC_COPY_HASH. (PR #8944) +* Platform-Specific & Hardware Integration +* Added HAVE_HKDF for wolfssl_test and explicit support for ESP32P4. (PR #8742) +* Corrected Espressif default time setting. (PR #8829) +* Made wc_tsip_* APIs public. (PR #8717) +* Improved PlatformIO Certificate Bundle Support. (PR #8847) +* Fixed the TSIP TLS example program. (PR #8857) +* Added crypto callback functions for TROPIC01 secure element. (PR #8812) +* Added Renesas RX TSIP AES CTR support. (PR #8854) +* Fixed TSIP port using crypto callback. (PR #8937) + +### General Improvements & Refactoring +* Attempted wolfssl_read_bio_file in read_bio even when XFSEEK is available. (PR #8703) +* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) +* Updated libspdm from 3.3.0 to 3.7.0. (PR #8906) +* Fixed missing dashes on the end of header and footer for Falcon PEM key. (PR #8904) +* Fixed minor code typos for macos signal and types.h max block size. (PR #8934) +* Make the API wolfSSL_X509_STORE_CTX_get_error accessible to more build configurations for ease of getting the "store" error code and depth with certificate failure callback implementations. (PR #8903) + +## Bug Fixes +* Fixed issues to support _WIN32_WCE (VS 2008 with WinCE 6.0/7.0). (PR #8709) +* Fixed STM32 Hash with IRQ enabled. (PR #8705) +* Fixed raw hash when using crypto instructions on RISC-V 64-bit. (PR #8733) +* Fixed ECDH decode secret in the Linux Kernel Module. (PR #8729) +* Passed in the correct hash type to wolfSSL_RSA_verify_ex. (PR #8726) +* Fixed issues for Intel QuickAssist latest driver (4.28). (PR #8728) +* Speculative fix for CodeSonar overflow issue in ssl_certman.c. (PR #8715) +* Fixed Arduino progmem print and AVR WOLFSSL_USER_IO. (PR #8668) +* Correctly advanced the index in wc_HKDF_Expand_ex. (PR #8737) +* Fixed STM32 hash status check logic, including NO_AES_192 and NO_AES_256. (PR #8732) +* Added missing call to wolfSSL_RefFree in FreeCRL to prevent memory leaks. (PR #8750) +* Fixed sanity check on --group with unit test app and null sanity check with des decrypt. (PR #8711) +* Fixed Curve25519 and static ephemeral issue with blinding. (PR #8766) +* Fixed edge case issue with STM32 AES GCM auth padding. (PR #8745) +* Removed redefinition of MlKemKey and fixed build issue in benchmark. (PR #8755) +* Used proper heap hint when freeing CRL in error case. (PR #8713) +* Added support for no malloc with wc_CheckCertSigPubKey. (PR #8725) +* Fixed C# wrapper Release build. (PR #8802) +* Handled malformed CCS and CCS before CH in TLS1.3. (PR #8788) +* Fixed ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. (PR #8798) +* Fixed AesGcmCrypt_1 no-stream in the Linux Kernel Module. (PR #8814) +* Fixed return value usage for crypto_sig_sign in the Linux Kernel Module. (PR #8816) +* Fixed issue with CSharp and Windows CE with conversion of ASCII and Unicode. (PR #8799) +* Fixed Renesas SCE on RA6M4. (PR #8838) +* Fixed tests for different configs for ML-DSA. (PR #8865) +* Fixed bug in ParseCRL_Extensions around the size of a CRL number handled and CRL number OID. (PR #8587) +* Fixed uninitialized wc_FreeRng in prime_test. (PR #8886) +* Fixed ECC configuration issues with ECC verify only and no RNG. (PR #8901) +* Fixed issues with max size, openssl.test netcat, and clang-tidy. (PR #8909) +* Fixed for casting down and uninit issues in Dilithium/ML-DSA. (PR #8868) +* Fixed memory allocation failure testing and related unit test cases. (PR #8945, PR #8952) +* Fixed build issue with ML-DSA 44 only. (PR #8981) +* Fixed possible memory leak with X509 reference counter when using x509small. (PR #8982) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/README.md b/README.md index 7c0fd06..13265b3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Arduino wolfSSL Library -This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.8.0 for the Arduino platform. +This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.8.2 for the Arduino platform. The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json). @@ -124,214 +124,205 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.8.0 (Apr 24, 2025) +# wolfSSL Release 5.8.2 (July 17, 2025) -Release 5.8.0 has been developed according to wolfSSL's development and QA +Release 5.8.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is deprecated - -PR stands for Pull Request, and PR references a GitHub pull request - number where the code change was added. - - -## New Feature Additions -* Algorithm registration in the Linux kernel module for all supported FIPS AES, - SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes. -* Implemented various fixes to support building for Open Watcom including OS/2 - support and Open Watcom 1.9 compatibility (PR 8505, 8484) -* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488) -* Added support for STM32WBA (PR 8550) -* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks - build (PR 8303) -* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594) -* Added support for libimobiledevice commit 860ffb (PR 8373) -* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD - (PR 8307) -* Added blinding option when using a Curve25519 private key by defining the - macro WOLFSSL_CURVE25519_BLINDING (PR 8392) - - -## Linux Kernel Module -* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes), - rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256, - P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with - bare and PKCS1 padding -* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552) -* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for - compatibility with FIPS 140-3 Cert #4718. -* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override - macro (PR 8654) -* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit - 7450ebd29c (merged for Linux 6.15) (PR 8667) -* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673) -* Fix for uninitialized build error with fedora (PR 8569) -* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663, - 8646) -* Added force zero shared secret buffer, and clear of old key with ecdh - (PR 8685) -* Update fips-check.sh script to pickup XTS streaming support on aarch64 and - disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546) - - -## Enhancements and Optimizations - -### Security & Cryptography -* Add constant-time implementation improvements for encoding functions. We thank - Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and - reporting several non-constant-time implementations. (PR 8396, 8617) -* Additional support for PKCS7 verify and decode with indefinite lengths - (PR 8520, 834, 8645) -* Add more PQC hybrid key exchange algorithms such as support for combinations - with X25519 and X448 enabling compatibility with the PQC key exchange support - in Chromium browsers and Mozilla Firefox (PR 7821) -* Add short-circuit comparisons to DH key validation for RFC 7919 parameters - (PR 8335) -* Improve FIPS compatibility with various build configurations for more resource - constrained builds (PR 8370) -* Added option to disable ECC public key order checking (PR 8581) -* Allow critical alt and basic constraints extensions (PR 8542) -* New codepoint for MLDSA to help with interoperability (PR 8393) -* Add support for parsing trusted PEM certs having the header - “BEGIN_TRUSTED_CERT” (PR 8400) -* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs - (PR 8599, 8686) -* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c - handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425) - -### Build System, Configuration, CI & Protocols -* Internal refactor for include of config.h and when building with - BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated - function” when trying to improperly use an internal API of wolfSSL in an - external application. (PR 8640, 8647, 8660, 8662, 8664) -* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548) -* Add CMake and Zephyr support for XMSS and LMS (PR 8494) -* Added GitHub CI for CMake builds (PR 8439) -* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382) -* Add MSYS2 build continuous integration test (PR 8504) -* Update DevKitPro doc to list calico dependency with build commands (PR 8607) -* Conversion compiler warning fixes and additional continuous integration test - added (PR 8538) -* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481) -* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds - (PR 8526) - -### Performance Improvements -* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429) -* LMS fixes and improvements adding API to get Key ID from raw private key, - change to identifiers to match standard, and fix for when - WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623) -* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage, - performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619, - 8622, 8588) -* Performance improvements for AES-GCM and when doing multiple HMAC operations - (PR 8445) - -### Assembly and Platform-Specific Enhancements -* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for - Aarch64 use (PR 8344, 8561, 8671) -* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD - (PR 8325, 8348) -* Only perform ARM assembly CPUID checks if support was enabled at build time - (PR 8566) -* Optimizations for ARM32 assembly instructions on platforms less than ARMv7 - (PR 8395) -* Improve MSVC feature detection for static assert macros (PR 8440) -* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402) -* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h - (PR 8422, PR 8641) - -### OpenSSL Compatibility Layer -* Modification to the push/pop to/from in OpenSSL compatibility layer. This is - a pretty major API change in the OpenSSL compatibility stack functions. - Previously the API would push/pop from the beginning of the list but now they - operate on the tail of the list. This matters when using the sk_value with - index values. (PR 8616) -* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498) -* Expand the OpenSSL compatibility layer to include an implementation of - BN_CTX_get (PR 8388) - -### API Additions and Modifications -* Refactor Hpke to allow multiple uses of a context instead of just one shot - mode (PR 6805) -* Add support for PSK client callback with Ada and use with Alire (thanks - @mgrojo, PR 8332, 8606) -* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add - functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to - rotate the server's echConfigs (PR 8556) -* Added the public API wc_PkcsPad to do PKCS padding (PR 8502) -* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518) -* Update Kyber APIs to ML-KEM APIs (PR 8536) -* Add option to disallow automatic use of "default" devId using the macro - WC_NO_DEFAULT_DEVID (PR 8555) -* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk - format (PR 8630) - -### Porting and Language Support -* Update Python port to support version 3.12.6 (PR 8345) -* New additions for MAXQ with wolfPKCS11 (PR 8343) -* Port to ntp 4.2.8p17 additions (PR 8324) -* Add version 0.9.14 to tested libvncserver builds (PR 8337) - -### General Improvements and Cleanups -* Cleanups for STM32 AES GCM (PR 8584) -* Improvements to isascii() and the CMake key log option (PR 8596) -* Arduino documentation updates, comments and spelling corrections (PR 8381, - 8384, 8514) -* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and - --enable-all builds (PR 8369, 8371) - - -## Fixes -* Fix a use after free caused by an early free on error in the X509 store - (PR 8449) -* Fix to account for existing PKCS8 header with - wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612) -* Fixed failing CMake build issue when standard threads support is not found in - the system (PR 8485) -* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with - gcc -march=native -O2 (PR 8329) -* Fix Windows socket API compatibility warning with mingw32 build (PR 8424) -* Fix potential null pointer increments in cipher list parsing (PR 8420) -* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7. - Thanks to the team at Code Intelligence for the report. (PR 8466) -* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379) -* Fixed building with VS2008 and .NET 3.5 (PR 8621) -* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447) -* Fixed SSL_set_mtu compatibility function return code (PR 8330) -* Fixed Renesas RX TSIP (PR 8595) -* Fixed ECC non-blocking tests (PR 8533) -* Fixed CMake on MINGW and MSYS (PR 8377) -* Fixed Watcom compiler and added new CI test (PR 8391) -* Fixed STM32 PKA ECC 521-bit support (PR 8450) -* Fixed STM32 PKA with P521 and shared secret (PR 8601) -* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602) -* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD - (PR 8575) -* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350) -* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407) -* Fix CMake lean_tls build (PR 8460) -* Fix for QUIC callback failure (PR 8475) -* Fix missing alert types in AlertTypeToString for print out with debugging - enabled (PR 8572) -* Fixes for MSVS build issues with PQC configure (PR 8568) -* Fix for SE050 port and minor improvements (PR 8431, 8437) -* Fix for missing rewind function in zephyr and add missing files for compiling - with assembly optimizations (PR 8531, 8541) -* Fix for quic_record_append to return the correct code (PR 8340, 8358) -* Fixes for Bind 9.18.28 port (PR 8331) -* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when - negotiating TLS 1.3 (PR 8487) -* Fix to properly check for signature_algorithms from the client in a TLS 1.3 - server (PR 8356) -* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code - Intelligence for the report (PR 8426) -* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations - (PR 8590, 8635) -* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm - or zmm registers are used (PR 8479) -* Entropy MemUse fix for when block size less than update bits (PR 8675) +NOTE: * wolfSSL is now GPLv3 instead of GPLv2 + * --enable-heapmath is deprecated + * MD5 is now disabled by default + + +PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. + +## Vulnerabilities + +* [Low] There is the potential for a fault injection attack on ECC and Ed25519 verify operations. In versions of wolfSSL 5.7.6 and later the --enable-faultharden option is available to help mitigate against potential fault injection attacks. The mitigation added in wolfSSL version 5.7.6 is to help harden applications relying on the results of the verify operations, such as when used with wolfBoot. If doing ECC or Ed25519 verify operations on a device at risk for fault injection attacks then --enable-faultharden could be used to help mitigate it. Thanks to Kevin from Fraunhofer AISEC for the report. + +Hardening option added in PR https://github.com/wolfSSL/wolfssl/pull/8289 + + +* [High CVE-2025-7395] When using WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION on an Apple platform, the native trust store verification routine overrides errors produced elsewhere in the wolfSSL certificate verification process including failures due to hostname matching/SNI, OCSP, CRL, etc. This allows any trusted cert chain to override other errors detected during chain verification that should have resulted in termination of the TLS connection. If building wolfSSL on versions after 5.7.6 and before 5.8.2 with use of the system CA support and the apple native cert validation feature enabled on Apple devices (on by default for non-macOS Apple targets when using autotools or CMake) we recommend updating to the latest version of wolfSSL. Thanks to Thomas Leong from ExpressVPN for the report. + +Fixed in PR https://github.com/wolfSSL/wolfssl/pull/8833 + + +* [Med. CVE-2025-7394] In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. + +Fixed in the following PR’s +https://github.com/wolfSSL/wolfssl/pull/8849 +https://github.com/wolfSSL/wolfssl/pull/8867 +https://github.com/wolfSSL/wolfssl/pull/8898 + + + +* [Low CVE-2025-7396] In wolfSSL 5.8.0 the option of hardening the C implementation of Curve25519 private key operations was added with the addition of blinding support (https://www.wolfssl.com/curve25519-blinding-support-added-in-wolfssl-5-8-0/). In wolfSSL release 5.8.2 that blinding support is turned on by default in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the attack would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation. Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris for the report. + +Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 + + +## New Features +* Multiple sessions are now supported in the sniffer due to the removal of a cached check. (PR #8723) +* New API ssl_RemoveSession() has been implemented for sniffer cleanup operations. (PR #8768) +* The new ASN X509 API, `wc_GetSubjectPubKeyInfoDerFromCert`, has been introduced for retrieving public key information from certificates. (PR #8758) +* `wc_PKCS12_create()` has been enhanced to support PBE_AES(256|128)_CBC key and certificate encryptions. (PR #8782, PR #8822, PR #8859) +* `wc_PKCS7_DecodeEncryptedKeyPackage()` has been added for decoding encrypted key packages. (PR #8976) +* All AES, SHA, and HMAC functionality has been implemented within the Linux Kernel Module. (PR #8998) +* Additions to the compatibility layer have been introduced for X.509 extensions and RSA PSS. Adding the API i2d_PrivateKey_bio, BN_ucmp and X509v3_get_ext_by_NID. (PR #8897) +* Added support for STM32N6. (PR #8914) +* Implemented SHA-256 for PPC 32 assembly. (PR #8894) + +## Improvements / Optimizations + +### Linux Kernel Module (LinuxKM) Enhancements +* Registered DH and FFDHE for the Linux Kernel Module. (PR #8707) +* Implemented fixes for standard RNG in the Linux Kernel Module. (PR #8718) +* Added an ECDSA workaround for the Linux Kernel Module. (PR #8727) +* Added more PKCS1 pad SHA variants for RSA in the Linux Kernel Module. (PR #8730) +* Set default priority to 100000 for LKCAPI in the Linux Kernel Module. (PR #8740) +* Ensured ECDH never has FIPS enabled in the Linux Kernel Module. (PR #8751) +* Implemented further Linux Kernel Module and SP tweaks. (PR #8773) +* Added sig_alg support for Linux 6.13 RSA in the Linux Kernel Module. (PR #8796) +* Optimized wc_linuxkm_fpu_state_assoc. (PR #8828) +* Ensured DRBG is multithread-round-1 in the Linux Kernel Module. (PR #8840) +* Prevented toggling of fips_enabled in the Linux Kernel Module. (PR #8873) +* Refactored drbg_ctx clear in the Linux Kernel Module. (PR #8876) +* Set sig_alg max_size and digest_size callbacks for RSA in the Linux Kernel Module. (PR #8915) +* Added get_random_bytes for the Linux Kernel Module. (PR #8943) +* Implemented distro fix for the Linux Kernel Module. (PR #8994) +* Fixed page-flags-h in the Linux Kernel Module. (PR #9001) +* Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) +* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms +* Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) +* Backward compatibility has been implemented for ML_KEM IDs (PR #8827) +* ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) +* Building LMS with verify-only has been fixed (PR #8913) +* Parameters for LMS SHA-256_192 have been corrected (PR #8912) +* State can now be saved with the private key for LMS (PR #8836) +* Support for OpenSSL format has been added for ML-DSA/Dilithium (PR #8947) +* `dilithium_coeff_eta2[]` has been explicitly declared as signed (PR #8955) + +### Build System & Portability +* Prepared for the inclusion of v5.8.0 in the Ada Alire index. (PR #8714) +* Introduced a new build option to allow reuse of the Windows crypt provider handle. (PR #8706) +* Introduced general fixes for various build configurations. (PR #8763) +* Made improvements for portability using older GCC 4.8.2. (PR #8753) +* Macro guards updated to allow tests to build with opensslall and no server. (PR #8776) +* Added a check for STDC_NO_ATOMICS macro before use of atomics. (PR #8885) +* Introduced CMakePresets.json and CMakeSettings.json. (PR #8905) +* Added an option to not use constant time code with min/max. (PR #8830) +* Implemented proper MacOS dispatch for conditional signal/wait. (PR #8928) +* Disabled MD5 by default for both general and CMake builds. (PR #8895, PR #8948) +* Improved to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. (PR #8926) +* Added introspection for Intel and ARM assembly speedups. (PR #8954) +* Fixed cURL config to set HAVE_EX_DATA and HAVE_ALPN. (PR #8973) +* Moved FREESCALE forced algorithm HAVE_ECC to IDE/MQX/user_settings.h. (PR #8977) + +### Testing & Debugging +* Fixed the exit status for testwolfcrypt. (PR #8762) +* Added WOLFSSL_DEBUG_PRINTF and WOLFSSL_DEBUG_CERTIFICATE_LOADS for improved debugging output. (PR #8769, PR #8770) +* Guarded some benchmark tests with NO_SW_BENCH. (PR #8760) +* Added an additional unit test for wolfcrypt PKCS12 file to improve code coverage. (PR #8831) +* Added an additional unit test for increased DH code coverage. (PR #8837) +* Adjusted for warnings with NO_TLS build and added GitHub actions test. (PR #8851) +* Added additional compatibility layer RAND tests. (PR #8852) +* Added an API unit test for checking domain name. (PR #8863) +* Added bind v9.18.33 testing. (PR #8888) +* Fixed issue with benchmark help options and descriptions not lining up. (PR #8957) + +### Certificates & ASN.1 +* Changed the algorithm for sum in ASN.1 OIDs. (PR #8655) +* Updated PKCS7 to use X509 STORE for internal verification. (PR #8748) +* Improved handling of temporary buffer size for X509 extension printing. (PR #8710) +* Marked IP address as WOLFSSL_V_ASN1_OCTET_STRING for ALT_NAMES_OID. (PR #8842) +* Fixed printing empty names in certificates. (PR #8880) +* Allowed CA:FALSE on wolftpm. (PR #8925) +* Fixed several inconsistent function prototype parameter names in wc/asn. (PR #8949) +* Accounted for custom extensions when creating a Cert from a WOLFSSL_X509. (PR #8960) + +### TLS/DTLS & Handshake +* Checked group correctness outside of TLS 1.3 too for TLSX_UseSupportedCurve. (PR #8785) +* Dropped records that span datagrams in DTLS. (PR #8642) +* Implemented WC_NID_netscape_cert_type. (PR #8800) +* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) +* Correctly set the current peer in dtlsProcessPendingPeer. (PR #8848) +* Fixed set_groups for TLS. (PR #8824) +* Allowed trusted_ca_keys with TLSv1.3. (PR #8860) +* Moved Dtls13NewEpoch into DeriveTls13Keys. (PR #8858) +* Cleared tls1_3 on downgrade. (PR #8861) +* Always sent ACKs on detected retransmission for DTLS1.3. (PR #8882) +* Removed DTLS from echo examples. (PR #8889) +* Recalculated suites at SSL initialization. (PR #8757) +* No longer using BIO for ALPN. (PR #8969) +* Fixed wolfSSL_BIO_new_connect's handling of IPV6 addresses. (PR #8815) +* Memory Management & Optimizations +* Performed small stack refactors, improved stack size with mlkem and dilithium, and added additional tests. (PR #8779) +* Implemented FREE_MP_INT_SIZE in heap math. (PR #8881) +* Detected correct MAX_ENCODED_SIG_SZ based on max support in math lib. (PR #8931) +* Fixed improper access of sp_int_minimal using sp_int. (PR #8985) + +### Cryptography & Hash Functions +* Implemented WC_SIPHASH_NO_ASM for not using assembly optimizations with siphash. (PR #8789, PR #8791) +* Added missing DH_MAX_SIZE define for FIPS and corrected wolfssl.rc FILETYPE to VFT_DLL. (PR #8794) +* Implemented WC_SHA3_NO_ASM for not using assembly with SHA3. (PR #8817) +* Improved Aarch64 XFENCE. (PR #8832) +* Omitted frame pointer for ARM32/Thumb2/RISC-V 64 assembly. (PR #8893) +* Fixed branch instruction in ARMv7a ASM. (PR #8933) +* Enabled EVP HMAC to work with WOLFSSL_HMAC_COPY_HASH. (PR #8944) +* Platform-Specific & Hardware Integration +* Added HAVE_HKDF for wolfssl_test and explicit support for ESP32P4. (PR #8742) +* Corrected Espressif default time setting. (PR #8829) +* Made wc_tsip_* APIs public. (PR #8717) +* Improved PlatformIO Certificate Bundle Support. (PR #8847) +* Fixed the TSIP TLS example program. (PR #8857) +* Added crypto callback functions for TROPIC01 secure element. (PR #8812) +* Added Renesas RX TSIP AES CTR support. (PR #8854) +* Fixed TSIP port using crypto callback. (PR #8937) + +### General Improvements & Refactoring +* Attempted wolfssl_read_bio_file in read_bio even when XFSEEK is available. (PR #8703) +* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) +* Updated libspdm from 3.3.0 to 3.7.0. (PR #8906) +* Fixed missing dashes on the end of header and footer for Falcon PEM key. (PR #8904) +* Fixed minor code typos for macos signal and types.h max block size. (PR #8934) +* Make the API wolfSSL_X509_STORE_CTX_get_error accessible to more build configurations for ease of getting the "store" error code and depth with certificate failure callback implementations. (PR #8903) + +## Bug Fixes +* Fixed issues to support _WIN32_WCE (VS 2008 with WinCE 6.0/7.0). (PR #8709) +* Fixed STM32 Hash with IRQ enabled. (PR #8705) +* Fixed raw hash when using crypto instructions on RISC-V 64-bit. (PR #8733) +* Fixed ECDH decode secret in the Linux Kernel Module. (PR #8729) +* Passed in the correct hash type to wolfSSL_RSA_verify_ex. (PR #8726) +* Fixed issues for Intel QuickAssist latest driver (4.28). (PR #8728) +* Speculative fix for CodeSonar overflow issue in ssl_certman.c. (PR #8715) +* Fixed Arduino progmem print and AVR WOLFSSL_USER_IO. (PR #8668) +* Correctly advanced the index in wc_HKDF_Expand_ex. (PR #8737) +* Fixed STM32 hash status check logic, including NO_AES_192 and NO_AES_256. (PR #8732) +* Added missing call to wolfSSL_RefFree in FreeCRL to prevent memory leaks. (PR #8750) +* Fixed sanity check on --group with unit test app and null sanity check with des decrypt. (PR #8711) +* Fixed Curve25519 and static ephemeral issue with blinding. (PR #8766) +* Fixed edge case issue with STM32 AES GCM auth padding. (PR #8745) +* Removed redefinition of MlKemKey and fixed build issue in benchmark. (PR #8755) +* Used proper heap hint when freeing CRL in error case. (PR #8713) +* Added support for no malloc with wc_CheckCertSigPubKey. (PR #8725) +* Fixed C# wrapper Release build. (PR #8802) +* Handled malformed CCS and CCS before CH in TLS1.3. (PR #8788) +* Fixed ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. (PR #8798) +* Fixed AesGcmCrypt_1 no-stream in the Linux Kernel Module. (PR #8814) +* Fixed return value usage for crypto_sig_sign in the Linux Kernel Module. (PR #8816) +* Fixed issue with CSharp and Windows CE with conversion of ASCII and Unicode. (PR #8799) +* Fixed Renesas SCE on RA6M4. (PR #8838) +* Fixed tests for different configs for ML-DSA. (PR #8865) +* Fixed bug in ParseCRL_Extensions around the size of a CRL number handled and CRL number OID. (PR #8587) +* Fixed uninitialized wc_FreeRng in prime_test. (PR #8886) +* Fixed ECC configuration issues with ECC verify only and no RNG. (PR #8901) +* Fixed issues with max size, openssl.test netcat, and clang-tidy. (PR #8909) +* Fixed for casting down and uninit issues in Dilithium/ML-DSA. (PR #8868) +* Fixed memory allocation failure testing and related unit test cases. (PR #8945, PR #8952) +* Fixed build issue with ML-DSA 44 only. (PR #8981) +* Fixed possible memory leak with X509 reference counter when using x509small. (PR #8982) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/library.properties b/library.properties index 16c905a..bb59f54 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=wolfssl -version=5.8.0 +version=5.8.2 author=wolfSSL Inc. maintainer=wolfSSL inc sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. diff --git a/src/src/bio.c b/src/src/bio.c index 0b52a6c..ce74983 100644 --- a/src/src/bio.c +++ b/src/src/bio.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2392,13 +2392,28 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_new_connect"); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); if (bio) { - const char* port = XSTRSTR(str, ":"); + const char* port; +#ifdef WOLFSSL_IPV6 + const char* ipv6Start = XSTRSTR(str, "["); + const char* ipv6End = XSTRSTR(str, "]"); + + if (ipv6End) + port = XSTRSTR(ipv6End, ":"); + else +#endif + port = XSTRSTR(str, ":"); if (port != NULL) bio->port = (word16)XATOI(port + 1); else port = str + XSTRLEN(str); /* point to null terminator */ +#ifdef WOLFSSL_IPV6 + if (ipv6Start && ipv6End) { + str = ipv6Start + 1; + port = ipv6End; + } +#endif bio->ip = (char*)XMALLOC( (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); diff --git a/src/src/conf.c b/src/src/conf.c index a30be38..e0a8b03 100644 --- a/src/src/conf.c +++ b/src/src/conf.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/src/crl.c b/src/src/crl.c index 437342c..4e4700f 100644 --- a/src/src/crl.c +++ b/src/src/crl.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -135,7 +135,10 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, #endif dcrl->certs = NULL; crle->totalCerts = dcrl->totalCerts; - crle->crlNumber = dcrl->crlNumber; + crle->crlNumberSet = dcrl->crlNumberSet; + if (crle->crlNumberSet) { + XMEMCPY(crle->crlNumber, dcrl->crlNumber, CRL_MAX_NUM_SZ); + } crle->verified = verified; if (!verified) { crle->tbsSz = dcrl->sigIndex - dcrl->certBegin; @@ -258,6 +261,7 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) WOLFSSL_MSG("Couldn't lock x509 mutex"); if (!doFree) return; + wolfSSL_RefFree(&crl->ref); } #endif @@ -586,7 +590,9 @@ static void SetCrlInfo(CRL_Entry* entry, CrlInfo *info) info->nextDate = (byte *)entry->nextDate; info->nextDateMaxLen = MAX_DATE_SIZE; info->nextDateFormat = entry->nextDateFormat; - info->crlNumber = (sword32)entry->crlNumber; + info->crlNumberSet = entry->crlNumberSet; + if (info->crlNumberSet) + XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_SZ); } static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info) @@ -599,10 +605,55 @@ static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info) info->nextDate = (byte *)entry->nextDate; info->nextDateMaxLen = MAX_DATE_SIZE; info->nextDateFormat = entry->nextDateFormat; - info->crlNumber = (sword32)entry->crlNumber; + info->crlNumberSet = entry->crlNumberSet; + if (info->crlNumberSet) + XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_SZ); } #endif +/* Returns MP_GT if prev crlNumber is smaller + * MP_EQ if equal + * MP_LT if prev crlNumber is larger */ +static int CompareCRLnumber(CRL_Entry* prev, CRL_Entry* curr) +{ + int ret = 0; + DECL_MP_INT_SIZE_DYN(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT, + CRL_MAX_NUM_SZ * CHAR_BIT); + DECL_MP_INT_SIZE_DYN(curr_num, CRL_MAX_NUM_SZ * CHAR_BIT, + CRL_MAX_NUM_SZ * CHAR_BIT); + + NEW_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + NEW_MP_INT_SIZE(curr_num, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#ifdef MP_INT_SIZE_CHECK_NULL + if ((prev_num == NULL) || (curr_num == NULL)) { + ret = MEMORY_E; + } +#endif + + if (ret == 0 && ((INIT_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT) + != MP_OKAY) || (INIT_MP_INT_SIZE(curr_num, + CRL_MAX_NUM_SZ * CHAR_BIT)) != MP_OKAY)) { + ret = MP_INIT_E; + } + + if (ret == 0 && (mp_read_radix(prev_num, (char*)prev->crlNumber, + MP_RADIX_HEX) != MP_OKAY || + mp_read_radix(curr_num, (char*)curr->crlNumber, + MP_RADIX_HEX) != MP_OKAY)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) + ret = mp_cmp(prev_num, curr_num); + + FREE_MP_INT_SIZE(prev_num, NULL, DYNAMIC_TYPE_TMP_BUFFER); + FREE_MP_INT_SIZE(curr_num, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + /* Add Decoded CRL, 0 on success */ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, int verified) @@ -614,6 +665,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, CrlInfo old; CrlInfo cnew; #endif + int ret = 0; WOLFSSL_ENTER("AddCRL"); @@ -644,12 +696,19 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, for (curr = crl->crlList; curr != NULL; curr = curr->next) { if (XMEMCMP(curr->issuerHash, crle->issuerHash, CRL_DIGEST_SIZE) == 0) { - if (crle->crlNumber <= curr->crlNumber) { + ret = CompareCRLnumber(crle, curr); + /* Error out if the CRL we're attempting to add isn't more + * authoritative than the existing entry */ + if (ret == MP_LT || ret == MP_EQ) { WOLFSSL_MSG("Same or newer CRL entry already exists"); CRL_Entry_free(crle, crl->heap); wc_UnLockRwLock(&crl->crlLock); return BAD_FUNC_ARG; } + else if (ret < 0) { + WOLFSSL_MSG("Error comparing CRL Numbers"); + return ret; + } crle->next = curr->next; if (prev != NULL) { @@ -855,13 +914,18 @@ int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_X509_CRL* ret; + void* heap = NULL; + + if (cm != NULL) { + heap = cm->heap; + } - ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), - cm != NULL ? cm->heap : NULL, DYNAMIC_TYPE_CRL); + ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), heap, + DYNAMIC_TYPE_CRL); if (ret != NULL) { if (InitCRL(ret, cm) < 0) { WOLFSSL_MSG("Unable to initialize new CRL structure"); - XFREE(ret, cm->heap, DYNAMIC_TYPE_CRL); + XFREE(ret, heap, DYNAMIC_TYPE_CRL); ret = NULL; } } diff --git a/src/src/dtls.c b/src/src/dtls.c index 2d3c38b..d25f66b 100644 --- a/src/src/dtls.c +++ b/src/src/dtls.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -678,6 +678,8 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); if ((sigAlgs.size % 2) != 0) ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); + if (sigAlgs.size > WOLFSSL_MAX_SIGALGO) + ERROR_OUT(BUFFER_ERROR, dtls13_cleanup); suites.hashSigAlgoSz = (word16)sigAlgs.size; XMEMCPY(suites.hashSigAlgo, sigAlgs.elements, sigAlgs.size); haveSA = 1; diff --git a/src/src/dtls13.c b/src/src/dtls13.c index 5a9b6dc..c4e2b61 100644 --- a/src/src/dtls13.c +++ b/src/src/dtls13.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -905,7 +905,7 @@ static int Dtls13RtxMsgRecvd(WOLFSSL* ssl, enum HandShakeType hs, /* the other peer may have retransmitted because an ACK for a flight that needs explicit ACK was lost.*/ if (ssl->dtls13Rtx.seenRecords != NULL) - ssl->dtls13Rtx.sendAcks = (byte)ssl->options.dtls13SendMoreAcks; + ssl->dtls13Rtx.sendAcks = 1; } if (ssl->keys.dtls_peer_handshake_number == @@ -2618,19 +2618,16 @@ static int Dtls13RtxIsTrackedByRn(const Dtls13RtxRecord* r, w64wrapper epoch, static int Dtls13KeyUpdateAckReceived(WOLFSSL* ssl) { int ret; - w64Increment(&ssl->dtls13Epoch); - - /* Epoch wrapped up */ - if (w64IsZero(ssl->dtls13Epoch)) - return BAD_STATE_E; ret = DeriveTls13Keys(ssl, update_traffic_key, ENCRYPT_SIDE_ONLY, 1); if (ret != 0) return ret; - ret = Dtls13NewEpoch(ssl, ssl->dtls13Epoch, ENCRYPT_SIDE_ONLY); - if (ret != 0) - return ret; + w64Increment(&ssl->dtls13Epoch); + + /* Epoch wrapped up */ + if (w64IsZero(ssl->dtls13Epoch)) + return BAD_STATE_E; return Dtls13SetEpochKeys(ssl, ssl->dtls13Epoch, ENCRYPT_SIDE_ONLY); } diff --git a/src/src/internal.c b/src/src/internal.c index eb2f16d..c74bcf3 100644 --- a/src/src/internal.c +++ b/src/src/internal.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -86,6 +86,8 @@ * WOLFSSL_NO_INIT_CTX_KEY * Allows SSL objects to be created from a CTX without a loaded key/cert * pair + * WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS: + * When defined, allows DTLS records to span across multiple datagrams. */ #ifndef WOLFCRYPT_ONLY @@ -211,7 +213,7 @@ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, #include #include #include -static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, +static int DoAppleNativeCertValidation(WOLFSSL* ssl, const WOLFSSL_BUFFER_INFO* certs, int totalCerts); #endif /* #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ @@ -2903,7 +2905,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) defined(WOLFSSL_WPAS_SMALL) wolfSSL_X509_STORE_free(ctx->x509_store_pt); #endif - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) + #ifndef WOLFSSL_NO_CA_NAMES wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL); ctx->client_ca_names = NULL; #endif @@ -2913,6 +2915,12 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) ctx->x509Chain = NULL; } #endif + #ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + if (ctx->testTrustedCAs != NULL) { + CFRelease(ctx->testTrustedCAs); + ctx->testTrustedCAs = NULL; + } + #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ #endif /* !NO_CERTS */ #ifdef HAVE_TLS_EXTENSIONS @@ -4841,7 +4849,7 @@ void FreeX509(WOLFSSL_X509* x509) } #endif /* WOLFSSL_DUAL_ALG_CERTS */ - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA) wolfSSL_RefFree(&x509->ref); #endif } @@ -6460,6 +6468,10 @@ int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, WOLFSSL_ENTER("DhGenKeyPair"); + if (ssl == NULL || dhKey == NULL) { + return BAD_FUNC_ARG; + } + #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ ret = wolfSSL_AsyncInit(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); @@ -6920,13 +6932,36 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) /* If we are setting the ctx on an already initialized SSL object * then we possibly already have a side defined. Don't overwrite unless * the context has a well defined role. */ - if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) - ssl->options.side = (word16)(ctx->method->side); - ssl->options.downgrade = (word16)(ctx->method->downgrade); - ssl->options.minDowngrade = ctx->minDowngrade; - + if (newSSL || ctx->method->side != WOLFSSL_NEITHER_END) { + ssl->options.side = (word16)(ctx->method->side); + } + ssl->options.downgrade = (word16)(ctx->method->downgrade); + ssl->options.minDowngrade = ctx->minDowngrade; ssl->options.haveRSA = ctx->haveRSA; ssl->options.haveDH = ctx->haveDH; +#if !defined(NO_CERTS) && !defined(NO_DH) + /* Its possible that DH algorithm parameters were set in the ctx, recalc + * cipher suites. */ + if (ssl->options.haveDH && ctx->serverDH_P.buffer != NULL && + ctx->serverDH_G.buffer != NULL) { + if (ssl->suites == NULL) { + if (AllocateSuites(ssl) != 0) { + return MEMORY_E; + } + } + InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, + ssl->options.haveRSA, +#ifdef NO_PSK + 0, +#else + ctx->havePSK, +#endif + ssl->options.haveDH, + ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, + ssl->options.haveStaticECC, ssl->options.useAnon, + TRUE, TRUE, TRUE, TRUE, ssl->options.side); + } +#endif /* !NO_CERTS && !NO_DH */ ssl->options.haveECDSAsig = ctx->haveECDSAsig; ssl->options.haveECC = ctx->haveECC; ssl->options.haveStaticECC = ctx->haveStaticECC; @@ -8782,7 +8817,7 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl) wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL); #endif #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) +#ifndef WOLFSSL_NO_CA_NAMES wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL); ssl->client_ca_names = NULL; #endif @@ -11576,6 +11611,33 @@ static int MsgCheckBoundary(const WOLFSSL* ssl, byte type, #endif /* WOLFSSL_DISABLE_EARLY_SANITY_CHECKS */ +/* Extract the handshake header information. + * + * ssl The SSL/TLS object. + * input The buffer holding the message data. + * inOutIdx On entry, the index into the buffer of the handshake data. + * On exit, the start of the handshake data. + * type Type of handshake message. + * size The length of the handshake message data. + * totalSz The total size of data in the buffer. + * returns BUFFER_E if there is not enough input data and 0 on success. + */ +int GetHandshakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, + byte* type, word32* size, word32 totalSz) +{ + const byte* ptr = input + *inOutIdx; + (void)ssl; + + *inOutIdx += HANDSHAKE_HEADER_SZ; + if (*inOutIdx > totalSz) + return BUFFER_E; + + *type = ptr[0]; + c24to32(&ptr[1], size); + + return 0; +} + /** * This check is performed as soon as the handshake message type becomes known. * These checks can not be delayed and need to be performed when the msg is @@ -11622,6 +11684,18 @@ int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz) return ret; } +static int RecordsCanSpanReads(WOLFSSL *ssl) +{ +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) + /* Only case where we return 0: DTLS mode (not SCTP) and can't span datagrams */ + if (IsDtlsNotSctpMode(ssl)) { + return 0; + } +#endif + (void)ssl; + return 1; +} + #ifdef WOLFSSL_DTLS13 static int GetInputData(WOLFSSL *ssl, word32 size); static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx, @@ -11681,6 +11755,10 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx, } if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) { + if (!RecordsCanSpanReads(ssl)) { + WOLFSSL_MSG("Partial record received"); + return DTLS_PARTIAL_RECORD_READ; + } /* when using DTLS over a medium that does not guarantee that a full * message is received in a single read, we may end up without the full * header and minimum ciphertext to decrypt record sequence numbers */ @@ -11773,6 +11851,10 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, /* not a unified header, check that we have at least * DTLS_RECORD_HEADER_SZ */ if (ssl->buffers.inputBuffer.length - *inOutIdx < DTLS_RECORD_HEADER_SZ) { + if (!RecordsCanSpanReads(ssl)) { + WOLFSSL_MSG("Partial record received"); + return DTLS_PARTIAL_RECORD_READ; + } ret = GetInputData(ssl, DTLS_RECORD_HEADER_SZ); /* Check if Dtls13RtxTimeout(ssl) returned socket error */ if (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) @@ -11788,6 +11870,10 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, *inOutIdx += ENUM_LEN + VERSION_SZ; ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch); + if (rh->pvMajor == DTLS_MAJOR && rh->pvMinor == DTLS_BOGUS_MINOR) { + return SEQUENCE_ERROR; + } + #ifdef WOLFSSL_DTLS_CID if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0) return DTLS_CID_ERROR; @@ -12017,24 +12103,6 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, return 0; } -#ifndef WOLFSSL_NO_TLS12 -static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, - byte *type, word32 *size, word32 totalSz) -{ - const byte *ptr = input + *inOutIdx; - (void)ssl; - - *inOutIdx += HANDSHAKE_HEADER_SZ; - if (*inOutIdx > totalSz) - return BUFFER_E; - - *type = ptr[0]; - c24to32(&ptr[1], size); - - return 0; -} -#endif - #ifdef WOLFSSL_DTLS int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, byte *type, word32 *size, @@ -16272,7 +16340,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif - if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) { #ifndef WOLFSSL_ALLOW_NO_CN_IN_SAN /* Per RFC 5280 section 4.2.1.6, "Whenever such identities @@ -16774,8 +16841,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* If we can't validate the peer cert chain against the CAs loaded * into wolfSSL, try to validate against the system certificates * using Apple's native trust APIs */ - if ((ret != 0) && (ssl->ctx->doAppleNativeCertValidationFlag)) { - if (DoAppleNativeCertValidation(args->certs, + if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) && + (ssl->ctx->doAppleNativeCertValidationFlag)) { + if (DoAppleNativeCertValidation(ssl, args->certs, args->totalCerts)) { WOLFSSL_MSG("Apple native cert chain validation SUCCESS"); ret = 0; @@ -18096,7 +18164,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type; word32 size; - if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0) { + if (GetHandshakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0) { WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; } @@ -18124,7 +18192,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type; word32 size; - if (GetHandShakeHeader(ssl, input, inOutIdx, &type, &size, + if (GetHandshakeHeader(ssl, input, inOutIdx, &type, &size, totalSz) != 0) { WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; @@ -19059,7 +19127,7 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, int additionalSz, /* length of additional input plus padding */ XMEMSET(padding, 0, sizeof(padding)); - padding[0] = additionalSz; + padding[0] = (byte)additionalSz; if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding))) != 0) return ret; @@ -19141,7 +19209,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, } #endif - addSz = writeAeadAuthData(ssl, msgLen, type, add, 0, &seq, verifyOrder); + addSz = writeAeadAuthData(ssl, (word16)msgLen, type, add, 0, &seq, + verifyOrder); if (addSz < 0) return addSz; @@ -19336,7 +19405,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, #endif - addSz = writeAeadAuthData(ssl, msgLen, no_type, add, 1, &seq, PEER_ORDER); + addSz = writeAeadAuthData(ssl, (word16)msgLen, no_type, add, 1, &seq, + PEER_ORDER); if (addSz < 0) return addSz; @@ -19583,8 +19653,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #endif (void)out; - (void)input; (void)sz; + (void)type; if (input == NULL) { return BAD_FUNC_ARG; @@ -19661,8 +19731,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, additionalSz = writeAeadAuthData(ssl, /* Length of the plain text minus the explicit * IV length minus the authentication tag size. */ - sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, type, - ssl->encrypt.additional, 0, NULL, CUR_ORDER); + sz - (word16)(AESGCM_EXP_IV_SZ) - ssl->specs.aead_mac_size, + type, ssl->encrypt.additional, 0, NULL, CUR_ORDER); if (additionalSz < 0) { ret = additionalSz; break; @@ -20968,6 +21038,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, byte good; int ret = 0; + XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE); good = MaskPadding(input, pLen, macSz); /* 4th argument has potential to underflow, ssl->hmac function should * either increment the size by (macSz + padLen + 1) before use or check on @@ -21542,9 +21613,18 @@ static int GetInputData(WOLFSSL *ssl, word32 size) return RECV_OVERFLOW_E; } + if ((word32)in < size) { + if (!RecordsCanSpanReads(ssl)) { + WOLFSSL_MSG("DTLS: Received partial record, ignoring"); +#ifdef WOLFSSL_DTLS_DROP_STATS + ssl->replayDropCount++; +#endif /* WOLFSSL_DTLS_DROP_STATS */ + continue; + } + } + ssl->buffers.inputBuffer.length += (word32)in; inSz -= in; - } while (ssl->buffers.inputBuffer.length < size); #ifdef WOLFSSL_DEBUG_TLS @@ -21601,6 +21681,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, byte verify[WC_MAX_DIGEST_SIZE]; XMEMSET(verify, 0, WC_MAX_DIGEST_SIZE); + if (ssl->specs.cipher_type == block) { pad = input[msgSz - 1]; padByte = 1; @@ -21712,7 +21793,8 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode) if ((ssl->options.handShakeDone && retcode != 0) || retcode == WC_NO_ERR_TRACE(SEQUENCE_ERROR) - || retcode == WC_NO_ERR_TRACE(DTLS_CID_ERROR)) { + || retcode == WC_NO_ERR_TRACE(DTLS_CID_ERROR) + || retcode == WC_NO_ERR_TRACE(DTLS_PARTIAL_RECORD_READ)) { WOLFSSL_MSG_EX("Silently dropping DTLS message: %d", retcode); return 1; } @@ -21808,7 +21890,7 @@ static void dtlsProcessPendingPeer(WOLFSSL* ssl, int deprotected) else { /* Pending peer present and record deprotected. Update the peer. */ (void)wolfSSL_dtls_set_peer(ssl, - &ssl->buffers.dtlsCtx.pendingPeer.sa, + ssl->buffers.dtlsCtx.pendingPeer.sa, ssl->buffers.dtlsCtx.pendingPeer.sz); ssl->buffers.dtlsCtx.processingPendingRecord = 0; dtlsClearPeer(&ssl->buffers.dtlsCtx.pendingPeer); @@ -21818,8 +21900,139 @@ static void dtlsProcessPendingPeer(WOLFSSL* ssl, int deprotected) ssl->buffers.dtlsCtx.processingPendingRecord = 0; } } +#endif +static int DoDecrypt(WOLFSSL *ssl) +{ + int ret; + int atomicUser = 0; + bufferStatic* in = &ssl->buffers.inputBuffer; + +#ifdef ATOMIC_USER + if (ssl->ctx->DecryptVerifyCb) + atomicUser = 1; #endif + ret = SanityCheckCipherText(ssl, ssl->curSize); + if (ret < 0) { + return ret; + } + + if (atomicUser) { +#ifdef ATOMIC_USER +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) + if (ssl->options.startedETMRead) { + ret = ssl->ctx->VerifyDecryptCb(ssl, + in->buffer + in->idx, in->buffer + in->idx, + ssl->curSize - MacSize(ssl), + ssl->curRL.type, 1, &ssl->keys.padSz, + ssl->DecryptVerifyCtx); + } + else +#endif + { + ret = ssl->ctx->DecryptVerifyCb(ssl, + in->buffer + in->idx, + in->buffer + in->idx, + ssl->curSize, ssl->curRL.type, 1, + &ssl->keys.padSz, ssl->DecryptVerifyCtx); + } +#endif /* ATOMIC_USER */ + } + else { + if (!ssl->options.tls1_3) { +#ifndef WOLFSSL_NO_TLS12 +#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) + if (ssl->options.startedETMRead) { + word32 digestSz = MacSize(ssl); + ret = DecryptTls(ssl, + in->buffer + in->idx, + in->buffer + in->idx, + ssl->curSize - (word16)digestSz); + if (ret == 0) { + byte invalid = 0; + byte padding = (byte)-1; + word32 i; + word32 off = in->idx + ssl->curSize - digestSz - 1; + + /* Last of padding bytes - indicates length. */ + ssl->keys.padSz = in->buffer[off]; + /* Constant time checking of padding - don't leak + * the length of the data. + */ + /* Compare max pad bytes or at most data + pad. */ + for (i = 1; i < MAX_PAD_SIZE && off >= i; i++) { + /* Mask on indicates this is expected to be a + * padding byte. + */ + padding &= ctMaskLTE((int)i, + (int)ssl->keys.padSz); + /* When this is a padding byte and not equal + * to length then mask is set. + */ + invalid |= padding & + ctMaskNotEq(in->buffer[off - i], + (int)ssl->keys.padSz); + } + /* If mask is set then there was an error. */ + if (invalid) { + ret = DECRYPT_ERROR; + } + ssl->keys.padSz += 1; + ssl->keys.decryptedCur = 1; + } + } + else +#endif + { + ret = DecryptTls(ssl, + in->buffer + in->idx, + in->buffer + in->idx, + ssl->curSize); + } +#else + ret = DECRYPT_ERROR; +#endif + } + else + { + #ifdef WOLFSSL_TLS13 + byte *aad = (byte*)&ssl->curRL; + word16 aad_size = RECORD_HEADER_SZ; + #ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* aad now points to the record header */ + aad = ssl->dtls13CurRL; + aad_size = ssl->dtls13CurRlLength; + } + #endif /* WOLFSSL_DTLS13 */ + /* Don't send an alert for DTLS. We will just drop it + * silently later. */ + ret = DecryptTls13(ssl, + in->buffer + in->idx, + in->buffer + in->idx, + ssl->curSize, + aad, aad_size); + #else + ret = DECRYPT_ERROR; + #endif /* WOLFSSL_TLS13 */ + } + (void)in; + } + return ret; +} + +#ifdef WOLFSSL_DTLS +static void DropAndRestartProcessReply(WOLFSSL* ssl) +{ + ssl->options.processReply = doProcessInit; + ssl->buffers.inputBuffer.length = 0; + ssl->buffers.inputBuffer.idx = 0; +#ifdef WOLFSSL_DTLS_DROP_STATS + if (ssl->options.dtls) + ssl->replayDropCount++; +#endif /* WOLFSSL_DTLS_DROP_STATS */ +} +#endif /* WOLFSSL_DTLS */ /* Process input requests. Return 0 is done, 1 is call again to complete, and negative number is error. If allowSocketErr is set, SOCKET_ERROR_E in ssl->error will be whitelisted. This is useful when the connection has been @@ -21929,6 +22142,11 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) used = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; if (used < readSz) { + if (used > 0 && !RecordsCanSpanReads(ssl)) { + WOLFSSL_MSG("DTLS: Partial record in buffer, dropping"); + DropAndRestartProcessReply(ssl); + continue; + } if ((ret = GetInputData(ssl, (word32)readSz)) < 0) return ret; } @@ -21941,7 +22159,11 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) if ( ssl->options.side == WOLFSSL_SERVER_END && ssl->options.clientState == NULL_STATE && ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] - != handshake) { + != handshake && + /* change_cipher_spec here is an error but we want to handle + * it correctly later */ + ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx] + != change_cipher_spec) { byte b0, b1; ssl->options.processReply = runProcessOldClientHello; @@ -22028,13 +22250,7 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) dtlsProcessPendingPeer(ssl, 0); #endif if (ssl->options.dtls && DtlsShouldDrop(ssl, ret)) { - ssl->options.processReply = doProcessInit; - ssl->buffers.inputBuffer.length = 0; - ssl->buffers.inputBuffer.idx = 0; -#ifdef WOLFSSL_DTLS_DROP_STATS - ssl->replayDropCount++; -#endif /* WOLFSSL_DTLS_DROP_STATS */ - + DropAndRestartProcessReply(ssl); #ifdef WOLFSSL_DTLS13 /* return to send ACKS and shortcut rtx timer */ if (IsAtLeastTLSv1_3(ssl->version) @@ -22096,9 +22312,15 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* read ahead may already have */ used = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; - if (used < ssl->curSize) + if (used < ssl->curSize) { + if (!RecordsCanSpanReads(ssl)) { + WOLFSSL_MSG("Partial record received, dropping"); + DropAndRestartProcessReply(ssl); + continue; + } if ((ret = GetInputData(ssl, ssl->curSize)) < 0) return ret; + } #endif } @@ -22149,9 +22371,7 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* If in DTLS mode, if the decrypt fails for any * reason, pretend the datagram never happened. */ if (ssl->options.dtls) { - ssl->options.processReply = doProcessInit; - ssl->buffers.inputBuffer.idx = - ssl->buffers.inputBuffer.length; + DropAndRestartProcessReply(ssl); return HandleDTLSDecryptFailed(ssl); } #endif /* WOLFSSL_DTLS */ @@ -22175,118 +22395,7 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) (!IsAtLeastTLSv1_3(ssl->version) || ssl->curRL.type != change_cipher_spec)) { - bufferStatic* in = &ssl->buffers.inputBuffer; - - ret = SanityCheckCipherText(ssl, ssl->curSize); - if (ret < 0) { - #ifdef WOLFSSL_EXTRA_ALERTS - SendAlert(ssl, alert_fatal, bad_record_mac); - #endif - return ret; - } - - if (atomicUser) { - #ifdef ATOMIC_USER - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - ret = ssl->ctx->VerifyDecryptCb(ssl, - in->buffer + in->idx, in->buffer + in->idx, - ssl->curSize - MacSize(ssl), - ssl->curRL.type, 1, &ssl->keys.padSz, - ssl->DecryptVerifyCtx); - } - else - #endif - { - ret = ssl->ctx->DecryptVerifyCb(ssl, - in->buffer + in->idx, - in->buffer + in->idx, - ssl->curSize, ssl->curRL.type, 1, - &ssl->keys.padSz, ssl->DecryptVerifyCtx); - } - #endif /* ATOMIC_USER */ - } - else { - if (!ssl->options.tls1_3) { - #ifndef WOLFSSL_NO_TLS12 - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - ret = DecryptTls(ssl, - in->buffer + in->idx, - in->buffer + in->idx, - ssl->curSize - (word16)digestSz); - if (ret == 0) { - byte invalid = 0; - byte padding = (byte)-1; - word32 i; - word32 off = in->idx + ssl->curSize - digestSz - 1; - - /* Last of padding bytes - indicates length. */ - ssl->keys.padSz = in->buffer[off]; - /* Constant time checking of padding - don't leak - * the length of the data. - */ - /* Compare max pad bytes or at most data + pad. */ - for (i = 1; i < MAX_PAD_SIZE && off >= i; i++) { - /* Mask on indicates this is expected to be a - * padding byte. - */ - padding &= ctMaskLTE((int)i, - (int)ssl->keys.padSz); - /* When this is a padding byte and not equal - * to length then mask is set. - */ - invalid |= padding & - ctMaskNotEq(in->buffer[off - i], - (int)ssl->keys.padSz); - } - /* If mask is set then there was an error. */ - if (invalid) { - ret = DECRYPT_ERROR; - } - ssl->keys.padSz += 1; - ssl->keys.decryptedCur = 1; - } - } - else - #endif - { - ret = DecryptTls(ssl, - in->buffer + in->idx, - in->buffer + in->idx, - ssl->curSize); - } - #else - ret = DECRYPT_ERROR; - #endif - } - else - { - #ifdef WOLFSSL_TLS13 - byte *aad = (byte*)&ssl->curRL; - word16 aad_size = RECORD_HEADER_SZ; - #ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls) { - /* aad now points to the record header */ - aad = ssl->dtls13CurRL; - aad_size = ssl->dtls13CurRlLength; - } - #endif /* WOLFSSL_DTLS13 */ - /* Don't send an alert for DTLS. We will just drop it - * silently later. */ - ret = DecryptTls13(ssl, - in->buffer + in->idx, - in->buffer + in->idx, - ssl->curSize, - aad, aad_size); - #else - ret = DECRYPT_ERROR; - #endif /* WOLFSSL_TLS13 */ - } - (void)in; - } - + ret = DoDecrypt(ssl); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) return ret; @@ -22315,9 +22424,7 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* If in DTLS mode, if the decrypt fails for any * reason, pretend the datagram never happened. */ if (ssl->options.dtls) { - ssl->options.processReply = doProcessInit; - ssl->buffers.inputBuffer.idx = - ssl->buffers.inputBuffer.length; + DropAndRestartProcessReply(ssl); return HandleDTLSDecryptFailed(ssl); } #endif /* WOLFSSL_DTLS */ @@ -22385,9 +22492,7 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* If in DTLS mode, if the decrypt fails for any * reason, pretend the datagram never happened. */ if (ssl->options.dtls) { - ssl->options.processReply = doProcessInit; - ssl->buffers.inputBuffer.idx = - ssl->buffers.inputBuffer.length; + DropAndRestartProcessReply(ssl); return HandleDTLSDecryptFailed(ssl); } #endif /* WOLFSSL_DTLS */ @@ -22674,11 +22779,18 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } if (ssl->curSize != 1 || ssl->buffers.inputBuffer.buffer[i] != 1) { - SendAlert(ssl, alert_fatal, illegal_parameter); + SendAlert(ssl, alert_fatal, unexpected_message); WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); return UNKNOWN_RECORD_TYPE; } ssl->buffers.inputBuffer.idx++; + if (ssl->options.side == WOLFSSL_SERVER_END && + !ssl->msgsReceived.got_client_hello) { + /* Can't appear before CH */ + SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); + return UNKNOWN_RECORD_TYPE; + } if (!ssl->msgsReceived.got_change_cipher) { ssl->msgsReceived.got_change_cipher = 1; } @@ -22687,6 +22799,11 @@ static int DoProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); return UNKNOWN_RECORD_TYPE; } + if (ssl->keys.decryptedCur == 1) { + SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(UNKNOWN_RECORD_TYPE); + return UNKNOWN_RECORD_TYPE; + } break; } #endif @@ -26403,7 +26520,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) return "peer ip address mismatch"; case WANT_READ : - case -WOLFSSL_ERROR_WANT_READ : + case WOLFSSL_ERROR_WANT_READ_E : return "non-blocking socket wants data to be read"; case NOT_READY_ERROR : @@ -26413,17 +26530,17 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) return "record layer version error"; case WANT_WRITE : - case -WOLFSSL_ERROR_WANT_WRITE : + case WOLFSSL_ERROR_WANT_WRITE_E : return "non-blocking socket write buffer full"; - case -WOLFSSL_ERROR_WANT_CONNECT: - case -WOLFSSL_ERROR_WANT_ACCEPT: + case WOLFSSL_ERROR_WANT_CONNECT_E : + case WOLFSSL_ERROR_WANT_ACCEPT_E : return "The underlying BIO was not yet connected"; - case -WOLFSSL_ERROR_SYSCALL: + case WOLFSSL_ERROR_SYSCALL_E : return "fatal I/O error in TLS layer"; - case -WOLFSSL_ERROR_WANT_X509_LOOKUP: + case WOLFSSL_ERROR_WANT_X509_LOOKUP_E : return "application client cert callback asked to be called again"; case BUFFER_ERROR : @@ -26463,7 +26580,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) return "can't decode peer key"; case ZERO_RETURN: - case -WOLFSSL_ERROR_ZERO_RETURN: + case WOLFSSL_ERROR_ZERO_RETURN_E : return "peer sent close notify alert"; case ECC_CURVETYPE_ERROR: @@ -27005,6 +27122,7 @@ void SetErrorString(int error, char* str) #endif #endif /* NO_CIPHER_SUITE_ALIASES */ +#ifndef NO_TLS static const CipherSuiteInfo cipher_names[] = { @@ -27484,6 +27602,14 @@ static const CipherSuiteInfo cipher_names[] = #endif /* WOLFSSL_NO_TLS12 */ }; +#else /* NO_TLS */ + +static const CipherSuiteInfo cipher_names[] = +{ + SUITE_INFO("NO-TLS","NO-TLS", 0, 0, 0, 0), +}; + +#endif /* NO_TLS */ /* returns the cipher_names array */ const CipherSuiteInfo* GetCipherNames(void) @@ -27495,7 +27621,11 @@ const CipherSuiteInfo* GetCipherNames(void) /* returns the number of elements in the cipher_names array */ int GetCipherNamesSize(void) { +#ifdef NO_TLS + return 0; +#else return (int)(sizeof(cipher_names) / sizeof(CipherSuiteInfo)); +#endif } @@ -35260,6 +35390,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case WOLFSSL_P521_ML_KEM_1024: case WOLFSSL_X25519_ML_KEM_512: case WOLFSSL_X448_ML_KEM_768: +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P256_ML_KEM_512_OLD: + case WOLFSSL_P384_ML_KEM_768_OLD: + case WOLFSSL_P521_ML_KEM_1024_OLD: +#endif #endif #ifdef WOLFSSL_MLKEM_KYBER case WOLFSSL_P256_KYBER_LEVEL3: @@ -35616,6 +35751,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, (void)ssl; + if (args == NULL) + return; + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); args->exportBuf = NULL; @@ -35624,7 +35762,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); args->verifySig = NULL; #endif - (void)args; + + if (args->input != NULL) { + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + args->input = NULL; + } } /* handle generation of server_key_exchange (12) */ @@ -42644,7 +42786,122 @@ static SecCertificateRef ConvertToSecCertificateRef(const byte* derCert, return secCert; } +static int DisplaySecTrustError(CFErrorRef error, SecTrustRef trust) +{ + CFStringRef desc; + CFStringRef domain; + SecTrustResultType trustResult; + CFDictionaryRef info; + /* Description */ + desc = CFErrorCopyDescription(error); + if (desc) { + char buffer[256]; + if (CFStringGetCString(desc, buffer, sizeof(buffer), + kCFStringEncodingUTF8)) { + WOLFSSL_MSG_EX("SecTrustEvaluateWithError Error description: %s\n", + buffer); + } + CFRelease(desc); + } + + /* Domain */ + domain = CFErrorGetDomain(error); + if (domain) { + char domainStr[128]; + if (CFStringGetCString(domain, domainStr, sizeof(domainStr), + kCFStringEncodingUTF8)) { + WOLFSSL_MSG_EX("SecTrustEvaluateWithError Domain: %s\n", domainStr); + } + } + + /* Get additional trust result info */ + if (SecTrustGetTrustResult(trust, &trustResult) == errSecSuccess) { + WOLFSSL_MSG_EX("SecTrustResultType: %d\n", trustResult); + /* Optional: decode the enum */ + switch (trustResult) { + case kSecTrustResultInvalid: + WOLFSSL_MSG("TrustResult: Invalid\n"); + break; + case kSecTrustResultProceed: + WOLFSSL_MSG("TrustResult: Proceed\n"); + break; + case kSecTrustResultDeny: + WOLFSSL_MSG("TrustResult: Deny\n"); + break; + case kSecTrustResultUnspecified: + WOLFSSL_MSG("TrustResult: Unspecified (implicitly trusted)\n"); + break; + case kSecTrustResultRecoverableTrustFailure: + WOLFSSL_MSG("TrustResult: Recoverable trust failure\n"); + break; + case kSecTrustResultFatalTrustFailure: + WOLFSSL_MSG("TrustResult: Fatal trust failure\n"); + break; + case kSecTrustResultOtherError: + WOLFSSL_MSG("TrustResult: Other error\n"); + break; + default: + WOLFSSL_MSG("TrustResult: Unknown\n"); + break; + } + } + else { + WOLFSSL_MSG("SecTrustGetTrustResult failed\n"); + } + + info = CFErrorCopyUserInfo(error); + if (info) { + WOLFSSL_MSG("Trust error info dump:\n"); + CFShow(info); + CFRelease(info); + } + + return 0; +} + +#if defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION) && \ + defined (WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +static int MaxValidityPeriodErrorOnly(CFErrorRef error) +{ + int multiple = 0; + + CFDictionaryRef userInfo = CFErrorCopyUserInfo(error); + if (userInfo) { + /* Get underlying error */ + CFTypeRef underlying = + CFDictionaryGetValue(userInfo, kCFErrorUnderlyingErrorKey); + if (underlying) { + /* Get underlying error value*/ + CFDictionaryRef underlyingDict = + CFErrorCopyUserInfo((CFErrorRef)underlying); + if (underlyingDict) { + char buffer[512]; + CFStringRef values = + CFDictionaryGetValue(underlyingDict, + kCFErrorLocalizedDescriptionKey); + if(CFStringGetCString(values, buffer, sizeof(buffer), + kCFStringEncodingUTF8)) { + if (XSTRSTR(buffer, "Certificate exceeds maximum " + "temporal validity period") && + (!XSTRSTR(buffer, "Certificate exceeds maximum " + "temporal validity period,") || + !XSTRSTR(buffer, ", Certificate exceeds maximum " + "temporal validity period"))) { + WOLFSSL_MSG("Maximum validity period error only"); + } else { + WOLFSSL_MSG("Found other errors"); + multiple = 1; + } + } + CFRelease(underlyingDict); + } + } + CFRelease(userInfo); + } + return multiple; +} +#endif /* * Validates a chain of certificates using the Apple system trust APIs * @@ -42660,21 +42917,23 @@ static SecCertificateRef ConvertToSecCertificateRef(const byte* derCert, * wolfSSL's built-in certificate validation mechanisms anymore. We instead * must call into the Security Framework APIs to authenticate peer certificates */ -static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, - int totalCerts) +static int DoAppleNativeCertValidation(WOLFSSL* ssl, + const WOLFSSL_BUFFER_INFO* certs, + int totalCerts) { - int i; - int ret; - OSStatus status; + int i; + int ret; + OSStatus status; CFMutableArrayRef certArray = NULL; SecCertificateRef secCert = NULL; SecTrustRef trust = NULL; - SecPolicyRef policy = NULL ; + SecPolicyRef policy = NULL; + CFStringRef hostname = NULL; + CFErrorRef error = NULL; WOLFSSL_ENTER("DoAppleNativeCertValidation"); - certArray = CFArrayCreateMutable(kCFAllocatorDefault, - totalCerts, + certArray = CFArrayCreateMutable(kCFAllocatorDefault, totalCerts, &kCFTypeArrayCallBacks); if (!certArray) { WOLFSSL_MSG("Error: can't allocate CFArray for certificates"); @@ -42683,8 +42942,8 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, } for (i = 0; i < totalCerts; i++) { - secCert = ConvertToSecCertificateRef(certs[i].buffer, - (int)certs[i].length); + secCert = + ConvertToSecCertificateRef(certs[i].buffer, (int)certs[i].length); if (!secCert) { WOLFSSL_MSG("Error: can't convert DER cert to SecCertificateRef"); ret = 0; @@ -42698,24 +42957,80 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, } /* Create trust object for SecCertifiate Ref */ - policy = SecPolicyCreateSSL(true, NULL); + if (ssl->buffers.domainName.buffer && ssl->buffers.domainName.length > 0) { + /* Create policy with specified value to require host name match */ + hostname = CFStringCreateWithCString( + kCFAllocatorDefault, (const char*)ssl->buffers.domainName.buffer, + kCFStringEncodingUTF8); + } + if (hostname != NULL) { + policy = SecPolicyCreateSSL(true, hostname); + } + else { + policy = SecPolicyCreateSSL(true, NULL); + } status = SecTrustCreateWithCertificates(certArray, policy, &trust); if (status != errSecSuccess) { WOLFSSL_MSG_EX("Error creating trust object, " - "SecTrustCreateWithCertificates returned %d",status); + "SecTrustCreateWithCertificates returned %d", + status); ret = 0; goto cleanup; } +#if defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) + /* TEST ONLY CODE: + * Set accumulated list of trusted CA certificates as trust anchors */ + WOLFSSL_MSG("Setting anchor certificates"); + if (ssl->ctx->testTrustedCAs != NULL) { + status = SecTrustSetAnchorCertificates(trust, ssl->ctx->testTrustedCAs); + if (status != errSecSuccess) { + WOLFSSL_MSG_EX("Error setting anchor certificates: %d", status); + ret = 0; + goto cleanup; + } + } +#endif + /* Evaluate the certificate's authenticity */ - if (SecTrustEvaluateWithError(trust, NULL) == 1) { - WOLFSSL_MSG("Cert chain is trusted"); - ret = 1; + WOLFSSL_MSG("Performing Apple native cert validation via " + "SecTrustEvaluateWithError"); + ret = SecTrustEvaluateWithError(trust, &error); + if (ret != 1) { + if (error) { + CFIndex code; + code = CFErrorGetCode(error); + WOLFSSL_MSG_EX("SecTrustEvaluateWithError failed with code: %ld\n", + code); + DisplaySecTrustError(error, trust); + +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + /* TEST ONLY CODE: + * wolfSSL API tests use a cert with a validity period that is too + * long for the Apple system trust APIs + * (See: https://support.apple.com/en-us/103769) + * therefore we should skip over this particular error */ + if (code == errSecCertificateValidityPeriodTooLong) { + if (MaxValidityPeriodErrorOnly(error)) { + WOLFSSL_MSG("Multiple reasons for validity period error, " + "not skipping"); + ret = 0; + } else { + WOLFSSL_MSG("Skipping certificate validity period error"); + ret = 1; + } + } +#endif + (void)code; + CFRelease(error); + } + else { + WOLFSSL_MSG( + "SecTrustEvaluateWithError failed with unknown error.\n"); + } } else { - WOLFSSL_MSG("Cert chain trust evaluation failed" - "SecTrustEvaluateWithError returned 0"); - ret = 0; + WOLFSSL_MSG("SecTrustEvaluateWithError succeeded"); } /* Cleanup */ @@ -42729,11 +43044,46 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, if (policy) { CFRelease(policy); } + if (hostname) { + CFRelease(hostname); + } WOLFSSL_LEAVE("DoAppleNativeCertValidation", ret); return ret; } + +#if defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx, + const byte* derCert, + int derLen) +{ + SecCertificateRef certRef; + + if (derCert == NULL || derLen == 0) { + return WOLFSSL_FAILURE; + } + + /* Create the base array for trust anchors if it doesn't exist */ + if (ctx->testTrustedCAs == NULL) { + ctx->testTrustedCAs = + CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + if (!ctx->testTrustedCAs) { + return WOLFSSL_FAILURE; + } + } + + certRef = ConvertToSecCertificateRef(derCert, derLen); + if (!certRef) { + return false; + } + + CFArrayAppendValue(ctx->testTrustedCAs, certRef); + CFRelease(certRef); + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ + #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ #undef ERROR_OUT diff --git a/src/src/keys.c b/src/src/keys.c index 8f8d2eb..e42a6eb 100644 --- a/src/src/keys.c +++ b/src/src/keys.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -3554,6 +3554,13 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side) ret = PROTOCOLCB_UNAVAILABLE; if (ssl->ctx->EncryptKeysCb) { void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) + FSPSM_ST* cbInfo = (FSPSM_ST*)ctx; + cbInfo->side = side; + #elif defined(WOLFSSL_RENESAS_TSIP_TLS) + TsipUserCtx* cbInfo = (TsipUserCtx*)ctx; + cbInfo->key_side = side; + #endif ret = ssl->ctx->EncryptKeysCb(ssl, ctx); } if (!ssl->ctx->EncryptKeysCb || diff --git a/src/src/ocsp.c b/src/src/ocsp.c index c90936a..f121662 100644 --- a/src/src/ocsp.c +++ b/src/src/ocsp.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/src/pk.c b/src/src/pk.c index 3136cf9..7cb73d7 100644 --- a/src/src/pk.c +++ b/src/src/pk.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -360,11 +360,13 @@ static int der_write_to_file_as_pem(const unsigned char* der, int derSz, * @param [in] passedSz Size of password in bytes. * @param [out] cipherInfo PEM cipher information lines. * @param [in] maxDerSz Maximum size of DER buffer. + * @param [in] hashType Hash algorithm * @return 1 on success. * @return 0 on error. */ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, - unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz) + unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz, + int hashType) { int ret = 0; int paddingSz = 0; @@ -433,7 +435,7 @@ int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, /* Encrypt DER buffer. */ ret = wc_BufferKeyEncrypt(info, der, (word32)*derSz, passwd, passwdSz, - WC_MD5); + hashType); if (ret != 0) { WOLFSSL_MSG("encrypt key failed"); } @@ -504,6 +506,12 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz, byte* tmp = NULL; byte* cipherInfo = NULL; int pemSz = 0; + int hashType = WC_HASH_TYPE_NONE; +#if !defined(NO_MD5) + hashType = WC_MD5; +#elif !defined(NO_SHA) + hashType = WC_SHA; +#endif /* Macro doesn't always use it. */ (void)heap; @@ -536,7 +544,7 @@ static int der_to_enc_pem_alloc(unsigned char* der, int derSz, /* Encrypt DER inline. */ ret = EncryptDerKey(der, &derSz, cipher, passwd, passwdSz, - &cipherInfo, derSz + blockSz); + &cipherInfo, derSz + blockSz, hashType); if (ret != 1) { WOLFSSL_ERROR_MSG("EncryptDerKey failed"); } @@ -3526,9 +3534,43 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, * RSA padding APIs */ -#if defined(WC_RSA_PSS) && (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) -#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) +#ifdef WC_RSA_PSS + +#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) +static int rsa_pss_calc_salt(int saltLen, int hashLen, int emLen) +{ + /* Calculate the salt length to use for special cases. */ + switch (saltLen) { + /* Negative saltLen values are treated differently. */ + case WC_RSA_PSS_SALTLEN_DIGEST: + saltLen = hashLen; + break; + case WC_RSA_PSS_SALTLEN_MAX_SIGN: + case WC_RSA_PSS_SALTLEN_MAX: + #ifdef WOLFSSL_PSS_LONG_SALT + saltLen = emLen - hashLen - 2; + #else + saltLen = hashLen; + (void)emLen; + #endif + break; + default: + break; + } + if (saltLen < 0) { + /* log invalid salt, let wolfCrypt handle error */ + WOLFSSL_ERROR_MSG("invalid saltLen"); + saltLen = -3; /* for wolfCrypt to produce error must be < -2 */ + } + return saltLen; +} +#endif /* OPENSSL_EXTRA && !HAVE_SELFTEST */ + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Add PKCS#1 PSS padding to hash. * * @@ -3646,28 +3688,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, } if (ret == 1) { - /* Calculate the salt length to use for special cases. */ - /* TODO: use special case wolfCrypt values? */ - switch (saltLen) { - /* Negative saltLen values are treated differently. */ - case RSA_PSS_SALTLEN_DIGEST: - saltLen = hashLen; - break; - case RSA_PSS_SALTLEN_MAX_SIGN: - case RSA_PSS_SALTLEN_MAX: - #ifdef WOLFSSL_PSS_LONG_SALT - saltLen = emLen - hashLen - 2; - #else - saltLen = hashLen; - #endif - break; - default: - if (saltLen < 0) { - /* No other negative values implemented. */ - WOLFSSL_ERROR_MSG("invalid saltLen"); - ret = 0; - } - } + saltLen = rsa_pss_calc_salt(saltLen, hashLen, emLen); } if (ret == 1) { @@ -3759,31 +3780,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, } if (ret == 1) { - /* Calculate the salt length to use for special cases. */ - switch (saltLen) { - /* Negative saltLen values are treated differently */ - case RSA_PSS_SALTLEN_DIGEST: - saltLen = hashLen; - break; - case RSA_PSS_SALTLEN_AUTO: - #ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER - saltLen = RSA_PSS_SALT_LEN_DISCOVER; - break; - #endif - case RSA_PSS_SALTLEN_MAX: - #ifdef WOLFSSL_PSS_LONG_SALT - saltLen = emLen - hashLen - 2; - #else - saltLen = hashLen; - #endif - break; - default: - if (saltLen < 0) { - /* No other negative values implemented. */ - WOLFSSL_ERROR_MSG("invalid saltLen"); - ret = 0; - } - } + saltLen = rsa_pss_calc_salt(saltLen, hashLen, emLen); } if (ret == 1) { @@ -3848,18 +3845,23 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, saltLen); } -#endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ -#endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || - * WOLFSSL_NGINX) */ +#endif /* (!HAVE_FIPS || FIPS_VERSION_GT(2,0)) && \ + (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_NGINX) */ +#endif /* WC_RSA_PSS */ /* * RSA sign/verify APIs */ -#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DEFAULT +#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) + #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DEFAULT + #else + #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DISCOVER + #endif #else - #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DISCOVER + #define DEF_PSS_SALT_LEN 0 /* not used */ #endif #if defined(OPENSSL_EXTRA) @@ -3972,6 +3974,14 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash, return ret; } +int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag, int padding) +{ + return wolfSSL_RSA_sign_mgf(hashAlg, hash, hLen, sigRet, sigLen, rsa, flag, + padding, hashAlg, DEF_PSS_SALT_LEN); +} + /** * Sign a message hash with the chosen message digest, padding, and RSA key. * @@ -3990,12 +4000,14 @@ int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash, * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and * WC_RSA_PKCS1_PADDING are currently supported for * signing. + * @param [in] mgf1Hash MGF1 Hash NID + * @param [in] saltLen Length of RSA PSS salt * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, +int wolfSSL_RSA_sign_mgf(int hashAlg, const unsigned char* hash, unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, - WOLFSSL_RSA* rsa, int flag, int padding) + WOLFSSL_RSA* rsa, int flag, int padding, int mgf1Hash, int saltLen) { int ret = 1; word32 outLen = 0; @@ -4012,8 +4024,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, #endif unsigned int encSz = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding"); + WOLFSSL_ENTER("wolfSSL_RSA_sign_mgf"); if (flag == 0) { /* Only encode message. */ @@ -4080,7 +4091,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, case WC_RSA_NO_PAD: if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen, (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) { - WOLFSSL_ERROR_MSG("Bad Rsa Sign no pad"); + WOLFSSL_ERROR_MSG("Bad RSA Sign no pad"); ret = 0; } break; @@ -4089,17 +4100,20 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) case WC_RSA_PKCS1_PSS_PADDING: { - enum wc_HashType hType = - wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); - #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - WOLFSSL_MSG("Using RSA-PSS with hash length salt. " - "OpenSSL uses max length by default."); - #endif + RsaKey* key = (RsaKey*)rsa->internal; + enum wc_HashType mgf1, hType; + hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); + if (mgf1Hash == WC_NID_undef) + mgf1Hash = hashAlg; + mgf1 = wc_OidGetHash((int)nid2oid(mgf1Hash, oidHashType)); + /* handle compat layer salt special cases */ + saltLen = rsa_pss_calc_salt(saltLen, wc_HashGetDigestSize(hType), + wolfSSL_RSA_size(rsa)); + /* Create RSA PSS signature. */ if ((signSz = wc_RsaPSS_Sign_ex(encodedSig, encSz, sigRet, outLen, - hType, wc_hash2mgf(hType), DEF_PSS_SALT_LEN, - (RsaKey*)rsa->internal, rng)) <= 0) { - WOLFSSL_ERROR_MSG("Bad Rsa Sign"); + hType, wc_hash2mgf(mgf1), saltLen, key, rng)) <= 0) { + WOLFSSL_ERROR_MSG("Bad RSA PSS Sign"); ret = 0; } break; @@ -4118,13 +4132,15 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, /* Sign (private encrypt) PKCS#1 encoded signature. */ if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen, (RsaKey*)rsa->internal, rng)) <= 0) { - WOLFSSL_ERROR_MSG("Bad Rsa Sign"); + WOLFSSL_ERROR_MSG("Bad PKCS1 RSA Sign"); ret = 0; } break; } default: WOLFSSL_ERROR_MSG("Unsupported padding"); + (void)mgf1Hash; + (void)saltLen; ret = 0; break; } @@ -4145,7 +4161,7 @@ int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); #endif - WOLFSSL_LEAVE("wolfSSL_RSA_sign_generic_padding", ret); + WOLFSSL_LEAVE("wolfSSL_RSA_sign_mgf", ret); return ret; } @@ -4169,6 +4185,14 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash, WC_RSA_PKCS1_PADDING); } +int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, + unsigned int hLen, const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa, int padding) +{ + return wolfSSL_RSA_verify_mgf(hashAlg, hash, hLen, sig, sigLen, rsa, + padding, hashAlg, DEF_PSS_SALT_LEN); +} + /** * Verify a message hash with the chosen message digest, padding, and RSA key. * @@ -4183,12 +4207,14 @@ int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash, * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and * WC_RSA_PKCS1_PADDING are currently supported for * signing. + * @param [in] mgf1Hash MGF1 Hash NID + * @param [in] saltLen Length of RSA PSS salt * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, +int wolfSSL_RSA_verify_mgf(int hashAlg, const unsigned char* hash, unsigned int hLen, const unsigned char* sig, unsigned int sigLen, - WOLFSSL_RSA* rsa, int padding) + WOLFSSL_RSA* rsa, int padding, int mgf1Hash, int saltLen) { int ret = 1; #ifdef WOLFSSL_SMALL_STACK @@ -4203,7 +4229,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, enum wc_HashType hType = WC_HASH_TYPE_NONE; #endif - WOLFSSL_ENTER("wolfSSL_RSA_verify"); + WOLFSSL_ENTER("wolfSSL_RSA_verify_mgf"); /* Validate parameters. */ if ((hash == NULL) || (sig == NULL) || (rsa == NULL)) { @@ -4220,8 +4246,49 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, ret = 0; } } + if (ret == 1 && padding == WC_RSA_PKCS1_PSS_PADDING) { + #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) + RsaKey* key = (RsaKey*)rsa->internal; + enum wc_HashType mgf1; + hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); + if (mgf1Hash == WC_NID_undef) + mgf1Hash = hashAlg; + mgf1 = wc_OidGetHash((int)nid2oid(mgf1Hash, oidHashType)); + + /* handle compat layer salt special cases */ + saltLen = rsa_pss_calc_salt(saltLen, wc_HashGetDigestSize(hType), + wolfSSL_RSA_size(rsa)); + + verLen = wc_RsaPSS_Verify_ex((byte*)sig, sigLen, sigDec, sigLen, + hType, wc_hash2mgf(mgf1), saltLen, key); + if (verLen > 0) { + /* Check PSS padding is valid. */ + if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen, + hType, saltLen, mp_count_bits(&key->n)) != 0) { + WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error"); + ret = WOLFSSL_FAILURE; + } + else { + /* Success! Free resources and return early */ + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_SUCCESS; + } + } + else { + WOLFSSL_ERROR_MSG("wc_RsaPSS_Verify_ex failed!"); + ret = WOLFSSL_FAILURE; + } + #else + (void)mgf1Hash; + (void)saltLen; + WOLFSSL_ERROR_MSG("RSA PSS not compiled in!"); + ret = WOLFSSL_FAILURE; + #endif + } + #ifdef WOLFSSL_SMALL_STACK - if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) { + if (ret == 1) { /* Allocate memory for encoded signature. */ encodedSig = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -4231,7 +4298,7 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, } } #endif - if ((ret == 1) && (padding != WC_RSA_PKCS1_PSS_PADDING)) { + if (ret == 1) { /* Make encoded signature to compare with decrypted signature. */ if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len, padding) <= 0) { @@ -4258,20 +4325,6 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, #endif } if (ret == 1) { - #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) - if (padding == WC_RSA_PKCS1_PSS_PADDING) { - /* Check PSS padding is valid. */ - if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen, - hType, DEF_PSS_SALT_LEN, - mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) { - WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error"); - ret = 0; - } - } - else - #endif /* WC_RSA_PSS && !HAVE_SELFTEST && (!HAVE_FIPS || - * FIPS_VERSION >= 5.1) */ /* Compare decrypted signature to encoded signature. */ if (((int)len != verLen) || (XMEMCMP(encodedSig, sigDec, (size_t)verLen) != 0)) { @@ -4285,6 +4338,8 @@ int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + WOLFSSL_LEAVE("wolfSSL_RSA_verify_mgf", ret); return ret; } @@ -5978,7 +6033,8 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen) { -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) +#if (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ + !defined(NO_MD5) byte *derBuf, *tmp, *cipherInfo = NULL; int der_max_len = 0, derSz = 0; const int type = DSA_PRIVATEKEY_TYPE; @@ -6024,8 +6080,8 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, if (passwd != NULL && passwdSz > 0 && cipher != NULL) { int ret; - ret = EncryptDerKey(derBuf, &derSz, cipher, - passwd, passwdSz, &cipherInfo, der_max_len); + ret = EncryptDerKey(derBuf, &derSz, cipher, passwd, passwdSz, + &cipherInfo, der_max_len, WC_MD5); if (ret != 1) { WOLFSSL_MSG("EncryptDerKey failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); @@ -6086,7 +6142,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, (void)pem; (void)pLen; return 0; -#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ +#endif /* (WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM) && !NO_MD5 */ } #ifndef NO_FILESYSTEM diff --git a/src/src/quic.c b/src/src/quic.c index 5791a7d..7c30cfc 100644 --- a/src/src/quic.c +++ b/src/src/quic.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -989,12 +989,16 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl) switch (cipher->cipherSuite) { #if !defined(NO_AES) && defined(HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 case TLS_AES_128_GCM_SHA256: evp_cipher = wolfSSL_EVP_aes_128_gcm(); break; + #endif + #ifdef WOLFSSL_AES_256 case TLS_AES_256_GCM_SHA384: evp_cipher = wolfSSL_EVP_aes_256_gcm(); break; + #endif #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case TLS_CHACHA20_POLY1305_SHA256: diff --git a/src/src/sniffer.c b/src/src/sniffer.c index 4d0c8e1..2bda758 100644 --- a/src/src/sniffer.c +++ b/src/src/sniffer.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -27,6 +27,7 @@ /* Build Options: * WOLFSSL_SNIFFER_NO_RECOVERY: Do not track missed data count. + * SNIFFER_SINGLE_SESSION_CACHE: Do not cache more than one session. */ @@ -446,7 +447,6 @@ typedef struct Flags { byte serverCipherOn; /* indicates whether cipher is active */ byte clientCipherOn; /* indicates whether cipher is active */ byte resuming; /* did this session come from resumption */ - byte cached; /* have we cached this session yet */ byte clientHello; /* processed client hello yet, for SSLv2 */ byte finCount; /* get both FINs before removing */ byte fatalError; /* fatal error state */ @@ -462,6 +462,9 @@ typedef struct Flags { #ifdef WOLFSSL_ASYNC_CRYPT byte wasPolled; #endif +#ifdef SNIFFER_SINGLE_SESSION_CACHE + byte cached; /* have we cached this session yet */ +#endif } Flags; @@ -3266,25 +3269,25 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len, word16 filter_group) { - int index = 0; - while (index < len) { + int idx = 0; + while (idx < len) { /* clear info (reset dh_key_bits and curve_id) */ XMEMSET(info, 0, sizeof(KeyShareInfo)); /* Named group and public key */ - info->named_group = (word16)((input[index] << 8) | input[index+1]); - index += OPAQUE16_LEN; + info->named_group = (word16)((input[idx] << 8) | input[idx+1]); + idx += OPAQUE16_LEN; info->key_len = 0; info->key = NULL; /* If key was provided... (a hello_retry_request will not send a key) */ - if (index + 2 <= len) { - info->key_len = (word16)((input[index] << 8) | input[index+1]); - index += OPAQUE16_LEN; - if (info->key_len == 0 || info->key_len > len - index) { + if (idx + 2 <= len) { + info->key_len = (word16)((input[idx] << 8) | input[idx+1]); + idx += OPAQUE16_LEN; + if (info->key_len == 0 || info->key_len > len - idx) { return WOLFSSL_FATAL_ERROR; } - info->key = &input[index]; - index += info->key_len; + info->key = &input[idx]; + idx += info->key_len; } switch (info->named_group) { @@ -3466,6 +3469,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, if (IsAtLeastTLSv1_3(ssl->version)) { /* Note: Must use server session for sessions */ #ifdef HAVE_SESSION_TICKET + WOLFSSL_SESSION* sess; if (SetTicket(session->sslServer, input, len) != 0) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; @@ -3474,10 +3478,11 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* set haveSessionId to use the wolfSession cache */ session->sslServer->options.haveSessionId = 1; + #ifdef SNIFFER_SINGLE_SESSION_CACHE /* Use the wolf Session cache to retain resumption secret */ if (session->flags.cached == 0) { - WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer, - NULL, 0); + #endif /* SNIFFER_SINGLE_SESSION_CACHE */ + sess = wolfSSL_GetSession(session->sslServer, NULL, 0); if (sess == NULL) { SetupSession(session->sslServer); AddSession(session->sslServer); /* don't re add */ @@ -3485,8 +3490,10 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, INC_STAT(SnifferStats.sslResumptionInserts); #endif } + #ifdef SNIFFER_SINGLE_SESSION_CACHE session->flags.cached = 1; } + #endif /* SNIFFER_SINGLE_SESSION_CACHE */ #endif /* HAVE_SESSION_TICKET */ } else @@ -4405,7 +4412,11 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, return ret; } - if (ret == 0 && session->flags.cached == 0) { + if (ret == 0 + #ifdef SNIFFER_SINGLE_SESSION_CACHE + && session->flags.cached == 0 + #endif + ) { if (session->sslServer->options.haveSessionId) { #ifndef NO_SESSION_CACHE WOLFSSL_SESSION* sess = wolfSSL_GetSession(session->sslServer, NULL, 0); @@ -4416,7 +4427,9 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, INC_STAT(SnifferStats.sslResumptionInserts); #endif } - session->flags.cached = 1; + #ifdef SNIFFER_SINGLE_SESSION_CACHE + session->flags.cached = 1; + #endif #endif } } @@ -5116,6 +5129,12 @@ static void RemoveStaleSessions(void) } } +void ssl_RemoveStaleSessions(void) +{ + LOCK_SESSION(); + RemoveStaleSessions(); + UNLOCK_SESSION(); +} /* Create a new Sniffer Session */ static SnifferSession* CreateSession(IpInfo* ipInfo, TcpInfo* tcpInfo, @@ -6365,10 +6384,31 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, Trace(GOT_APP_DATA_STR); { word32 inOutIdx = 0; + int ivExtra = 0; ret = DoApplicationData(ssl, (byte*)sslFrame, &inOutIdx, SNIFF); if (ret == 0) { ret = ssl->buffers.clearOutputBuffer.length; + #ifndef WOLFSSL_AEAD_ONLY + if (ssl->specs.cipher_type == block) { + if (ssl->options.tls1_1) + ivExtra = ssl->specs.block_size; + } + else + #endif + if (ssl->specs.cipher_type == aead) { + if (!ssl->options.tls1_3 && + ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) + ivExtra = AESGCM_EXP_IV_SZ; + } + + ret -= ivExtra;; + + #if defined(HAVE_ENCRYPT_THEN_MAC) && \ + !defined(WOLFSSL_AEAD_ONLY) + if (ssl->options.startedETMRead) + ret -= MacSize(ssl); + #endif TraceGotData(ret); if (ret) { /* may be blank message */ if (data != NULL) { @@ -7276,7 +7316,7 @@ static int addSecretNode(unsigned char* clientRandom, unsigned char* secret, char* error) { - int index = 0; + int idx = 0; int ret = 0; SecretNode* node = NULL; @@ -7286,8 +7326,8 @@ static int addSecretNode(unsigned char* clientRandom, LOCK_SECRET_LIST(); - index = secretHashFunction(clientRandom); - node = secretHashTable[index]; + idx = secretHashFunction(clientRandom); + node = secretHashTable[idx]; while(node) { /* Node already exists, so just add the requested secret */ @@ -7330,12 +7370,12 @@ static unsigned char* findSecret(unsigned char* clientRandom, int type) { unsigned char* secret = NULL; SecretNode* node = NULL; - unsigned int index = 0; + unsigned int idx = 0; LOCK_SECRET_LIST(); - index = secretHashFunction(clientRandom); - node = secretHashTable[index]; + idx = secretHashFunction(clientRandom); + node = secretHashTable[idx]; while (node != NULL) { if (XMEMCMP(node->clientRandom, @@ -7607,6 +7647,106 @@ int ssl_LoadSecretsFromKeyLogFile(const char* keylogfile, char* error) #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ +/* + * Removes a session from the SessionTable based on client/server IP & ports + * Returns 0 if a session was found and freed, -1 otherwise + */ +int ssl_RemoveSession(const char* clientIp, int clientPort, + const char* serverIp, int serverPort, + char* error) +{ + IpAddrInfo clientAddr; + IpAddrInfo serverAddr; + IpInfo ipInfo; + TcpInfo tcpInfo; + SnifferSession* session; + int ret = -1; /* Default to not found */ + word32 row; + + if (clientIp == NULL || serverIp == NULL) { + SetError(BAD_IPVER_STR, error, NULL, 0); + return ret; + } + + /* Set up client IP address */ + clientAddr.version = IPV4; + clientAddr.ip4 = XINET_ADDR(clientIp); + if (clientAddr.ip4 == XINADDR_NONE) { + #ifdef FUSION_RTOS + if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, + sizeof(clientAddr.ip4)) == 1) + #else + if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6) == 1) + #endif + { + clientAddr.version = IPV6; + } + else { + SetError(BAD_IPVER_STR, error, NULL, 0); + return ret; + } + } + + /* Set up server IP address */ + serverAddr.version = IPV4; + serverAddr.ip4 = XINET_ADDR(serverIp); + if (serverAddr.ip4 == XINADDR_NONE) { + #ifdef FUSION_RTOS + if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6, + sizeof(serverAddr.ip4)) == 1) + #else + if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6) == 1) + #endif + { + serverAddr.version = IPV6; + } + else { + SetError(BAD_IPVER_STR, error, NULL, 0); + return ret; + } + } + + XMEMSET(&ipInfo, 0, sizeof(ipInfo)); + XMEMSET(&tcpInfo, 0, sizeof(tcpInfo)); + + /* Set up client->server direction */ + ipInfo.src = clientAddr; + ipInfo.dst = serverAddr; + tcpInfo.srcPort = clientPort; + tcpInfo.dstPort = serverPort; + + /* Calculate the hash row for this session */ + row = SessionHash(&ipInfo, &tcpInfo); + + LOCK_SESSION(); + + /* Search only the specific row in the session table */ + session = SessionTable[row]; + + while (session) { + SnifferSession* next = session->next; + + /* Check if this session matches the specified client/server IP/port */ + if (MatchAddr(session->client, clientAddr) && + MatchAddr(session->server, serverAddr) && + session->cliPort == clientPort && + session->srvPort == serverPort) { + + /* Use RemoveSession to remove and free the session */ + RemoveSession(session, NULL, NULL, row); + ret = 0; /* Session found and freed */ + break; + } + + session = next; + } + + UNLOCK_SESSION(); + + return ret; +} + + #undef ERROR_OUT #endif /* WOLFSSL_SNIFFER */ diff --git a/src/src/ssl.c b/src/src/ssl.c index 0b74065..4191557 100644 --- a/src/src/ssl.c +++ b/src/src/ssl.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -232,8 +232,10 @@ static struct SystemCryptoPolicy crypto_policy; static WC_RNG globalRNG; static volatile int initGlobalRNG = 0; +#if defined(OPENSSL_EXTRA) || !defined(WOLFSSL_MUTEX_INITIALIZER) static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex); +#endif #ifndef WOLFSSL_MUTEX_INITIALIZER static int globalRNGMutex_valid = 0; #endif @@ -297,30 +299,36 @@ WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local); WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local) { WC_RNG* ret = NULL; +#ifdef WOLFSSL_SMALL_STACK + int freeRng = 0; - /* Assume not local until one created. */ - *local = 0; + /* Allocate RNG object . */ + if (rng == NULL) { + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + freeRng = 1; + } +#endif + if (rng != NULL) { + if (wc_InitRng(rng) == 0) { + ret = rng; + *local = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init"); #ifdef WOLFSSL_SMALL_STACK - /* Allocate RNG object . */ - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + if (freeRng) { + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + rng = NULL; + } #endif - /* Check we have a local RNG object and initialize. */ - if ((rng != NULL) && (wc_InitRng(rng) == 0)) { - ret = rng; - *local = 1; + } } if (ret == NULL) { - #ifdef HAVE_GLOBAL_RNG - WOLFSSL_MSG("Bad RNG Init, trying global"); - #endif - ret = wolfssl_make_global_rng(); - } - - if (ret != rng) { -#ifdef WOLFSSL_SMALL_STACK - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); +#ifdef HAVE_GLOBAL_RNG + WOLFSSL_MSG("trying global RNG"); #endif + ret = wolfssl_make_global_rng(); } return ret; @@ -1004,16 +1012,23 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) WOLFSSL_EchConfig* workingConfig = NULL; byte* outputStart = output; word32 totalLen = 2; - word32 workingOutputLen; + word32 workingOutputLen = 0; - if (configs == NULL || outputLen == NULL || *outputLen < totalLen) + if (configs == NULL || outputLen == NULL || + (output != NULL && *outputLen < totalLen)) { return BAD_FUNC_ARG; + } - workingOutputLen = *outputLen - totalLen; /* skip over total length which we fill in later */ - if (output != NULL) + if (output != NULL) { + workingOutputLen = *outputLen - totalLen; output += 2; + } + else { + /* caller getting the size only, set current 2 byte length size */ + *outputLen = totalLen; + } workingConfig = configs; @@ -6148,6 +6163,12 @@ int wolfSSL_Init(void) WOLFSSL_ENTER("wolfSSL_Init"); +#if defined(LIBWOLFSSL_CMAKE_OUTPUT) + WOLFSSL_MSG(LIBWOLFSSL_CMAKE_OUTPUT); +#else + WOLFSSL_MSG("No extra wolfSSL cmake messages found"); +#endif + #ifndef WOLFSSL_MUTEX_INITIALIZER if (inits_count_mutex_valid == 0) { #if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS @@ -11426,8 +11447,10 @@ const char *wolfSSL_get0_peername(WOLFSSL *ssl) { return (const char *)ssl->buffers.domainName.buffer; else if (ssl->session && ssl->session->peer) return ssl->session->peer->subjectCN; +#ifdef KEEP_PEER_CERT else if (ssl->peerCert.subjectCN[0]) return ssl->peerCert.subjectCN; +#endif else { ssl->error = NO_PEER_CERT; return NULL; @@ -12144,7 +12167,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) +#ifndef WOLFSSL_NO_CA_NAMES void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) { @@ -12165,8 +12188,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ssl->client_ca_names = names; } } +#endif - #ifdef OPENSSL_EXTRA +#ifdef OPENSSL_EXTRA /* registers client cert callback, called during handshake if server requests client auth but user has not loaded client cert/key */ void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb) @@ -12378,9 +12402,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } return ret; } - #endif /* OPENSSL_EXTRA */ - -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || HAVE_WEBSERVER */ +#endif /* OPENSSL_EXTRA */ #ifndef WOLFSSL_NO_CA_NAMES WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( @@ -12798,6 +12820,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ssl == NULL) return 0; +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT) + if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls + && IsAtLeastTLSv1_3(ssl->version)) { + return ssl->options.serverState == SERVER_FINISHED_ACKED; + } +#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT */ + /* Can't use ssl->options.connectState and ssl->options.acceptState * because they differ in meaning for TLS <=1.2 and 1.3 */ if (ssl->options.handShakeState == HANDSHAKE_DONE) @@ -13538,10 +13567,12 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver) } switch (ver) { +#ifndef NO_TLS +#ifndef NO_OLD_TLS case SSL2_VERSION: WOLFSSL_MSG("wolfSSL does not support SSLv2"); return WOLFSSL_FAILURE; -#ifndef NO_TLS +#endif case SSL3_VERSION: wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1); FALL_THROUGH; @@ -13596,9 +13627,6 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver) } /* Update the method */ switch (ver) { - case SSL2_VERSION: - WOLFSSL_MSG("wolfSSL does not support SSLv2"); - return WOLFSSL_FAILURE; #ifndef NO_TLS case SSL3_VERSION: ctx->method->version.minor = SSLv3_MINOR; @@ -14608,7 +14636,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) return sk; } - +#ifdef KEEP_PEER_CERT /** * Implemented in a similar way that ngx_ssl_ocsp_validate does it when * SSL_get0_verified_chain is not available. @@ -14669,6 +14697,7 @@ WOLF_STACK_OF(WOLFSSL_X509) *wolfSSL_get0_verified_chain(const WOLFSSL *ssl) wolfSSL_X509_STORE_CTX_free(storeCtx); return chain; } +#endif /* KEEP_PEER_CERT */ #endif /* SESSION_CERTS && OPENSSL_EXTRA */ #ifndef NO_CERTS @@ -15585,6 +15614,10 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) return "ML_KEM_512"; case WOLFSSL_P256_ML_KEM_512: return "P256_ML_KEM_512"; +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P256_ML_KEM_512_OLD: + return "P256_ML_KEM_512_OLD"; +#endif #ifdef HAVE_CURVE25519 case WOLFSSL_X25519_ML_KEM_512: return "X25519_ML_KEM_512"; @@ -15595,6 +15628,10 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) return "ML_KEM_768"; case WOLFSSL_P384_ML_KEM_768: return "P384_ML_KEM_768"; +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P384_ML_KEM_768_OLD: + return "P384_ML_KEM_768_OLD"; +#endif case WOLFSSL_P256_ML_KEM_768: return "P256_ML_KEM_768"; #ifdef HAVE_CURVE25519 @@ -15611,6 +15648,10 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) return "ML_KEM_1024"; case WOLFSSL_P521_ML_KEM_1024: return "P521_ML_KEM_1024"; +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P521_ML_KEM_1024_OLD: + return "P521_ML_KEM_1024_OLD"; +#endif case WOLFSSL_P384_ML_KEM_1024: return "P384_ML_KEM_1024"; #endif @@ -16498,6 +16539,45 @@ int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der) return wolfSSL_EVP_PKEY_get_der(key, der); } +int wolfSSL_i2d_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int derSz = 0; + byte* der = NULL; + + if (bio == NULL || key == NULL) { + return WOLFSSL_FAILURE; + } + + derSz = wolfSSL_i2d_PrivateKey(key, NULL); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PrivateKey (for getting size) failed"); + return WOLFSSL_FAILURE; + } + + der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!der) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + derSz = wolfSSL_i2d_PrivateKey(key, &der); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PrivateKey failed"); + goto cleanup; + } + + if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { + goto cleanup; + } + + ret = WOLFSSL_SUCCESS; + +cleanup: + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) { #if !defined(NO_RSA) || defined(HAVE_ECC) @@ -18367,9 +18447,8 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk) #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#ifdef OPENSSL_EXTRA - -#if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && defined(KEEP_PEER_CERT) && \ + defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM) int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); @@ -18440,14 +18519,13 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) return ret; } #endif -#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #ifndef NO_CERTS /* oidCertExtType */ - { WC_NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints", - "X509v3 Basic Constraints"}, + { WC_NID_basic_constraints, BASIC_CA_OID, oidCertExtType, + "basicConstraints", "X509v3 Basic Constraints"}, { WC_NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName", "X509v3 Subject Alternative Name"}, { WC_NID_crl_distribution_points, CRL_DIST_OID, oidCertExtType, @@ -18493,40 +18571,48 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { "OCSPSigning", "OCSP Signing"}, /* oidCertNameType */ - { WC_NID_commonName, WC_NID_commonName, oidCertNameType, "CN", "commonName"}, + { WC_NID_commonName, WC_NAME_COMMON_NAME_OID, oidCertNameType, + "CN", "commonName"}, #if !defined(WOLFSSL_CERT_REQ) - { WC_NID_surname, WC_NID_surname, oidCertNameType, "SN", "surname"}, + { WC_NID_surname, WC_NAME_SURNAME_OID, oidCertNameType, "SN", "surname"}, #endif - { WC_NID_serialNumber, WC_NID_serialNumber, oidCertNameType, "serialNumber", - "serialNumber"}, + { WC_NID_serialNumber, WC_NAME_SERIAL_NUMBER_OID, oidCertNameType, + "serialNumber", "serialNumber"}, { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userid"}, - { WC_NID_countryName, WC_NID_countryName, oidCertNameType, "C", "countryName"}, - { WC_NID_localityName, WC_NID_localityName, oidCertNameType, "L", "localityName"}, - { WC_NID_stateOrProvinceName, WC_NID_stateOrProvinceName, oidCertNameType, "ST", - "stateOrProvinceName"}, - { WC_NID_streetAddress, WC_NID_streetAddress, oidCertNameType, "street", - "streetAddress"}, - { WC_NID_organizationName, WC_NID_organizationName, oidCertNameType, "O", - "organizationName"}, - { WC_NID_organizationalUnitName, WC_NID_organizationalUnitName, oidCertNameType, - "OU", "organizationalUnitName"}, - { WC_NID_emailAddress, WC_NID_emailAddress, oidCertNameType, "emailAddress", - "emailAddress"}, - { WC_NID_domainComponent, WC_NID_domainComponent, oidCertNameType, "DC", - "domainComponent"}, - { WC_NID_rfc822Mailbox, WC_NID_rfc822Mailbox, oidCertNameType, "rfc822Mailbox", - "rfc822Mailbox"}, - { WC_NID_favouriteDrink, WC_NID_favouriteDrink, oidCertNameType, "favouriteDrink", - "favouriteDrink"}, - { WC_NID_businessCategory, WC_NID_businessCategory, oidCertNameType, + { WC_NID_countryName, WC_NAME_COUNTRY_NAME_OID, oidCertNameType, + "C", "countryName"}, + { WC_NID_localityName, WC_NAME_LOCALITY_NAME_OID, oidCertNameType, + "L", "localityName"}, + { WC_NID_stateOrProvinceName, WC_NAME_STATE_NAME_OID, oidCertNameType, + "ST", "stateOrProvinceName"}, + { WC_NID_streetAddress, WC_NAME_STREET_ADDRESS_OID, oidCertNameType, + "street", "streetAddress"}, + { WC_NID_organizationName, WC_NAME_ORGANIZATION_NAME_OID, oidCertNameType, + "O", "organizationName"}, + { WC_NID_organizationalUnitName, WC_NAME_ORGANIZATION_UNIT_NAME_OID, + oidCertNameType, "OU", "organizationalUnitName"}, + { WC_NID_title, WC_NAME_TITLE_OID, oidCertNameType, "title", "title"}, + { WC_NID_description, WC_NAME_DESCRIPTION_OID, oidCertNameType, + "description", "description"}, + { WC_NID_emailAddress, WC_NAME_EMAIL_ADDRESS_OID, oidCertNameType, + "emailAddress", "emailAddress"}, + { WC_NID_domainComponent, WC_NAME_DOMAIN_COMPONENT_OID, oidCertNameType, + "DC", "domainComponent"}, + { WC_NID_rfc822Mailbox, WC_NAME_RFC822_MAILBOX_OID, oidCertNameType, + "rfc822Mailbox", "rfc822Mailbox"}, + { WC_NID_favouriteDrink, WC_NAME_FAVOURITE_DRINK_OID, oidCertNameType, + "favouriteDrink", "favouriteDrink"}, + { WC_NID_businessCategory, WC_NAME_BUSINESS_CATEGORY_OID, oidCertNameType, "businessCategory", "businessCategory"}, - { WC_NID_jurisdictionCountryName, WC_NID_jurisdictionCountryName, oidCertNameType, - "jurisdictionC", "jurisdictionCountryName"}, - { WC_NID_jurisdictionStateOrProvinceName, WC_NID_jurisdictionStateOrProvinceName, + { WC_NID_jurisdictionCountryName, WC_NAME_JURIS_COUNTRY_OID, + oidCertNameType, "jurisdictionC", "jurisdictionCountryName"}, + { WC_NID_jurisdictionStateOrProvinceName, WC_NAME_JURIS_STATE_PROV_OID, oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"}, - { WC_NID_postalCode, WC_NID_postalCode, oidCertNameType, "postalCode", + { WC_NID_postalCode, WC_NAME_POSTAL_CODE_OID, oidCertNameType, "postalCode", "postalCode"}, - { WC_NID_userId, WC_NID_userId, oidCertNameType, "UID", "userId"}, + { WC_NID_userId, WC_NAME_USER_ID_OID, oidCertNameType, "UID", "userId"}, + { WC_NID_netscape_cert_type, NETSCAPE_CT_OID, oidCertNameType, + "nsCertType", "Netscape Cert Type"}, #if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL) { WC_NID_pkcs9_challengePassword, CHALLENGE_PASSWORD_OID, @@ -18535,12 +18621,12 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { oidCsrAttrType, "contentType", "contentType" }, { WC_NID_pkcs9_unstructuredName, UNSTRUCTURED_NAME_OID, oidCsrAttrType, "unstructuredName", "unstructuredName" }, - { WC_NID_name, NAME_OID, oidCsrAttrType, "name", "name" }, + { WC_NID_name, WC_NAME_NAME_OID, oidCsrAttrType, "name", "name" }, { WC_NID_surname, SURNAME_OID, oidCsrAttrType, "surname", "surname" }, - { WC_NID_givenName, GIVEN_NAME_OID, + { WC_NID_givenName, WC_NAME_GIVEN_NAME_OID, oidCsrAttrType, "givenName", "givenName" }, - { WC_NID_initials, INITIALS_OID, + { WC_NID_initials, WC_NAME_INITIALIS_OID, oidCsrAttrType, "initials", "initials" }, { WC_NID_dnQualifier, DNQUALIFIER_OID, oidCsrAttrType, "dnQualifer", "dnQualifier" }, @@ -18592,7 +18678,8 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { /* oidSigType */ #ifndef NO_DSA #ifndef NO_SHA - { WC_NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"}, + { WC_NID_dsaWithSHA1, CTC_SHAwDSA, oidSigType, + "DSA-SHA1", "dsaWithSHA1"}, { WC_NID_dsa_with_SHA256, CTC_SHA256wDSA, oidSigType, "dsa_with_SHA256", "dsa_with_SHA256"}, #endif @@ -18611,20 +18698,20 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { "sha1WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA224 - { WC_NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, "RSA-SHA224", - "sha224WithRSAEncryption"}, + { WC_NID_sha224WithRSAEncryption, CTC_SHA224wRSA, oidSigType, + "RSA-SHA224", "sha224WithRSAEncryption"}, #endif #ifndef NO_SHA256 - { WC_NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, "RSA-SHA256", - "sha256WithRSAEncryption"}, + { WC_NID_sha256WithRSAEncryption, CTC_SHA256wRSA, oidSigType, + "RSA-SHA256", "sha256WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA384 - { WC_NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, "RSA-SHA384", - "sha384WithRSAEncryption"}, + { WC_NID_sha384WithRSAEncryption, CTC_SHA384wRSA, oidSigType, + "RSA-SHA384", "sha384WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA512 - { WC_NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, "RSA-SHA512", - "sha512WithRSAEncryption"}, + { WC_NID_sha512WithRSAEncryption, CTC_SHA512wRSA, oidSigType, + "RSA-SHA512", "sha512WithRSAEncryption"}, #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 @@ -18645,7 +18732,8 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #endif #endif #ifdef WC_RSA_PSS - { WC_NID_rsassaPss, CTC_RSASSAPSS, oidSigType, "RSASSA-PSS", "rsassaPss" }, + { WC_NID_rsassaPss, CTC_RSASSAPSS, oidSigType, + "RSASSA-PSS", "rsassaPss" }, #endif #endif /* NO_RSA */ #ifdef HAVE_ECC @@ -18739,22 +18827,22 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { /* oidCurveType */ #ifdef HAVE_ECC - { WC_NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", - "prime192v1"}, - { WC_NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", - "prime192v2"}, - { WC_NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", - "prime192v3"}, - - { WC_NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", - "prime239v1"}, - { WC_NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", - "prime239v2"}, - { WC_NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", - "prime239v3"}, - - { WC_NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", - "prime256v1"}, + { WC_NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, + "prime192v1", "prime192v1"}, + { WC_NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, + "prime192v2", "prime192v2"}, + { WC_NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, + "prime192v3", "prime192v3"}, + + { WC_NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, + "prime239v1", "prime239v1"}, + { WC_NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, + "prime239v2", "prime239v2"}, + { WC_NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, + "prime239v3", "prime239v3"}, + + { WC_NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, + "prime256v1", "prime256v1"}, { WC_NID_secp112r1, ECC_SECP112R1_OID, oidCurveType, "secp112r1", "secp112r1"}, @@ -18896,7 +18984,7 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = { #endif #if defined(WOLFSSL_APACHE_HTTPD) /* "1.3.6.1.5.5.7.8.7" */ - { WC_NID_id_on_dnsSRV, WC_NID_id_on_dnsSRV, oidCertNameType, + { WC_NID_id_on_dnsSRV, WOLFSSL_DNS_SRV_SUM, oidCertNameType, WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV }, /* "1.3.6.1.4.1.311.20.2.3" */ @@ -20538,6 +20626,8 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) unsigned int sum = 0; unsigned int outSz = MAX_OID_SZ; unsigned char out[MAX_OID_SZ]; + + XMEMSET(out, 0, sizeof(out)); #endif WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); @@ -20550,9 +20640,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) ret = EncodePolicyOID(out, &outSz, s, NULL); if (ret == 0) { /* sum OID */ - for (i = 0; i < outSz; i++) { - sum += out[i]; - } + sum = wc_oid_sum(out, outSz); } #endif /* WOLFSSL_CERT_EXT */ @@ -23149,9 +23237,12 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { {CURVE_NAME("K-192"), WC_NID_secp192k1, WOLFSSL_ECC_SECP192K1}, {CURVE_NAME("K-224"), WC_NID_secp224k1, WOLFSSL_ECC_SECP224R1}, {CURVE_NAME("K-256"), WC_NID_secp256k1, WOLFSSL_ECC_SECP256K1}, - {CURVE_NAME("B-256"), WC_NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1}, - {CURVE_NAME("B-384"), WC_NID_brainpoolP384r1, WOLFSSL_ECC_BRAINPOOLP384R1}, - {CURVE_NAME("B-512"), WC_NID_brainpoolP512r1, WOLFSSL_ECC_BRAINPOOLP512R1}, + {CURVE_NAME("B-256"), WC_NID_brainpoolP256r1, + WOLFSSL_ECC_BRAINPOOLP256R1}, + {CURVE_NAME("B-384"), WC_NID_brainpoolP384r1, + WOLFSSL_ECC_BRAINPOOLP384R1}, + {CURVE_NAME("B-512"), WC_NID_brainpoolP512r1, + WOLFSSL_ECC_BRAINPOOLP512R1}, #endif #ifdef HAVE_CURVE25519 {CURVE_NAME("X25519"), WC_NID_X25519, WOLFSSL_ECC_X25519}, @@ -23535,12 +23626,13 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, int wolfSSL_set_alpn_protos(WOLFSSL* ssl, const unsigned char* p, unsigned int p_len) { - WOLFSSL_BIO* bio; char* pt = NULL; - + unsigned int ptIdx; unsigned int sz; unsigned int idx = 0; int alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH; + int ret; + WOLFSSL_ENTER("wolfSSL_set_alpn_protos"); if (ssl == NULL || p_len <= 1) { @@ -23554,8 +23646,9 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, #endif } - bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - if (bio == NULL) { + /* Replacing leading number with trailing ',' and adding '\0'. */ + pt = (char*)XMALLOC(p_len + 1, ssl->heap, DYNAMIC_TYPE_OPENSSL); + if (pt == NULL) { #if defined(WOLFSSL_ERROR_CODE_OPENSSL) /* 0 on success in OpenSSL, non-0 on failure in OpenSSL * the function reverses the return value convention. @@ -23566,6 +23659,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, #endif } + ptIdx = 0; /* convert into comma separated list */ while (idx < p_len - 1) { unsigned int i; @@ -23573,7 +23667,7 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, sz = p[idx++]; if (idx + sz > p_len) { WOLFSSL_MSG("Bad list format"); - wolfSSL_BIO_free(bio); + XFREE(pt, ssl->heap, DYNAMIC_TYPE_OPENSSL); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) /* 0 on success in OpenSSL, non-0 on failure in OpenSSL * the function reverses the return value convention. @@ -23585,27 +23679,30 @@ int wolfSSL_set_alpn_protos(WOLFSSL* ssl, } if (sz > 0) { for (i = 0; i < sz; i++) { - wolfSSL_BIO_write(bio, &p[idx++], 1); + pt[ptIdx++] = p[idx++]; + } + if (idx < p_len - 1) { + pt[ptIdx++] = ','; } - if (idx < p_len - 1) - wolfSSL_BIO_write(bio, ",", 1); } } - wolfSSL_BIO_write(bio, "\0", 1); + pt[ptIdx++] = '\0'; /* clears out all current ALPN extensions set */ TLSX_Remove(&ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL, ssl->heap); - if ((sz = (unsigned int)wolfSSL_BIO_get_mem_data(bio, &pt)) > 0) { - wolfSSL_UseALPN(ssl, pt, sz, (byte) alpn_opt); - } - wolfSSL_BIO_free(bio); + ret = wolfSSL_UseALPN(ssl, pt, ptIdx, (byte)alpn_opt); + XFREE(pt, ssl->heap, DYNAMIC_TYPE_OPENSSL); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) /* 0 on success in OpenSSL, non-0 on failure in OpenSSL * the function reverses the return value convention. */ + if (ret != WOLFSSL_SUCCESS) + return 1; return 0; #else + if (ret != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; #endif } @@ -24600,8 +24697,13 @@ int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) if (der != NULL) { curve25519_key* key = (curve25519_key*)keyPtr; WOLFSSL_MSG("Using static X25519 key"); - ret = wc_Curve25519PrivateKeyDecode(der->buffer, &idx, key, - der->length); + + #ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_set_rng(key, ssl->rng); + if (ret == 0) + #endif + ret = wc_Curve25519PrivateKeyDecode(der->buffer, &idx, key, + der->length); } break; #endif @@ -25458,6 +25560,13 @@ static int wolfSSL_RAND_InitMutex(void) #ifdef OPENSSL_EXTRA +#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ + ((defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0)) || defined(HAVE_SELFTEST)) +/* In older FIPS bundles add check for reseed here since it does not exist in + * the older random.c certified files. */ +static pid_t currentRandPid = 0; +#endif + /* Checks if the global RNG has been created. If not then one is created. * * Returns WOLFSSL_SUCCESS when no error is encountered. @@ -25470,6 +25579,12 @@ int wolfSSL_RAND_Init(void) if (initGlobalRNG == 0) { ret = wc_InitRng(&globalRNG); if (ret == 0) { + #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ + ((defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0)) || \ + defined(HAVE_SELFTEST)) + + currentRandPid = getpid(); + #endif initGlobalRNG = 1; ret = WOLFSSL_SUCCESS; } @@ -25904,8 +26019,8 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) return ret; } -/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise - * WOLFSSL_FAILURE */ +/* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid otherwise 0 + * on failure */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { int ret = 0; @@ -25947,6 +26062,27 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) * have the lock. */ if (initGlobalRNG) { + #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \ + ((defined(HAVE_FIPS) && FIPS_VERSION3_LE(6,0,0)) || \ + defined(HAVE_SELFTEST)) + pid_t p; + + p = getpid(); + if (p != currentRandPid) { + wc_UnLockMutex(&globalRNGMutex); + if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Issue with check pid and reseed"); + ret = WOLFSSL_FAILURE; + } + + /* reclaim lock after wolfSSL_RAND_poll */ + if (wc_LockMutex(&globalRNGMutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex rng"); + return ret; + } + currentRandPid = p; + } + #endif rng = &globalRNG; used_global = 1; } @@ -26017,11 +26153,35 @@ int wolfSSL_RAND_poll(void) return WOLFSSL_FAILURE; } ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); - if (ret != 0){ + if (ret != 0) { WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); ret = WOLFSSL_FAILURE; - }else + } + else { +#ifdef HAVE_HASHDRBG + if (wc_LockMutex(&globalRNGMutex) != 0) { + WOLFSSL_MSG("Bad Lock Mutex rng"); + return ret; + } + + ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz); + if (ret != 0) { + WOLFSSL_MSG("Error reseeding DRBG"); + ret = WOLFSSL_FAILURE; + } + else { + ret = WOLFSSL_SUCCESS; + } + wc_UnLockMutex(&globalRNGMutex); +#elif defined(HAVE_INTEL_RDRAND) + WOLFSSL_MSG("Not polling with RAND_poll, RDRAND used without " + "HAVE_HASHDRBG"); ret = WOLFSSL_SUCCESS; +#else + WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set"); + ret = WOLFSSL_FAILURE; +#endif + } return ret; } @@ -26659,4 +26819,3 @@ void wolfSSL_FIPS_drbg_set_app_data(WOLFSSL_DRBG_CTX *ctx, void *app_data) #endif /* !WOLFCRYPT_ONLY */ - diff --git a/src/src/ssl_asn1.c b/src/src/ssl_asn1.c index 535c672..f2ffbc6 100644 --- a/src/src/ssl_asn1.c +++ b/src/src/ssl_asn1.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/src/ssl_bn.c b/src/src/ssl_bn.c index 0d947a8..139684b 100644 --- a/src/src/ssl_bn.c +++ b/src/src/ssl_bn.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1158,6 +1158,62 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) return ret; } +/* Same as above, but compare absolute value. */ +int wolfSSL_BN_ucmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) +{ + int ret = 0; + int bIsNull; + + WOLFSSL_ENTER("wolfSSL_BN_ucmp"); + + /* Must know whether b is NULL. */ + bIsNull = BN_IS_NULL(b); + /* Check whether a is NULL. */ + if (BN_IS_NULL(a)) { + if (bIsNull) { + /* NULL equals NULL. */ + ret = 0; + } + else { + ret = -1; /* NULL less than not NULL. */ + } + } + else if (bIsNull) { + /* not NULL greater than NULL. */ + ret = 1; + } + else { + /* Neither are NULL; copy to new instances and switch to positive if + * required, compare, and then free. Must copy because there is + * possibility of switch to positive but they are declared const. + * wolfssl_bn_set_neg() only returns -1 if the bn is NULL, but we + * already check that so we can ignore the return code. Note for + * wolfSSL_BN_is_negative if n=1 then set to positive. */ + WOLFSSL_BIGNUM* abs_a = wolfSSL_BN_dup(a); + WOLFSSL_BIGNUM* abs_b = wolfSSL_BN_dup(b); + + if (abs_a == NULL || abs_b == NULL) { + WOLFSSL_MSG("wolfSSL_BN_dup failed"); + wolfSSL_BN_free(abs_a); + wolfSSL_BN_free(abs_b); + return WOLFSSL_FATAL_ERROR; + } + + if (wolfSSL_BN_is_negative(abs_a)) { + wolfssl_bn_set_neg(abs_a, 1); + } + + if (wolfSSL_BN_is_negative(abs_b)) { + wolfssl_bn_set_neg(abs_b, 1); + } + + ret = wolfSSL_BN_cmp(abs_a, abs_b); + wolfSSL_BN_free(abs_a); + wolfSSL_BN_free(abs_b); + } + return ret; +} + /* Indicates whether a big number is the value 0. * * Return compliant with OpenSSL. diff --git a/src/src/ssl_certman.c b/src/src/ssl_certman.c index df88acd..286831b 100644 --- a/src/src/ssl_certman.c +++ b/src/src/ssl_certman.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1525,7 +1525,7 @@ int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz) WOLFSSL_ENTER("CM_MemRestoreCertCache"); /* Check memory available is bigger than cache header. */ - if (current > end) { + if ((sz < (int)sizeof(CertCacheHeader)) || (current > end)) { WOLFSSL_MSG("Cert Cache Memory buffer too small"); ret = BUFFER_E; } diff --git a/src/src/ssl_crypto.c b/src/src/ssl_crypto.c index 4744304..6ba73ab 100644 --- a/src/src/ssl_crypto.c +++ b/src/src/ssl_crypto.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1472,56 +1472,136 @@ int wolfSSL_HmacCopy(Hmac* dst, Hmac* src) #ifndef NO_MD5 case WC_MD5: rc = wc_Md5Copy(&src->hash.md5, &dst->hash.md5); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Md5Copy(&src->i_hash.md5, &dst->i_hash.md5); + } + if (rc == 0) { + rc = wc_Md5Copy(&src->o_hash.md5, &dst->o_hash.md5); + } + #endif break; #endif /* !NO_MD5 */ #ifndef NO_SHA case WC_SHA: rc = wc_ShaCopy(&src->hash.sha, &dst->hash.sha); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_ShaCopy(&src->i_hash.sha, &dst->i_hash.sha); + } + if (rc == 0) { + rc = wc_ShaCopy(&src->o_hash.sha, &dst->o_hash.sha); + } + #endif break; #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 case WC_SHA224: rc = wc_Sha224Copy(&src->hash.sha224, &dst->hash.sha224); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha224Copy(&src->i_hash.sha224, &dst->i_hash.sha224); + } + if (rc == 0) { + rc = wc_Sha224Copy(&src->o_hash.sha224, &dst->o_hash.sha224); + } + #endif break; #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 case WC_SHA256: rc = wc_Sha256Copy(&src->hash.sha256, &dst->hash.sha256); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha256Copy(&src->i_hash.sha256, &dst->i_hash.sha256); + } + if (rc == 0) { + rc = wc_Sha256Copy(&src->o_hash.sha256, &dst->o_hash.sha256); + } + #endif break; #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 case WC_SHA384: rc = wc_Sha384Copy(&src->hash.sha384, &dst->hash.sha384); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha384Copy(&src->i_hash.sha384, &dst->i_hash.sha384); + } + if (rc == 0) { + rc = wc_Sha384Copy(&src->o_hash.sha384, &dst->o_hash.sha384); + } + #endif break; #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 case WC_SHA512: rc = wc_Sha512Copy(&src->hash.sha512, &dst->hash.sha512); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha512Copy(&src->i_hash.sha512, &dst->i_hash.sha512); + } + if (rc == 0) { + rc = wc_Sha512Copy(&src->o_hash.sha512, &dst->o_hash.sha512); + } + #endif break; #endif /* WOLFSSL_SHA512 */ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 case WC_SHA3_224: rc = wc_Sha3_224_Copy(&src->hash.sha3, &dst->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha3_224_Copy(&src->i_hash.sha3, &dst->i_hash.sha3); + } + if (rc == 0) { + rc = wc_Sha3_224_Copy(&src->o_hash.sha3, &dst->o_hash.sha3); + } + #endif break; #endif /* WOLFSSL_NO_SHA3_224 */ #ifndef WOLFSSL_NOSHA3_256 case WC_SHA3_256: rc = wc_Sha3_256_Copy(&src->hash.sha3, &dst->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha3_256_Copy(&src->i_hash.sha3, &dst->i_hash.sha3); + } + if (rc == 0) { + rc = wc_Sha3_256_Copy(&src->o_hash.sha3, &dst->o_hash.sha3); + } + #endif break; #endif /* WOLFSSL_NO_SHA3_256 */ #ifndef WOLFSSL_NOSHA3_384 case WC_SHA3_384: rc = wc_Sha3_384_Copy(&src->hash.sha3, &dst->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha3_384_Copy(&src->i_hash.sha3, &dst->i_hash.sha3); + } + if (rc == 0) { + rc = wc_Sha3_384_Copy(&src->o_hash.sha3, &dst->o_hash.sha3); + } + #endif break; #endif /* WOLFSSL_NO_SHA3_384 */ #ifndef WOLFSSL_NOSHA3_512 case WC_SHA3_512: rc = wc_Sha3_512_Copy(&src->hash.sha3, &dst->hash.sha3); + #ifdef WOLFSSL_HMAC_COPY_HASH + if (rc == 0) { + rc = wc_Sha3_512_Copy(&src->i_hash.sha3, &dst->i_hash.sha3); + } + if (rc == 0) { + rc = wc_Sha3_512_Copy(&src->o_hash.sha3, &dst->o_hash.sha3); + } + #endif break; #endif /* WOLFSSL_NO_SHA3_512 */ #endif /* WOLFSSL_SHA3 */ @@ -1823,13 +1903,24 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, WC_HMAC_BLOCK_SIZE); XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad, WC_HMAC_BLOCK_SIZE); - /* Initialize the wolfSSL HMAC object. */ - rc = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap); + #ifdef WOLFSSL_HMAC_COPY_HASH + rc = _HmacInitIOHashes(&ctx->hmac); if (rc != 0) { - WOLFSSL_MSG("hmac init error"); + WOLFSSL_MSG("hmac init i_hash/o_hash error"); WOLFSSL_ERROR(rc); ret = 0; } + if (ret == 1) + #endif + { + /* Initialize the wolfSSL HMAC object. */ + rc = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap); + if (rc != 0) { + WOLFSSL_MSG("hmac init error"); + WOLFSSL_ERROR(rc); + ret = 0; + } + } } return ret; @@ -2149,8 +2240,17 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keySz, ret = 0; } /* Only AES-CBC ciphers are supported. */ - if ((ret == 1) && (cipher != EVP_AES_128_CBC) && - (cipher != EVP_AES_192_CBC) && (cipher != EVP_AES_256_CBC)) { + if ((ret == 1) + #ifdef WOLFSSL_AES_128 + && (cipher != EVP_AES_128_CBC) + #endif + #ifdef WOLFSSL_AES_192 + && (cipher != EVP_AES_192_CBC) + #endif + #ifdef WOLFSSL_AES_256 + && (cipher != EVP_AES_256_CBC) + #endif + ) { WOLFSSL_MSG("wolfSSL_CMAC_Init: requested cipher is unsupported"); ret = 0; } diff --git a/src/src/ssl_load.c b/src/src/ssl_load.c index 24c8af1..d50fae9 100644 --- a/src/src/ssl_load.c +++ b/src/src/ssl_load.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -42,9 +42,14 @@ #endif #endif -#if defined(__APPLE__) && defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) +#if defined(__APPLE__) +#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) #include -#endif +#endif /* HAVE_SECURITY_SECTRUSTSETTINGS_H */ +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +#include +#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ +#endif /* __APPLE__ */ #endif /* WOLFSSL_SYS_CA_CERTS */ @@ -947,8 +952,8 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, word32 idx; dilithium_key* key; int keyFormatTemp = 0; - int keyTypeTemp; - int keySizeTemp; + int keyTypeTemp = 0; + int keySizeTemp = 0; /* Allocate a Dilithium key to parse into. */ key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap, @@ -2153,8 +2158,50 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* CA certificate to verify with. */ if (type == CA_TYPE) { +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + /* TEST ONLY CODE: + * Store the DER encoding of the CA certificate so we can append it to + * the list of trusted CA certificates if the subsequent call to AddCA + * is successful */ + word32 derLen; + byte* derBuf; + if (ctx->doAppleNativeCertValidationFlag == 1) { + WOLFSSL_MSG("ANCV Test: copy DER CA cert"); + derLen = der->length; + derBuf = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + return MEMORY_E; + } + XMEMCPY(derBuf, der->buffer, derLen); + } + else { + (void)derLen; + (void)derBuf; + } +#endif /* verify CA unless user set to no verify */ ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify); + +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + /* TEST ONLY CODE: + * Append the DER encoded CA certificate to the list of trusted CA + * certificates so we can inject them at verification time */ + if (ret == 1 && ctx->doAppleNativeCertValidationFlag == 1) { + WOLFSSL_MSG("ANCV Test: Appending CA to cert list"); + ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf, (int)derLen); + if (ret == WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ANCV Test: Clearing CA table"); + /* Clear the CA table so we can ensure they won't be used for + * verification */ + ret = wolfSSL_CertManagerUnloadCAs(ctx->cm); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + } + } + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ + if (ret == 1) { ret = 0; } @@ -2352,11 +2399,13 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type) * @param [out] used Number of bytes consumed. * @param [in[ userChain Whether this certificate is for user's chain. * @param [in] verify How to verify certificate. + * @param [in] source_name Associated filename or other source ID. * @return 1 on success. * @return Less than 1 on failure. */ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, - int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify) + int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify, + const char *source_name) { DerBuffer* der = NULL; int ret = 0; @@ -2367,6 +2416,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, EncryptedInfo info[1]; #endif int algId = 0; +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS + long usedAtStart = used ? *used : 0L; +#else + (void)source_name; +#endif WOLFSSL_ENTER("ProcessBuffer"); @@ -2444,6 +2498,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr); ret = 0; } +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS + if (ret < 0) { +#ifdef NO_ERROR_STRINGS + WOLFSSL_DEBUG_PRINTF( + "ERROR: ProcessUserChain: certificate from %s at offset %ld" + " rejected with code %d\n", + source_name, usedAtStart, ret); +#else + WOLFSSL_DEBUG_PRINTF( + "ERROR: ProcessUserChain: certificate from %s at offset %ld" + " rejected with code %d: %s\n", + source_name, usedAtStart, ret, + wolfSSL_ERR_reason_error_string(ret)); +#endif + } +#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */ } #ifdef WOLFSSL_SMALL_STACK @@ -2455,6 +2525,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, /* Process the different types of certificates. */ ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type, verify); +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS + if (ret < 0) { +#ifdef NO_ERROR_STRINGS + WOLFSSL_DEBUG_PRINTF( + "ERROR: ProcessBufferCertTypes: certificate from %s at" + " offset %ld rejected with code %d\n", + source_name, usedAtStart, ret); +#else + WOLFSSL_DEBUG_PRINTF( + "ERROR: ProcessBufferCertTypes: certificate from %s at" + " offset %ld rejected with code %d: %s\n", + source_name, usedAtStart, ret, + wolfSSL_ERR_reason_error_string(ret)); +#endif + } +#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */ } else { FreeDer(&der); @@ -2515,12 +2601,14 @@ static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff, * @param [in] sz Size of data in buffer. * @param [in] type Type of data. * @param [in] verify How to verify certificate. + * @param [in] source_name Associated filename or other source ID. * @return 1 on success. * @return 0 on failure. * @return MEMORY_E when dynamic memory allocation fails. */ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - const unsigned char* buff, long sz, int type, int verify) + const unsigned char* buff, long sz, int type, int verify, + const char *source_name) { int ret = 0; long used = 0; @@ -2529,11 +2617,11 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLFSSL_MSG("Processing CA PEM file"); /* Keep processing file while no errors and data to parse. */ while ((ret >= 0) && (used < sz)) { - long consumed = 0; + long consumed = used; /* Process the buffer. */ ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM, - type, ssl, &consumed, 0, verify); + type, ssl, &consumed, 0, verify, source_name); /* Memory allocation failure is fatal. */ if (ret == WC_NO_ERR_TRACE(MEMORY_E)) { gotOne = 0; @@ -2665,6 +2753,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, { /* Not a header that we support. */ WOLFSSL_MSG("Failed to detect certificate type"); +#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS + WOLFSSL_DEBUG_PRINTF( + "ERROR: ProcessFile: Failed to detect certificate type" + " of \"%s\"\n", + fname); +#endif ret = WOLFSSL_BAD_CERTTYPE; } } @@ -2673,7 +2767,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) && (format == WOLFSSL_FILETYPE_PEM)) { ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type, - verify); + verify, fname); } #ifdef HAVE_CRL else if (type == CRL_TYPE) { @@ -2690,18 +2784,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, long consumed = 0; ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl, - &consumed, userChain, verify); + &consumed, userChain, verify, fname); if ((ret == 1) && (consumed < sz)) { ret = ProcessBuffer(ctx, content.buffer + consumed, sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, - verify); + verify, fname); } } #endif else { /* Load all other certificate types. */ ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl, - NULL, userChain, verify); + NULL, userChain, verify, fname); } } @@ -2894,6 +2988,14 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, ret = 0; } +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + if (ret == 1) { + /* TEST ONLY CODE: force native cert validation on */ + WOLFSSL_MSG("ANCV Test: Loading system CA certs"); + wolfSSL_CTX_load_system_CA_certs(ctx); + } +#endif + if (ret == 1) { /* Get setting on how to verify certificates. */ verify = GET_VERIFY_SETTING_CTX(ctx); @@ -2906,19 +3008,19 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, /* Load the PEM formatted CA file */ ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL, verify); - #ifndef NO_WOLFSSL_DIR +#ifndef NO_WOLFSSL_DIR if (ret == 1) { /* Include success in overall count. */ successCount++; } - #endif - #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) +#endif +#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) /* Load CA as a trusted peer certificate. */ ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM); if (ret != 1) { WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error"); } - #endif +#endif } } @@ -3030,7 +3132,8 @@ static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded) if (ProcessBuffer(ctx, certCtx->pbCertEncoded, certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)) == 1) { + GET_VERIFY_SETTING_CTX(ctx), + storeNames[i]) == 1) { /* * Set "loaded" as long as we've loaded one CA * cert. @@ -3105,7 +3208,8 @@ static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded) if (ProcessBuffer(ctx, CFDataGetBytePtr(der), CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)) == 1) { + GET_VERIFY_SETTING_CTX(ctx), + "MacOSX trustDomains") == 1) { /* * Set "loaded" as long as we've loaded one CA * cert. @@ -3369,6 +3473,11 @@ int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, ret = 0; } else { +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + /* TEST ONLY CODE: force native cert validation on */ + WOLFSSL_MSG("ANCV Test: loading system CA certs"); + wolfSSL_CTX_load_system_CA_certs(ctx); +#endif ret = ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL, GET_VERIFY_SETTING_CTX(ctx)); } @@ -3644,7 +3753,8 @@ int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509) /* Get DER encoded certificate data from X509 object. */ ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0, - GET_VERIFY_SETTING_SSL(ssl)); + GET_VERIFY_SETTING_SSL(ssl), + "x509 buffer"); } /* Return 1 on success or 0 on failure. */ @@ -3676,7 +3786,8 @@ int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, long idx = 0; ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, - ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl)); + ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl), + "asn1 buffer"); } /* Return 1 on success or 0 on failure. */ @@ -3875,6 +3986,14 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in, WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex"); +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + /* TEST ONLY CODE: force native cert validation on */ + if (ctx != NULL) { + WOLFSSL_MSG("ANCV Test: loading system CA certs"); + wolfSSL_CTX_load_system_CA_certs(ctx); + } +#endif + /* Get setting on how to verify certificates. */ verify = GET_VERIFY_SETTING_CTX(ctx); /* Overwrite setting when flag set. */ @@ -3884,12 +4003,13 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in, /* When PEM, treat as certificate chain of CA certificates. */ if (format == WOLFSSL_FILETYPE_PEM) { - ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify); + ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify, + "PEM buffer"); } /* When DER, load the CA certificate. */ else { ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL, - userChain, verify); + userChain, verify, "buffer"); } #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) if (ret == 1) { @@ -3973,12 +4093,12 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, /* When PEM, treat as certificate chain of trusted peer certificates. */ if (format == WOLFSSL_FILETYPE_PEM) { ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE, - verify); + verify, "peer"); } /* When DER, load the trusted peer certificate. */ else { ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL, - NULL, 0, verify); + NULL, 0, verify, "peer"); } } @@ -4004,7 +4124,7 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer"); ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0, - GET_VERIFY_SETTING_CTX(ctx)); + GET_VERIFY_SETTING_CTX(ctx), "buffer"); WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret); return ret; @@ -4030,7 +4150,7 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer"); ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed, - 0, GET_VERIFY_SETTING_CTX(ctx)); + 0, GET_VERIFY_SETTING_CTX(ctx), "key buffer"); #ifdef WOLFSSL_DUAL_ALG_CERTS if ((ret == 1) && (consumed < sz)) { /* When support for dual algorithm certificates is enabled, the @@ -4038,7 +4158,8 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, * private key. Hence, we have to parse both of them. */ ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format, - ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx), + "key buffer"); } #endif @@ -4056,7 +4177,7 @@ int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx, WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer"); ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL, - NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + NULL, 0, GET_VERIFY_SETTING_CTX(ctx), "alt key buffer"); WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret); return ret; @@ -4271,7 +4392,8 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx, } ret = ProcessBuffer(ctx, certData, certDataLen, certFormat, - CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx), + label ? label : "cert buffer"); exit: XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT); @@ -4333,7 +4455,7 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, { WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format"); return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1, - GET_VERIFY_SETTING_CTX(ctx)); + GET_VERIFY_SETTING_CTX(ctx), "cert chain buffer"); } /* Load a PEM encoded certificate chain in a buffer into SSL context. @@ -4376,7 +4498,7 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in, } else { ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0, - GET_VERIFY_SETTING_SSL(ssl)); + GET_VERIFY_SETTING_SSL(ssl), "cert buffer"); } return ret; @@ -4407,7 +4529,7 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, } else { ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl, - &consumed, 0, GET_VERIFY_SETTING_SSL(ssl)); + &consumed, 0, GET_VERIFY_SETTING_SSL(ssl), "key buffer"); #ifdef WOLFSSL_DUAL_ALG_CERTS if ((ret == 1) && (consumed < sz)) { /* When support for dual algorithm certificates is enabled, the @@ -4415,7 +4537,8 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, * private key. Hence, we have to parse both of them. */ ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format, - ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); + ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl), + "key buffer"); } #endif } @@ -4431,7 +4554,7 @@ int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in, WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer"); ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl, - NULL, 0, GET_VERIFY_SETTING_SSL(ssl)); + NULL, 0, GET_VERIFY_SETTING_SSL(ssl), "alt key buffer"); WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret); return ret; @@ -4669,7 +4792,7 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl, } else { ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1, - GET_VERIFY_SETTING_SSL(ssl)); + GET_VERIFY_SETTING_SSL(ssl), "cert chain buffer"); } return ret; @@ -4826,7 +4949,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) /* Process buffer makes first certificate the leaf. */ ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, - NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx)); + NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx), "extra chain buffer"); if (ret != 1) { ret = 0; } @@ -5053,11 +5176,6 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) /* Push X509 object onto stack to be freed. */ ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; - if (ret != 1) { - /* Free it now on error. */ - wolfSSL_X509_free(x509); - x509 = NULL; - } } } return WS_RC(ret); diff --git a/src/src/ssl_misc.c b/src/src/ssl_misc.c index 56a71e8..4743ad0 100644 --- a/src/src/ssl_misc.c +++ b/src/src/ssl_misc.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -30,7 +30,6 @@ #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) #ifndef NO_BIO -#ifdef WOLFSSL_NO_FSEEK /* Amount of memory to allocate/add. */ #define READ_BIO_FILE_CHUNK 128 @@ -109,7 +108,6 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data) *data = mem; return ret; } -#endif /* Read exactly the required amount into a newly allocated buffer. * @@ -171,15 +169,7 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz, } *memAlloced = 0; } -#ifndef WOLFSSL_NO_FSEEK /* Get pending or, when a file BIO, get length of file. */ - else if ((sz = wolfSSL_BIO_get_len(bio)) > 0) { - ret = wolfssl_read_bio_len(bio, sz, data); - if (ret > 0) { - *memAlloced = 1; - } - } -#else else if ((sz = wolfSSL_BIO_pending(bio)) > 0) { ret = wolfssl_read_bio_len(bio, sz, data); if (ret > 0) { @@ -192,7 +182,6 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz, *memAlloced = 1; } } -#endif else { WOLFSSL_ERROR_MSG("No data read from bio"); *memAlloced = 0; diff --git a/src/src/ssl_p7p12.c b/src/src/ssl_p7p12.c index 00395c9..6313feb 100644 --- a/src/src/ssl_p7p12.c +++ b/src/src/ssl_p7p12.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -317,6 +317,10 @@ PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) return NULL; pkcs7->len = wolfSSL_BIO_get_len(bio); + if (pkcs7->len < 0){ + wolfSSL_PKCS7_free((PKCS7*)pkcs7); + return NULL; + } pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); if (pkcs7->data == NULL) { wolfSSL_PKCS7_free((PKCS7*)pkcs7); @@ -772,6 +776,8 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, int contTypeLen; WOLFSSL_X509* signer = NULL; WOLFSSL_STACK* signers = NULL; + X509_STORE_CTX* ctx = NULL; + WOLFSSL_ENTER("wolfSSL_PKCS7_verify"); @@ -804,24 +810,37 @@ int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, return WOLFSSL_FAILURE; } + ctx = X509_STORE_CTX_new(); + if (ctx == NULL) { + WOLFSSL_MSG("Error allocating X509 Store Context"); + return WOLFSSL_FAILURE; + } + signers = wolfSSL_PKCS7_get0_signers(pkcs7, certs, flags); if (signers == NULL) { WOLFSSL_MSG("No signers found to verify"); + wolfSSL_X509_STORE_CTX_free(ctx); return WOLFSSL_FAILURE; } + for (i = 0; i < wolfSSL_sk_X509_num(signers); i++) { signer = wolfSSL_sk_X509_value(signers, i); - - if (wolfSSL_CertManagerVerifyBuffer(store->cm, - signer->derCert->buffer, - signer->derCert->length, - WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + if (wolfSSL_X509_STORE_CTX_init(ctx, store, signer, NULL) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to initialize X509 STORE CTX"); + wolfSSL_sk_X509_pop_free(signers, NULL); + wolfSSL_X509_STORE_CTX_free(ctx); + return WOLFSSL_FAILURE; + } + if (wolfSSL_X509_verify_cert(ctx) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to verify signer certificate"); wolfSSL_sk_X509_pop_free(signers, NULL); + wolfSSL_X509_STORE_CTX_free(ctx); return WOLFSSL_FAILURE; } } wolfSSL_sk_X509_pop_free(signers, NULL); + wolfSSL_X509_STORE_CTX_free(ctx); } if (flags & PKCS7_TEXT) { diff --git a/src/src/ssl_sess.c b/src/src/ssl_sess.c index c5e0e68..bd869d3 100644 --- a/src/src/ssl_sess.c +++ b/src/src/ssl_sess.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1178,9 +1178,6 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) byte preallocNonceUsed = 0; #endif /* WOLFSSL_TLS13 */ byte tmpBufSet = 0; -#endif -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - WOLFSSL_X509* peer = NULL; #endif byte bogusID[ID_LEN]; byte bogusIDSz = 0; @@ -1447,13 +1444,6 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ -#endif - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (peer != NULL) { - wolfSSL_X509_free(peer); - peer = NULL; - } #endif return error; diff --git a/src/src/tls.c b/src/src/tls.c index 6ad21c9..c6c8111 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -60,7 +60,6 @@ #ifndef NO_TLS #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) -static int TLSX_KeyShare_IsSupported(int namedGroup); static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap); #endif @@ -477,20 +476,23 @@ int DeriveTlsKeys(WOLFSSL* ssl) return MEMORY_E; } #endif + + XMEMSET(key_dig, 0, MAX_PRF_DIG); + #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) - ret = PROTOCOLCB_UNAVAILABLE; - if (ssl->ctx->GenSessionKeyCb) { - void* ctx = wolfSSL_GetGenSessionKeyCtx(ssl); - ret = ssl->ctx->GenSessionKeyCb(ssl, ctx); - } - if (!ssl->ctx->GenSessionKeyCb || - ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) -#endif - ret = _DeriveTlsKeys(key_dig, (word32)key_dig_len, - ssl->arrays->masterSecret, SECRET_LEN, - ssl->arrays->serverRandom, ssl->arrays->clientRandom, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, - ssl->heap, ssl->devId); + ret = PROTOCOLCB_UNAVAILABLE; + if (ssl->ctx->GenSessionKeyCb) { + void* ctx = wolfSSL_GetGenSessionKeyCtx(ssl); + ret = ssl->ctx->GenSessionKeyCb(ssl, ctx); + } + if (!ssl->ctx->GenSessionKeyCb || + ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) +#endif + ret = _DeriveTlsKeys(key_dig, (word32)key_dig_len, + ssl->arrays->masterSecret, SECRET_LEN, + ssl->arrays->serverRandom, ssl->arrays->clientRandom, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, + ssl->heap, ssl->devId); if (ret == 0) ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER); @@ -4454,287 +4456,555 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ -/******************************************************************************/ -/* Supported Elliptic Curves */ -/******************************************************************************/ - -#ifdef HAVE_SUPPORTED_CURVES +#if defined(HAVE_SUPPORTED_CURVES) || \ + (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)) -#if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \ - && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_MLKEM) -#error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \ - Use --enable-ecc and/or --enable-liboqs in the configure script or \ - define HAVE_ECC. Alternatively use FFDHE for DH cipher suites. +/* Functions needed by TLSX_IsGroupSupported */ +#ifdef HAVE_LIBOQS +static int mlkem_id2type(int id, int *type); +static void findEccPqc(int *ecc, int *pqc, int *pqc_first, int group); #endif -static int TLSX_SupportedCurve_New(SupportedCurve** curve, word16 name, - void* heap) -{ - if (curve == NULL) - return BAD_FUNC_ARG; - - (void)heap; - - *curve = (SupportedCurve*)XMALLOC(sizeof(SupportedCurve), heap, - DYNAMIC_TYPE_TLSX); - if (*curve == NULL) - return MEMORY_E; - - (*curve)->name = name; - (*curve)->next = NULL; - - return 0; -} - -static int TLSX_PointFormat_New(PointFormat** point, byte format, void* heap) -{ - if (point == NULL) - return BAD_FUNC_ARG; - - (void)heap; - - *point = (PointFormat*)XMALLOC(sizeof(PointFormat), heap, - DYNAMIC_TYPE_TLSX); - if (*point == NULL) - return MEMORY_E; - - (*point)->format = format; - (*point)->next = NULL; - - return 0; -} - -static void TLSX_SupportedCurve_FreeAll(SupportedCurve* list, void* heap) -{ - SupportedCurve* curve; - - while ((curve = list)) { - list = curve->next; - XFREE(curve, heap, DYNAMIC_TYPE_TLSX); - } - (void)heap; -} - -static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap) -{ - PointFormat* point; - - while ((point = list)) { - list = point->next; - XFREE(point, heap, DYNAMIC_TYPE_TLSX); - } - (void)heap; -} - -static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name, - void* heap) +/* Returns whether this group is supported. + * + * namedGroup The named group to check. + * returns 1 when supported or 0 otherwise. + */ +static int TLSX_IsGroupSupported(int namedGroup) { - int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - - while (list) { - if (list->name == name) { - ret = 0; /* curve already in use */ - break; - } - - if (list->next == NULL) { - ret = TLSX_SupportedCurve_New(&list->next, name, heap); + switch (namedGroup) { + #ifdef HAVE_FFDHE_2048 + case WOLFSSL_FFDHE_2048: break; - } - - list = list->next; - } - - return ret; -} - -static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) -{ - int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - - while (list) { - if (list->format == format) { - ret = 0; /* format already in use */ + #endif + #ifdef HAVE_FFDHE_3072 + case WOLFSSL_FFDHE_3072: break; - } - - if (list->next == NULL) { - ret = TLSX_PointFormat_New(&list->next, format, heap); + #endif + #ifdef HAVE_FFDHE_4096 + case WOLFSSL_FFDHE_4096: break; - } - - list = list->next; - } - - return ret; -} - -#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) - -#if defined(HAVE_FFDHE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448)) -static void TLSX_SupportedCurve_ValidateRequest(const WOLFSSL* ssl, - const byte* semaphore) -{ - /* If all pre-defined parameter types for key exchange are supported then - * always send SupportedGroups extension. - */ - (void)ssl; - (void)semaphore; -} -#else -static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) -{ - word16 i; - const Suites* suites = WOLFSSL_SUITES(ssl); - - for (i = 0; i < suites->suiteSz; i += 2) { - if (suites->suites[i] == TLS13_BYTE) - return; - #ifdef BUILD_TLS_SM4_GCM_SM3 - if ((suites->suites[i] == CIPHER_BYTE) && - (suites->suites[i+1] == TLS_SM4_GCM_SM3)) - return; #endif - #ifdef BUILD_TLS_SM4_CCM_SM3 - if ((suites->suites[i] == CIPHER_BYTE) && - (suites->suites[i+1] == TLS_SM4_CCM_SM3)) - return; + #ifdef HAVE_FFDHE_6144 + case WOLFSSL_FFDHE_6144: + break; #endif - #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 - if ((suites->suites[i] == SM_BYTE) && - (suites->suites[i+1] == TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3)) - return; + #ifdef HAVE_FFDHE_8192 + case WOLFSSL_FFDHE_8192: + break; #endif - if ((suites->suites[i] == ECC_BYTE) || - (suites->suites[i] == ECDHE_PSK_BYTE) || - (suites->suites[i] == CHACHA_BYTE)) { - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) - return; + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP256K1: + break; #endif - } - #ifdef HAVE_FFDHE - else { - return; - } + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP256R1: + break; + #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP256R1: + break; #endif - } - - /* turns semaphore on to avoid sending this extension. */ - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); -} -#endif - -/* Only send PointFormats if TLSv13, ECC or CHACHA cipher suite present. - */ -static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) -{ -#ifdef HAVE_FFDHE - (void)ssl; - (void)semaphore; -#else - word16 i; - const Suites* suites = WOLFSSL_SUITES(ssl); - - if (suites == NULL) - return; - - for (i = 0; i < suites->suiteSz; i += 2) { - if (suites->suites[i] == TLS13_BYTE) - return; - #ifdef BUILD_TLS_SM4_GCM_SM3 - if ((suites->suites[i] == CIPHER_BYTE) && - (suites->suites[i+1] == TLS_SM4_GCM_SM3)) - return; + #ifdef WOLFSSL_SM2 + case WOLFSSL_ECC_SM2P256V1: + break; + #endif /* WOLFSSL_SM2 */ #endif - #ifdef BUILD_TLS_SM4_CCM_SM3 - if ((suites->suites[i] == CIPHER_BYTE) && - (suites->suites[i+1] == TLS_SM4_CCM_SM3)) - return; + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_ECC_X25519: + break; #endif - #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 - if ((suites->suites[i] == SM_BYTE) && - (suites->suites[i+1] == TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3)) - return; + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + case WOLFSSL_ECC_X448: + break; #endif - if ((suites->suites[i] == ECC_BYTE) || - (suites->suites[i] == ECDHE_PSK_BYTE) || - (suites->suites[i] == CHACHA_BYTE)) { - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) - return; + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP384R1: + break; + #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP384R1: + break; #endif - } - } - /* turns semaphore on to avoid sending this extension. */ - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); -#endif -} + #endif + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP521R1: + break; + #endif /* !NO_ECC_SECP */ + #endif + #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP160K1: + break; + #endif + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP160R1: + break; + #endif + #ifdef HAVE_ECC_SECPR2 + case WOLFSSL_ECC_SECP160R2: + break; + #endif + #endif + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP192K1: + break; + #endif + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP192R1: + break; + #endif + #endif + #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 + #ifdef HAVE_ECC_KOBLITZ + case WOLFSSL_ECC_SECP224K1: + break; + #endif + #ifndef NO_ECC_SECP + case WOLFSSL_ECC_SECP224R1: + break; + #endif + #endif + #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP512R1: + break; + #endif + #endif +#ifdef WOLFSSL_HAVE_MLKEM +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_MLKEM + #ifndef WOLFSSL_NO_ML_KEM_512 + case WOLFSSL_ML_KEM_512: + case WOLFSSL_P256_ML_KEM_512: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_ML_KEM_512: + #endif + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + case WOLFSSL_ML_KEM_768: + case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P256_ML_KEM_768: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_ML_KEM_768: + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + case WOLFSSL_X448_ML_KEM_768: + #endif + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + case WOLFSSL_ML_KEM_1024: + case WOLFSSL_P521_ML_KEM_1024: + case WOLFSSL_P384_ML_KEM_1024: + break; + #endif +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P256_ML_KEM_512_OLD: + case WOLFSSL_P384_ML_KEM_768_OLD: + case WOLFSSL_P521_ML_KEM_1024_OLD: + break; +#endif + #elif defined(HAVE_LIBOQS) + case WOLFSSL_ML_KEM_512: + case WOLFSSL_ML_KEM_768: + case WOLFSSL_ML_KEM_1024: + { + int ret; + int id; + ret = mlkem_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } -#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ + if (! ext_mlkem_enabled(id)) { + return 0; + } + break; + } -#ifndef NO_WOLFSSL_SERVER + case WOLFSSL_P256_ML_KEM_512: + case WOLFSSL_P384_ML_KEM_768: + case WOLFSSL_P256_ML_KEM_768: + case WOLFSSL_P521_ML_KEM_1024: + case WOLFSSL_P384_ML_KEM_1024: + case WOLFSSL_X25519_ML_KEM_512: + case WOLFSSL_X448_ML_KEM_768: + case WOLFSSL_X25519_ML_KEM_768: + { + int ret; + int id; + findEccPqc(NULL, &namedGroup, NULL, namedGroup); + ret = mlkem_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } -static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore) -{ -#if defined(HAVE_FFDHE) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) - (void)semaphore; -#endif + if (! ext_mlkem_enabled(id)) { + return 0; + } + break; + } + #endif +#endif /* WOLFSSL_NO_ML_KEM */ +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_WC_MLKEM + #ifdef WOLFSSL_KYBER512 + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_P256_KYBER_LEVEL1: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_KYBER_LEVEL1: + #endif + #endif + #ifdef WOLFSSL_KYBER768 + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P256_KYBER_LEVEL3: + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + case WOLFSSL_X25519_KYBER_LEVEL3: + #endif + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + case WOLFSSL_X448_KYBER_LEVEL3: + #endif + #endif + #ifdef WOLFSSL_KYBER1024 + case WOLFSSL_KYBER_LEVEL5: + case WOLFSSL_P521_KYBER_LEVEL5: + #endif + break; + #elif defined(HAVE_LIBOQS) + case WOLFSSL_KYBER_LEVEL1: + case WOLFSSL_KYBER_LEVEL3: + case WOLFSSL_KYBER_LEVEL5: + { + int ret; + int id; + ret = mlkem_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } - if (ssl->options.cipherSuite0 == TLS13_BYTE) - return; -#ifdef BUILD_TLS_SM4_GCM_SM3 - if ((ssl->options.cipherSuite0 == CIPHER_BYTE) && - (ssl->options.cipherSuite == TLS_SM4_GCM_SM3)) - return; -#endif -#ifdef BUILD_TLS_SM4_CCM_SM3 - if ((ssl->options.cipherSuite0 == CIPHER_BYTE) && - (ssl->options.cipherSuite == TLS_SM4_CCM_SM3)) - return; -#endif -#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 - if ((ssl->options.cipherSuite0 == SM_BYTE) && - (ssl->options.cipherSuite == TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3)) - return; + if (! ext_mlkem_enabled(id)) { + return 0; + } + break; + } + case WOLFSSL_P256_KYBER_LEVEL1: + case WOLFSSL_P384_KYBER_LEVEL3: + case WOLFSSL_P256_KYBER_LEVEL3: + case WOLFSSL_P521_KYBER_LEVEL5: + case WOLFSSL_X25519_KYBER_LEVEL1: + case WOLFSSL_X448_KYBER_LEVEL3: + case WOLFSSL_X25519_KYBER_LEVEL3: + { + int ret; + int id; + findEccPqc(NULL, &namedGroup, NULL, namedGroup); + ret = mlkem_id2type(namedGroup, &id); + if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { + return 0; + } + + if (! ext_mlkem_enabled(id)) { + return 0; + } + break; + } + #endif #endif -#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) - if (ssl->options.cipherSuite0 == ECC_BYTE || - ssl->options.cipherSuite0 == ECDHE_PSK_BYTE || - ssl->options.cipherSuite0 == CHACHA_BYTE) { - return; +#endif /* WOLFSSL_HAVE_MLKEM */ + default: + return 0; } -#endif - /* turns semaphore on to avoid sending this extension. */ - TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); + return 1; } +#endif -#endif /* !NO_WOLFSSL_SERVER */ +/******************************************************************************/ +/* Supported Elliptic Curves */ +/******************************************************************************/ -#if !defined(NO_WOLFSSL_CLIENT) || defined(WOLFSSL_TLS13) +#ifdef HAVE_SUPPORTED_CURVES -static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list) +#if !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448) \ + && !defined(HAVE_FFDHE) && !defined(WOLFSSL_HAVE_MLKEM) +#error Elliptic Curves Extension requires Elliptic Curve Cryptography or liboqs groups. \ + Use --enable-ecc and/or --enable-liboqs in the configure script or \ + define HAVE_ECC. Alternatively use FFDHE for DH cipher suites. +#endif + +static int TLSX_SupportedCurve_New(SupportedCurve** curve, word16 name, + void* heap) { - SupportedCurve* curve; - word16 length = OPAQUE16_LEN; /* list length */ + if (curve == NULL) + return BAD_FUNC_ARG; - while ((curve = list)) { - list = curve->next; - length += OPAQUE16_LEN; /* curve length */ - } + (void)heap; - return length; -} + *curve = (SupportedCurve*)XMALLOC(sizeof(SupportedCurve), heap, + DYNAMIC_TYPE_TLSX); + if (*curve == NULL) + return MEMORY_E; -#endif + (*curve)->name = name; + (*curve)->next = NULL; -static word16 TLSX_PointFormat_GetSize(PointFormat* list) -{ - PointFormat* point; - word16 length = ENUM_LEN; /* list length */ + return 0; +} + +static int TLSX_PointFormat_New(PointFormat** point, byte format, void* heap) +{ + if (point == NULL) + return BAD_FUNC_ARG; + + (void)heap; + + *point = (PointFormat*)XMALLOC(sizeof(PointFormat), heap, + DYNAMIC_TYPE_TLSX); + if (*point == NULL) + return MEMORY_E; + + (*point)->format = format; + (*point)->next = NULL; + + return 0; +} + +static void TLSX_SupportedCurve_FreeAll(SupportedCurve* list, void* heap) +{ + SupportedCurve* curve; + + while ((curve = list)) { + list = curve->next; + XFREE(curve, heap, DYNAMIC_TYPE_TLSX); + } + (void)heap; +} + +static void TLSX_PointFormat_FreeAll(PointFormat* list, void* heap) +{ + PointFormat* point; + + while ((point = list)) { + list = point->next; + XFREE(point, heap, DYNAMIC_TYPE_TLSX); + } + (void)heap; +} + +static int TLSX_SupportedCurve_Append(SupportedCurve* list, word16 name, + void* heap) +{ + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + + while (list) { + if (list->name == name) { + ret = 0; /* curve already in use */ + break; + } + + if (list->next == NULL) { + ret = TLSX_SupportedCurve_New(&list->next, name, heap); + break; + } + + list = list->next; + } + + return ret; +} + +static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) +{ + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + + while (list) { + if (list->format == format) { + ret = 0; /* format already in use */ + break; + } + + if (list->next == NULL) { + ret = TLSX_PointFormat_New(&list->next, format, heap); + break; + } + + list = list->next; + } + + return ret; +} + +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) + +#if defined(HAVE_FFDHE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) +static void TLSX_SupportedCurve_ValidateRequest(const WOLFSSL* ssl, + const byte* semaphore) +{ + /* If all pre-defined parameter types for key exchange are supported then + * always send SupportedGroups extension. + */ + (void)ssl; + (void)semaphore; +} +#else +static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) +{ + word16 i; + const Suites* suites = WOLFSSL_SUITES(ssl); + + for (i = 0; i < suites->suiteSz; i += 2) { + if (suites->suites[i] == TLS13_BYTE) + return; + #ifdef BUILD_TLS_SM4_GCM_SM3 + if ((suites->suites[i] == CIPHER_BYTE) && + (suites->suites[i+1] == TLS_SM4_GCM_SM3)) + return; + #endif + #ifdef BUILD_TLS_SM4_CCM_SM3 + if ((suites->suites[i] == CIPHER_BYTE) && + (suites->suites[i+1] == TLS_SM4_CCM_SM3)) + return; + #endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 + if ((suites->suites[i] == SM_BYTE) && + (suites->suites[i+1] == TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3)) + return; + #endif + if ((suites->suites[i] == ECC_BYTE) || + (suites->suites[i] == ECDHE_PSK_BYTE) || + (suites->suites[i] == CHACHA_BYTE)) { + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448) + return; + #endif + } + #ifdef HAVE_FFDHE + else { + return; + } + #endif + } + + /* turns semaphore on to avoid sending this extension. */ + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); +} +#endif + +/* Only send PointFormats if TLSv13, ECC or CHACHA cipher suite present. + */ +static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) +{ +#ifdef HAVE_FFDHE + (void)ssl; + (void)semaphore; +#else + word16 i; + const Suites* suites = WOLFSSL_SUITES(ssl); + + if (suites == NULL) + return; + + for (i = 0; i < suites->suiteSz; i += 2) { + if (suites->suites[i] == TLS13_BYTE) + return; + #ifdef BUILD_TLS_SM4_GCM_SM3 + if ((suites->suites[i] == CIPHER_BYTE) && + (suites->suites[i+1] == TLS_SM4_GCM_SM3)) + return; + #endif + #ifdef BUILD_TLS_SM4_CCM_SM3 + if ((suites->suites[i] == CIPHER_BYTE) && + (suites->suites[i+1] == TLS_SM4_CCM_SM3)) + return; + #endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 + if ((suites->suites[i] == SM_BYTE) && + (suites->suites[i+1] == TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3)) + return; + #endif + if ((suites->suites[i] == ECC_BYTE) || + (suites->suites[i] == ECDHE_PSK_BYTE) || + (suites->suites[i] == CHACHA_BYTE)) { + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448) + return; + #endif + } + } + /* turns semaphore on to avoid sending this extension. */ + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); +#endif +} + +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ + +#ifndef NO_WOLFSSL_SERVER + +static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore) +{ +#if defined(HAVE_FFDHE) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448) + (void)semaphore; +#endif + + if (ssl->options.cipherSuite0 == TLS13_BYTE) + return; +#ifdef BUILD_TLS_SM4_GCM_SM3 + if ((ssl->options.cipherSuite0 == CIPHER_BYTE) && + (ssl->options.cipherSuite == TLS_SM4_GCM_SM3)) + return; +#endif +#ifdef BUILD_TLS_SM4_CCM_SM3 + if ((ssl->options.cipherSuite0 == CIPHER_BYTE) && + (ssl->options.cipherSuite == TLS_SM4_CCM_SM3)) + return; +#endif +#ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 + if ((ssl->options.cipherSuite0 == SM_BYTE) && + (ssl->options.cipherSuite == TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3)) + return; +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) + if (ssl->options.cipherSuite0 == ECC_BYTE || + ssl->options.cipherSuite0 == ECDHE_PSK_BYTE || + ssl->options.cipherSuite0 == CHACHA_BYTE) { + return; + } +#endif + + /* turns semaphore on to avoid sending this extension. */ + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_EC_POINT_FORMATS)); +} + +#endif /* !NO_WOLFSSL_SERVER */ + +#if !defined(NO_WOLFSSL_CLIENT) || defined(WOLFSSL_TLS13) + +static word16 TLSX_SupportedCurve_GetSize(SupportedCurve* list) +{ + SupportedCurve* curve; + word16 length = OPAQUE16_LEN; /* list length */ + + while ((curve = list)) { + list = curve->next; + length += OPAQUE16_LEN; /* curve length */ + } + + return length; +} + +#endif + +static word16 TLSX_PointFormat_GetSize(PointFormat* list) +{ + PointFormat* point; + word16 length = ENUM_LEN; /* list length */ while ((point = list)) { list = point->next; @@ -4785,7 +5055,8 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, { word16 offset; word16 name; - int ret; + int ret = 0; + TLSX* extension; if(!isRequest && !IsAtLeastTLSv1_3(ssl->version)) { #ifdef WOLFSSL_ALLOW_SERVER_SC_EXT @@ -4794,57 +5065,66 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, return BUFFER_ERROR; /* servers doesn't send this extension. */ #endif } - if (OPAQUE16_LEN > length || length % OPAQUE16_LEN) return BUFFER_ERROR; - ato16(input, &offset); - /* validating curve list length */ if (length != OPAQUE16_LEN + offset) return BUFFER_ERROR; - offset = OPAQUE16_LEN; if (offset == length) return 0; -#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) - if (!isRequest) { - TLSX* extension; - SupportedCurve* curve; - - extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); - if (extension != NULL) { - /* Replace client list with server list of supported groups. */ - curve = (SupportedCurve*)extension->data; - extension->data = NULL; - TLSX_SupportedCurve_FreeAll(curve, ssl->heap); - + extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); + if (extension == NULL) { + /* Just accept what the peer wants to use */ + for (; offset < length; offset += OPAQUE16_LEN) { ato16(input + offset, &name); - offset += OPAQUE16_LEN; - ret = TLSX_SupportedCurve_New(&curve, name, ssl->heap); - if (ret != 0) - return ret; /* throw error */ - extension->data = (void*)curve; + ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); + /* If it is BAD_FUNC_ARG then it is a group we do not support, but + * that is fine. */ + if (ret != WOLFSSL_SUCCESS && + ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + break; + ret = 0; } } -#endif + else { + /* Find the intersection with what the user has set */ + SupportedCurve* commonCurves = NULL; + for (; offset < length; offset += OPAQUE16_LEN) { + SupportedCurve* foundCurve = (SupportedCurve*)extension->data; + ato16(input + offset, &name); - for (; offset < length; offset += OPAQUE16_LEN) { - ato16(input + offset, &name); + while (foundCurve != NULL && foundCurve->name != name) + foundCurve = foundCurve->next; - ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); - /* If it is BAD_FUNC_ARG then it is a group we do not support, but - * that is fine. */ - if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { - return ret; + if (foundCurve != NULL) { + ret = commonCurves == NULL ? + TLSX_SupportedCurve_New(&commonCurves, name, ssl->heap) : + TLSX_SupportedCurve_Append(commonCurves, name, ssl->heap); + if (ret != 0) + break; + } + } + /* If no common curves return error. In TLS 1.3 we can still try to save + * this by using HRR. */ + if (ret == 0 && commonCurves == NULL && + !IsAtLeastTLSv1_3(ssl->version)) + ret = ECC_CURVE_ERROR; + if (ret == 0) { + /* Now swap out the curves in the extension */ + TLSX_SupportedCurve_FreeAll((SupportedCurve*)extension->data, + ssl->heap); + extension->data = commonCurves; + commonCurves = NULL; } + TLSX_SupportedCurve_FreeAll(commonCurves, ssl->heap); } - return 0; + return ret; } - #endif #if !defined(NO_WOLFSSL_SERVER) @@ -5159,7 +5439,7 @@ int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported) curve = (SupportedCurve*)extension->data; while (curve != NULL) { - if (!checkSupported || TLSX_KeyShare_IsSupported(curve->name)) + if (!checkSupported || TLSX_IsGroupSupported(curve->name)) return curve->name; curve = curve->next; } @@ -5581,11 +5861,9 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) return BAD_FUNC_ARG; } -#ifdef WOLFSSL_TLS13 - if (! TLSX_KeyShare_IsSupported(name)) { + if (! TLSX_IsGroupSupported(name)) { return BAD_FUNC_ARG; } -#endif extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); @@ -5605,6 +5883,23 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) heap); if (ret != 0) return ret; +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (name == WOLFSSL_P256_ML_KEM_512) { + ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, + WOLFSSL_P256_ML_KEM_512_OLD, heap); + } + else if (name == WOLFSSL_P384_ML_KEM_768) { + ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, + WOLFSSL_P384_ML_KEM_768_OLD, heap); + } + else if (name == WOLFSSL_P521_ML_KEM_1024) { + ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, + WOLFSSL_P521_ML_KEM_1024_OLD, heap); + } + if (ret != 0) { + return ret; + } +#endif } return WOLFSSL_SUCCESS; @@ -7743,8 +8038,11 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Cleanup on error, otherwise data owned by key share entry */ - XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->privKey = NULL; + if (kse->privKey) { + ForceZero(kse->privKey, pvtSz); + XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->privKey = NULL; + } XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); kse->pubKey = NULL; } @@ -8172,6 +8470,11 @@ static const PqcHybridMapping pqc_hybrid_mapping[] = { {WOLFSSL_P256_ML_KEM_768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0}, {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, {WOLFSSL_P384_ML_KEM_1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0}, +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + {WOLFSSL_P256_ML_KEM_512_OLD, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, + {WOLFSSL_P384_ML_KEM_768_OLD, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, + {WOLFSSL_P521_ML_KEM_1024_OLD, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, +#endif #ifdef HAVE_CURVE25519 {WOLFSSL_X25519_ML_KEM_512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1}, {WOLFSSL_X25519_ML_KEM_768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1}, @@ -8335,7 +8638,11 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); kse->pubKey = NULL; #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ - XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + if (privKey) { + ForceZero(privKey, privSz); + XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + privKey = NULL; + } #else XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); kse->key = NULL; @@ -8804,8 +9111,11 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) wc_FreeDhKey(dhKey); XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); keyShareEntry->key = NULL; - XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->privKey = NULL; + if (keyShareEntry->privKey) { + ForceZero(keyShareEntry->privKey, keyShareEntry->keyLen); + XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->privKey = NULL; + } XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->pubKey = NULL; XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -10125,482 +10435,242 @@ static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl, if (ciphertext == NULL) { WOLFSSL_MSG("Ciphertext memory allocation failure."); ret = MEMORY_E; - } - } - - /* Process ECDH key share part. The generated shared secret is directly - * stored in the ssl->arrays->preMasterSecret buffer. Depending on the - * pqc_first flag, the ECDH shared secret part goes before or after the - * KEM part. */ - if (ret == 0) { - ecc_kse->keLen = len - pubSz; - ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (ecc_kse->ke == NULL) { - WOLFSSL_MSG("ecc_kse memory allocation failure"); - ret = MEMORY_ERROR; - } - if (ret == 0) { - int pubOffset = 0; - int ssOffset = 0; - - /* Set the ECC size variable to the initial buffer size */ - ssSzEcc = ssl->arrays->preMasterSz; - - if (pqc_first) { - pubOffset = pubSz; - ssOffset = ssSzPqc; - } - - XMEMCPY(ecc_kse->ke, data + pubOffset, ecc_kse->keLen); - - #ifdef HAVE_CURVE25519 - if (ecc_group == WOLFSSL_ECC_X25519) { - ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); - } - else - #endif - #ifdef HAVE_CURVE448 - if (ecc_group == WOLFSSL_ECC_X448) { - ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); - } - else - #endif - { - ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); - } - } - if (ret == 0) { - if (ssSzEcc != ecc_kse->keyLen) { - WOLFSSL_MSG("Data length mismatch."); - ret = BAD_FUNC_ARG; - } - } - } - - if (ret == 0 && ssSzEcc + ssSzPqc > ENCRYPT_LEN) { - WOLFSSL_MSG("shared secret is too long."); - ret = LENGTH_ERROR; - } - - /* Process PQC KEM key share part. Depending on the pqc_first flag, the - * KEM shared secret part goes before or after the ECDH part. */ - if (ret == 0) { - int input_offset = ecc_kse->keLen; - int output_offset = ssSzEcc; - - if (pqc_first) { - input_offset = 0; - output_offset = 0; - } - - ret = TLSX_KeyShare_HandlePqcKeyServer(ssl, pqc_kse, - data + input_offset, pubSz, - ssl->arrays->preMasterSecret + output_offset, &ssSzPqc); - } - - if (ret == 0) { - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - - ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc; - keyShareEntry->ke = NULL; - keyShareEntry->keLen = 0; - - /* Concatenate the ECDH public key and the PQC KEM ciphertext. Based on - * the pqc_first flag, the ECDH public key goes before or after the KEM - * ciphertext. */ - if (pqc_first) { - XMEMCPY(ciphertext, pqc_kse->pubKey, ctSz); - XMEMCPY(ciphertext + ctSz, ecc_kse->pubKey, ecc_kse->pubKeyLen); - } - else { - XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen); - XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz); - } - - keyShareEntry->pubKey = ciphertext; - keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz; - ciphertext = NULL; - - /* Set namedGroup so wolfSSL_get_curve_name() can function properly on - * the server side. */ - ssl->namedGroup = keyShareEntry->group; - } - - TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap); - XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); - return ret; -} -#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_MLKEM_NO_ENCAPSULATE */ - -/* Use the data to create a new key share object in the extensions. - * - * ssl The SSL/TLS object. - * group The named group. - * len The length of the public key data. - * data The public key data. - * kse The new key share entry object. - * returns 0 on success and other values indicate failure. - */ -int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, - KeyShareEntry **kse, TLSX** extensions) -{ - int ret = 0; - TLSX* extension; - KeyShareEntry* keyShareEntry = NULL; - - /* Find the KeyShare extension if it exists. */ - extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); - if (extension == NULL) { - /* Push new KeyShare extension. */ - ret = TLSX_Push(extensions, TLSX_KEY_SHARE, NULL, ssl->heap); - if (ret != 0) - return ret; - - extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); - if (extension == NULL) - return MEMORY_E; - } - extension->resp = 0; - - /* Try to find the key share entry with this group. */ - keyShareEntry = (KeyShareEntry*)extension->data; - while (keyShareEntry != NULL) { - if (keyShareEntry->group == group) - break; - keyShareEntry = keyShareEntry->next; - } - - /* Create a new key share entry if not found. */ - if (keyShareEntry == NULL) { - ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, group, - ssl->heap, &keyShareEntry); - if (ret != 0) - return ret; - } - - -#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) - if (ssl->options.side == WOLFSSL_SERVER_END && - WOLFSSL_NAMED_GROUP_IS_PQC(group)) { - ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, - keyShareEntry, - data, len, - ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz); - if (ret != 0) - return ret; - } - else if (ssl->options.side == WOLFSSL_SERVER_END && - WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) { - ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, - keyShareEntry, - data, len); - if (ret != 0) - return ret; - } - else -#endif - if (data != NULL) { - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - keyShareEntry->ke = data; - keyShareEntry->keLen = len; - } - else { - /* Generate a key pair. Casting to non-const since changes inside are - * minimal but would require an extensive redesign to refactor. Also - * this path shouldn't be taken when parsing a ClientHello in stateless - * mode. */ - ret = TLSX_KeyShare_GenKey((WOLFSSL*)ssl, keyShareEntry); - if (ret != 0) - return ret; - } - - if (kse != NULL) - *kse = keyShareEntry; - - return 0; -} - -/* Set an empty Key Share extension. - * - * ssl The SSL/TLS object. - * returns 0 on success and other values indicate failure. - */ -int TLSX_KeyShare_Empty(WOLFSSL* ssl) -{ - int ret = 0; - TLSX* extension; - - /* Find the KeyShare extension if it exists. */ - extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); - if (extension == NULL) { - /* Push new KeyShare extension. */ - ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); - } - else if (extension->data != NULL) { - TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap); - extension->data = NULL; - } - - return ret; -} - -/* Returns whether this group is supported. - * - * namedGroup The named group to check. - * returns 1 when supported or 0 otherwise. - */ -static int TLSX_KeyShare_IsSupported(int namedGroup) -{ - switch (namedGroup) { - #ifdef HAVE_FFDHE_2048 - case WOLFSSL_FFDHE_2048: - break; - #endif - #ifdef HAVE_FFDHE_3072 - case WOLFSSL_FFDHE_3072: - break; - #endif - #ifdef HAVE_FFDHE_4096 - case WOLFSSL_FFDHE_4096: - break; - #endif - #ifdef HAVE_FFDHE_6144 - case WOLFSSL_FFDHE_6144: - break; - #endif - #ifdef HAVE_FFDHE_8192 - case WOLFSSL_FFDHE_8192: - break; - #endif - #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 - #ifdef HAVE_ECC_KOBLITZ - case WOLFSSL_ECC_SECP256K1: - break; - #endif - #ifndef NO_ECC_SECP - case WOLFSSL_ECC_SECP256R1: - break; - #endif /* !NO_ECC_SECP */ - #ifdef HAVE_ECC_BRAINPOOL - case WOLFSSL_ECC_BRAINPOOLP256R1: - break; - #endif - #ifdef WOLFSSL_SM2 - case WOLFSSL_ECC_SM2P256V1: - break; - #endif /* WOLFSSL_SM2 */ - #endif - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_ECC_X25519: - break; - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - case WOLFSSL_ECC_X448: - break; - #endif - #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 - #ifndef NO_ECC_SECP - case WOLFSSL_ECC_SECP384R1: - break; - #endif /* !NO_ECC_SECP */ - #ifdef HAVE_ECC_BRAINPOOL - case WOLFSSL_ECC_BRAINPOOLP384R1: - break; - #endif - #endif - #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 - #ifndef NO_ECC_SECP - case WOLFSSL_ECC_SECP521R1: - break; - #endif /* !NO_ECC_SECP */ - #endif - #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 - #ifdef HAVE_ECC_KOBLITZ - case WOLFSSL_ECC_SECP160K1: - break; - #endif - #ifndef NO_ECC_SECP - case WOLFSSL_ECC_SECP160R1: - break; - #endif - #ifdef HAVE_ECC_SECPR2 - case WOLFSSL_ECC_SECP160R2: - break; - #endif - #endif - #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 - #ifdef HAVE_ECC_KOBLITZ - case WOLFSSL_ECC_SECP192K1: - break; - #endif - #ifndef NO_ECC_SECP - case WOLFSSL_ECC_SECP192R1: - break; - #endif - #endif - #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 - #ifdef HAVE_ECC_KOBLITZ - case WOLFSSL_ECC_SECP224K1: - break; - #endif - #ifndef NO_ECC_SECP - case WOLFSSL_ECC_SECP224R1: - break; - #endif - #endif - #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 - #ifdef HAVE_ECC_BRAINPOOL - case WOLFSSL_ECC_BRAINPOOLP512R1: - break; - #endif - #endif -#ifdef WOLFSSL_HAVE_MLKEM -#ifndef WOLFSSL_NO_ML_KEM - #ifdef WOLFSSL_WC_MLKEM - #ifndef WOLFSSL_NO_ML_KEM_512 - case WOLFSSL_ML_KEM_512: - case WOLFSSL_P256_ML_KEM_512: - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_X25519_ML_KEM_512: - #endif - #endif - #ifndef WOLFSSL_NO_ML_KEM_768 - case WOLFSSL_ML_KEM_768: - case WOLFSSL_P384_ML_KEM_768: - case WOLFSSL_P256_ML_KEM_768: - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_X25519_ML_KEM_768: - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - case WOLFSSL_X448_ML_KEM_768: - #endif - #endif - #ifndef WOLFSSL_NO_ML_KEM_1024 - case WOLFSSL_ML_KEM_1024: - case WOLFSSL_P521_ML_KEM_1024: - case WOLFSSL_P384_ML_KEM_1024: - #endif - break; - #elif defined(HAVE_LIBOQS) - case WOLFSSL_ML_KEM_512: - case WOLFSSL_ML_KEM_768: - case WOLFSSL_ML_KEM_1024: - { - int ret; - int id; - ret = mlkem_id2type(namedGroup, &id); - if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { - return 0; - } - - if (! ext_mlkem_enabled(id)) { - return 0; - } - break; - } - case WOLFSSL_P256_ML_KEM_512: - case WOLFSSL_P384_ML_KEM_768: - case WOLFSSL_P256_ML_KEM_768: - case WOLFSSL_P521_ML_KEM_1024: - case WOLFSSL_P384_ML_KEM_1024: - case WOLFSSL_X25519_ML_KEM_512: - case WOLFSSL_X448_ML_KEM_768: - case WOLFSSL_X25519_ML_KEM_768: - { - int ret; - int id; - findEccPqc(NULL, &namedGroup, NULL, namedGroup); - ret = mlkem_id2type(namedGroup, &id); - if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { - return 0; - } - - if (! ext_mlkem_enabled(id)) { - return 0; - } - break; - } - #endif -#endif /* WOLFSSL_NO_ML_KEM */ -#ifdef WOLFSSL_MLKEM_KYBER - #ifdef WOLFSSL_WC_MLKEM - #ifdef WOLFSSL_KYBER512 - case WOLFSSL_KYBER_LEVEL1: - case WOLFSSL_P256_KYBER_LEVEL1: - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_X25519_KYBER_LEVEL1: - #endif - #endif - #ifdef WOLFSSL_KYBER768 - case WOLFSSL_KYBER_LEVEL3: - case WOLFSSL_P384_KYBER_LEVEL3: - case WOLFSSL_P256_KYBER_LEVEL3: - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - case WOLFSSL_X25519_KYBER_LEVEL3: - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - case WOLFSSL_X448_KYBER_LEVEL3: - #endif - #endif - #ifdef WOLFSSL_KYBER1024 - case WOLFSSL_KYBER_LEVEL5: - case WOLFSSL_P521_KYBER_LEVEL5: - #endif - break; - #elif defined(HAVE_LIBOQS) - case WOLFSSL_KYBER_LEVEL1: - case WOLFSSL_KYBER_LEVEL3: - case WOLFSSL_KYBER_LEVEL5: - { - int ret; - int id; - ret = mlkem_id2type(namedGroup, &id); - if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { - return 0; + } + } + + /* Process ECDH key share part. The generated shared secret is directly + * stored in the ssl->arrays->preMasterSecret buffer. Depending on the + * pqc_first flag, the ECDH shared secret part goes before or after the + * KEM part. */ + if (ret == 0) { + ecc_kse->keLen = len - pubSz; + ecc_kse->ke = (byte*)XMALLOC(ecc_kse->keLen, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (ecc_kse->ke == NULL) { + WOLFSSL_MSG("ecc_kse memory allocation failure"); + ret = MEMORY_ERROR; + } + if (ret == 0) { + int pubOffset = 0; + int ssOffset = 0; + + /* Set the ECC size variable to the initial buffer size */ + ssSzEcc = ssl->arrays->preMasterSz; + + if (pqc_first) { + pubOffset = pubSz; + ssOffset = ssSzPqc; } - if (! ext_mlkem_enabled(id)) { - return 0; + XMEMCPY(ecc_kse->ke, data + pubOffset, ecc_kse->keLen); + + #ifdef HAVE_CURVE25519 + if (ecc_group == WOLFSSL_ECC_X25519) { + ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + } + else + #endif + #ifdef HAVE_CURVE448 + if (ecc_group == WOLFSSL_ECC_X448) { + ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + } + else + #endif + { + ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse, + ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); } - break; } - case WOLFSSL_P256_KYBER_LEVEL1: - case WOLFSSL_P384_KYBER_LEVEL3: - case WOLFSSL_P256_KYBER_LEVEL3: - case WOLFSSL_P521_KYBER_LEVEL5: - case WOLFSSL_X25519_KYBER_LEVEL1: - case WOLFSSL_X448_KYBER_LEVEL3: - case WOLFSSL_X25519_KYBER_LEVEL3: - { - int ret; - int id; - findEccPqc(NULL, &namedGroup, NULL, namedGroup); - ret = mlkem_id2type(namedGroup, &id); - if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { - return 0; + if (ret == 0) { + if (ssSzEcc != ecc_kse->keyLen) { + WOLFSSL_MSG("Data length mismatch."); + ret = BAD_FUNC_ARG; } + } + } - if (! ext_mlkem_enabled(id)) { - return 0; - } + if (ret == 0 && ssSzEcc + ssSzPqc > ENCRYPT_LEN) { + WOLFSSL_MSG("shared secret is too long."); + ret = LENGTH_ERROR; + } + + /* Process PQC KEM key share part. Depending on the pqc_first flag, the + * KEM shared secret part goes before or after the ECDH part. */ + if (ret == 0) { + int input_offset = ecc_kse->keLen; + int output_offset = ssSzEcc; + + if (pqc_first) { + input_offset = 0; + output_offset = 0; + } + + ret = TLSX_KeyShare_HandlePqcKeyServer(ssl, pqc_kse, + data + input_offset, pubSz, + ssl->arrays->preMasterSecret + output_offset, &ssSzPqc); + } + + if (ret == 0) { + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + + ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc; + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; + + /* Concatenate the ECDH public key and the PQC KEM ciphertext. Based on + * the pqc_first flag, the ECDH public key goes before or after the KEM + * ciphertext. */ + if (pqc_first) { + XMEMCPY(ciphertext, pqc_kse->pubKey, ctSz); + XMEMCPY(ciphertext + ctSz, ecc_kse->pubKey, ecc_kse->pubKeyLen); + } + else { + XMEMCPY(ciphertext, ecc_kse->pubKey, ecc_kse->pubKeyLen); + XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz); + } + + keyShareEntry->pubKey = ciphertext; + keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz; + ciphertext = NULL; + + /* Set namedGroup so wolfSSL_get_curve_name() can function properly on + * the server side. */ + ssl->namedGroup = keyShareEntry->group; + } + + TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); + TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap); + XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); + return ret; +} +#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_MLKEM_NO_ENCAPSULATE */ + +/* Use the data to create a new key share object in the extensions. + * + * ssl The SSL/TLS object. + * group The named group. + * len The length of the public key data. + * data The public key data. + * kse The new key share entry object. + * returns 0 on success and other values indicate failure. + */ +int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, + KeyShareEntry **kse, TLSX** extensions) +{ + int ret = 0; + TLSX* extension; + KeyShareEntry* keyShareEntry = NULL; + + /* Find the KeyShare extension if it exists. */ + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); + if (extension == NULL) { + /* Push new KeyShare extension. */ + ret = TLSX_Push(extensions, TLSX_KEY_SHARE, NULL, ssl->heap); + if (ret != 0) + return ret; + + extension = TLSX_Find(*extensions, TLSX_KEY_SHARE); + if (extension == NULL) + return MEMORY_E; + } + extension->resp = 0; + + /* Try to find the key share entry with this group. */ + keyShareEntry = (KeyShareEntry*)extension->data; + while (keyShareEntry != NULL) { +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if ((group == WOLFSSL_P256_ML_KEM_512_OLD && + keyShareEntry->group == WOLFSSL_P256_ML_KEM_512) || + (group == WOLFSSL_P384_ML_KEM_768_OLD && + keyShareEntry->group == WOLFSSL_P384_ML_KEM_768) || + (group == WOLFSSL_P521_ML_KEM_1024_OLD && + keyShareEntry->group == WOLFSSL_P521_ML_KEM_1024)) { + keyShareEntry->group = group; break; } - #endif + else #endif -#endif /* WOLFSSL_HAVE_MLKEM */ - default: - return 0; + if (keyShareEntry->group == group) + break; + keyShareEntry = keyShareEntry->next; } - return 1; + /* Create a new key share entry if not found. */ + if (keyShareEntry == NULL) { + ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, group, + ssl->heap, &keyShareEntry); + if (ret != 0) + return ret; + } + + +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) + if (ssl->options.side == WOLFSSL_SERVER_END && + WOLFSSL_NAMED_GROUP_IS_PQC(group)) { + ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz); + if (ret != 0) + return ret; + } + else if (ssl->options.side == WOLFSSL_SERVER_END && + WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) { + ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len); + if (ret != 0) + return ret; + } + else +#endif + if (data != NULL) { + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = data; + keyShareEntry->keLen = len; + } + else { + /* Generate a key pair. Casting to non-const since changes inside are + * minimal but would require an extensive redesign to refactor. Also + * this path shouldn't be taken when parsing a ClientHello in stateless + * mode. */ + ret = TLSX_KeyShare_GenKey((WOLFSSL*)ssl, keyShareEntry); + if (ret != 0) + return ret; + } + + if (kse != NULL) + *kse = keyShareEntry; + + return 0; } +/* Set an empty Key Share extension. + * + * ssl The SSL/TLS object. + * returns 0 on success and other values indicate failure. + */ +int TLSX_KeyShare_Empty(WOLFSSL* ssl) +{ + int ret = 0; + TLSX* extension; + + /* Find the KeyShare extension if it exists. */ + extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + if (extension == NULL) { + /* Push new KeyShare extension. */ + ret = TLSX_Push(&ssl->extensions, TLSX_KEY_SHARE, NULL, ssl->heap); + } + else if (extension->data != NULL) { + TLSX_KeyShare_FreeAll((KeyShareEntry*)extension->data, ssl->heap); + extension->data = NULL; + } + + return ret; +} static const word16 preferredGroup[] = { #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ @@ -10665,7 +10735,7 @@ static const word16 preferredGroup[] = { WOLFSSL_P384_ML_KEM_1024, #endif #elif defined(HAVE_LIBOQS) - /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ + /* These require a runtime call to TLSX_IsGroupSupported to use */ WOLFSSL_ML_KEM_512, WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_1024, @@ -10708,7 +10778,7 @@ static const word16 preferredGroup[] = { WOLFSSL_P521_KYBER_LEVEL5, #endif #elif defined(HAVE_LIBOQS) - /* These require a runtime call to TLSX_KeyShare_IsSupported to use */ + /* These require a runtime call to TLSX_IsGroupSupported to use */ WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL5, @@ -10755,13 +10825,24 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group) } #ifdef HAVE_LIBOQS - if (!TLSX_KeyShare_IsSupported(group)) + if (!TLSX_IsGroupSupported(group)) return WOLFSSL_FATAL_ERROR; #endif - for (i = 0; i < numGroups; i++) + for (i = 0; i < numGroups; i++) { +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if ((group == WOLFSSL_P256_ML_KEM_512_OLD && + groups[i] == WOLFSSL_P256_ML_KEM_512) || + (group == WOLFSSL_P384_ML_KEM_768_OLD && + groups[i] == WOLFSSL_P384_ML_KEM_768) || + (group == WOLFSSL_P521_ML_KEM_1024_OLD && + groups[i] == WOLFSSL_P521_ML_KEM_1024)) { + return i; + } +#endif if (groups[i] == (word16)group) return i; + } return WOLFSSL_FATAL_ERROR; } @@ -10779,6 +10860,7 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) TLSX* extension; SupportedCurve* curve = NULL; SupportedCurve* preferredCurve = NULL; + word16 name = WOLFSSL_NAMED_GROUP_INVALID; KeyShareEntry* kse = NULL; int preferredRank = WOLFSSL_MAX_GROUP_COUNT; int rank; @@ -10786,9 +10868,10 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) extension = TLSX_Find(*extensions, TLSX_SUPPORTED_GROUPS); if (extension != NULL) curve = (SupportedCurve*)extension->data; - /* Use server's preference order. */ for (; curve != NULL; curve = curve->next) { - if (!TLSX_KeyShare_IsSupported(curve->name)) + /* Use server's preference order. Common group was found but key share + * was missing */ + if (!TLSX_IsGroupSupported(curve->name)) continue; if (wolfSSL_curve_is_disabled(ssl, curve->name)) continue; @@ -10804,8 +10887,26 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) curve = preferredCurve; if (curve == NULL) { - WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); - return BAD_KEY_SHARE_DATA; + byte i; + /* Fallback to user selected group */ + preferredRank = WOLFSSL_MAX_GROUP_COUNT; + for (i = 0; i < ssl->numGroups; i++) { + rank = TLSX_KeyShare_GroupRank(ssl, ssl->group[i]); + if (rank == -1) + continue; + if (rank < preferredRank) { + name = ssl->group[i]; + preferredRank = rank; + } + } + if (name == WOLFSSL_NAMED_GROUP_INVALID) { + /* No group selected or specified by the server */ + WOLFSSL_ERROR_VERBOSE(BAD_KEY_SHARE_DATA); + return BAD_KEY_SHARE_DATA; + } + } + else { + name = curve->name; } #ifdef WOLFSSL_ASYNC_CRYPT @@ -10829,7 +10930,7 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) /* Extension got pushed to head */ extension = *extensions; /* Push the selected curve */ - ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, curve->name, + ret = TLSX_KeyShare_New((KeyShareEntry**)&extension->data, name, ssl->heap, &kse); if (ret != 0) return ret; @@ -11051,7 +11152,7 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, if (wolfSSL_curve_is_disabled(ssl, clientKSE->group)) continue; } - if (!TLSX_KeyShare_IsSupported(clientKSE->group)) + if (!TLSX_IsGroupSupported(clientKSE->group)) continue; rank = TLSX_KeyShare_GroupRank(ssl, clientKSE->group); @@ -13100,7 +13201,7 @@ static int TLSX_ECH_Write(WOLFSSL_ECH* ech, byte msgType, byte* writeBuf, static int TLSX_ECH_GetSize(WOLFSSL_ECH* ech, byte msgType) { int ret; - word32 size; + word32 size = 0; if (ech->state == ECH_WRITE_GREASE) { size = sizeof(ech->type) + sizeof(ech->cipherSuite) + @@ -14653,7 +14754,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) for (j = 0; preferredGroup[j] != WOLFSSL_NAMED_GROUP_INVALID; j++) { if (preferredGroup[j] == ssl->group[i] #ifdef HAVE_LIBOQS - && TLSX_KeyShare_IsSupported(preferredGroup[j]) + && TLSX_IsGroupSupported(preferredGroup[j]) #endif ) { namedGroup = ssl->group[i]; @@ -14669,11 +14770,11 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) /* Choose the most preferred group. */ namedGroup = preferredGroup[0]; #ifdef HAVE_LIBOQS - if (!TLSX_KeyShare_IsSupported(namedGroup)) { + if (!TLSX_IsGroupSupported(namedGroup)) { int i = 1; for (;preferredGroup[i] != WOLFSSL_NAMED_GROUP_INVALID; i++) { - if (TLSX_KeyShare_IsSupported(preferredGroup[i])) + if (TLSX_IsGroupSupported(preferredGroup[i])) break; } namedGroup = preferredGroup[i]; @@ -16048,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, /* RFC 8446 4.2.4 states trusted_ca_keys is not used in TLS 1.3. */ if (IsAtLeastTLSv1_3(ssl->version)) { - return EXT_NOT_ALLOWED; + break; } else #endif diff --git a/src/src/tls13.c b/src/src/tls13.c index 6efe446..b860c19 100644 --- a/src/src/tls13.c +++ b/src/src/tls13.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1623,9 +1623,42 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) goto end; if (ssl->options.dtls) { + w64wrapper epochNumber; ret = Dtls13DeriveSnKeys(ssl, provision); if (ret != 0) - return ret; + goto end; + + switch (secret) { + case early_data_key: + epochNumber = w64From32(0, DTLS13_EPOCH_EARLYDATA); + break; + case handshake_key: + epochNumber = w64From32(0, DTLS13_EPOCH_HANDSHAKE); + break; + case traffic_key: + case no_key: + epochNumber = w64From32(0, DTLS13_EPOCH_TRAFFIC0); + break; + case update_traffic_key: + if (side == ENCRYPT_SIDE_ONLY) { + epochNumber = ssl->dtls13Epoch; + } + else if (side == DECRYPT_SIDE_ONLY) { + epochNumber = ssl->dtls13PeerEpoch; + } + else { + ret = BAD_STATE_E; + goto end; + } + w64Increment(&epochNumber); + break; + default: + ret = BAD_STATE_E; + goto end; + } + ret = Dtls13NewEpoch(ssl, epochNumber, side); + if (ret != 0) + goto end; } #endif /* WOLFSSL_DTLS13 */ @@ -2236,34 +2269,6 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store) #endif /* WOLFSSL_32BIT_MILLI_TIME */ #endif /* HAVE_SESSION_TICKET || !NO_PSK */ - -/* Extract the handshake header information. - * - * ssl The SSL/TLS object. - * input The buffer holding the message data. - * inOutIdx On entry, the index into the buffer of the handshake data. - * On exit, the start of the handshake data. - * type Type of handshake message. - * size The length of the handshake message data. - * totalSz The total size of data in the buffer. - * returns BUFFER_E if there is not enough input data and 0 on success. - */ -static int GetHandshakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, - byte* type, word32* size, word32 totalSz) -{ - const byte* ptr = input + *inOutIdx; - (void)ssl; - - *inOutIdx += HANDSHAKE_HEADER_SZ; - if (*inOutIdx > totalSz) - return BUFFER_E; - - *type = ptr[0]; - c24to32(&ptr[1], size); - - return 0; -} - /* Add record layer header to message. * * output The buffer to write the record layer header into. @@ -4111,15 +4116,6 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx) if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) return ret; -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls) { - ret = Dtls13NewEpoch( - ssl, w64From32(0x0, DTLS13_EPOCH_EARLYDATA), ENCRYPT_SIDE_ONLY); - if (ret != 0) - return ret; - } -#endif /* WOLFSSL_DTLS13 */ - } #endif @@ -5053,14 +5049,19 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, byte tls12minor; #ifdef WOLFSSL_ASYNC_CRYPT Dsh13Args* args = NULL; - WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); #else Dsh13Args args[1]; #endif +#ifdef WOLFSSL_ASYNC_CRYPT + WOLFSSL_ASSERT_SIZEOF_GE(ssl->async->args, *args); +#endif WOLFSSL_START(WC_FUNC_SERVER_HELLO_DO); WOLFSSL_ENTER("DoTls13ServerHello"); + if (ssl == NULL || ssl->arrays == NULL) + return BAD_FUNC_ARG; + tls12minor = TLSv1_2_MINOR; #ifdef WOLFSSL_DTLS13 @@ -5068,10 +5069,6 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, tls12minor = DTLSv1_2_MINOR; #endif /* WOLFSSL_DTLS13 */ - - if (ssl == NULL || ssl->arrays == NULL) - return BAD_FUNC_ARG; - #ifdef WOLFSSL_ASYNC_CRYPT if (ssl->async == NULL) { ssl->async = (struct WOLFSSL_ASYNC*) @@ -5145,6 +5142,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Force client hello version 1.2 to work for static RSA. */ ssl->chVersion.minor = TLSv1_2_MINOR; ssl->version.minor = TLSv1_2_MINOR; + ssl->options.tls1_3 = 0; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { @@ -5245,6 +5243,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->options.dtls) { ssl->chVersion.minor = DTLSv1_2_MINOR; ssl->version.minor = DTLSv1_2_MINOR; + ssl->options.tls1_3 = 0; ret = Dtls13ClientDoDowngrade(ssl); if (ret != 0) return ret; @@ -5258,6 +5257,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return VERSION_ERROR; } #ifndef WOLFSSL_NO_TLS12 + ssl->options.tls1_3 = 0; return DoServerHello(ssl, input, inOutIdx, helloSz); #else SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version); @@ -5964,6 +5964,8 @@ static int FindPsk(WOLFSSL* ssl, PreSharedKey* psk, const byte* suite, int* err) WOLFSSL_ENTER("FindPsk"); + XMEMSET(foundSuite, 0, sizeof(foundSuite)); + ret = FindPskSuite(ssl, psk, ssl->arrays->psk_key, &ssl->arrays->psk_keySz, suite, &found, foundSuite); if (ret == 0 && found) { @@ -6321,17 +6323,6 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz, return ret; ssl->keys.encryptionOn = 1; - -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls) { - ret = Dtls13NewEpoch(ssl, - w64From32(0x0, DTLS13_EPOCH_EARLYDATA), - DECRYPT_SIDE_ONLY); - if (ret != 0) - return ret; - } -#endif /* WOLFSSL_DTLS13 */ - ssl->earlyData = process_early_data; } else @@ -7629,11 +7620,6 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) w64wrapper epochHandshake = w64From32(0, DTLS13_EPOCH_HANDSHAKE); ssl->dtls13Epoch = epochHandshake; - ret = Dtls13NewEpoch( - ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE); - if (ret != 0) - return ret; - ret = Dtls13SetEpochKeys( ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE); if (ret != 0) @@ -11219,11 +11205,6 @@ static int SendTls13Finished(WOLFSSL* ssl) ssl->dtls13Epoch = epochTraffic0; ssl->dtls13PeerEpoch = epochTraffic0; - ret = Dtls13NewEpoch( - ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE); - if (ret != 0) - return ret; - ret = Dtls13SetEpochKeys( ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE); if (ret != 0) @@ -11261,11 +11242,6 @@ static int SendTls13Finished(WOLFSSL* ssl) ssl->dtls13Epoch = epochTraffic0; ssl->dtls13PeerEpoch = epochTraffic0; - ret = Dtls13NewEpoch( - ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE); - if (ret != 0) - return ret; - ret = Dtls13SetEpochKeys( ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE); if (ret != 0) @@ -11465,10 +11441,6 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->options.dtls) { w64Increment(&ssl->dtls13PeerEpoch); - ret = Dtls13NewEpoch(ssl, ssl->dtls13PeerEpoch, DECRYPT_SIDE_ONLY); - if (ret != 0) - return ret; - ret = Dtls13SetEpochKeys(ssl, ssl->dtls13PeerEpoch, DECRYPT_SIDE_ONLY); if (ret != 0) return ret; @@ -12884,11 +12856,6 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->dtls13Epoch = epochHandshake; ssl->dtls13PeerEpoch = epochHandshake; - ret = Dtls13NewEpoch( - ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE); - if (ret != 0) - return ret; - ret = Dtls13SetEpochKeys( ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE); if (ret != 0) diff --git a/src/src/wolfio.c b/src/src/wolfio.c index 0809734..b3bb6a8 100644 --- a/src/src/wolfio.c +++ b/src/src/wolfio.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -182,7 +182,7 @@ static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd) */ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) { -#ifdef _WIN32 +#if defined(_WIN32) && !defined(__WATCOMC__) && !defined(_WIN32_WCE) size_t errstr_offset; char errstr[WOLFSSL_STRERROR_BUFFER_SIZE]; #endif /* _WIN32 */ @@ -241,7 +241,7 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) return WOLFSSL_CBIO_ERR_CONN_CLOSE; } -#if defined(_WIN32) && !defined(__WATCOMC__) +#if defined(_WIN32) && !defined(__WATCOMC__) && !defined(_WIN32_WCE) strcpy_s(errstr, sizeof(errstr), "\tGeneral error: "); errstr_offset = strlen(errstr); FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, diff --git a/src/src/x509.c b/src/src/x509.c index 62e3774..323daa1 100644 --- a/src/src/x509.c +++ b/src/src/x509.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1660,6 +1660,65 @@ int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, } #endif +/* Find extension by NID in a stack of extensions. + * + * @param sk Stack of extensions + * @param nid ID to search for + * @param lastpos Start search from this position (not inclusive, -1 means start from beginning) + * @return Index of matching extension or -1 on error/not found + */ +int wolfSSL_X509v3_get_ext_by_NID(const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, + int nid, int lastpos) +{ + int i; + WOLFSSL_ENTER("wolfSSL_X509v3_get_ext_by_NID"); + + if (sk == NULL) { + WOLFSSL_MSG("Stack pointer is NULL"); + return WOLFSSL_FATAL_ERROR; + } + + if (lastpos < -1 || lastpos >= wolfSSL_sk_num(sk)) { + WOLFSSL_MSG("Invalid position argument"); + return WOLFSSL_FATAL_ERROR; + } + + for (i = lastpos + 1; i < wolfSSL_sk_num(sk); i++) { + WOLFSSL_X509_EXTENSION* ext = wolfSSL_sk_X509_EXTENSION_value(sk, i); + if (ext && ext->obj) { + if (wolfSSL_OBJ_obj2nid(ext->obj) == nid) + return i; + } + } + + /* Not found */ + return -1; +} + +/* Get extension from a stack of extensions by location. + * + * @param sk Stack of extensions + * @param loc Index of extension to retrieve + * @return Pointer to extension or NULL on error + */ +WOLFSSL_X509_EXTENSION* wolfSSL_X509v3_get_ext( + const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int loc) +{ + WOLFSSL_ENTER("wolfSSL_X509v3_get_ext"); + + if (sk == NULL) { + WOLFSSL_MSG("Stack pointer is NULL"); + return NULL; + } + + if (loc < 0 || loc >= wolfSSL_sk_num(sk)) { + WOLFSSL_MSG("Invalid location argument"); + return NULL; + } + + return wolfSSL_sk_X509_EXTENSION_value(sk, loc); +} + /* Returns crit flag in X509_EXTENSION object */ int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex) { @@ -2349,6 +2408,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, } break; + case ASN_IP_TYPE: + if (wolfSSL_ASN1_STRING_set(gn->d.iPAddress, + dns->name, dns->len) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ASN1_STRING_set failed"); + goto err; + } + gn->d.iPAddress->type = WOLFSSL_V_ASN1_OCTET_STRING; + break; + default: if (wolfSSL_ASN1_STRING_set(gn->d.dNSName, dns->name, dns->len) != WOLFSSL_SUCCESS) { @@ -5498,7 +5566,7 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) { WOLFSSL_EVP_PKEY* key = NULL; - int ret; + int ret = 0; (void)ret; @@ -6414,8 +6482,7 @@ static int X509PrintSerial_ex(WOLFSSL_BIO* bio, byte* serial, int sz, scratch + scratchLen, scratchSz - scratchLen, "%02x%s", serial[i], (i < sz - 1) ? (delimiter ? ":" : "") : "\n")) - >= scratchSz - scratchLen) - { + >= scratchSz - scratchLen) { WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; } @@ -6428,10 +6495,8 @@ static int X509PrintSerial_ex(WOLFSSL_BIO* bio, byte* serial, int sz, /* if serial can fit into byte then print on the same line */ else { - if ((scratchLen = XSNPRINTF( - scratch, MAX_WIDTH, " %d (0x%x)\n", serial[0], serial[0])) - >= MAX_WIDTH) - { + if ((scratchLen = XSNPRINTF(scratch, MAX_WIDTH, " %d (0x%x)\n", + (char)serial[0], serial[0])) >= MAX_WIDTH) { WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; } @@ -6554,8 +6619,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) return WOLFSSL_FAILURE; } - buf = (char*)XMALLOC(MAX_WIDTH-4-indent, x509->heap, - DYNAMIC_TYPE_TMP_BUFFER); + buf = (char*)XMALLOC(MAX_WIDTH, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) { return WOLFSSL_FAILURE; } @@ -8871,85 +8935,135 @@ static int X509CRLPrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, int indent) { char tmp[MAX_WIDTH]; /* buffer for XSNPRINTF */ + int ret = 0; if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent, "", "CRL extensions:") >= MAX_WIDTH) { - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; + if (ret == 0 && wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + ret = WOLFSSL_FAILURE; } - if (crl->crlList->crlNumber) { - if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent + 4, "", + if (ret == 0 && crl->crlList->crlNumberSet) { + char dec_string[49]; /* 20 octets can express numbers up to approx + 49 decimal digits */ + int freeMp = 0; + #ifdef WOLFSSL_SMALL_STACK + mp_int* dec_num = (mp_int*)XMALLOC(sizeof(*dec_num), NULL, + DYNAMIC_TYPE_BIGINT); + if (dec_num == NULL) { + ret = MEMORY_E; + } + #else + mp_int dec_num[1]; + #endif + + if (ret == 0 && (mp_init(dec_num) != MP_OKAY)) { + ret = MP_INIT_E; + } + else if (ret == 0) { + freeMp = 1; + } + + if (ret == 0 && mp_read_radix(dec_num, (char *)crl->crlList->crlNumber, + MP_RADIX_HEX) != MP_OKAY) { + ret = WOLFSSL_FAILURE; + } + + if (ret == 0 && mp_toradix(dec_num, dec_string, MP_RADIX_DEC) + != MP_OKAY) { + ret = WOLFSSL_FAILURE; + } + + if (ret == 0 && XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent + 4, "", "X509v3 CRL Number:") >= MAX_WIDTH) { - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; + if (ret == 0 && wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + ret = WOLFSSL_FAILURE; } - if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%d\n", indent + 8, "", - crl->crlList->crlNumber) >= MAX_WIDTH) - { - return WOLFSSL_FAILURE; + if (ret == 0 && XSNPRINTF(tmp, MAX_WIDTH, "%*s%s\n", indent + 8, "", + dec_string) >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; + + if (ret == 0 && wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + ret = WOLFSSL_FAILURE; } + XMEMSET(tmp, 0, sizeof(tmp)); + + if (freeMp) { + mp_free(dec_num); + } + + #ifdef WOLFSSL_SMALL_STACK + XFREE(dec_num, NULL, DYNAMIC_TYPE_BIGINT); + #endif } #if !defined(NO_SKID) - if (crl->crlList->extAuthKeyIdSet && crl->crlList->extAuthKeyId[0] != 0) { + if (ret == 0 && crl->crlList->extAuthKeyIdSet && + crl->crlList->extAuthKeyId[0] != 0) { word32 i; char val[5]; int valSz = 5; if (XSNPRINTF(tmp, MAX_WIDTH, "%*s%s", indent + 4, "", "X509v3 Authority Key Identifier:") >= MAX_WIDTH) { - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; } - XSTRNCAT(tmp, "\n", MAX_WIDTH - XSTRLEN(tmp) - 1); + if (ret == 0) { + XSTRNCAT(tmp, "\n", MAX_WIDTH - XSTRLEN(tmp) - 1); + } - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; + if (ret == 0 && wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + ret = WOLFSSL_FAILURE; } XMEMSET(tmp, 0, MAX_WIDTH); - if (XSNPRINTF(tmp, MAX_WIDTH - 1, "%*s%s", + if (ret == 0 && XSNPRINTF(tmp, MAX_WIDTH - 1, "%*s%s", indent + 8, "", "keyid") >= MAX_WIDTH) { - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; } for (i = 0; i < XSTRLEN((char*)crl->crlList->extAuthKeyId); i++) { /* check if buffer is almost full */ - if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) { + if (ret == 0 && XSTRLEN(tmp) >= sizeof(tmp) - valSz) { if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; } tmp[0] = '\0'; } - if (XSNPRINTF(val, (size_t)valSz, ":%02X", - crl->crlList->extAuthKeyId[i]) >= valSz) - { + if (ret == 0 && XSNPRINTF(val, (size_t)valSz, ":%02X", + crl->crlList->extAuthKeyId[i]) >= valSz) { WOLFSSL_MSG("buffer overrun"); - return WOLFSSL_FAILURE; + ret = WOLFSSL_FAILURE; + } + if (ret == 0) { + XSTRNCAT(tmp, val, valSz); } - XSTRNCAT(tmp, val, valSz); } - XSTRNCAT(tmp, "\n", XSTRLEN("\n") + 1); - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { - return WOLFSSL_FAILURE; + if (ret == 0) { + XSTRNCAT(tmp, "\n", XSTRLEN("\n") + 1); + } + if (ret == 0 && wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + ret = WOLFSSL_FAILURE; } } #endif - return WOLFSSL_SUCCESS; + if (ret == 0) { + ret = WOLFSSL_SUCCESS; + } + + return ret; } /* iterate through a CRL's Revoked Certs and print out in human @@ -9181,7 +9295,7 @@ void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) } #endif /* HAVE_CRL && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ -#ifdef OPENSSL_EXTRA +#if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) { if ((crl != NULL) && (crl->crlList != NULL) && @@ -9211,7 +9325,7 @@ int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key) return 0; } #endif -#endif /* OPENSSL_EXTRA */ +#endif /* HAVE_CRL && OPENSSL_EXTRA */ #ifdef OPENSSL_EXTRA @@ -10682,6 +10796,26 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) cert->altSigValLen = x509->altSigValLen; cert->altSigValCrit = x509->altSigValCrit; #endif /* WOLFSSL_DUAL_ALG_CERTS */ + +#if defined(WOLFSSL_ASN_TEMPLATE) && defined(WOLFSSL_CUSTOM_OID) && \ + defined(HAVE_OID_ENCODING) + + if ((x509->customExtCount < 0) || + (x509->customExtCount >= NUM_CUSTOM_EXT)) { + WOLFSSL_MSG("Bad value for customExtCount."); + return WOLFSSL_FAILURE; + } + + for (i = 0; i < x509->customExtCount; i++) { + if (wc_SetCustomExtension(cert, x509->custom_exts[i].crit, + x509->custom_exts[i].oid, x509->custom_exts[i].val, + x509->custom_exts[i].valSz)) + { + return WOLFSSL_FAILURE; + } + } +#endif /* WOLFSSL_ASN_TEMPLATE && WOLFSSL_CUSTOM_OID && HAVE_OID_ENCODING */ + #endif /* WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_CERT_REQ @@ -13819,7 +13953,7 @@ int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex"); - if ((name == NULL) || (name->sz == 0) || (bio == NULL)) + if ((name == NULL) || (bio == NULL)) return WOLFSSL_FAILURE; XMEMSET(eqStr, 0, sizeof(eqStr)); diff --git a/src/src/x509_str.c b/src/src/x509_str.c index fedf4a0..4571b95 100644 --- a/src/src/x509_str.c +++ b/src/src/x509_str.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -405,7 +405,7 @@ static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to, } /* Verifies certificate chain using WOLFSSL_X509_STORE_CTX - * returns 0 on success or < 0 on failure. + * returns 1 on success or <= 0 on failure. */ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) { @@ -577,17 +577,35 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( - WOLFSSL_X509_STORE_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert"); - if (ctx) - return ctx->current_cert; - return NULL; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( + WOLFSSL_X509_STORE_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert"); + if (ctx) + return ctx->current_cert; + return NULL; +} + +/* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */ +void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data"); +#ifdef HAVE_EX_DATA + if (ctx != NULL) { + return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx); } +#else + (void)ctx; + (void)idx; +#endif + return NULL; +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_EXTRA) int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error"); @@ -596,30 +614,14 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) return 0; } - int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth"); - if(ctx) + if (ctx) return ctx->error_depth; return WOLFSSL_FATAL_ERROR; } - -/* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */ -void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) -{ - WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data"); -#ifdef HAVE_EX_DATA - if (ctx != NULL) { - return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx); - } -#else - (void)ctx; - (void)idx; #endif - return NULL; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, diff --git a/src/user_settings.h b/src/user_settings.h index e8d05fa..1d60188 100644 --- a/src/user_settings.h +++ b/src/user_settings.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/aes.c b/src/wolfcrypt/src/aes.c index 6e7f104..de6a428 100644 --- a/src/wolfcrypt/src/aes.c +++ b/src/wolfcrypt/src/aes.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -8345,19 +8345,22 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( } XMEMCPY(ctrInit, ctr, sizeof(ctr)); /* save off initial counter for GMAC */ - /* Authentication buffer - must be 4-byte multiple zero padded */ - authPadSz = authInSz % sizeof(word32); + /* Authentication buffer */ +#if STM_CRYPT_HEADER_WIDTH == 1 + authPadSz = 0; /* CubeHAL supports byte mode */ +#else + authPadSz = authInSz % STM_CRYPT_HEADER_WIDTH; +#endif #ifdef WOLFSSL_STM32MP13 /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a - * minimum of 16 bytes for the auth - */ + * minimum of 16 bytes for the auth */ if ((authInSz > 0) && (authInSz < 16)) { authPadSz = 16 - authInSz; } #endif if (authPadSz != 0) { - if (authPadSz < authInSz + sizeof(word32)) { - authPadSz = authInSz + sizeof(word32) - authPadSz; + if (authPadSz < authInSz + STM_CRYPT_HEADER_WIDTH) { + authPadSz = authInSz + STM_CRYPT_HEADER_WIDTH - authPadSz; } if (authPadSz <= sizeof(authhdr)) { authInPadded = (byte*)authhdr; @@ -8385,7 +8388,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( /* or hardware that does not support partial block */ || sz == 0 || partial != 0 #endif - #if !defined(STM_CRYPT_HEADER_WIDTH) || STM_CRYPT_HEADER_WIDTH == 4 + #if STM_CRYPT_HEADER_WIDTH == 4 /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -8444,7 +8447,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( /* Set the CRYP parameters */ hcryp.Init.HeaderSize = authPadSz; if (authPadSz == 0) - hcryp.Init.Header = NULL; /* cannot pass pointer here when authIn == 0 */ + hcryp.Init.Header = NULL; /* cannot pass pointer when authIn == 0 */ hcryp.Init.ChainingMode = CRYP_CHAINMODE_AES_GCM_GMAC; hcryp.Init.OperatingMode = CRYP_ALGOMODE_ENCRYPT; hcryp.Init.GCMCMACPhase = CRYP_INIT_PHASE; @@ -8884,22 +8887,25 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( * For TLS blocks the authTag is after the output buffer, so save it */ XMEMCPY(tagExpected, authTag, authTagSz); - /* Authentication buffer - must be 4-byte multiple zero padded */ - authPadSz = authInSz % sizeof(word32); - if (authPadSz != 0) { - authPadSz = authInSz + sizeof(word32) - authPadSz; - } - else { - authPadSz = authInSz; - } - + /* Authentication buffer */ +#if STM_CRYPT_HEADER_WIDTH == 1 + authPadSz = 0; /* CubeHAL supports byte mode */ +#else + authPadSz = authInSz % STM_CRYPT_HEADER_WIDTH; +#endif #ifdef WOLFSSL_STM32MP13 /* STM32MP13 HAL at least v1.2 and lower has a bug with which it needs a - * minimum of 16 bytes for the auth - */ + * minimum of 16 bytes for the auth */ if ((authInSz > 0) && (authInSz < 16)) { authPadSz = 16 - authInSz; } +#else + if (authPadSz != 0) { + authPadSz = authInSz + STM_CRYPT_HEADER_WIDTH - authPadSz; + } + else { + authPadSz = authInSz; + } #endif /* for cases where hardware cannot be used for authTag calculate it */ @@ -8909,7 +8915,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( /* or hardware that does not support partial block */ || sz == 0 || partial != 0 #endif - #if !defined(STM_CRYPT_HEADER_WIDTH) || STM_CRYPT_HEADER_WIDTH == 4 + #if STM_CRYPT_HEADER_WIDTH == 4 /* or authIn is not a multiple of 4 */ || authPadSz != authInSz #endif @@ -8949,6 +8955,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( if (ret != 0) { return ret; } + #ifdef WOLFSSL_STM32_CUBEMX hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)ctr; hcryp.Init.Header = (STM_CRYPT_TYPE*)authInPadded; @@ -8956,7 +8963,6 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( #if defined(STM32_HAL_V2) hcryp.Init.Algorithm = CRYP_AES_GCM; hcryp.Init.HeaderSize = authPadSz / STM_CRYPT_HEADER_WIDTH; - #ifdef CRYP_KEYIVCONFIG_ONCE /* allows repeated calls to HAL_CRYP_Decrypt */ hcryp.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ONCE; @@ -8966,6 +8972,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( HAL_CRYP_Init(&hcryp); #ifndef CRYP_KEYIVCONFIG_ONCE + /* GCM payload phase - can handle partial blocks */ status = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, (blocks * WC_AES_BLOCK_SIZE) + partial, (uint32_t*)out, STM32_HAL_TIMEOUT); #else diff --git a/src/wolfcrypt/src/arc4.c b/src/wolfcrypt/src/arc4.c index a877d8b..da997f6 100644 --- a/src/wolfcrypt/src/arc4.c +++ b/src/wolfcrypt/src/arc4.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ascon.c b/src/wolfcrypt/src/ascon.c index 248d06a..4ddbcfc 100644 --- a/src/wolfcrypt/src/ascon.c +++ b/src/wolfcrypt/src/ascon.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/asm.c b/src/wolfcrypt/src/asm.c index a724114..b061bb3 100644 --- a/src/wolfcrypt/src/asm.c +++ b/src/wolfcrypt/src/asm.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/asn.c b/src/wolfcrypt/src/asn.c index af74678..ec34c95 100644 --- a/src/wolfcrypt/src/asn.c +++ b/src/wolfcrypt/src/asn.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -359,6 +359,30 @@ WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output) return i; } +#ifdef WC_ASN_RUNTIME_DATE_CHECK_CONTROL +static int AsnSkipDateCheck = 0; +int wc_AsnSetSkipDateCheck(int skip_p) +{ + AsnSkipDateCheck = (skip_p != 0); + return 0; +} +int wc_AsnGetSkipDateCheck(void) +{ + return AsnSkipDateCheck; +} +#else +#define AsnSkipDateCheck 0 +int wc_AsnSetSkipDateCheck(int skip_p) +{ + (void)skip_p; + return NOT_COMPILED_IN; +} +int wc_AsnGetSkipDateCheck(void) +{ + return 0; +} +#endif + #ifdef WOLFSSL_ASN_TEMPLATE /* Calculate the size of a DER encoded length value. * @@ -3252,22 +3276,35 @@ int SetShortInt(byte* output, word32* inOutIdx, word32 number, word32 maxIdx) word32 idx = *inOutIdx; word32 len; int i; + word32 extraByte = 0; if (number == 0) len = 1; else len = BytePrecision(number); + /* clarify the len range to prepare for the next right bit shifting */ + if (len < 1 || len > sizeof(number)) { + return ASN_PARSE_E; + } + if (number >> (WOLFSSL_BIT_SIZE * len - 1)) { + /* Need one byte of zero value not to be negative number */ + extraByte = 1; + } + /* check for room for type and length bytes. */ - if ((idx + 2 + len) > maxIdx) + if ((idx + 2 + extraByte + len) > maxIdx) return BUFFER_E; /* check that MAX_SHORT_SZ allows this size of ShortInt. */ - if (2 + len > MAX_SHORT_SZ) + if (2 + extraByte + len > MAX_SHORT_SZ) return ASN_PARSE_E; output[idx++] = ASN_INTEGER; - output[idx++] = (byte)len; + output[idx++] = (byte)(len + extraByte); + if (extraByte) { + output[idx++] = 0x00; + } for (i = (int)len - 1; i >= 0; --i) output[idx++] = (byte)(number >> (i * WOLFSSL_BIT_SIZE)); @@ -6670,6 +6707,7 @@ static int DumpOID(const byte* oidData, word32 oidSz, word32 oid, } #endif /* ASN_DUMP_OID */ +#ifdef WOLFSSL_OLD_OID_SUM #ifdef WOLFSSL_FPKI /* Handles the large number of collisions from FPKI certificate policy * OID sums. Returns a special value (100000 + actual sum) if a @@ -6831,8 +6869,39 @@ static word32 fpkiCertPolOid(const byte* oid, word32 oidSz, word32 oidSum) { return 0; } +#endif +#endif /* WOLFSSL_OLD_OID_SUM */ + +word32 wc_oid_sum(const byte* input, int length) +{ + int i; + word32 oid = 0; +#ifndef WOLFSSL_OLD_OID_SUM + int shift = 0; +#endif + + /* Check for valid input. */ + if (input == NULL || length > MAX_OID_SZ) { + WOLFSSL_MSG("wc_oid_sum: invalid args"); + return 0; + } + + /* Sum it up for now. */ + for (i = 0; i < length; i++) { + #ifdef WOLFSSL_OLD_OID_SUM + oid += (word32)input[i]; + #else + oid ^= ((word32)(~input[i])) << shift; + shift = (shift + 8) & 0x1f; + #endif + } +#ifndef WOLFSSL_OLD_OID_SUM + oid &= 0x7fffffff; #endif + return oid; +} + /* Get the OID data and verify it is of the type specified when compiled in. * * @param [in] input Buffer holding OID. @@ -6858,8 +6927,10 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, const byte* checkOid = NULL; word32 checkOidSz; #endif /* NO_VERIFY_OID */ +#ifdef WOLFSSL_OLD_OID_SUM #if defined(HAVE_SPHINCS) || defined(WOLFSSL_FPKI) word32 found_collision = 0; +#endif #endif (void)oidType; *oid = 0; @@ -6870,6 +6941,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, actualOidSz = (word32)length; #endif /* NO_VERIFY_OID */ +#ifdef WOLFSSL_OLD_OID_SUM #if defined(HAVE_SPHINCS) /* Since we are summing it up, there could be collisions...and indeed there * are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3. @@ -6885,14 +6957,12 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, found_collision = SPHINCS_FAST_LEVEL3k; } #endif /* HAVE_SPHINCS */ +#endif - /* Sum it up for now. */ - while (length--) { - /* odd HC08 compiler behavior here when input[idx++] */ - *oid += (word32)input[idx]; - idx++; - } + *oid = wc_oid_sum(actualOid, (int)actualOidSz); + idx += actualOidSz; +#ifdef WOLFSSL_OLD_OID_SUM #ifdef WOLFSSL_FPKI /* Due to the large number of OIDs for FPKI certificate policy, there are multiple collsisions. Handle them in a dedicated function, @@ -6907,6 +6977,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, *oid = found_collision; } #endif /* HAVE_SPHINCS */ +#endif /* Return the index after the OID data. */ *inOutIdx = idx; @@ -6917,6 +6988,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, /* Get the OID data for the id-type. */ checkOid = OidFromId(*oid, oidType, &checkOidSz); +#ifdef WOLFSSL_OLD_OID_SUM #if defined(WOLFSSL_FPKI) /* Handle OID sum collision of AES256CBCb (454) 2.16.840.1.101.3.4.1.42 @@ -6932,6 +7004,7 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, } #endif /* HAVE_AES_CBC */ #endif /* WOLFSSL_FPKI */ +#endif #ifdef ASN_DUMP_OID /* Dump out the data for debug. */ @@ -8310,11 +8383,16 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, ret = BAD_FUNC_ARG; } +#ifndef WOLFSSL_NO_ASN_STRICT /* Sanity check: make sure key doesn't have PKCS #8 header. */ if (ToTraditionalInline_ex(key, &keyIdx, keySz, &tmpAlgId) >= 0) { (void)tmpAlgId; ret = ASN_PARSE_E; } +#else + (void)keyIdx; + (void)tmpAlgId; +#endif CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL); @@ -9501,10 +9579,10 @@ static int GetAlgoV2(int encAlgId, const byte** oid, int *len, int* id, return ret; } -int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, +int wc_EncryptPKCS8Key_ex(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int pbeOid, - int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, - void* heap) + int encAlgId, byte* salt, word32 saltSz, int itt, int hmacOid, + WC_RNG* rng, void* heap) { #ifdef WOLFSSL_SMALL_STACK byte* saltTmp = NULL; @@ -9528,10 +9606,14 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, byte cbcIv[MAX_IV_SIZE]; word32 idx = 0; word32 encIdx = 0; + const byte* hmacOidBuf = NULL; + word32 hmacOidBufSz = 0; + byte tmpShort[MAX_SHORT_SZ]; + word32 tmpIdx = 0; (void)heap; - WOLFSSL_ENTER("wc_EncryptPKCS8Key"); + WOLFSSL_ENTER("wc_EncryptPKCS8Key_ex"); if (key == NULL || outSz == NULL || password == NULL) { ret = BAD_FUNC_ARG; @@ -9550,15 +9632,25 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, if (ret == 0) { padSz = (word32)((blockSz - ((int)keySz & (blockSz - 1))) & (blockSz - 1)); - /* inner = OCT salt INT itt */ - innerLen = 2 + saltSz + 2 + ((itt < 256) ? 1 : ((itt < 65536) ? 2 : 3)); - + ret = SetShortInt(tmpShort, &tmpIdx, (word32)itt, MAX_SHORT_SZ); + if (ret > 0) { + /* inner = OCT salt INT itt */ + innerLen = 2 + saltSz + (word32)ret; + ret = 0; + } + } + if (ret == 0) { if (version != PKCS5v2) { pbeOidBuf = OidFromId((word32)pbeId, oidPBEType, &pbeOidBufSz); /* pbe = OBJ pbse1 SEQ [ inner ] */ pbeLen = 2 + pbeOidBufSz + 2 + innerLen; } else { + if (hmacOid > 0) { + hmacOidBuf = OidFromId((word32)hmacOid, oidHmacType, + &hmacOidBufSz); + innerLen += 2 + 2 + hmacOidBufSz; + } pbeOidBuf = pbes2; pbeOidBufSz = sizeof(pbes2); /* kdf = OBJ pbkdf2 [ SEQ innerLen ] */ @@ -9615,7 +9707,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, } if (ret == 0) { ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, pbeId, - out + encIdx, (int)keySz, version, cbcIv, 1, 0); + out + encIdx, (int)keySz, version, cbcIv, 1, hmacOid); } if (ret == 0) { if (version != PKCS5v2) { @@ -9645,6 +9737,14 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, ret = SetShortInt(out, &idx, (word32)itt, *outSz); if (ret > 0) ret = 0; + if (version == PKCS5v2) { + if (hmacOid > 0) { + idx += SetSequence(2+hmacOidBufSz, out + idx); + idx += (word32)SetObjectId((int)hmacOidBufSz, out + idx); + XMEMCPY(out + idx, hmacOidBuf, hmacOidBufSz); + idx += (word32)hmacOidBufSz; + } + } } if (ret == 0) { if (version == PKCS5v2) { @@ -9669,11 +9769,20 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - WOLFSSL_LEAVE("wc_EncryptPKCS8Key", ret); + WOLFSSL_LEAVE("wc_EncryptPKCS8Key_ex", ret); return ret; } +int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, + const char* password, int passwordSz, int vPKCS, int pbeOid, + int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, + void* heap) +{ + return wc_EncryptPKCS8Key_ex(key, keySz, out, outSz, password, passwordSz, + vPKCS, pbeOid, encAlgId, salt, saltSz, itt, 0, rng, heap); +} + int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password, int passwordSz) { @@ -9716,10 +9825,10 @@ int wc_DecryptPKCS8Key(byte* input, word32 sz, const char* password, * encrypted key. If out is not NULL, it will hold the encrypted key. If it's * NULL, LENGTH_ONLY_E will be returned and outSz will have the required out * buffer size. */ -int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, +int TraditionalEnc_ex(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, - int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, - void* heap) + int encAlgId, byte* salt, word32 saltSz, int itt, int hmacOid, + WC_RNG* rng, void* heap) { int ret = 0; byte *pkcs8Key = NULL; @@ -9759,8 +9868,9 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, } #endif if (ret == 0) { - ret = wc_EncryptPKCS8Key(pkcs8Key, pkcs8KeySz, out, outSz, password, - passwordSz, vPKCS, vAlgo, encAlgId, salt, saltSz, itt, rng, heap); + ret = wc_EncryptPKCS8Key_ex(pkcs8Key, pkcs8KeySz, out, outSz, password, + passwordSz, vPKCS, vAlgo, encAlgId, salt, saltSz, itt, hmacOid, rng, + heap); } if (pkcs8Key != NULL) { @@ -9773,6 +9883,20 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, return ret; } +/* Takes an unencrypted, traditional DER-encoded key and converts it to a PKCS#8 + * encrypted key. If out is not NULL, it will hold the encrypted key. If it's + * NULL, LENGTH_ONLY_E will be returned and outSz will have the required out + * buffer size. */ +int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, + const char* password, int passwordSz, int vPKCS, int vAlgo, + int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, + void* heap) +{ + return TraditionalEnc_ex(key, keySz, out, outSz, password, passwordSz, + vPKCS, vAlgo, encAlgId, salt, saltSz, itt, 0, rng, heap); + +} + /* Same as TraditionalEnc, but in the public API. */ int wc_CreateEncryptedPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, @@ -10131,6 +10255,214 @@ int ToTraditionalEnc(byte* input, word32 sz, const char* password, #ifdef HAVE_PKCS12 +#ifdef WOLFSSL_ASN_TEMPLATE +/* ASN.1 template for PKCS #8 encrypted key with PBES2 parameters. + * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo + * PKCS #5: RFC 8018, A.4 - PBES2 + */ +static const ASNItem p8EncPbes2ASN[] = { +/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, +/* ALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, + /* PBE algorithm */ +/* ALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALGO_PARAMS_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, +/* ALGO_PARAMS_KDF_SEQ */ { 3, ASN_SEQUENCE, 1, 1, 0 }, + /* PBKDF2 */ +/* ALGO_PARAMS_KDF_OID */ { 4, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALGO_PARAMS_PBKDF2_SEQ */ { 4, ASN_SEQUENCE, 1, 1, 0 }, + /* Salt */ +/* ALGO_PARAMS_PBKDF2_SALT */ { 5, ASN_OCTET_STRING, 0, 0, 0 }, + /* Iteration count */ +/* ALGO_PARAMS_PBKDF2_ITER */ { 5, ASN_INTEGER, 0, 0, 0 }, + /* Key length */ +/* ALGO_PARAMS_PBKDF2_KEYLEN */ { 5, ASN_INTEGER, 0, 0, 1 }, + /* PRF - default is HMAC-SHA1 */ +/* ALGO_PARAMS_PBKDF2_PRF */ { 5, ASN_SEQUENCE, 1, 1, 1 }, +/* ALGO_PARAMS_PBKDF2_PRF_OID */ { 6, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALGO_PARAMS_PBKDF2_PRF_NULL */ { 6, ASN_TAG_NULL, 0, 0, 1 }, +/* ALGO_ENCS_SEQ */ { 3, ASN_SEQUENCE, 1, 1, 0 }, + /* Encryption algorithm */ +/* ALGO_ENCS_OID */ { 4, ASN_OBJECT_ID, 0, 0, 0 }, + /* IV for CBC */ +/* ALGO_ENCS_PARAMS */ { 4, ASN_OCTET_STRING, 0, 0, 0 }, +/* ENCDATA */ { 1, (ASN_CONTEXT_SPECIFIC | 0), 0, 0, 0 }, +}; +enum { + P8ENCPBES2ASN_IDX_SEQ = 0, + P8ENCPBES2ASN_IDX_ALGO_SEQ, + P8ENCPBES2ASN_IDX_ALGO_OID, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_SEQ, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_KDF_SEQ, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_KDF_OID, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SEQ, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_ITER, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_KEYLEN, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF_OID, + P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF_NULL, + P8ENCPBES2ASN_IDX_ALGO_ENCS_SEQ, + P8ENCPBES2ASN_IDX_ALGO_ENCS_OID, + P8ENCPBES2ASN_IDX_ALGO_ENCS_PARAMS, + P8ENCPBES2ASN_IDX_ENCDATA +}; + +#define p8EncPbes2ASN_Length (sizeof(p8EncPbes2ASN) / sizeof(ASNItem)) +#endif /* WOLFSSL_ASN_TEMPLATE */ + +static int EncryptContentPBES2(byte* input, word32 inputSz, byte* out, + word32* outSz, const char* password, int passwordSz, int encAlgId, + byte* salt, word32 saltSz, int itt, int hmacOid, WC_RNG* rng, + void* heap) +{ + int ret = 0; +#ifndef WOLFSSL_ASN_TEMPLATE + (void)input; + (void)inputSz; + (void)out; + (void)outSz; + (void)password; + (void)passwordSz; + (void)encAlgId; + (void)salt; + (void)saltSz; + (void)itt; + (void)hmacOid; + (void)rng; + (void)heap; + ret = ASN_VERSION_E; +#else /* WOLFSSL_ASN_TEMPLATE */ + /* PBES2 is only supported when enabling the ASN template */ + + DECL_ASNSETDATA(dataASN, p8EncPbes2ASN_Length); + const byte* blkOidBuf = NULL; + int blkOidSz = 0; + int pbesId = -1; + int blockSz = 0; + int asnSz = 0; + word32 pkcs8Sz = 0; + byte* cbcIv = NULL; + byte* saltEnc = NULL; + int genSalt = (salt == NULL || saltSz == 0); + + WOLFSSL_ENTER("EncryptContentPBES2"); + + /* Must have a output size to return or check. */ + if (outSz == NULL) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && genSalt) { + salt = NULL; + saltSz = PKCS5V2_SALT_SZ; + /* Salt generated into encoding below. */ + } + /* Check salt size is valid. */ + if ((ret == 0) && (saltSz > MAX_SALT_SIZE)) { + ret = ASN_PARSE_E; + } + if ((ret == 0) && GetAlgoV2(encAlgId, &blkOidBuf, &blkOidSz, &pbesId, + &blockSz) < 0) { + ret = ASN_INPUT_E; + } + CALLOC_ASNSETDATA(dataASN, p8EncPbes2ASN_Length, ret, heap); + + if (ret == 0) { + /* Setup data to go into encoding including PBE algorithm, salt, + * iteration count, and padded key length. */ + SetASN_OID(&dataASN[P8ENCPBES2ASN_IDX_ALGO_OID], (word32)PBES2, + oidPBEType); + SetASN_Buffer(&dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_KDF_OID], + pbkdf2Oid, sizeof(pbkdf2Oid)); + SetASN_Buffer(&dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT], NULL, + saltSz); + SetASN_Int16Bit(&dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_ITER], + (word16)itt); + dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_KEYLEN].noOut = 1; + if (hmacOid > 0) { + const byte* hmacOidBuf = NULL; + word32 hmacOidSz = 0; + hmacOidBuf = OidFromId((word32)hmacOid, oidHmacType, &hmacOidSz); + if (hmacOidBuf == NULL) { + ret = ASN_PARSE_E; + } + if (ret == 0) { + SetASN_Buffer( + &dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF_OID], + hmacOidBuf, hmacOidSz); + } + } + else { + /* SHA1 will be used as default without PRF parameters */ + dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF].noOut = 1; + dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF_OID].noOut = 1; + dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_PRF_NULL].noOut = 1; + } + SetASN_Buffer(&dataASN[P8ENCPBES2ASN_IDX_ALGO_ENCS_OID], blkOidBuf, + blkOidSz); + SetASN_Buffer(&dataASN[P8ENCPBES2ASN_IDX_ALGO_ENCS_PARAMS], NULL, + blockSz); + pkcs8Sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); + SetASN_Buffer(&dataASN[P8ENCPBES2ASN_IDX_ENCDATA], NULL, pkcs8Sz); + + /* Calculate size of encoding. */ + ret = SizeASN_Items(p8EncPbes2ASN + P8ENCPBES2ASN_IDX_ALGO_SEQ, + dataASN + P8ENCPBES2ASN_IDX_ALGO_SEQ, + (int)(p8EncPbes2ASN_Length - P8ENCPBES2ASN_IDX_ALGO_SEQ), + &asnSz); + } + /* Return size when no output buffer. */ + if ((ret == 0) && (out == NULL)) { + *outSz = (word32)asnSz; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + /* Check output buffer is big enough for encoded data. */ + if ((ret == 0) && (asnSz > (int)*outSz)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Encode PKCS#8 key. */ + SetASN_Items(p8EncPbes2ASN + P8ENCPBES2ASN_IDX_ALGO_SEQ, + dataASN + P8ENCPBES2ASN_IDX_ALGO_SEQ, + (int)(p8EncPbes2ASN_Length - P8ENCPBES2ASN_IDX_ALGO_SEQ), + out); + + saltEnc = (byte*) + dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT].data.buffer.data; + if (genSalt) { + /* Generate salt into encoding. */ + ret = wc_RNG_GenerateBlock(rng, saltEnc, saltSz); + } + else { + XMEMCPY(saltEnc, salt, saltSz); + } + } + if (ret == 0) { + cbcIv = (byte*) + dataASN[P8ENCPBES2ASN_IDX_ALGO_ENCS_PARAMS].data.buffer.data; + ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz); + } + if (ret == 0) { + /* Store PKCS#8 key in output buffer. */ + byte* pkcs8 = (byte*) + dataASN[P8ENCPBES2ASN_IDX_ENCDATA].data.buffer.data; + XMEMCPY(pkcs8, input, inputSz); + (void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz); + + /* Encrypt PKCS#8 key inline. */ + ret = wc_CryptKey(password, passwordSz, saltEnc, (int)saltSz, itt, + pbesId, pkcs8, (int)pkcs8Sz, PKCS5v2, cbcIv, 1, hmacOid); + } + if (ret == 0) { + /* Returning size on success. */ + ret = asnSz; + } + + FREE_ASNSETDATA(dataASN, heap); + (void)heap; +#endif /* WOLFSSL_ASN_TEMPLATE */ + return ret; +} + #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for PKCS #8 encrypted key with PBES1 parameters. * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo @@ -10159,7 +10491,7 @@ enum { }; #define p8EncPbes1ASN_Length (sizeof(p8EncPbes1ASN) / sizeof(ASNItem)) -#endif +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Wrap a private key in PKCS#8 and encrypt. * @@ -10180,9 +10512,11 @@ enum { * @param [in] passwordSz Length of password in bytes. * @param [in] vPKCS First byte used to determine PBE algorithm. * @param [in] vAlgo Second byte used to determine PBE algorithm. + * @param [in] encAlgId Encryption Algorithm for PBES2. * @param [in] salt Salt to use with KDF. * @param [in] saltSz Length of salt in bytes. * @param [in] itt Number of iterations to use in KDF. + * @param [in] hmacOid HMAC Algorithm for PBES2. * @param [in] rng Random number generator to use to generate salt. * @param [in] heap Dynamic memory allocator hint. * @return The size of encrypted data on success @@ -10195,7 +10529,8 @@ enum { */ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, - byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap) + int encAlgId, byte* salt, word32 saltSz, int itt, int hmacOid, + WC_RNG* rng, void* heap) { #ifndef WOLFSSL_ASN_TEMPLATE word32 sz; @@ -10219,8 +10554,12 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, word32 algoSz; const byte* algoName; + (void)encAlgId; + (void)hmacOid; (void)heap; + (void)EncryptContentPBES2; + WOLFSSL_ENTER("EncryptContent"); if (CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz) < 0) @@ -10375,7 +10714,9 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, (void)rng; return (int)(inOutIdx + sz); -#else +#else /* WOLFSSL_ASN_TEMPLATE */ + /* PBES2 is only supported when enabling the ASN template */ + DECL_ASNSETDATA(dataASN, p8EncPbes1ASN_Length); int ret = 0; int sz = 0; @@ -10402,7 +10743,8 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, } /* Check PKCS #5 version - only PBSE1 parameters supported. */ if ((ret == 0) && (version == PKCS5v2)) { - ret = BAD_FUNC_ARG; + return EncryptContentPBES2(input, inputSz, out, outSz, password, + passwordSz, encAlgId, salt, saltSz, itt, hmacOid, rng, heap); } CALLOC_ASNSETDATA(dataASN, p8EncPbes1ASN_Length, ret, heap); @@ -13970,8 +14312,15 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg) *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].enc)) = (val) /* Get the string of a name component from the subject name. */ -#define GetCertNameSubjectStr(id) \ - (certNameSubject[(id) - 3].str) +#ifdef WOLFSSL_NAMES_STATIC + #define GetCertNameSubjectStr(id) \ + ((certNameSubject[(id) - 3].strLen) ? \ + (certNameSubject[(id) - 3].str) : \ + NULL) +#else + #define GetCertNameSubjectStr(id) \ + (certNameSubject[(id) - 3].str) +#endif /* Get the string length of a name component from the subject name. */ #define GetCertNameSubjectStrLen(id) \ (certNameSubject[(id) - 3].strLen) @@ -13997,7 +14346,15 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg) /* Mapping of certificate name component to useful information. */ typedef struct CertNameData { /* Type string of name component. */ +#ifdef WOLFSSL_NAMES_STATIC + const char str[20]; /* large enough for largest string in certNameSubject[] + * below + */ + #define EMPTY_STR { 0 } +#else const char* str; + #define EMPTY_STR NULL +#endif /* Length of type string of name component. */ byte strLen; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) @@ -14179,7 +14536,7 @@ static const CertNameData certNameSubject[] = { }, /* Title */ { - NULL, 0, + EMPTY_STR, 0, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) 0, 0, @@ -14196,7 +14553,7 @@ static const CertNameData certNameSubject[] = { }, /* Undefined */ { - NULL, 0, + EMPTY_STR, 0, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) 0, 0, @@ -14213,7 +14570,7 @@ static const CertNameData certNameSubject[] = { }, /* Undefined */ { - NULL, 0, + EMPTY_STR, 0, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) 0, 0, @@ -14247,7 +14604,7 @@ static const CertNameData certNameSubject[] = { }, /* Undefined */ { - NULL, 0, + EMPTY_STR, 0, #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) 0, 0, @@ -16515,6 +16872,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) #ifndef NO_ASN_TIME_CHECK if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && + (! AsnSkipDateCheck) && !XVALIDATE_DATE(date, format, dateType)) { if (dateType == ASN_BEFORE) { WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); @@ -17466,14 +17824,20 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) if (sigCtx == NULL) return; +#ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); sigCtx->digest = NULL; -#if !(defined(NO_RSA) && defined(NO_DSA)) +#if !defined(NO_RSA) || !defined(NO_DSA) XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); sigCtx->sigCpy = NULL; #endif +#endif + #ifndef NO_ASN_CRYPT - if (sigCtx->key.ptr) { +#ifndef WOLFSSL_NO_MALLOC + if (sigCtx->key.ptr) +#endif + { switch (sigCtx->keyOID) { #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -17481,15 +17845,19 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) #endif case RSAk: wc_FreeRsaKey(sigCtx->key.rsa); + #ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->key.rsa, sigCtx->heap, DYNAMIC_TYPE_RSA); sigCtx->key.rsa = NULL; + #endif break; #endif /* !NO_RSA */ #ifndef NO_DSA case DSAk: wc_FreeDsaKey(sigCtx->key.dsa); + #ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->key.dsa, sigCtx->heap, DYNAMIC_TYPE_DSA); sigCtx->key.dsa = NULL; + #endif break; #endif #ifdef HAVE_ECC @@ -17506,31 +17874,38 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */ wc_ecc_free(sigCtx->key.ecc); + #ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->key.ecc, sigCtx->heap, DYNAMIC_TYPE_ECC); sigCtx->key.ecc = NULL; + #endif break; #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 case ED25519k: wc_ed25519_free(sigCtx->key.ed25519); + #ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->key.ed25519, sigCtx->heap, DYNAMIC_TYPE_ED25519); sigCtx->key.ed25519 = NULL; + #endif break; #endif /* HAVE_ED25519 */ #ifdef HAVE_ED448 case ED448k: wc_ed448_free(sigCtx->key.ed448); + #ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->key.ed448, sigCtx->heap, DYNAMIC_TYPE_ED448); sigCtx->key.ed448 = NULL; + #endif break; #endif /* HAVE_ED448 */ #if defined(HAVE_FALCON) case FALCON_LEVEL1k: case FALCON_LEVEL5k: wc_falcon_free(sigCtx->key.falcon); - XFREE(sigCtx->key.falcon, sigCtx->heap, - DYNAMIC_TYPE_FALCON); + #ifndef WOLFSSL_NO_MALLOC + XFREE(sigCtx->key.falcon, sigCtx->heap, DYNAMIC_TYPE_FALCON); sigCtx->key.falcon = NULL; + #endif break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) @@ -17543,9 +17918,11 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) case ML_DSA_LEVEL3k: case ML_DSA_LEVEL5k: wc_dilithium_free(sigCtx->key.dilithium); + #ifndef WOLFSSL_NO_MALLOC XFREE(sigCtx->key.dilithium, sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); + DYNAMIC_TYPE_DILITHIUM); sigCtx->key.dilithium = NULL; + #endif break; #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) @@ -17556,17 +17933,20 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) case SPHINCS_SMALL_LEVEL3k: case SPHINCS_SMALL_LEVEL5k: wc_sphincs_free(sigCtx->key.sphincs); - XFREE(sigCtx->key.sphincs, sigCtx->heap, - DYNAMIC_TYPE_SPHINCS); + #ifndef WOLFSSL_NO_MALLOC + XFREE(sigCtx->key.sphincs, sigCtx->heap, DYNAMIC_TYPE_SPHINCS); sigCtx->key.sphincs = NULL; + #endif break; #endif /* HAVE_SPHINCS */ default: break; } /* switch (keyOID) */ + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.ptr = NULL; + #endif } -#endif +#endif /* !NO_ASN_CRYPT */ /* reset state, we are done */ sigCtx->state = SIG_STATE_BEGIN; @@ -17752,6 +18132,68 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, } #endif /* !NO_ASN_CRYPT && !NO_HASH_WRAPPER */ +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) +/* Try to parse as ASN.1 bitstring */ +static int DecodeDsaAsn1Sig(const byte* sig, word32 sigSz, byte* sigCpy, + void* heap) +{ + int ret = 0; + int rSz = 0, sSz = 0, mpinit = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + mp_int* r = NULL; + mp_int* s = NULL; +#else + mp_int r[1]; + mp_int s[1]; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + r = (mp_int*)XMALLOC(sizeof(*r), heap, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int*)XMALLOC(sizeof(*s), heap, DYNAMIC_TYPE_TMP_BUFFER); + if (r == NULL || s == NULL) { + ret = MEMORY_E; + } +#endif + if (ret == 0) { + ret = mp_init_multi(r, s, NULL, NULL, NULL, NULL); + } + if (ret == 0) { + mpinit = 1; + + if (DecodeECC_DSA_Sig(sig, sigSz, r, s) != 0) { + WOLFSSL_MSG("DSA sig decode ASN.1 failed!"); + ret = ASN_SIG_CONFIRM_E; + } + } + if (ret == 0) { + rSz = mp_unsigned_bin_size(r); + sSz = mp_unsigned_bin_size(s); + if (rSz + sSz > (int)sigSz) { + WOLFSSL_MSG("DSA sig size invalid"); + ret = ASN_SIG_CONFIRM_E; + } + } + if (ret == 0) { + if (mp_to_unsigned_bin(r, sigCpy) != MP_OKAY || + mp_to_unsigned_bin(s, sigCpy + rSz) != MP_OKAY) { + WOLFSSL_MSG("DSA sig to unsigned bin failed!"); + ret = ASN_SIG_CONFIRM_E; + } + } + + if (mpinit) { + mp_free(r); + mp_free(s); + } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(r, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(s, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + (void)heap; + return ret; +} +#endif + /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */ int ConfirmSignature(SignatureCtx* sigCtx, const byte* buf, word32 bufSz, @@ -17761,6 +18203,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, byte* rsaKeyIdx) { int ret = WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E); /* default to failure */ + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) CertAttribute* certatt = NULL; #endif @@ -17798,11 +18241,13 @@ int ConfirmSignature(SignatureCtx* sigCtx, { sigCtx->keyOID = keyOID; /* must set early for cleanup */ +#ifndef WOLFSSL_NO_MALLOC sigCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, sigCtx->heap, DYNAMIC_TYPE_DIGEST); if (sigCtx->digest == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } +#endif #if !defined(NO_RSA) && defined(WC_RSA_PSS) /* RSA PSS Defaults */ @@ -17867,20 +18312,24 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), sigCtx->heap, DYNAMIC_TYPE_RSA); if (sigCtx->key.rsa == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_InitRsaKey_ex(sigCtx->key.rsa, sigCtx->heap, sigCtx->devId)) != 0) { goto exit_cs; } + #ifndef WOLFSSL_NO_MALLOC sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); if (sigCtx->sigCpy == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if (sigSz > MAX_ENCODED_SIG_SZ) { WOLFSSL_MSG("Verify Signature is too big"); ERROR_OUT(BUFFER_E, exit_cs); @@ -17909,20 +18358,24 @@ int ConfirmSignature(SignatureCtx* sigCtx, WOLFSSL_MSG("Verify Signature is too small"); ERROR_OUT(BUFFER_E, exit_cs); } + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), sigCtx->heap, DYNAMIC_TYPE_DSA); if (sigCtx->key.dsa == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_InitDsaKey_h(sigCtx->key.dsa, sigCtx->heap)) != 0) { WOLFSSL_MSG("wc_InitDsaKey_h error"); goto exit_cs; } + #ifndef WOLFSSL_NO_MALLOC sigCtx->sigCpy = (byte*)XMALLOC(sigSz, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); if (sigCtx->sigCpy == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa, keySz)) != 0) { WOLFSSL_MSG("ASN Key decode error DSA"); @@ -17930,80 +18383,9 @@ int ConfirmSignature(SignatureCtx* sigCtx, goto exit_cs; } if (sigSz != DSA_160_SIG_SIZE && - sigSz != DSA_256_SIG_SIZE) { - /* Try to parse it as the contents of a bitstring */ - #ifdef WOLFSSL_SMALL_STACK - mp_int* r; - mp_int* s; - #else - mp_int r[1]; - mp_int s[1]; - #endif - int rSz; - int sSz; - - #ifdef WOLFSSL_SMALL_STACK - r = (mp_int*)XMALLOC(sizeof(*r), sigCtx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (r == NULL) { - ERROR_OUT(MEMORY_E, exit_cs); - } - s = (mp_int*)XMALLOC(sizeof(*s), sigCtx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (s == NULL) { - XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - ERROR_OUT(MEMORY_E, exit_cs); - } - #endif - if ((ret = mp_init_multi(r, s, NULL, NULL, NULL, NULL)) != MP_OKAY) { - goto exit_cs; - } - - idx = 0; - if (DecodeECC_DSA_Sig(sig + idx, sigSz - idx, r, s) - != 0) { - WOLFSSL_MSG("DSA Sig is in unrecognized or " - "incorrect format"); - mp_free(r); - mp_free(s); - #ifdef WOLFSSL_SMALL_STACK - XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); - } - rSz = mp_unsigned_bin_size(r); - sSz = mp_unsigned_bin_size(s); - if (rSz + sSz > (int)sigSz) { - WOLFSSL_MSG("DSA Sig is in unrecognized or " - "incorrect format"); - mp_free(r); - mp_free(s); - #ifdef WOLFSSL_SMALL_STACK - XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); - } - if (mp_to_unsigned_bin(r, sigCtx->sigCpy) != MP_OKAY || - mp_to_unsigned_bin(s, - sigCtx->sigCpy + rSz) != MP_OKAY) { - WOLFSSL_MSG("DSA Sig is in unrecognized or " - "incorrect format"); - mp_free(r); - mp_free(s); - #ifdef WOLFSSL_SMALL_STACK - XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); - } - mp_free(r); - mp_free(s); - #ifdef WOLFSSL_SMALL_STACK - XFREE(r, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(s, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif + sigSz != DSA_256_SIG_SIZE) { + ret = DecodeDsaAsn1Sig(sig, sigSz, sigCtx->sigCpy, + sigCtx->heap); } else { XMEMCPY(sigCtx->sigCpy, sig, sigSz); @@ -18025,11 +18407,13 @@ int ConfirmSignature(SignatureCtx* sigCtx, WC_ASYNC_ENABLE_ECC */ sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), sigCtx->heap, DYNAMIC_TYPE_ECC); if (sigCtx->key.ecc == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_ecc_init_ex(sigCtx->key.ecc, sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; @@ -18041,12 +18425,12 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (nbCtx == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } - else { - ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx); - if (ret != 0) { - goto exit_cs; - } + + ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx); + if (ret != 0) { + goto exit_cs; } + #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */ ret = wc_EccPublicKeyDecode(key, &idx, sigCtx->key.ecc, @@ -18066,12 +18450,14 @@ int ConfirmSignature(SignatureCtx* sigCtx, case ED25519k: { sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.ed25519 = (ed25519_key*)XMALLOC( sizeof(ed25519_key), sigCtx->heap, DYNAMIC_TYPE_ED25519); if (sigCtx->key.ed25519 == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_ed25519_init_ex(sigCtx->key.ed25519, sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; @@ -18092,12 +18478,14 @@ int ConfirmSignature(SignatureCtx* sigCtx, case ED448k: { sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.ed448 = (ed448_key*)XMALLOC( sizeof(ed448_key), sigCtx->heap, DYNAMIC_TYPE_ED448); if (sigCtx->key.ed448 == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_ed448_init(sigCtx->key.ed448)) < 0) { goto exit_cs; } @@ -18118,6 +18506,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.falcon = (falcon_key*)XMALLOC(sizeof(falcon_key), sigCtx->heap, @@ -18125,6 +18514,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.falcon == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_falcon_init_ex(sigCtx->key.falcon, sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; @@ -18145,6 +18535,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.falcon = (falcon_key*)XMALLOC(sizeof(falcon_key), sigCtx->heap, @@ -18152,6 +18543,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.falcon == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_falcon_init_ex(sigCtx->key.falcon, sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; @@ -18208,12 +18600,14 @@ int ConfirmSignature(SignatureCtx* sigCtx, goto exit_cs; } sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.dilithium = (dilithium_key*)XMALLOC( sizeof(dilithium_key), sigCtx->heap, DYNAMIC_TYPE_DILITHIUM); if (sigCtx->key.dilithium == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; @@ -18235,6 +18629,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), sigCtx->heap, @@ -18242,6 +18637,8 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.sphincs == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif + if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) { goto exit_cs; } @@ -18261,6 +18658,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), sigCtx->heap, @@ -18268,6 +18666,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.sphincs == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) { goto exit_cs; } @@ -18287,6 +18686,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), sigCtx->heap, @@ -18294,6 +18694,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.sphincs == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) { goto exit_cs; } @@ -18313,6 +18714,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), sigCtx->heap, @@ -18320,6 +18722,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.sphincs == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) { goto exit_cs; } @@ -18339,6 +18742,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), sigCtx->heap, @@ -18346,6 +18750,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.sphincs == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) { goto exit_cs; } @@ -18365,6 +18770,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, { word32 idx = 0; sigCtx->verify = 0; + #ifndef WOLFSSL_NO_MALLOC sigCtx->key.sphincs = (sphincs_key*)XMALLOC(sizeof(sphincs_key), sigCtx->heap, @@ -18372,6 +18778,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, if (sigCtx->key.sphincs == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } + #endif if ((ret = wc_sphincs_init(sigCtx->key.sphincs)) < 0) { goto exit_cs; } @@ -18648,7 +19055,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, defined(WOLFSSL_RENESAS_FSPSM_TLS) if (sigCtx->CertAtt.verifyByTSIP_SCE == 1) break; #endif - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); if (encodedSig == NULL) { @@ -18675,7 +19082,7 @@ int ConfirmSignature(SignatureCtx* sigCtx, WOLFSSL_ERROR_VERBOSE(ret); } - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(encodedSig, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif break; @@ -22746,10 +23153,10 @@ static const ASNItem RPKCertASN[] = { /* Algorithm OBJECT IDENTIFIER */ /* TBS_SPUBKEYINFO_ALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, /* parameters ANY defined by algorithm OPTIONAL */ - /* TBS_SPUBKEYINFO_ALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 2 }, - /* TBS_SPUBKEYINFO_ALGO_CURVEID */ { 2, ASN_OBJECT_ID, 0, 0, 2 }, + /* TBS_SPUBKEYINFO_ALGO_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 }, + /* TBS_SPUBKEYINFO_ALGO_CURVEID */ { 2, ASN_OBJECT_ID, 0, 0, 1 }, #ifdef WC_RSA_PSS - /* TBS_SPUBKEYINFO_ALGO_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 2 }, + /* TBS_SPUBKEYINFO_ALGO_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, #endif /* subjectPublicKey BIT STRING */ /* TBS_SPUBKEYINFO_PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 }, @@ -22919,7 +23326,7 @@ static int CheckDate(ASNGetData *dataASN, int dateType) #ifndef NO_ASN_TIME_CHECK /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */ - if (ret == 0) { + if ((ret == 0) && (! AsnSkipDateCheck)) { if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType)) { if (dateType == ASN_BEFORE) { ret = ASN_BEFORE_DATE_E; @@ -22946,7 +23353,8 @@ static int CheckDate(ASNGetData *dataASN, int dateType) * @param [out] badDateRet Bad date return code. * @param [in] stopAtPubKey Stop parsing before subjectPublicKeyInfo. * @param [in] stopAfterPubKey Stop parsing after subjectPublicKeyInfo. - * @return 0 on success. + * @return 0 on success if of the stop arguments is not set, otherwise set to + * the corresponding byte offset at which the parsing stopped. * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. @@ -22989,6 +23397,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, oidCurveType); ret = GetASN_Items(RPKCertASN, RPKdataASN, RPKCertASN_Length, 1, cert->source, &cert->srcIdx, cert->maxIdx); + + if (ret == 0) { + if (( RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_NULL].length && + RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_CURVEID].length) +#ifdef WC_RSA_PSS + || ( RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_P_SEQ].length && + ( RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_NULL].length || + RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_CURVEID].length)) +#endif + ) { + WOLFSSL_MSG("Multiple RPK algorithm parameters set."); + ret = ASN_PARSE_E; + } + } if (ret == 0) { cert->keyOID = RPKdataASN[RPKCERTASN_IDX_SPUBKEYINFO_ALGO_OID].data.oid.sum; @@ -23083,7 +23505,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT; if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) && - (verify != VERIFY_SKIP_DATE)) { + (verify != VERIFY_SKIP_DATE) && (! AsnSkipDateCheck)) { badDate = ASN_BEFORE_DATE_E; } /* Store reference to ASN_BEFORE date. */ @@ -23095,7 +23517,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT; if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) && - (verify != VERIFY_SKIP_DATE)) { + (verify != VERIFY_SKIP_DATE) && (! AsnSkipDateCheck)) { badDate = ASN_AFTER_DATE_E; } /* Store reference to ASN_AFTER date. */ @@ -23880,7 +24302,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req) { #ifndef WOLFSSL_ASN_TEMPLATE -#ifndef WOLFSSL_SMALL_STACK +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) SignatureCtx sigCtx[1]; #else SignatureCtx* sigCtx; @@ -23912,7 +24334,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, return BAD_FUNC_ARG; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, DYNAMIC_TYPE_SIGNATURE); if (sigCtx == NULL) return MEMORY_E; @@ -24573,6 +24995,96 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, return ret; } #endif + +/* + * @brief Export the SubjectPublicKeyInfo from an X.509 certificate + * + * This function extracts the SubjectPublicKeyInfo (SPKI) section from an X.509 + * certificate in DER format. The SPKI contains the public key algorithm and + * the public key itself. + * + * @param certDer [in] Pointer to the DER encoded certificate + * @param certSz [in] Size of the DER encoded certificate + * @param pubKeyDer [out] Buffer to hold the extracted SPKI (can be NULL to + * get size) + * @param pubKeyDerSz [in,out] On input, size of pubKeyDer buffer + * On output, actual size of the SPKI + * + * @return 0 on success, negative on error + * @return BAD_FUNC_ARG if certDer is NULL, certSz is 0, or pubKeyDerSz is NULL + * @return BUFFER_E if the provided buffer is too small + */ +WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer, + word32 certDerSz, + byte* pubKeyDer, + word32* pubKeyDerSz) +{ +#ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert; +#else + DecodedCert cert[1]; +#endif + int ret; + word32 startIdx; + word32 idx; + word32 length; + int badDate; + + if (certDer == NULL || certDerSz == 0 || pubKeyDerSz == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(*cert), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (cert == NULL) + return MEMORY_E; +#endif + + length = 0; + badDate = 0; + + wc_InitDecodedCert(cert, certDer, certDerSz, NULL); + + /* Parse up to the SubjectPublicKeyInfo */ + ret = wc_GetPubX509(cert, 0, &badDate); + if (ret >= 0) { + /* Save the starting index of SubjectPublicKeyInfo */ + startIdx = cert->srcIdx; + + /* Get the length of the SubjectPublicKeyInfo sequence */ + idx = startIdx; + ret = GetSequence(certDer, &idx, (int*)&length, certDerSz); + if (ret >= 0) { + /* Calculate total length including sequence header */ + length += (idx - startIdx); + + /* Copy the SubjectPublicKeyInfo if buffer provided */ + if (pubKeyDer != NULL) { + if (*pubKeyDerSz < (word32)length) { + ret = BUFFER_E; + } + else { + XMEMCPY(pubKeyDer, &certDer[startIdx], length); + } + } + } + } + + if (ret >= 0) { + ret = 0; + } + + *pubKeyDerSz = length; + wc_FreeDecodedCert(cert); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + #ifdef HAVE_OCSP Signer* findSignerByKeyHash(Signer *list, byte *hash) { @@ -24630,7 +25142,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) || ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { cert->badDate = ret; - if (verify == VERIFY_SKIP_DATE) + if ((verify == VERIFY_SKIP_DATE) || AsnSkipDateCheck) ret = 0; } else @@ -24881,7 +25393,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) || ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { cert->badDate = ret; - if (verify == VERIFY_SKIP_DATE) + if ((verify == VERIFY_SKIP_DATE) || AsnSkipDateCheck) ret = 0; } else if (ret < 0) { @@ -25677,102 +26189,101 @@ void wc_FreeDer(DerBuffer** pDer) /* Note: If items added make sure MAX_X509_HEADER_SZ is updated to reflect maximum length and pem_struct_min_sz to reflect minimum size */ -wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; -wcchar END_CERT = "-----END CERTIFICATE-----"; +static wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; +static wcchar END_CERT = "-----END CERTIFICATE-----"; #ifdef WOLFSSL_CERT_REQ - wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; - wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; + static wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; + static wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; #endif #if defined(WOLFSSL_ACERT) - wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----"; - wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----"; + static wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----"; + static wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----"; #endif /* WOLFSSL_ACERT */ #ifndef NO_DH - wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; - wcchar END_DH_PARAM = "-----END DH PARAMETERS-----"; - wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----"; - wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----"; + static wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; + static wcchar END_DH_PARAM = "-----END DH PARAMETERS-----"; + static wcchar BEGIN_X942_PARAM = "-----BEGIN X9.42 DH PARAMETERS-----"; + static wcchar END_X942_PARAM = "-----END X9.42 DH PARAMETERS-----"; #endif #ifndef NO_DSA - wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; - wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----"; -#endif -wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; -wcchar END_X509_CRL = "-----END X509 CRL-----"; -wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----"; -wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----"; -wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; -wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; -wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----"; -wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----"; -wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; -wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----"; -wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; -wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; + static wcchar BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; + static wcchar END_DSA_PARAM = "-----END DSA PARAMETERS-----"; +#endif +static wcchar BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; +static wcchar END_X509_CRL = "-----END X509 CRL-----"; +static wcchar BEGIN_TRUSTED_CERT = "-----BEGIN TRUSTED CERTIFICATE-----"; +static wcchar END_TRUSTED_CERT = "-----END TRUSTED CERTIFICATE-----"; +static wcchar BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; +static wcchar END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; +static wcchar BEGIN_RSA_PUB = "-----BEGIN RSA PUBLIC KEY-----"; +static wcchar END_RSA_PUB = "-----END RSA PUBLIC KEY-----"; +static wcchar BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; +static wcchar END_PRIV_KEY = "-----END PRIVATE KEY-----"; +static wcchar BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; +static wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; #ifdef HAVE_ECC - wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; - wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----"; + static wcchar BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; + static wcchar END_EC_PRIV = "-----END EC PRIVATE KEY-----"; #ifdef OPENSSL_EXTRA - wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----"; - wcchar END_EC_PARAM = "-----END EC PARAMETERS-----"; + static wcchar BEGIN_EC_PARAM = "-----BEGIN EC PARAMETERS-----"; + static wcchar END_EC_PARAM = "-----END EC PARAMETERS-----"; #endif #endif #ifdef HAVE_PKCS7 -wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----"; -wcchar END_PKCS7 = "-----END PKCS7-----"; +static wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----"; +static wcchar END_PKCS7 = "-----END PKCS7-----"; #endif -#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ - !defined(NO_DSA) - wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; - wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; +#if defined(HAVE_ECC) || !defined(NO_DSA) + static wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; + static wcchar END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; #endif #ifdef OPENSSL_EXTRA - const char BEGIN_PRIV_KEY_PREFIX[] = "-----BEGIN"; - const char PRIV_KEY_SUFFIX[] = "PRIVATE KEY-----"; - const char END_PRIV_KEY_PREFIX[] = "-----END"; + static wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN"; + static wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----"; + static wcchar END_PRIV_KEY_PREFIX = "-----END"; #endif -wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; -wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; +static wcchar BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; +static wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; #if defined(HAVE_ED25519) || defined(HAVE_ED448) - wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; - wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; + static wcchar BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; + static wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; #endif #if defined(HAVE_FALCON) - wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----"; - wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----"; - wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----"; - wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----"; + static wcchar BEGIN_FALCON_LEVEL1_PRIV = "-----BEGIN FALCON_LEVEL1 PRIVATE KEY-----"; + static wcchar END_FALCON_LEVEL1_PRIV = "-----END FALCON_LEVEL1 PRIVATE KEY-----"; + static wcchar BEGIN_FALCON_LEVEL5_PRIV = "-----BEGIN FALCON_LEVEL5 PRIVATE KEY-----"; + static wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----"; - wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----"; - wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----"; - wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----"; - wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----"; - wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----"; - #endif - wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"; - wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----"; - wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----"; - wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----"; - wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----"; - wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----"; + static wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----"; + static wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----"; + static wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----"; + static wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----"; + static wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----"; + static wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----"; + #endif + static wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"; + static wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----"; + static wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----"; + static wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----"; + static wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----"; + static wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) - wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; - wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; - wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----"; - wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----"; - wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----"; - wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----"; - - wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----"; - wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----"; - wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----"; - wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----"; - wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; - wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; + static wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; + static wcchar END_SPHINCS_FAST_LEVEL1_PRIV = "-----END SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; + static wcchar BEGIN_SPHINCS_FAST_LEVEL3_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL3 PRIVATE KEY-----"; + static wcchar END_SPHINCS_FAST_LEVEL3_PRIV = "-----END SPHINCS_FAST_LEVEL3 PRIVATE KEY-----"; + static wcchar BEGIN_SPHINCS_FAST_LEVEL5_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL5 PRIVATE KEY-----"; + static wcchar END_SPHINCS_FAST_LEVEL5_PRIV = "-----END SPHINCS_FAST_LEVEL5 PRIVATE KEY-----"; + + static wcchar BEGIN_SPHINCS_SMALL_LEVEL1_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----"; + static wcchar END_SPHINCS_SMALL_LEVEL1_PRIV = "-----END SPHINCS_SMALL_LEVEL1 PRIVATE KEY-----"; + static wcchar BEGIN_SPHINCS_SMALL_LEVEL3_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----"; + static wcchar END_SPHINCS_SMALL_LEVEL3_PRIV = "-----END SPHINCS_SMALL_LEVEL3 PRIVATE KEY-----"; + static wcchar BEGIN_SPHINCS_SMALL_LEVEL5_PRIV = "-----BEGIN SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; + static wcchar END_SPHINCS_SMALL_LEVEL5_PRIV = "-----END SPHINCS_SMALL_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_SPHINCS */ const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----" @@ -26153,7 +26664,7 @@ int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer, newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN)); /* get cipher name */ - if (NAME_SZ < (finish - start)) /* buffer size of info->name */ + if (NAME_SZ <= (finish - start)) /* buffer size of info->name */ return BUFFER_E; if (XMEMCPY(info->name, start, (size_t)(finish - start)) == NULL) return BUFFER_E; @@ -26390,6 +26901,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #ifdef OPENSSL_EXTRA char beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ char endBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ +#endif +#ifdef WOLFSSL_ENCRYPTED_KEYS + int hashType = WC_HASH_TYPE_NONE; +#if !defined(NO_MD5) + hashType = WC_MD5; +#elif !defined(NO_SHA) + hashType = WC_SHA; +#endif #endif WOLFSSL_ENTER("PemToDer"); @@ -26756,7 +27275,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #endif ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, - (byte*)password, passwordSz, WC_MD5); + (byte*)password, passwordSz, hashType); #ifndef NO_WOLFSSL_SKIP_TRAILING_PAD #ifndef NO_DES3 @@ -27537,13 +28056,13 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) int ret = 0, i; int mpSz; word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0; - word32 sizes[RSA_INTS]; byte seq[MAX_SEQ_SZ]; byte ver[MAX_VERSION_SZ]; mp_int* keyInt; #ifndef WOLFSSL_NO_MALLOC word32 rawLen; byte* tmps[RSA_INTS]; + word32 sizes[RSA_INTS]; #endif if (key == NULL) @@ -27583,7 +28102,9 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) ret = mpSz; break; } + #ifndef WOLFSSL_NO_MALLOC sizes[i] = (word32)mpSz; + #endif intTotalLen += (word32)mpSz; } @@ -31216,11 +31737,13 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, case CERTSIGN_STATE_DIGEST: certSignCtx->state = CERTSIGN_STATE_DIGEST; + #ifndef WOLFSSL_NO_MALLOC certSignCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (certSignCtx->digest == NULL) { ret = MEMORY_E; goto exit_ms; } + #endif ret = HashForSignature(buf, sz, sigAlgoType, certSignCtx->digest, &typeH, &digestSz, 0); @@ -31234,11 +31757,13 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, case CERTSIGN_STATE_ENCODE: #ifndef NO_RSA if (rsaKey) { + #ifndef WOLFSSL_NO_MALLOC certSignCtx->encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, heap, DYNAMIC_TYPE_TMP_BUFFER); if (certSignCtx->encSig == NULL) { ret = MEMORY_E; goto exit_ms; } + #endif /* signature */ certSignCtx->encSigSz = (int)wc_EncodeSignature(certSignCtx->encSig, @@ -31251,7 +31776,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, certSignCtx->state = CERTSIGN_STATE_DO; ret = -1; /* default to error, reassigned to ALGO_ID_E below. */ - #ifndef NO_RSA + #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) if (rsaKey) { /* signature */ ret = wc_RsaSSL_Sign(certSignCtx->encSig, @@ -31299,7 +31824,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, ret = outSz; } #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey && dilithiumKey) { word32 outSz = sigSz; @@ -31321,7 +31846,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, ret = outSz; } } - #endif /* HAVE_DILITHIUM */ + #endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_NO_SIGN */ #if defined(HAVE_SPHINCS) if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey && !dilithiumKey && sphincsKey) { @@ -31346,14 +31871,17 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, } #endif +#ifndef WOLFSSL_NO_MALLOC #ifndef NO_RSA if (rsaKey) { XFREE(certSignCtx->encSig, heap, DYNAMIC_TYPE_TMP_BUFFER); + certSignCtx->encSig = NULL; } #endif /* !NO_RSA */ XFREE(certSignCtx->digest, heap, DYNAMIC_TYPE_TMP_BUFFER); certSignCtx->digest = NULL; +#endif /* !WOLFSSL_NO_MALLOC */ /* reset state */ certSignCtx->state = CERTSIGN_STATE_BEGIN; @@ -33120,12 +33648,14 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz, #endif /* HAVE_ECC */ } +#ifndef WOLFSSL_NO_MALLOC if (certSignCtx->sig == NULL) { certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap, DYNAMIC_TYPE_TMP_BUFFER); if (certSignCtx->sig == NULL) return MEMORY_E; } +#endif sigSz = MakeSignature(certSignCtx, buf, (word32)requestSz, certSignCtx->sig, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key, @@ -33146,8 +33676,10 @@ static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz, sType); } +#ifndef WOLFSSL_NO_MALLOC XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); certSignCtx->sig = NULL; +#endif return sigSz; } @@ -33254,12 +33786,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, #endif /* HAVE_ECC */ } +#ifndef WOLFSSL_NO_MALLOC if (certSignCtx->sig == NULL) { certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap, DYNAMIC_TYPE_TMP_BUFFER); if (certSignCtx->sig == NULL) return MEMORY_E; } +#endif ret = MakeSignature(certSignCtx, buf, (word32)bufSz, certSignCtx->sig, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, ed448Key, @@ -33273,8 +33807,10 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, #endif if (ret <= 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); certSignCtx->sig = NULL; + #endif return ret; } @@ -33289,8 +33825,10 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, ret += headerSz; } +#ifndef WOLFSSL_NO_MALLOC XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); certSignCtx->sig = NULL; +#endif return ret; } #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -33849,6 +34387,8 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx, byte oid[CTC_MAX_EKU_OID_SZ]; word32 oidSz = CTC_MAX_EKU_OID_SZ; + XMEMSET(oid, 0, sizeof(oid)); + if (idx >= CTC_MAX_EKU_NB || sz >= CTC_MAX_EKU_OID_SZ) { WOLFSSL_MSG("Either idx or sz was too large"); return BAD_FUNC_ARG; @@ -33876,6 +34416,8 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid, word32 encodedOidSz = MAX_OID_SZ; int ret; + XMEMSET(encodedOid, 0, sizeof(encodedOid)); + if (cert == NULL || oid == NULL || der == NULL || derSz == 0) { return BAD_FUNC_ARG; } @@ -35199,25 +35741,25 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz, #else if (ret == 0) { /* Base X-ordinate */ - DataToHexString(base + 1, (word32)curve->size, curve->Gx); + DataToHexString(base + 1, (word32)curve->size, (char *)curve->Gx); /* Base Y-ordinate */ - DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy); + DataToHexString(base + 1 + curve->size, (word32)curve->size, (char *)curve->Gy); /* Prime */ DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length, - curve->prime); + (char *)curve->prime); /* Parameter A */ DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length, - curve->Af); + (char *)curve->Af); /* Parameter B */ DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length, - curve->Bf); + (char *)curve->Bf); /* Order of curve */ DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length, - curve->order); + (char *)curve->order); } #endif /* WOLFSSL_ECC_CURVE_STATIC */ @@ -36388,7 +36930,8 @@ static const ASNItem edKeyASN[] = { /* privateKey */ /* PKEY */ { 1, ASN_OCTET_STRING, 0, 1, 0 }, /* CurvePrivateKey */ -/* PKEY_CURVEPKEY */ { 2, ASN_OCTET_STRING, 0, 0, 0 }, +/* PKEY_CURVEPKEY */ { 2, ASN_OCTET_STRING, 0, 0, 2 }, +/* PKEY_MLDSASEQ */ { 2, ASN_SEQUENCE, 1, 0, 2 }, /* attributes */ /* ATTRS */ { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_ATTRS, 1, 1, 1 }, /* publicKey */ @@ -36401,6 +36944,7 @@ enum { EDKEYASN_IDX_PKEYALGO_OID, EDKEYASN_IDX_PKEY, EDKEYASN_IDX_PKEY_CURVEPKEY, + EDKEYASN_IDX_PKEY_MLDSASEQ, EDKEYASN_IDX_ATTRS, EDKEYASN_IDX_PUBKEY }; @@ -36466,8 +37010,15 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, if (GetOctetString(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) - return ASN_PARSE_E; + if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) { + if (oid != ML_DSA_LEVEL2k && oid != ML_DSA_LEVEL3k && + oid != ML_DSA_LEVEL5k) { + return ASN_PARSE_E; + } + if (GetSequence(input, inOutIdx, &privSz, inSz) < 0) { + return ASN_PARSE_E; + } + } priv = input + *inOutIdx; *inOutIdx += (word32)privSz; @@ -36545,11 +37096,24 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz, (int)dataASN[EDKEYASN_IDX_PKEYALGO_OID].data.oid.sum; } } - if (ret == 0) { + if (ret == 0 && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) { /* Import private value. */ *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length; *privKey = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data; } + else if (ret == 0 && + dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) { + if (*inOutKeyType != ML_DSA_LEVEL2k && + *inOutKeyType != ML_DSA_LEVEL3k && + *inOutKeyType != ML_DSA_LEVEL5k) { + ret = ASN_PARSE_E; + } + else { + /* Import private value. */ + *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length; + *privKey = dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data; + } + } if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) { /* Set public length to 0 as not seen. */ if (pubKeyLen != NULL) @@ -36973,6 +37537,8 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, SetASN_Buffer(&dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); /* Don't write out attributes. */ dataASN[EDKEYASN_IDX_ATTRS].noOut = 1; + /* Don't write sequence. */ + dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1; if (pubKey) { /* Leave space for public key. */ SetASN_Buffer(&dataASN[EDKEYASN_IDX_PUBKEY], NULL, pubKeyLen); @@ -37613,7 +38179,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->thisDate, + if ((! AsnSkipDateCheck) && !XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) return ASN_BEFORE_DATE_E; #endif @@ -37650,7 +38216,9 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER)) + if ((! AsnSkipDateCheck) && + !XVALIDATE_DATE(single->status->nextDate, + single->status->nextDateFormat, ASN_AFTER)) return ASN_AFTER_DATE_E; #endif #endif @@ -37723,7 +38291,9 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, cs->thisDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) /* Check date is a valid string and ASN_BEFORE now. */ - if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) { + if ((! AsnSkipDateCheck) && + !XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) + { ret = ASN_BEFORE_DATE_E; } #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */ @@ -37746,7 +38316,9 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, cs->nextDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) /* Check date is a valid string and ASN_AFTER now. */ - if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) { + if ((! AsnSkipDateCheck) && + !XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) + { ret = ASN_AFTER_DATE_E; } #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */ @@ -39832,6 +40404,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) if (verify != NO_VERIFY && + (! AsnSkipDateCheck) && !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); @@ -40026,50 +40599,39 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, return ret; } else { - if (length > 1) { - int i; - #ifdef WOLFSSL_SMALL_STACK - mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL, - DYNAMIC_TYPE_BIGINT); - if (m == NULL) { - return MEMORY_E; - } - #else - mp_int m[1]; - #endif + DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ * CHAR_BIT, + CRL_MAX_NUM_SZ * CHAR_BIT); + NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + #ifdef MP_INT_SIZE_CHECK_NULL + if (m == NULL) { + ret = MEMORY_E; + } + #endif - if (mp_init(m) != MP_OKAY) { - ret = MP_INIT_E; - } + if (ret == 0 && ((ret = INIT_MP_INT_SIZE(m, CRL_MAX_NUM_SZ + * CHAR_BIT)) != MP_OKAY)) { + ret = MP_INIT_E; + } - if (ret == 0) - ret = mp_read_unsigned_bin(m, buf + idx, length); - if (ret != MP_OKAY) - ret = BUFFER_E; + if (ret == MP_OKAY) + ret = mp_read_unsigned_bin(m, buf + idx, length); - if (ret == 0) { - dcrl->crlNumber = 0; - for (i = 0; i < (int)(*m).used; ++i) { - if (i > (CHAR_BIT * - (int)sizeof(word32) / DIGIT_BIT)) { - break; - } - dcrl->crlNumber |= ((word32)(*m).dp[i]) << - (DIGIT_BIT * i); - } - } + if (ret != MP_OKAY) + ret = BUFFER_E; - mp_free(m); - #ifdef WOLFSSL_SMALL_STACK - XFREE(m, NULL, DYNAMIC_TYPE_BIGINT); - #endif + if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber, + MP_RADIX_HEX) != MP_OKAY) + ret = BUFFER_E; - if (ret != 0) - return ret; - } - else if (length == 1) { - dcrl->crlNumber = buf[idx]; + if (ret == MP_OKAY) { + dcrl->crlNumberSet = 1; } + + FREE_MP_INT_SIZE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (ret != MP_OKAY) + return ret; } } } @@ -40096,6 +40658,9 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx, { DECL_ASNGETDATA(dataASN, certExtASN_Length); int ret = 0; + /* Track if we've seen these extensions already */ + word32 seenAuthKey = 0; + word32 seenCrlNum = 0; ALLOC_ASNGETDATA(dataASN, certExtASN_Length, ret, dcrl->heap); @@ -40112,48 +40677,77 @@ static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32 idx, ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, buf, &idx, maxIdx); if (ret == 0) { + word32 localIdx = idx; /* OID in extension. */ word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum; /* Length of extension data. */ int length = (int)dataASN[CERTEXTASN_IDX_VAL].length; - if (oid == AUTH_KEY_OID) { - #ifndef NO_SKID - /* Parse Authority Key Id extension. - * idx is at start of OCTET_STRING data. */ - ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl); - if (ret != 0) { - WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension"); - } - #endif + /* Check for duplicate extension. RFC 5280 Section 4.2 states that + * a certificate must not include more than one instance of a + * particular extension. Note that the same guidance does not appear + * for CRLs but the same reasoning should apply. */ + if ((oid == AUTH_KEY_OID && seenAuthKey) || + (oid == CRL_NUMBER_OID && seenCrlNum)) { + WOLFSSL_MSG("Duplicate CRL extension found"); + /* Gating !WOLFSSL_NO_ASN_STRICT will allow wolfCLU to have same + * behaviour as OpenSSL */ +#ifndef WOLFSSL_NO_ASN_STRICT + ret = ASN_PARSE_E; +#endif } - else if (oid == CRL_NUMBER_OID) { - #ifdef WOLFSSL_SMALL_STACK - mp_int* m = (mp_int*)XMALLOC(sizeof(*m), NULL, - DYNAMIC_TYPE_BIGINT); - if (m == NULL) { - ret = MEMORY_E; + + /* Track this extension if no duplicate found */ + if (ret == 0) { + if (oid == AUTH_KEY_OID) + seenAuthKey = 1; + else if (oid == CRL_NUMBER_OID) + seenCrlNum = 1; + } + + if (ret == 0) { + if (oid == AUTH_KEY_OID) { + #ifndef NO_SKID + /* Parse Authority Key Id extension. + * idx is at start of OCTET_STRING data. */ + ret = ParseCRL_AuthKeyIdExt(buf + localIdx, length, dcrl); + if (ret != 0) { + WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension"); + } + #endif } - #else - mp_int m[1]; - #endif + else if (oid == CRL_NUMBER_OID) { + DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ * CHAR_BIT, + CRL_MAX_NUM_SZ * CHAR_BIT); + NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0) { - if (mp_init(m) != MP_OKAY) { + #ifdef MP_INT_SIZE_CHECK_NULL + if (m == NULL) { + ret = MEMORY_E; + } + #endif + + if (ret == 0 && (INIT_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * + CHAR_BIT) != MP_OKAY)) { ret = MP_INIT_E; } - } - if (ret == 0) { - ret = GetInt(m, buf, &idx, maxIdx); - } - if (ret == 0) { - dcrl->crlNumber = (int)m->dp[0]; - } - mp_free(m); - #ifdef WOLFSSL_SMALL_STACK - XFREE(m, NULL, DYNAMIC_TYPE_BIGINT); - #endif + if (ret == 0) { + ret = GetInt(m, buf, &localIdx, maxIdx); + } + + if (ret == 0 && mp_toradix(m, (char*)dcrl->crlNumber, + MP_RADIX_HEX) != MP_OKAY) + ret = BUFFER_E; + + if (ret == 0) { + dcrl->crlNumberSet = 1; + } + + mp_free(m); + FREE_MP_INT_SIZE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } } /* TODO: check criticality */ /* Move index on to next extension. */ @@ -40472,6 +41066,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, if (dcrl->nextDateFormat != 0) { /* Next date was set, so validate it. */ if (verify != NO_VERIFY && + (! AsnSkipDateCheck) && !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); ret = CRL_CERT_DATE_ERR; @@ -41195,6 +41790,75 @@ int wc_Asn1_SetFile(Asn1* asn1, XFILE file) return ret; } +/* Set the OID name callback to use when printing. + * + * @param [in, out] asn1 ASN.1 parse object. + * @param [in] nameCb OID name callback. + * @return 0 on success. + * @return BAD_FUNC_ARG when asn1 is NULL. + * @return BAD_FUNC_ARG when nameCb is NULL. + */ +int wc_Asn1_SetOidToNameCb(Asn1* asn1, Asn1OidToNameCb nameCb) +{ + int ret = 0; + + if ((asn1 == NULL) || (nameCb == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + asn1->nameCb = nameCb; + } + + return ret; +} + +/* Encode dotted form of OID into byte array version. + * + * @param [in] in Byte array containing OID. + * @param [in] inSz Size of OID in bytes. + * @param [in] out Array to hold dotted form of OID. + * @param [in, out] outSz On in, number of elements in array. + * On out, count of numbers in dotted form. + * @return 0 on success + * @return BAD_FUNC_ARG when in or outSz is NULL. + * @return BUFFER_E when dotted form buffer too small. + */ +static int EncodedDottedForm(const byte* in, word32 inSz, word32* out, + word32* outSz) +{ + int x = 0, y = 0; + word32 t = 0; + + /* check args */ + if (in == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* decode bytes */ + while (inSz--) { + t = (t << 7) | (in[x] & 0x7F); + if (!(in[x] & 0x80)) { + if (y >= (int)*outSz) { + return BUFFER_E; + } + if (y == 0) { + out[0] = (word16)(t / 40); + out[1] = (word16)(t % 40); + y = 2; + } + else { + out[y++] = t; + } + t = 0; /* reset tmp */ + } + x++; + } + + /* return length */ + *outSz = (word32)y; + + return 0; +} /* Print OID in dotted form or as hex bytes. * * @param [in] file File pointer to write to. @@ -41203,12 +41867,12 @@ int wc_Asn1_SetFile(Asn1* asn1, XFILE file) */ static void PrintObjectIdNum(XFILE file, unsigned char* oid, word32 len) { - word16 dotted_nums[ASN1_OID_DOTTED_MAX_SZ]; + word32 dotted_nums[ASN1_OID_DOTTED_MAX_SZ]; word32 num = ASN1_OID_DOTTED_MAX_SZ; word32 i; /* Decode OBJECT_ID into dotted form array. */ - if (DecodeObjectId(oid, len, dotted_nums, &num) == 0) { + if (EncodedDottedForm(oid, len, dotted_nums, &num) == 0) { /* Print out each number of dotted form. */ for (i = 0; i < num; i++) { XFPRINTF(file, "%d", dotted_nums[i]); @@ -41295,11 +41959,11 @@ static void PrintObjectIdText(Asn1* asn1, Asn1PrintOptions* opts) int nid; #endif const char* ln = NULL; - word32 i = 0; + word32 idx = 0; int known = 1; /* Get the OID value for the OBJECT_ID. */ - if (GetObjectId(asn1->data + asn1->offset, &i, &oid, oidIgnoreType, + if (GetObjectId(asn1->data + asn1->offset, &idx, &oid, oidIgnoreType, asn1->item.len + 2) == WC_NO_ERR_TRACE(ASN_PARSE_E)) { known = 0; } @@ -41313,12 +41977,17 @@ static void PrintObjectIdText(Asn1* asn1, Asn1PrintOptions* opts) else #endif /* Lookup long name for extra known OID values. */ - if (!Oid2LongName(oid, &ln)) { + if (Oid2LongName(oid, &ln) != 0) { + } + else if ((asn1->nameCb != NULL) && (idx >= 2) && + ((ln = asn1->nameCb(asn1->data + asn1->offset + 2, + idx - 2))) != NULL) { + } + else { /* Unknown OID value. */ ln = NULL; known = 0; } - XFPRINTF(asn1->file, ":"); /* Show OID value if not known or asked to. */ if ((!known) || opts->show_oid) { @@ -42611,7 +43280,9 @@ int ParseX509Acert(DecodedAcert* acert, int verify) /* check BEFORE date. */ idx = ACERT_IDX_ACINFO_VALIDITY_NOTB_GT; if (CheckDate(&dataASN[idx], BEFORE) < 0) { - if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { + if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE) && + (! AsnSkipDateCheck)) + { badDate = ASN_BEFORE_DATE_E; } } @@ -42623,7 +43294,9 @@ int ParseX509Acert(DecodedAcert* acert, int verify) /* check AFTER date. */ idx = ACERT_IDX_ACINFO_VALIDITY_NOTA_GT; if (CheckDate(&dataASN[idx], AFTER) < 0) { - if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { + if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE) && + (! AsnSkipDateCheck)) + { badDate = ASN_BEFORE_DATE_E; } } diff --git a/src/wolfcrypt/src/bio.c b/src/wolfcrypt/src/bio.c index 0b52a6c..ce74983 100644 --- a/src/wolfcrypt/src/bio.c +++ b/src/wolfcrypt/src/bio.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2392,13 +2392,28 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_new_connect"); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); if (bio) { - const char* port = XSTRSTR(str, ":"); + const char* port; +#ifdef WOLFSSL_IPV6 + const char* ipv6Start = XSTRSTR(str, "["); + const char* ipv6End = XSTRSTR(str, "]"); + + if (ipv6End) + port = XSTRSTR(ipv6End, ":"); + else +#endif + port = XSTRSTR(str, ":"); if (port != NULL) bio->port = (word16)XATOI(port + 1); else port = str + XSTRLEN(str); /* point to null terminator */ +#ifdef WOLFSSL_IPV6 + if (ipv6Start && ipv6End) { + str = ipv6Start + 1; + port = ipv6End; + } +#endif bio->ip = (char*)XMALLOC( (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); diff --git a/src/wolfcrypt/src/blake2b.c b/src/wolfcrypt/src/blake2b.c index c1f3e7a..b28e9c0 100644 --- a/src/wolfcrypt/src/blake2b.c +++ b/src/wolfcrypt/src/blake2b.c @@ -18,7 +18,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -356,7 +356,9 @@ int blake2b_final( blake2b_state *S, byte *out, byte outlen ) } S->buflen -= BLAKE2B_BLOCKBYTES; - XMEMCPY( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen ); + if ( S->buflen > BLAKE2B_BLOCKBYTES ) + return BAD_LENGTH_E; + XMEMMOVE( S->buf, S->buf + BLAKE2B_BLOCKBYTES, (wolfssl_word)S->buflen ); } blake2b_increment_counter( S, S->buflen ); diff --git a/src/wolfcrypt/src/blake2s.c b/src/wolfcrypt/src/blake2s.c index 7f9d3ff..5f264cd 100644 --- a/src/wolfcrypt/src/blake2s.c +++ b/src/wolfcrypt/src/blake2s.c @@ -18,7 +18,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/camellia.c b/src/wolfcrypt/src/camellia.c index c1ff47e..9a15ba0 100644 --- a/src/wolfcrypt/src/camellia.c +++ b/src/wolfcrypt/src/camellia.c @@ -33,7 +33,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1022,7 +1022,7 @@ static int camellia_setup256(const unsigned char *key, u32 *subkey) static int camellia_setup192(const unsigned char *key, u32 *subkey) { unsigned char kk[32]; - u32 krll, krlr, krrl,krrr; + u32 krll = 0, krlr = 0, krrl = 0, krrr = 0; XMEMCPY(kk, key, 24); XMEMCPY((unsigned char *)&krll, key+16,4); diff --git a/src/wolfcrypt/src/chacha.c b/src/wolfcrypt/src/chacha.c index 1a1d676..d42186e 100644 --- a/src/wolfcrypt/src/chacha.c +++ b/src/wolfcrypt/src/chacha.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/chacha20_poly1305.c b/src/wolfcrypt/src/chacha20_poly1305.c index 09d522d..d87325d 100644 --- a/src/wolfcrypt/src/chacha20_poly1305.c +++ b/src/wolfcrypt/src/chacha20_poly1305.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/cmac.c b/src/wolfcrypt/src/cmac.c index b83214c..0c7274f 100644 --- a/src/wolfcrypt/src/cmac.c +++ b/src/wolfcrypt/src/cmac.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/coding.c b/src/wolfcrypt/src/coding.c index 739fde5..2b0a4b2 100644 --- a/src/wolfcrypt/src/coding.c +++ b/src/wolfcrypt/src/coding.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/compress.c b/src/wolfcrypt/src/compress.c index e3c42cc..f2e8b3e 100644 --- a/src/wolfcrypt/src/compress.c +++ b/src/wolfcrypt/src/compress.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/cpuid.c b/src/wolfcrypt/src/cpuid.c index 37fe855..978cbf5 100644 --- a/src/wolfcrypt/src/cpuid.c +++ b/src/wolfcrypt/src/cpuid.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/cryptocb.c b/src/wolfcrypt/src/cryptocb.c index a83e529..801916e 100644 --- a/src/wolfcrypt/src/cryptocb.c +++ b/src/wolfcrypt/src/cryptocb.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -577,6 +577,7 @@ int wc_CryptoCb_RsaGetSize(const RsaKey* key, int* keySize) #endif /* !NO_RSA */ #ifdef HAVE_ECC +#ifdef HAVE_ECC_DHE int wc_CryptoCb_MakeEccKey(WC_RNG* rng, int keySize, ecc_key* key, int curveId) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); @@ -629,7 +630,9 @@ int wc_CryptoCb_Ecdh(ecc_key* private_key, ecc_key* public_key, return wc_CryptoCb_TranslateErrorCode(ret); } +#endif +#ifdef HAVE_ECC_SIGN int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out, word32 *outlen, WC_RNG* rng, ecc_key* key) { @@ -658,7 +661,9 @@ int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out, return wc_CryptoCb_TranslateErrorCode(ret); } +#endif +#ifdef HAVE_ECC_VERIFY int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key) { @@ -687,7 +692,9 @@ int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen, return wc_CryptoCb_TranslateErrorCode(ret); } +#endif +#ifdef HAVE_ECC_CHECK_KEY int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, word32 pubKeySz) { @@ -713,6 +720,7 @@ int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, return wc_CryptoCb_TranslateErrorCode(ret); } +#endif #endif /* HAVE_ECC */ #ifdef HAVE_CURVE25519 diff --git a/src/wolfcrypt/src/curve25519.c b/src/wolfcrypt/src/curve25519.c index ae2a6b4..1b383e7 100644 --- a/src/wolfcrypt/src/curve25519.c +++ b/src/wolfcrypt/src/curve25519.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -24,6 +24,10 @@ #include +#ifdef NO_CURVED25519_X64 + #undef USE_INTEL_SPEEDUP +#endif + #ifdef HAVE_CURVE25519 #include @@ -194,11 +198,11 @@ static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p, if (ret < 0) { return ret; } - for (i = CURVE25519_KEYSIZE; i > 0; i--) { + for (i = CURVE25519_KEYSIZE - 1; i >= 0; i--) { if (rz[i] != 0xff) break; } - if ((i != 0) || (rz[0] <= 0xec)) { + if ((i >= 0) || (rz[0] <= 0xec)) { break; } } @@ -212,11 +216,11 @@ static int curve25519_smul_blind(byte* rp, const byte* n, const byte* p, return ret; a[CURVE25519_KEYSIZE-1] &= 0x7f; /* k' = k ^ 2k ^ a */ - n_a[0] = n[0] ^ (n[0] << 1) ^ a[0]; + n_a[0] = n[0] ^ (byte)(n[0] << 1) ^ a[0]; for (i = 1; i < CURVE25519_KEYSIZE; i++) { byte b1, b2, b3; b1 = n[i] ^ a[i]; - b2 = (n[i] << 1) ^ a[i]; + b2 = (byte)(n[i] << 1) ^ a[i]; b3 = (n[i-1] >> 7) ^ a[i]; n_a[i] = b1 ^ b2 ^ b3; } @@ -422,6 +426,9 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key) ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point), key->p.point, (int)sizeof(key->k), key->k, rng); + if (ret == 0) { + ret = wc_curve25519_set_rng(key, rng); + } #else ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point, (int)sizeof(key->k), key->k); diff --git a/src/wolfcrypt/src/curve448.c b/src/wolfcrypt/src/curve448.c index f3cf9f3..74e2cee 100644 --- a/src/wolfcrypt/src/curve448.c +++ b/src/wolfcrypt/src/curve448.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/des3.c b/src/wolfcrypt/src/des3.c index 7a9ba3b..d38fa40 100644 --- a/src/wolfcrypt/src/des3.c +++ b/src/wolfcrypt/src/des3.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1677,7 +1677,7 @@ static void DesProcessBlock(Des* des, const byte* in, byte* out) { - word32 l, r; + word32 l = 0, r = 0; XMEMCPY(&l, in, sizeof(l)); XMEMCPY(&r, in + sizeof(l), sizeof(r)); @@ -1700,7 +1700,7 @@ static void Des3ProcessBlock(Des3* des, const byte* in, byte* out) { - word32 l, r; + word32 l = 0, r = 0; XMEMCPY(&l, in, sizeof(l)); XMEMCPY(&r, in + sizeof(l), sizeof(r)); @@ -1727,6 +1727,10 @@ { word32 blocks = sz / DES_BLOCK_SIZE; + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + while (blocks--) { xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE); DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg); @@ -1742,6 +1746,10 @@ { word32 blocks = sz / DES_BLOCK_SIZE; + if (des == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + while (blocks--) { XMEMCPY(des->tmp, in, DES_BLOCK_SIZE); DesProcessBlock(des, (byte*)des->tmp, out); diff --git a/src/wolfcrypt/src/dh.c b/src/wolfcrypt/src/dh.c index 8869c03..a88259e 100644 --- a/src/wolfcrypt/src/dh.c +++ b/src/wolfcrypt/src/dh.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1373,6 +1373,38 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz, return ret; } +#if defined(WOLFSSL_DH_GEN_PUB) +/** + * Given a DhKey with set params and a priv key, generate the corresponding + * public key. If fips, does pub key validation. + * */ +WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz, + byte* pub, word32* pubSz) +{ + int ret = 0; + + if (key == NULL || priv == NULL || privSz == 0 || + pub == NULL || pubSz == NULL) { + return BAD_FUNC_ARG; + } + + SAVE_VECTOR_REGISTERS(return _svr_ret;); + + ret = GeneratePublicDh(key, priv, privSz, pub, pubSz); + + #if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN) + if (ret == 0) + ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0); + if (ret == 0) + ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz); + #endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */ + + RESTORE_VECTOR_REGISTERS(); + + return ret; +} +#endif /* WOLFSSL_DH_GEN_PUB */ + static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz) { @@ -2026,44 +2058,19 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #endif #ifdef WOLFSSL_HAVE_SP_DH + if (0 #ifndef WOLFSSL_SP_NO_2048 - if (mp_count_bits(&key->p) == 2048) { - if (mp_init(y) != MP_OKAY) - ret = MP_INIT_E; - - if (ret == 0) { - SAVE_VECTOR_REGISTERS(ret = _svr_ret;); - - if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) - ret = MP_READ_E; - - if (ret == 0) - ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, agreeSz); - - mp_clear(y); - - RESTORE_VECTOR_REGISTERS(); - } - - /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */ - if ((ret == 0) && - ((*agreeSz == 0) || ((*agreeSz == 1) && (agree[0] == 1)))) - { - ret = MP_VAL; - } - - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - #if !defined(WOLFSSL_SP_MATH) - XFREE(z, key->heap, DYNAMIC_TYPE_DH); - XFREE(x, key->heap, DYNAMIC_TYPE_DH); - #endif - XFREE(y, key->heap, DYNAMIC_TYPE_DH); - #endif - return ret; - } + || mp_count_bits(&key->p) == 2048 #endif #ifndef WOLFSSL_SP_NO_3072 - if (mp_count_bits(&key->p) == 3072) { + || mp_count_bits(&key->p) == 3072 +#endif +#ifdef WOLFSSL_SP_4096 + || mp_count_bits(&key->p) == 4096 +#endif + ) { + int i = (int)*agreeSz - 1; + if (mp_init(y) != MP_OKAY) ret = MP_INIT_E; @@ -2073,8 +2080,26 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) ret = MP_READ_E; - if (ret == 0) - ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, agreeSz); + if (ret == 0) { + #ifndef WOLFSSL_SP_NO_2048 + if (mp_count_bits(&key->p) == 2048) { + ret = sp_DhExp_2048(y, priv, privSz, &key->p, agree, + agreeSz); + } + #endif + #ifndef WOLFSSL_SP_NO_3072 + if (mp_count_bits(&key->p) == 3072) { + ret = sp_DhExp_3072(y, priv, privSz, &key->p, agree, + agreeSz); + } + #endif + #ifdef WOLFSSL_SP_4096 + if (mp_count_bits(&key->p) == 4096) { + ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, + agreeSz); + } + #endif + } mp_clear(y); @@ -2088,40 +2113,16 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, ret = MP_VAL; } - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - #if !defined(WOLFSSL_SP_MATH) - XFREE(z, key->heap, DYNAMIC_TYPE_DH); - XFREE(x, key->heap, DYNAMIC_TYPE_DH); - #endif - XFREE(y, key->heap, DYNAMIC_TYPE_DH); - #endif - return ret; - } -#endif -#ifdef WOLFSSL_SP_4096 - if (mp_count_bits(&key->p) == 4096) { - if (mp_init(y) != MP_OKAY) - ret = MP_INIT_E; - - if (ret == 0) { - SAVE_VECTOR_REGISTERS(ret = _svr_ret;); - - if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) - ret = MP_READ_E; + if ((ret == 0) && ct) { + word16 mask = 0xff; + sword16 o = (sword16)(*agreeSz - 1); - if (ret == 0) - ret = sp_DhExp_4096(y, priv, privSz, &key->p, agree, agreeSz); - - mp_clear(y); - - RESTORE_VECTOR_REGISTERS(); - } - - /* make sure agree is > 1 (SP800-56A, 5.7.1.1) */ - if ((ret == 0) && - ((*agreeSz == 0) || ((*agreeSz == 1) && (agree[0] == 1)))) - { - ret = MP_VAL; + *agreeSz = (word32)(i + 1); + for (; i >= 0 ; i--) { + agree[i] = agree[o] & (byte)mask; + mask = ctMask16LT(0, (int)o); + o = (sword16)(o + (sword16)mask); + } } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -2134,16 +2135,8 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, return ret; } #endif -#endif #if !defined(WOLFSSL_SP_MATH) - if (ct) { - /* for the constant-time variant, we will probably use more bits in x for - * the modexp than we read from the private key, and those extra bits need - * to be zeroed. - */ - XMEMSET(x, 0, sizeof *x); - } if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(z, key->heap, DYNAMIC_TYPE_DH); @@ -2152,6 +2145,14 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #endif return MP_INIT_E; } +#if defined(WOLFSSL_SP_MATH_ALL) + if (ct) { + /* TFM and Integer implementations keep high words zero. + * SP math implementation needs all words set to zero as it doesn't + * ensure unused words are zero. */ + mp_forcezero(x); + } +#endif SAVE_VECTOR_REGISTERS(ret = _svr_ret;); @@ -2166,12 +2167,24 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, ret = MP_READ_E; if (ret == 0) { - if (ct) - ret = mp_exptmod_ex(y, x, - ((int)*agreeSz + DIGIT_BIT - 1) / DIGIT_BIT, + if (ct) { + int bits; + + /* x is mod q but if q not available, use p (> q). */ + if (mp_iszero(&key->q) == MP_NO) { + bits = mp_count_bits(&key->q); + } + else { + bits = mp_count_bits(&key->p); + } + /* Exponentiate to the maximum words of a valid x to ensure a + * constant time operation. */ + ret = mp_exptmod_ex(y, x, (bits + DIGIT_BIT - 1) / DIGIT_BIT, &key->p, z); - else + } + else { ret = mp_exptmod(y, x, &key->p, z); + } if (ret != MP_OKAY) ret = MP_EXPTMOD_E; } @@ -2187,6 +2200,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, if (ret == 0) { if (ct) { + /* Put the secret into a buffer in constant time. */ ret = mp_to_unsigned_bin_len_ct(z, agree, (int)*agreeSz); } else { @@ -2284,7 +2298,8 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, #else #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_DH) { - ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, pubSz); + ret = wc_DhAgree_Async(key, agree, agreeSz, priv, privSz, otherPub, + pubSz); } else #endif @@ -2300,56 +2315,21 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz) { - int ret; word32 requested_agreeSz; -#ifndef WOLFSSL_NO_MALLOC - byte *agree_buffer = NULL; -#else - byte agree_buffer[DH_MAX_SIZE / 8]; -#endif if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL || otherPub == NULL) { return BAD_FUNC_ARG; } - requested_agreeSz = *agreeSz; - -#ifndef WOLFSSL_NO_MALLOC - agree_buffer = (byte *)XMALLOC(requested_agreeSz, key->heap, - DYNAMIC_TYPE_DH); - if (agree_buffer == NULL) - return MEMORY_E; -#endif - - XMEMSET(agree_buffer, 0, requested_agreeSz); - - ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub, - pubSz, 1); - - if (ret == 0) { - /* Arrange for correct fixed-length, right-justified key, even if the - * crypto back end doesn't support it. This assures that the key is - * unconditionally agreed correctly. With some crypto back ends, - * e.g. heapmath, there are no provisions for actual constant time, but - * with others the key computation and clamping is constant time, and - * the unclamping here is also constant time. - */ - byte *agree_src = agree_buffer + *agreeSz - 1, - *agree_dst = agree + requested_agreeSz - 1; - while (agree_dst >= agree) { - word32 mask = (agree_src >= agree_buffer) - 1U; - agree_src += (mask & requested_agreeSz); - *agree_dst-- = *agree_src--; - } - *agreeSz = requested_agreeSz; + requested_agreeSz = (word32)mp_unsigned_bin_size(&key->p); + if (requested_agreeSz > *agreeSz) { + return BUFFER_E; } + *agreeSz = requested_agreeSz; -#ifndef WOLFSSL_NO_MALLOC - XFREE(agree_buffer, key->heap, DYNAMIC_TYPE_DH); -#endif - - return ret; + return wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz, + 1); } #ifdef WOLFSSL_DH_EXTRA @@ -2501,8 +2481,8 @@ int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, #endif /* WOLFSSL_DH_EXTRA */ static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, - word32 gSz, const byte* q, word32 qSz, int trusted, - WC_RNG* rng) + word32 gSz, const byte* q, word32 qSz, int trusted, + WC_RNG* rng) { int ret = 0; mp_int* keyP = NULL; diff --git a/src/wolfcrypt/src/dilithium.c b/src/wolfcrypt/src/dilithium.c index 1aa2750..ac8e5d8 100644 --- a/src/wolfcrypt/src/dilithium.c +++ b/src/wolfcrypt/src/dilithium.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -502,11 +502,12 @@ static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen) #ifndef WOLFSSL_DILITHIUM_NO_ASN1 - oid = OidFromId(wc_HashGetOID((enum wc_HashType)hash), oidHashType, oidLen); + oid = OidFromId((word32)wc_HashGetOID((enum wc_HashType)hash), oidHashType, + oidLen); if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN - 2)) { #ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID - oidBuffer[0] = 0x06; /* ObjectID */ - oidBuffer[1] = *oidLen; /* ObjectID */ + oidBuffer[0] = 0x06; /* ObjectID */ + oidBuffer[1] = (byte)*oidLen; /* ObjectID */ oidBuffer += 2; XMEMCPY(oidBuffer, oid, *oidLen); #else @@ -733,19 +734,19 @@ static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta, * 8 numbers become 3 bytes. (8 * 3 bits = 3 * 8 bits) */ for (j = 0; j < DILITHIUM_N; j += 8) { /* Make value a positive integer. */ - byte s0 = 2 - s[j + 0]; - byte s1 = 2 - s[j + 1]; - byte s2 = 2 - s[j + 2]; - byte s3 = 2 - s[j + 3]; - byte s4 = 2 - s[j + 4]; - byte s5 = 2 - s[j + 5]; - byte s6 = 2 - s[j + 6]; - byte s7 = 2 - s[j + 7]; + byte s0 = (byte)(2 - s[j + 0]); + byte s1 = (byte)(2 - s[j + 1]); + byte s2 = (byte)(2 - s[j + 2]); + byte s3 = (byte)(2 - s[j + 3]); + byte s4 = (byte)(2 - s[j + 4]); + byte s5 = (byte)(2 - s[j + 5]); + byte s6 = (byte)(2 - s[j + 6]); + byte s7 = (byte)(2 - s[j + 7]); /* Pack 8 3-bit values into 3 bytes. */ - p[0] = (s0 >> 0) | (s1 << 3) | (s2 << 6); - p[1] = (s2 >> 2) | (s3 << 1) | (s4 << 4) | (s5 << 7); - p[2] = (s5 >> 1) | (s6 << 2) | (s7 << 5); + p[0] = (byte)((s0 >> 0) | (s1 << 3) | (s2 << 6)); + p[1] = (byte)((s2 >> 2) | (s3 << 1) | (s4 << 4) | (s5 << 7)); + p[2] = (byte)((s5 >> 1) | (s6 << 2) | (s7 << 5)); /* Move to next place to encode into. */ p += DILITHIUM_ETA_2_BITS; } @@ -774,14 +775,14 @@ static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta, * 8 numbers become 4 bytes. (8 * 4 bits = 4 * 8 bits) */ for (j = 0; j < DILITHIUM_N / 2; j += 4) { /* Make values positive and pack 2 4-bit values into 1 byte. */ - p[j + 0] = (((byte)(4 - s[j * 2 + 0])) << 0) | - (((byte)(4 - s[j * 2 + 1])) << 4); - p[j + 1] = (((byte)(4 - s[j * 2 + 2])) << 0) | - (((byte)(4 - s[j * 2 + 3])) << 4); - p[j + 2] = (((byte)(4 - s[j * 2 + 4])) << 0) | - (((byte)(4 - s[j * 2 + 5])) << 4); - p[j + 3] = (((byte)(4 - s[j * 2 + 6])) << 0) | - (((byte)(4 - s[j * 2 + 7])) << 4); + p[j + 0] = (byte)((((byte)(4 - s[j * 2 + 0])) << 0) | + (((byte)(4 - s[j * 2 + 1])) << 4)); + p[j + 1] = (byte)((((byte)(4 - s[j * 2 + 2])) << 0) | + (((byte)(4 - s[j * 2 + 3])) << 4)); + p[j + 2] = (byte)((((byte)(4 - s[j * 2 + 4])) << 0) | + (((byte)(4 - s[j * 2 + 5])) << 4)); + p[j + 3] = (byte)((((byte)(4 - s[j * 2 + 6])) << 0) | + (((byte)(4 - s[j * 2 + 7])) << 4)); } #endif /* Move to next place to encode into. */ @@ -993,31 +994,39 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1) * Do all polynomial values - 8 at a time. */ for (j = 0; j < DILITHIUM_N; j += 8) { /* Take 8 values of t and take top bits and make positive. */ - word16 n1_0 = (t[j + 0] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_1 = (t[j + 1] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_2 = (t[j + 2] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_3 = (t[j + 3] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_4 = (t[j + 4] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_5 = (t[j + 5] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_6 = (t[j + 6] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; - word16 n1_7 = (t[j + 7] + DILITHIUM_D_MAX_HALF - 1) >> DILITHIUM_D; + word16 n1_0 = (word16)((t[j + 0] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_1 = (word16)((t[j + 1] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_2 = (word16)((t[j + 2] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_3 = (word16)((t[j + 3] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_4 = (word16)((t[j + 4] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_5 = (word16)((t[j + 5] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_6 = (word16)((t[j + 6] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); + word16 n1_7 = (word16)((t[j + 7] + DILITHIUM_D_MAX_HALF - 1) >> + DILITHIUM_D); /* Take 8 values of t and take bottom bits and make positive. */ - word16 n0_0 = DILITHIUM_D_MAX_HALF - - (t[j + 0] - (n1_0 << DILITHIUM_D)); - word16 n0_1 = DILITHIUM_D_MAX_HALF - - (t[j + 1] - (n1_1 << DILITHIUM_D)); - word16 n0_2 = DILITHIUM_D_MAX_HALF - - (t[j + 2] - (n1_2 << DILITHIUM_D)); - word16 n0_3 = DILITHIUM_D_MAX_HALF - - (t[j + 3] - (n1_3 << DILITHIUM_D)); - word16 n0_4 = DILITHIUM_D_MAX_HALF - - (t[j + 4] - (n1_4 << DILITHIUM_D)); - word16 n0_5 = DILITHIUM_D_MAX_HALF - - (t[j + 5] - (n1_5 << DILITHIUM_D)); - word16 n0_6 = DILITHIUM_D_MAX_HALF - - (t[j + 6] - (n1_6 << DILITHIUM_D)); - word16 n0_7 = DILITHIUM_D_MAX_HALF - - (t[j + 7] - (n1_7 << DILITHIUM_D)); + word16 n0_0 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 0] - (n1_0 << DILITHIUM_D))); + word16 n0_1 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 1] - (n1_1 << DILITHIUM_D))); + word16 n0_2 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 2] - (n1_2 << DILITHIUM_D))); + word16 n0_3 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 3] - (n1_3 << DILITHIUM_D))); + word16 n0_4 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 4] - (n1_4 << DILITHIUM_D))); + word16 n0_5 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 5] - (n1_5 << DILITHIUM_D))); + word16 n0_6 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 6] - (n1_6 << DILITHIUM_D))); + word16 n0_7 = (word16)(DILITHIUM_D_MAX_HALF - + (t[j + 7] - (n1_7 << DILITHIUM_D))); /* 13 bits per number. * 8 numbers become 13 bytes. (8 * 13 bits = 13 * 8 bits) */ @@ -1031,20 +1040,20 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1) tp[2] = (n0_4 >> 12) | ((word32)n0_5 << 1) | ((word32)n0_6 << 14) | ((word32)n0_7 << 27); #else - t0[ 0] = (n0_0 << 0); - t0[ 1] = (n0_0 >> 8) | (n0_1 << 5); - t0[ 2] = (n0_1 >> 3) ; - t0[ 3] = (n0_1 >> 11) | (n0_2 << 2); - t0[ 4] = (n0_2 >> 6) | (n0_3 << 7); - t0[ 5] = (n0_3 >> 1) ; - t0[ 6] = (n0_3 >> 9) | (n0_4 << 4); - t0[ 7] = (n0_4 >> 4) ; - t0[ 8] = (n0_4 >> 12) | (n0_5 << 1); - t0[ 9] = (n0_5 >> 7) | (n0_6 << 6); - t0[10] = (n0_6 >> 2) ; - t0[11] = (n0_6 >> 10) | (n0_7 << 3); + t0[ 0] = (byte)( (n0_0 << 0)); + t0[ 1] = (byte)((n0_0 >> 8) | (n0_1 << 5)); + t0[ 2] = (byte)((n0_1 >> 3) ); + t0[ 3] = (byte)((n0_1 >> 11) | (n0_2 << 2)); + t0[ 4] = (byte)((n0_2 >> 6) | (n0_3 << 7)); + t0[ 5] = (byte)((n0_3 >> 1) ); + t0[ 6] = (byte)((n0_3 >> 9) | (n0_4 << 4)); + t0[ 7] = (byte)((n0_4 >> 4) ); + t0[ 8] = (byte)((n0_4 >> 12) | (n0_5 << 1)); + t0[ 9] = (byte)((n0_5 >> 7) | (n0_6 << 6)); + t0[10] = (byte)((n0_6 >> 2) ); + t0[11] = (byte)((n0_6 >> 10) | (n0_7 << 3)); #endif - t0[12] = (n0_7 >> 5) ; + t0[12] = (byte)((n0_7 >> 5) ); /* 10 bits per number. * 8 bytes become 10 bytes. (8 * 10 bits = 10 * 8 bits) */ @@ -1055,17 +1064,17 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1) tp[1] = (n1_3 >> 2) | ((word32)n1_4 << 8) | ((word32)n1_5 << 18) | ((word32)n1_6 << 28); #else - t1[0] = (n1_0 << 0); - t1[1] = (n1_0 >> 8) | (n1_1 << 2); - t1[2] = (n1_1 >> 6) | (n1_2 << 4); - t1[3] = (n1_2 >> 4) | (n1_3 << 6); - t1[4] = (n1_3 >> 2) ; - t1[5] = (n1_4 << 0); - t1[6] = (n1_4 >> 8) | (n1_5 << 2); - t1[7] = (n1_5 >> 6) | (n1_6 << 4); + t1[0] = (byte)( (n1_0 << 0)); + t1[1] = (byte)((n1_0 >> 8) | (n1_1 << 2)); + t1[2] = (byte)((n1_1 >> 6) | (n1_2 << 4)); + t1[3] = (byte)((n1_2 >> 4) | (n1_3 << 6)); + t1[4] = (byte)((n1_3 >> 2) ); + t1[5] = (byte)( (n1_4 << 0)); + t1[6] = (byte)((n1_4 >> 8) | (n1_5 << 2)); + t1[7] = (byte)((n1_5 >> 6) | (n1_6 << 4)); #endif - t1[8] = (n1_6 >> 4) | (n1_7 << 6); - t1[9] = (n1_7 >> 2) ; + t1[8] = (byte)((n1_6 >> 4) | (n1_7 << 6)); + t1[9] = (byte)((n1_7 >> 2) ); /* Move to next place to encode bottom bits to. */ t0 += DILITHIUM_D; @@ -1106,7 +1115,7 @@ static void dilithium_decode_t0(const byte* t0, sword32* t) t[j + 1] = DILITHIUM_D_MAX_HALF - ((t64 >> 13) & 0x1fff); t[j + 2] = DILITHIUM_D_MAX_HALF - ((t64 >> 26) & 0x1fff); t[j + 3] = DILITHIUM_D_MAX_HALF - ((t64 >> 39) & 0x1fff); - t[j + 4] = DILITHIUM_D_MAX_HALF - + t[j + 4] = DILITHIUM_D_MAX_HALF - (sword32) ((t64 >> 52) | ((t32_2 & 0x0001) << 12)); #else word32 t32_0 = ((const word32*)t0)[0]; @@ -1115,18 +1124,18 @@ static void dilithium_decode_t0(const byte* t0, sword32* t) ( t32_0 & 0x1fff); t[j + 1] = DILITHIUM_D_MAX_HALF - ((t32_0 >> 13) & 0x1fff); - t[j + 2] = DILITHIUM_D_MAX_HALF - + t[j + 2] = DILITHIUM_D_MAX_HALF - (sword32) (( t32_0 >> 26 ) | ((t32_1 & 0x007f) << 6)); t[j + 3] = DILITHIUM_D_MAX_HALF - ((t32_1 >> 7) & 0x1fff); - t[j + 4] = DILITHIUM_D_MAX_HALF - + t[j + 4] = DILITHIUM_D_MAX_HALF - (sword32) (( t32_1 >> 20 ) | ((t32_2 & 0x0001) << 12)); #endif t[j + 5] = DILITHIUM_D_MAX_HALF - ((t32_2 >> 1) & 0x1fff); t[j + 6] = DILITHIUM_D_MAX_HALF - ((t32_2 >> 14) & 0x1fff); - t[j + 7] = DILITHIUM_D_MAX_HALF - + t[j + 7] = DILITHIUM_D_MAX_HALF - (sword32) (( t32_2 >> 27 ) | ((word32)t0[12] ) << 5 ); #else t[j + 0] = DILITHIUM_D_MAX_HALF - @@ -1216,7 +1225,8 @@ static void dilithium_decode_t1(const byte* t1, sword32* t) t[j+3] = (sword32)( ((t64 >> 30) & 0x03ff) << DILITHIUM_D); t[j+4] = (sword32)( ((t64 >> 40) & 0x03ff) << DILITHIUM_D); t[j+5] = (sword32)( ((t64 >> 50) & 0x03ff) << DILITHIUM_D); - t[j+6] = (sword32)((((t64 >> 60)| (t16 << 4)) & 0x03ff) << DILITHIUM_D); + t[j+6] = (sword32)((((t64 >> 60) | + (word64)(t16 << 4)) & 0x03ff) << DILITHIUM_D); t[j+7] = (sword32)( ((t16 >> 6) & 0x03ff) << DILITHIUM_D); #else word32 t32 = *((const word32*)t1); @@ -1311,10 +1321,10 @@ static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s) /* Step 3. Get 18 bits as a number. */ for (j = 0; j < DILITHIUM_N; j += 4) { - word32 z0 = DILITHIUM_GAMMA1_17 - z[j + 0]; - word32 z1 = DILITHIUM_GAMMA1_17 - z[j + 1]; - word32 z2 = DILITHIUM_GAMMA1_17 - z[j + 2]; - word32 z3 = DILITHIUM_GAMMA1_17 - z[j + 3]; + word32 z0 = (word32)(DILITHIUM_GAMMA1_17 - z[j + 0]); + word32 z1 = (word32)(DILITHIUM_GAMMA1_17 - z[j + 1]); + word32 z2 = (word32)(DILITHIUM_GAMMA1_17 - z[j + 2]); + word32 z3 = (word32)(DILITHIUM_GAMMA1_17 - z[j + 3]); /* 18 bits per number. * 8 numbers become 9 bytes. (8 * 9 bits = 9 * 8 bits) */ @@ -1329,16 +1339,16 @@ static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s) s32p[1] = (z1 >> 14) | (z2 << 4) | (z3 << 22); #endif #else - s[0] = z0 ; - s[1] = z0 >> 8 ; - s[2] = (z0 >> 16) | (z1 << 2); - s[3] = z1 >> 6 ; - s[4] = (z1 >> 14) | (z2 << 4); - s[5] = z2 >> 4 ; - s[6] = (z2 >> 12) | (z3 << 6); - s[7] = z3 >> 2 ; -#endif - s[8] = z3 >> 10 ; + s[0] = (byte)( z0 ); + s[1] = (byte)( z0 >> 8 ); + s[2] = (byte)((z0 >> 16) | (z1 << 2)); + s[3] = (byte)( z1 >> 6 ); + s[4] = (byte)((z1 >> 14) | (z2 << 4)); + s[5] = (byte)( z2 >> 4 ); + s[6] = (byte)((z2 >> 12) | (z3 << 6)); + s[7] = (byte)( z3 >> 2 ); +#endif + s[8] = (byte)( z3 >> 10 ); /* Move to next place to encode to. */ s += DILITHIUM_GAMMA1_17_ENC_BITS / 2; } @@ -1372,14 +1382,14 @@ static void dilithium_encode_gamma1_19_bits(const sword32* z, byte* s) word16* s16p = (word16*)s; #ifdef WC_64BIT_CPU word64* s64p = (word64*)s; - s64p[0] = z0 | ((word64)z1 << 20) | + s64p[0] = (word64)z0 | ((word64)z1 << 20) | ((word64)z2 << 40) | ((word64)z3 << 60); #else word32* s32p = (word32*)s; - s32p[0] = z0 | (z1 << 20) ; - s32p[1] = (z1 >> 12) | (z2 << 8) | (z3 << 28); + s32p[0] = (word32)( z0 | (z1 << 20) ); + s32p[1] = (word32)((z1 >> 12) | (z2 << 8) | (z3 << 28)); #endif - s16p[4] = (z3 >> 4) ; + s16p[4] = (word16)((z3 >> 4) ); #else s[0] = z0 ; s[1] = (z0 >> 8) ; @@ -1525,69 +1535,69 @@ static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z) #ifdef WC_64BIT_CPU word64 s64_0 = *(const word64*)(s+0); word64 s64_1 = *(const word64*)(s+9); - z[i+0] = (word32)DILITHIUM_GAMMA1_17 - - ( s64_0 & 0x3ffff ); - z[i+1] = (word32)DILITHIUM_GAMMA1_17 - - ((s64_0 >> 18) & 0x3ffff ); - z[i+2] = (word32)DILITHIUM_GAMMA1_17 - - ((s64_0 >> 36) & 0x3ffff ); - z[i+3] = (word32)DILITHIUM_GAMMA1_17 - - ((s64_0 >> 54) | (((word32)s[8]) << 10)); - z[i+4] = (word32)DILITHIUM_GAMMA1_17 - - ( s64_1 & 0x3ffff ); - z[i+5] = (word32)DILITHIUM_GAMMA1_17 - - ((s64_1 >> 18) & 0x3ffff ); - z[i+6] = (word32)DILITHIUM_GAMMA1_17 - - ((s64_1 >> 36) & 0x3ffff ); - z[i+7] = (word32)DILITHIUM_GAMMA1_17 - - ((s64_1 >> 54) | (((word32)s[17]) << 10)); + z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ( s64_0 & 0x3ffff )); + z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 18) & 0x3ffff )); + z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 36) & 0x3ffff )); + z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s64_0 >> 54) | (((word32)s[8]) << 10))); + z[i+4] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ( s64_1 & 0x3ffff )); + z[i+5] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s64_1 >> 18) & 0x3ffff )); + z[i+6] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s64_1 >> 36) & 0x3ffff )); + z[i+7] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s64_1 >> 54) | (((word32)s[17]) << 10))); #else word32 s32_0 = ((const word32*)(s+0))[0]; word32 s32_1 = ((const word32*)(s+0))[1]; word32 s32_2 = ((const word32*)(s+9))[0]; word32 s32_3 = ((const word32*)(s+9))[1]; - z[i+0] = (word32)DILITHIUM_GAMMA1_17 - - ( s32_0 & 0x3ffff ); - z[i+1] = (word32)DILITHIUM_GAMMA1_17 - - ((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14))); - z[i+2] = (word32)DILITHIUM_GAMMA1_17 - - ((s32_1 >> 4) & 0x3ffff); - z[i+3] = (word32)DILITHIUM_GAMMA1_17 - - ((s32_1 >> 22) | (((word32)s[8]) << 10 )); - z[i+4] = (word32)DILITHIUM_GAMMA1_17 - - ( s32_2 & 0x3ffff ); - z[i+5] = (word32)DILITHIUM_GAMMA1_17 - - ((s32_2 >> 18) | (((s32_3 & 0x0000f) << 14))); - z[i+6] = (word32)DILITHIUM_GAMMA1_17 - - ((s32_3 >> 4) & 0x3ffff); - z[i+7] = (word32)DILITHIUM_GAMMA1_17 - - ((s32_3 >> 22) | (((word32)s[17]) << 10 )); + z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ( s32_0 & 0x3ffff )); + z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s32_0 >> 18) | (((s32_1 & 0x0000f) << 14)))); + z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s32_1 >> 4) & 0x3ffff )); + z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s32_1 >> 22) | (((word32)s[8]) << 10 ))); + z[i+4] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ( s32_2 & 0x3ffff )); + z[i+5] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s32_2 >> 18) | (((s32_3 & 0x0000f) << 14)))); + z[i+6] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s32_3 >> 4) & 0x3ffff )); + z[i+7] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s32_3 >> 22) | (((word32)s[17]) << 10 ))); #endif #else - z[i+0] = DILITHIUM_GAMMA1_17 - - ( s[ 0] | ((sword32)(s[ 1] << 8) | - (sword32)(s[ 2] & 0x03) << 16)); - z[i+1] = DILITHIUM_GAMMA1_17 - - ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) | - (sword32)(s[ 4] & 0x0f) << 14)); - z[i+2] = DILITHIUM_GAMMA1_17 - - ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) | - (sword32)(s[ 6] & 0x3f) << 12)); - z[i+3] = DILITHIUM_GAMMA1_17 - - ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) | - (sword32)(s[ 8] ) << 10)); - z[i+4] = DILITHIUM_GAMMA1_17 - - ( s[ 9] | ((sword32)(s[10] << 8) | - (sword32)(s[11] & 0x03) << 16)); - z[i+5] = DILITHIUM_GAMMA1_17 - - ((s[11] >> 2) | ((sword32)(s[12] << 6) | - (sword32)(s[13] & 0x0f) << 14)); - z[i+6] = DILITHIUM_GAMMA1_17 - - ((s[13] >> 4) | ((sword32)(s[14] << 4) | - (sword32)(s[15] & 0x3f) << 12)); - z[i+7] = DILITHIUM_GAMMA1_17 - - ((s[15] >> 6) | ((sword32)(s[16] << 2) | - (sword32)(s[17] ) << 10)); + z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ( s[ 0] | ((sword32)(s[ 1] << 8) | + (sword32)(s[ 2] & 0x03) << 16))); + z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) | + (sword32)(s[ 4] & 0x0f) << 14))); + z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) | + (sword32)(s[ 6] & 0x3f) << 12))); + z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) | + (sword32)(s[ 8] ) << 10))); + z[i+4] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ( s[ 9] | ((sword32)(s[10] << 8) | + (sword32)(s[11] & 0x03) << 16))); + z[i+5] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s[11] >> 2) | ((sword32)(s[12] << 6) | + (sword32)(s[13] & 0x0f) << 14))); + z[i+6] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s[13] >> 4) | ((sword32)(s[14] << 4) | + (sword32)(s[15] & 0x3f) << 12))); + z[i+7] = (sword32)((word32)DILITHIUM_GAMMA1_17 - + ((s[15] >> 6) | ((sword32)(s[16] << 2) | + (sword32)(s[17] ) << 10))); #endif /* Move to next place to decode from. */ s += DILITHIUM_GAMMA1_17_ENC_BITS; @@ -1646,16 +1656,24 @@ static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z) #ifdef WC_64BIT_CPU word64 s64_0 = *(const word64*)(s+0); word64 s64_1 = *(const word64*)(s+10); - z[i+0] = DILITHIUM_GAMMA1_19 - ( s64_0 & 0xfffff) ; - z[i+1] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 20) & 0xfffff) ; - z[i+2] = DILITHIUM_GAMMA1_19 - ( (s64_0 >> 40) & 0xfffff) ; - z[i+3] = DILITHIUM_GAMMA1_19 - (((s64_0 >> 60) & 0xfffff) | - ((sword32)s16_0 << 4)); - z[i+4] = DILITHIUM_GAMMA1_19 - ( s64_1 & 0xfffff) ; - z[i+5] = DILITHIUM_GAMMA1_19 - ( (s64_1 >> 20) & 0xfffff) ; - z[i+6] = DILITHIUM_GAMMA1_19 - ( (s64_1 >> 40) & 0xfffff) ; - z[i+7] = DILITHIUM_GAMMA1_19 - (((s64_1 >> 60) & 0xfffff) | - ((sword32)s16_1 << 4)); + z[i+0] = DILITHIUM_GAMMA1_19 - + ((sword32)( s64_0 & 0xfffff)) ; + z[i+1] = DILITHIUM_GAMMA1_19 - + ((sword32)( (s64_0 >> 20) & 0xfffff)) ; + z[i+2] = DILITHIUM_GAMMA1_19 - + ((sword32)( (s64_0 >> 40) & 0xfffff)) ; + z[i+3] = DILITHIUM_GAMMA1_19 - + ((sword32)(((s64_0 >> 60) & 0xfffff)) | + ((sword32)s16_0 << 4)); + z[i+4] = DILITHIUM_GAMMA1_19 - + ((sword32)( s64_1 & 0xfffff)) ; + z[i+5] = DILITHIUM_GAMMA1_19 - + ((sword32)( (s64_1 >> 20) & 0xfffff)) ; + z[i+6] = DILITHIUM_GAMMA1_19 - + ((sword32)( (s64_1 >> 40) & 0xfffff)) ; + z[i+7] = DILITHIUM_GAMMA1_19 - + ((sword32)(((s64_1 >> 60) & 0xfffff)) | + ((sword32)s16_1 << 4)); #else word32 s32_0 = ((const word32*)(s+ 0))[0]; word32 s32_1 = ((const word32*)(s+ 0))[1]; @@ -1767,28 +1785,28 @@ static void dilithium_encode_w1_88(const sword32* w1, byte* w1e) * 16 numbers in 12 bytes. (16 * 6 bits = 12 * 8 bits) */ #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 4) word32* w1e32 = (word32*)w1e; - w1e32[0] = w1[j+ 0] | (w1[j+ 1] << 6) | - (w1[j+ 2] << 12) | (w1[j+ 3] << 18) | - (w1[j+ 4] << 24) | (w1[j+ 5] << 30); - w1e32[1] = (w1[j+ 5] >> 2) | (w1[j+ 6] << 4) | - (w1[j+ 7] << 10) | (w1[j+ 8] << 16) | - (w1[j+ 9] << 22) | (w1[j+10] << 28); - w1e32[2] = (w1[j+10] >> 4) | (w1[j+11] << 2) | - (w1[j+12] << 8) | (w1[j+13] << 14) | - (w1[j+14] << 20) | (w1[j+15] << 26); + w1e32[0] = (word32)( w1[j+ 0] | (w1[j+ 1] << 6) | + (w1[j+ 2] << 12) | (w1[j+ 3] << 18) | + (w1[j+ 4] << 24) | (w1[j+ 5] << 30)); + w1e32[1] = (word32)((w1[j+ 5] >> 2) | (w1[j+ 6] << 4) | + (w1[j+ 7] << 10) | (w1[j+ 8] << 16) | + (w1[j+ 9] << 22) | (w1[j+10] << 28)); + w1e32[2] = (word32)((w1[j+10] >> 4) | (w1[j+11] << 2) | + (w1[j+12] << 8) | (w1[j+13] << 14) | + (w1[j+14] << 20) | (w1[j+15] << 26)); #else - w1e[ 0] = w1[j+ 0] | (w1[j+ 1] << 6); - w1e[ 1] = (w1[j+ 1] >> 2) | (w1[j+ 2] << 4); - w1e[ 2] = (w1[j+ 2] >> 4) | (w1[j+ 3] << 2); - w1e[ 3] = w1[j+ 4] | (w1[j+ 5] << 6); - w1e[ 4] = (w1[j+ 5] >> 2) | (w1[j+ 6] << 4); - w1e[ 5] = (w1[j+ 6] >> 4) | (w1[j+ 7] << 2); - w1e[ 6] = w1[j+ 8] | (w1[j+ 9] << 6); - w1e[ 7] = (w1[j+ 9] >> 2) | (w1[j+10] << 4); - w1e[ 8] = (w1[j+10] >> 4) | (w1[j+11] << 2); - w1e[ 9] = w1[j+12] | (w1[j+13] << 6); - w1e[10] = (w1[j+13] >> 2) | (w1[j+14] << 4); - w1e[11] = (w1[j+14] >> 4) | (w1[j+15] << 2); + w1e[ 0] = (byte)( w1[j+ 0] | (w1[j+ 1] << 6)); + w1e[ 1] = (byte)((w1[j+ 1] >> 2) | (w1[j+ 2] << 4)); + w1e[ 2] = (byte)((w1[j+ 2] >> 4) | (w1[j+ 3] << 2)); + w1e[ 3] = (byte)( w1[j+ 4] | (w1[j+ 5] << 6)); + w1e[ 4] = (byte)((w1[j+ 5] >> 2) | (w1[j+ 6] << 4)); + w1e[ 5] = (byte)((w1[j+ 6] >> 4) | (w1[j+ 7] << 2)); + w1e[ 6] = (byte)( w1[j+ 8] | (w1[j+ 9] << 6)); + w1e[ 7] = (byte)((w1[j+ 9] >> 2) | (w1[j+10] << 4)); + w1e[ 8] = (byte)((w1[j+10] >> 4) | (w1[j+11] << 2)); + w1e[ 9] = (byte)( w1[j+12] | (w1[j+13] << 6)); + w1e[10] = (byte)((w1[j+13] >> 2) | (w1[j+14] << 4)); + w1e[11] = (byte)((w1[j+14] >> 4) | (w1[j+15] << 2)); #endif /* Move to next place to encode to. */ w1e += DILITHIUM_Q_HI_88_ENC_BITS * 2; @@ -1819,23 +1837,23 @@ static void dilithium_encode_w1_32(const sword32* w1, byte* w1e) * 16 numbers in 8 bytes. (16 * 4 bits = 8 * 8 bits) */ #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 8) word32* w1e32 = (word32*)w1e; - w1e32[0] = (w1[j + 0] << 0) | (w1[j + 1] << 4) | - (w1[j + 2] << 8) | (w1[j + 3] << 12) | - (w1[j + 4] << 16) | (w1[j + 5] << 20) | - (w1[j + 6] << 24) | (w1[j + 7] << 28); - w1e32[1] = (w1[j + 8] << 0) | (w1[j + 9] << 4) | - (w1[j + 10] << 8) | (w1[j + 11] << 12) | - (w1[j + 12] << 16) | (w1[j + 13] << 20) | - (w1[j + 14] << 24) | (w1[j + 15] << 28); + w1e32[0] = (word32)((w1[j + 0] << 0) | (w1[j + 1] << 4) | + (w1[j + 2] << 8) | (w1[j + 3] << 12) | + (w1[j + 4] << 16) | (w1[j + 5] << 20) | + (w1[j + 6] << 24) | (w1[j + 7] << 28)); + w1e32[1] = (word32)((w1[j + 8] << 0) | (w1[j + 9] << 4) | + (w1[j + 10] << 8) | (w1[j + 11] << 12) | + (w1[j + 12] << 16) | (w1[j + 13] << 20) | + (w1[j + 14] << 24) | (w1[j + 15] << 28)); #else - w1e[0] = w1[j + 0] | (w1[j + 1] << 4); - w1e[1] = w1[j + 2] | (w1[j + 3] << 4); - w1e[2] = w1[j + 4] | (w1[j + 5] << 4); - w1e[3] = w1[j + 6] | (w1[j + 7] << 4); - w1e[4] = w1[j + 8] | (w1[j + 9] << 4); - w1e[5] = w1[j + 10] | (w1[j + 11] << 4); - w1e[6] = w1[j + 12] | (w1[j + 13] << 4); - w1e[7] = w1[j + 14] | (w1[j + 15] << 4); + w1e[0] = (byte)(w1[j + 0] | (w1[j + 1] << 4)); + w1e[1] = (byte)(w1[j + 2] | (w1[j + 3] << 4)); + w1e[2] = (byte)(w1[j + 4] | (w1[j + 5] << 4)); + w1e[3] = (byte)(w1[j + 6] | (w1[j + 7] << 4)); + w1e[4] = (byte)(w1[j + 8] | (w1[j + 9] << 4)); + w1e[5] = (byte)(w1[j + 10] | (w1[j + 11] << 4)); + w1e[6] = (byte)(w1[j + 12] | (w1[j + 13] << 4)); + w1e[7] = (byte)(w1[j + 14] | (w1[j + 15] << 4)); #endif /* Move to next place to encode to. */ w1e += DILITHIUM_Q_HI_32_ENC_BITS * 2; @@ -2289,7 +2307,7 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, #define DILITHIUM_COEFF_S_VALID_ETA2(b) \ ((b) < DILITHIUM_ETA_2_MOD) -static const char dilithium_coeff_eta2[] = { +static const signed char dilithium_coeff_eta2[] = { 2, 1, 0, -1, -2, 2, 1, 0, -1, -2, 2, 1, 0, -1, -2 @@ -2802,10 +2820,12 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256, const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block) { int ret = 0; - unsigned int k; - unsigned int i; - unsigned int s; byte signs[DILITHIUM_SIGN_BYTES]; + unsigned int i; + /* Step 1: Initialize sign bit index. */ + unsigned int s = 0; + /* Step 2: First 8 bytes are used for sign. */ + unsigned int k = DILITHIUM_SIGN_BYTES; if (ret == 0) { /* Set polynomial to all zeros. */ @@ -2828,10 +2848,6 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256, if (ret == 0) { /* Copy first 8 bytes of first hash block as random sign bits. */ XMEMCPY(signs, block, DILITHIUM_SIGN_BYTES); - /* Step 1: Initialize sign bit index. */ - s = 0; - /* Step 2: First 8 bytes are used for sign. */ - k = DILITHIUM_SIGN_BYTES; } /* Step 3: Put in TAU +/- 1s. */ @@ -3354,7 +3370,7 @@ static int dilithium_make_hint_32(const sword32* s, const sword32* w1, * return Falsam of -1 when too many hints. */ static int dilithium_make_hint(const sword32* s, const sword32* w1, byte k, - word32 gamma2, byte omega, byte* h) + sword32 gamma2, byte omega, byte* h) { unsigned int i; byte idx = 0; @@ -3509,12 +3525,12 @@ static void dilithium_use_hint_88(sword32* w1, const byte* h, unsigned int i, w1[j] = r1 + hint; /* Fix up w1 to not be 44 but 0. */ - w1[j] &= 0 - (((word32)(w1[j] - 44)) >> 31); + w1[j] &= (sword32)(0 - (((word32)(w1[j] - 44)) >> 31)); /* Hint may have reduced 0 to -1 which is actually 43. */ - w1[j] += (0 - (((word32)w1[j]) >> 31)) & 44; + w1[j] += (sword32)((0 - (((word32)w1[j]) >> 31)) & 44); #else /* Convert value to positive only range. */ - r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + r = w1[j] + (sword32)((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); /* Decompose value into low and high parts. */ dilithium_decompose_q88(r, &r0, &r1); /* Check for hint. */ @@ -3570,11 +3586,11 @@ static void dilithium_use_hint_32(sword32* w1, const byte* h, byte omega, /* Increment hint offset if this index has hint. */ o += hint; /* Convert value to positive only range. */ - r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + r = w1[j] + (sword32)((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); /* Decompose value into low and high parts. */ dilithium_decompose_q32(r, &r0, &r1); /* Make hint positive or negative based on sign of r0. */ - hint = (1 - (2 * (((word32)r0) >> 31))) & (0 - hint); + hint = (sword32)((1 - (2 * (((word32)r0) >> 31))) & (0 - hint)); /* Make w1 only the top part plus the hint. */ w1[j] = r1 + hint; @@ -3582,13 +3598,13 @@ static void dilithium_use_hint_32(sword32* w1, const byte* h, byte omega, w1[j] &= 0xf; #else /* Convert value to positive only range. */ - r = w1[j] + ((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); + r = w1[j] + (sword32)((0 - (((word32)w1[j]) >> 31)) & DILITHIUM_Q); /* Decompose value into low and high parts. */ dilithium_decompose_q32(r, &r0, &r1); /* Check for hint. */ if ((o < h[omega + i]) && (h[o] == (byte)j)) { /* Add or subtract hint based on sign of r0. */ - r1 += 1 - (2 * (((word32)r0) >> 31)); + r1 += (sword32)(1 - (2 * (((word32)r0) >> 31))); /* Go to next hint offset. */ o++; } @@ -3616,7 +3632,7 @@ static void dilithium_use_hint_32(sword32* w1, const byte* h, byte omega, * @param [in] omega Max number of hints. Hint counts after this index. * @param [in] h Hints to apply. In signature encoding. */ -static void dilithium_vec_use_hint(sword32* w1, byte k, word32 gamma2, +static void dilithium_vec_use_hint(sword32* w1, byte k, sword32 gamma2, byte omega, const byte* h) { unsigned int i; @@ -3883,7 +3899,7 @@ static void dilithium_ntt(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 64) { - int i; + unsigned int i; sword32 zeta32 = zetas[ 4 + j / 64 + 0]; sword32 zeta160 = zetas[ 8 + j / 32 + 0]; sword32 zeta161 = zetas[ 8 + j / 32 + 1]; @@ -3915,7 +3931,7 @@ static void dilithium_ntt(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 16) { - int i; + unsigned int i; sword32 zeta8 = zetas[16 + j / 16]; sword32 zeta40 = zetas[32 + j / 8 + 0]; sword32 zeta41 = zetas[32 + j / 8 + 1]; @@ -4031,7 +4047,7 @@ static void dilithium_ntt(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 64) { - int i; + unsigned int i; sword32 zeta32 = zetas[ 4 + j / 64 + 0]; sword32 zeta160 = zetas[ 8 + j / 32 + 0]; sword32 zeta161 = zetas[ 8 + j / 32 + 1]; @@ -4254,7 +4270,7 @@ static void dilithium_ntt_small(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 64) { - int i; + unsigned int i; sword32 zeta32 = zetas[ 4 + j / 64 + 0]; sword32 zeta160 = zetas[ 8 + j / 32 + 0]; sword32 zeta161 = zetas[ 8 + j / 32 + 1]; @@ -4286,7 +4302,7 @@ static void dilithium_ntt_small(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 16) { - int i; + unsigned int i; sword32 zeta8 = zetas[16 + j / 16]; sword32 zeta40 = zetas[32 + j / 8 + 0]; sword32 zeta41 = zetas[32 + j / 8 + 1]; @@ -4398,7 +4414,7 @@ static void dilithium_ntt_small(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 64) { - int i; + unsigned int i; sword32 zeta32 = zetas[ 4 + j / 64 + 0]; sword32 zeta160 = zetas[ 8 + j / 32 + 0]; sword32 zeta161 = zetas[ 8 + j / 32 + 1]; @@ -4686,7 +4702,7 @@ static void dilithium_invntt(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 16) { - int i; + unsigned int i; sword32 zeta40 = zetas_inv[192 + j / 8 + 0]; sword32 zeta41 = zetas_inv[192 + j / 8 + 1]; sword32 zeta8 = zetas_inv[224 + j / 16 + 0]; @@ -4718,7 +4734,7 @@ static void dilithium_invntt(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 64) { - int i; + unsigned int i; sword32 zeta160 = zetas_inv[240 + j / 32 + 0]; sword32 zeta161 = zetas_inv[240 + j / 32 + 1]; sword32 zeta32 = zetas_inv[248 + j / 64 + 0]; @@ -4858,7 +4874,7 @@ static void dilithium_invntt(sword32* r) } for (j = 0; j < DILITHIUM_N; j += 64) { - int i; + unsigned int i; sword32 zeta80 = zetas_inv[224 + j / 16 + 0]; sword32 zeta81 = zetas_inv[224 + j / 16 + 1]; sword32 zeta82 = zetas_inv[224 + j / 16 + 2]; @@ -6152,7 +6168,11 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, /* Step 11: Start rejection sampling loop */ do { +#ifdef WOLFSSL_SMALL_STACK + byte *w1e = NULL; +#else byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; +#endif sword32* w = w1; sword32* y_ntt = z; sword32* cs2 = ct0; @@ -6182,11 +6202,20 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, if (valid) { #endif /* Step 15: Encode w1. */ - dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e); - /* Step 15: Hash mu and encoded w1. - * Step 32: Hash is stored in signature. */ - ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, - w1e, params->w1EncSz, commit, params->lambda / 4); +#ifdef WOLFSSL_SMALL_STACK + w1e = (byte *)XMALLOC(DILITHIUM_MAX_W1_ENC_SZ, key->heap, + DYNAMIC_TYPE_DILITHIUM); + if (w1e == NULL) + ret = MEMORY_E; + if (ret == 0) +#endif + { + dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e); + /* Step 15: Hash mu and encoded w1. + * Step 32: Hash is stored in signature. */ + ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, + w1e, params->w1EncSz, commit, params->lambda / 4); + } if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ ret = dilithium_sample_in_ball(params->level, &key->shake, @@ -6237,6 +6266,10 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, params->gamma2, params->omega, h) >= 0); } } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(w1e, key->heap, DYNAMIC_TYPE_DILITHIUM); +#endif } if (!valid) { @@ -6649,7 +6682,6 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key, ze += DILITHIUM_GAMMA1_17_ENC_BITS / 2 * DILITHIUM_N / 4; } - else #endif #if !defined(WOLFSSL_NO_ML_DSA_65) || \ !defined(WOLFSSL_NO_ML_DSA_87) @@ -7049,7 +7081,7 @@ static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key, byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; byte* mu = seedMu + DILITHIUM_RND_SZ; byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE]; - word32 oidMsgHashLen; + word32 oidMsgHashLen = 0; if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) { ret = BUFFER_E; @@ -7632,7 +7664,7 @@ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx, if (ret == 0) { /* Step 6. Calculate mu. */ ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0, - ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ); + ctx, (byte)ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ); } if (ret == 0) { ret = dilithium_verify_mu(key, mu, sig, sigLen, res); @@ -7710,7 +7742,7 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx, byte tr[DILITHIUM_TR_SZ]; byte* mu = tr; byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE]; - word32 oidMsgHashLen; + word32 oidMsgHashLen = 0; if (key == NULL) { ret = BAD_FUNC_ARG; @@ -7730,7 +7762,7 @@ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx, /* Step 6. Calculate mu. */ ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1, - ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ); + ctx, (byte)ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ); } if (ret == 0) { ret = dilithium_verify_mu(key, mu, sig, sigLen, res); @@ -8917,7 +8949,7 @@ int wc_dilithium_check_key(dilithium_key* key) { int ret = 0; #ifdef WOLFSSL_WC_DILITHIUM - const wc_dilithium_params* params; + const wc_dilithium_params* params = NULL; sword32* a = NULL; sword32* s1 = NULL; sword32* s2 = NULL; @@ -9474,7 +9506,7 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen) { int ret = 0; - word32 inLen; + word32 inLen = 0; /* Validate parameters. */ if ((key == NULL) || (out == NULL) || (outLen == NULL)) { @@ -9567,7 +9599,7 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, #ifndef WOLFSSL_DILITHIUM_NO_ASN1 /* Maps ASN.1 OID to wolfCrypt security level macros */ -static int mapOidToSecLevel(word32 oid) +static int mapOidToSecLevel(int oid) { switch (oid) { case ML_DSA_LEVEL2k: @@ -9627,6 +9659,31 @@ int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) { #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) +/* OCT OCT */ +#define ALT_PRIV_DER_PREFIX (2 + 32 + 4) +/* SEQ [ OCT OCT ] */ +#define ALT_PRIV_DER_PREFIX_SEQ (4 + 2 + 32 + 4) + +/* Get the private only key size for the ML-DSA level/parameter id. + * + * @param [in] level Level of the ML-DSA key. + * @return Private key only encoding size for key level on success. + * @return 0 on failure. + */ +static word32 dilithium_get_priv_size(int level) +{ + switch (level) { + case WC_ML_DSA_44: + return ML_DSA_LEVEL2_KEY_SIZE; + case WC_ML_DSA_65: + return ML_DSA_LEVEL3_KEY_SIZE; + case WC_ML_DSA_87: + return ML_DSA_LEVEL5_KEY_SIZE; + default: + return 0; + } +} + /* Decode the DER encoded Dilithium key. * * @param [in] input Array holding DER encoded data. @@ -9655,7 +9712,7 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, const byte* pubKey = NULL; word32 privKeyLen = 0; word32 pubKeyLen = 0; - int keytype = 0; + int keyType = 0; /* Validate parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { @@ -9667,30 +9724,30 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (key->level == 0) { /* Check first, because key->params will be NULL * when key->level = 0 */ /* Level not set by caller, decode from DER */ - keytype = ANONk; + keyType = ANONk; } #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) else if (key->params == NULL) { ret = BAD_FUNC_ARG; } else if (key->params->level == WC_ML_DSA_44_DRAFT) { - keytype = DILITHIUM_LEVEL2k; + keyType = DILITHIUM_LEVEL2k; } else if (key->params->level == WC_ML_DSA_65_DRAFT) { - keytype = DILITHIUM_LEVEL3k; + keyType = DILITHIUM_LEVEL3k; } else if (key->params->level == WC_ML_DSA_87_DRAFT) { - keytype = DILITHIUM_LEVEL5k; + keyType = DILITHIUM_LEVEL5k; } #endif else if (key->level == WC_ML_DSA_44) { - keytype = ML_DSA_LEVEL2k; + keyType = ML_DSA_LEVEL2k; } else if (key->level == WC_ML_DSA_65) { - keytype = ML_DSA_LEVEL3k; + keyType = ML_DSA_LEVEL3k; } else if (key->level == WC_ML_DSA_87) { - keytype = ML_DSA_LEVEL5k; + keyType = ML_DSA_LEVEL5k; } else { ret = BAD_FUNC_ARG; @@ -9701,16 +9758,29 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, /* Decode the asymmetric key and get out private and public key data. */ ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKey, &privKeyLen, - &pubKey, &pubKeyLen, &keytype); + &pubKey, &pubKeyLen, &keyType); if (ret == 0 #ifdef WOLFSSL_WC_DILITHIUM && key->params == NULL #endif ) { /* Set the security level based on the decoded key. */ - ret = mapOidToSecLevel(keytype); + ret = mapOidToSecLevel(keyType); if (ret > 0) { - ret = wc_dilithium_set_level(key, ret); + ret = wc_dilithium_set_level(key, (byte)ret); + } + } + /* If it failed to decode try alternative DER encoding. */ + else if (ret != 0) { + word32 levelSize = dilithium_get_priv_size(key->level); + privKey = input + *inOutIdx; + privKeyLen = inSz - *inOutIdx; + + /* Check for an alternative DER encoding. */ + if (privKeyLen == ALT_PRIV_DER_PREFIX_SEQ + levelSize) { + privKey += ALT_PRIV_DER_PREFIX_SEQ; + privKeyLen -= ALT_PRIV_DER_PREFIX_SEQ; + ret = 0; } } } @@ -9758,6 +9828,14 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE; } + else { + word32 levelSize = dilithium_get_priv_size(key->level); + + if (privKeyLen == ALT_PRIV_DER_PREFIX + levelSize) { + privKey += ALT_PRIV_DER_PREFIX; + privKeyLen -= ALT_PRIV_DER_PREFIX; + } + } } if (ret == 0) { @@ -9924,7 +10002,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz) { int ret = 0; - const byte* pubKey; + const byte* pubKey = NULL; word32 pubKeyLen = 0; /* Validate parameters. */ @@ -9937,7 +10015,7 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, ret = wc_dilithium_import_public(input, inSz, key); if (ret != 0) { #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) - int keytype = 0; + int keyType = 0; #else int length; unsigned char* oid; @@ -9955,43 +10033,43 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, ret = BAD_FUNC_ARG; } else if (key->params->level == WC_ML_DSA_44_DRAFT) { - keytype = DILITHIUM_LEVEL2k; + keyType = DILITHIUM_LEVEL2k; } else if (key->params->level == WC_ML_DSA_65_DRAFT) { - keytype = DILITHIUM_LEVEL3k; + keyType = DILITHIUM_LEVEL3k; } else if (key->params->level == WC_ML_DSA_87_DRAFT) { - keytype = DILITHIUM_LEVEL5k; + keyType = DILITHIUM_LEVEL5k; } else #endif if (key->level == WC_ML_DSA_44) { - keytype = ML_DSA_LEVEL2k; + keyType = ML_DSA_LEVEL2k; } else if (key->level == WC_ML_DSA_65) { - keytype = ML_DSA_LEVEL3k; + keyType = ML_DSA_LEVEL3k; } else if (key->level == WC_ML_DSA_87) { - keytype = ML_DSA_LEVEL5k; + keyType = ML_DSA_LEVEL5k; } else { /* Level not set by caller, decode from DER */ - keytype = ANONk; /* 0, not a valid key type in this situation*/ + keyType = ANONk; /* 0, not a valid key type in this situation*/ } if (ret == 0) { /* Decode the asymmetric key and get out public key data. */ ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey, &pubKeyLen, - &keytype); + &keyType); if (ret == 0 #ifdef WOLFSSL_WC_DILITHIUM && key->params == NULL #endif ) { /* Set the security level based on the decoded key. */ - ret = mapOidToSecLevel(keytype); + ret = mapOidToSecLevel(keyType); if (ret > 0) { - ret = wc_dilithium_set_level(key, ret); + ret = wc_dilithium_set_level(key, (byte)ret); } } } @@ -10091,6 +10169,8 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, /* This is the raw point data compressed or uncompressed. */ pubKeyLen = (word32)length; pubKey = input + idx; + + *inOutIdx += idx; } #endif if (ret == 0) { @@ -10121,8 +10201,8 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, int withAlg) { int ret = 0; - int keytype = 0; - int pubKeyLen = 0; + int keyType = 0; + word32 pubKeyLen = 0; /* Validate parameters. */ if (key == NULL) { @@ -10140,29 +10220,29 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, ret = BAD_FUNC_ARG; } else if (key->params->level == WC_ML_DSA_44_DRAFT) { - keytype = DILITHIUM_LEVEL2k; + keyType = DILITHIUM_LEVEL2k; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } else if (key->params->level == WC_ML_DSA_65_DRAFT) { - keytype = DILITHIUM_LEVEL3k; + keyType = DILITHIUM_LEVEL3k; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } else if (key->params->level == WC_ML_DSA_87_DRAFT) { - keytype = DILITHIUM_LEVEL5k; + keyType = DILITHIUM_LEVEL5k; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } else #endif if (key->level == WC_ML_DSA_44) { - keytype = ML_DSA_LEVEL2k; + keyType = ML_DSA_LEVEL2k; pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; } else if (key->level == WC_ML_DSA_65) { - keytype = ML_DSA_LEVEL3k; + keyType = ML_DSA_LEVEL3k; pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; } else if (key->level == WC_ML_DSA_87) { - keytype = ML_DSA_LEVEL5k; + keyType = ML_DSA_LEVEL5k; pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; } else { @@ -10172,7 +10252,7 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, } if (ret == 0) { - ret = SetAsymKeyDerPublic(key->p, pubKeyLen, output, len, keytype, + ret = SetAsymKeyDerPublic(key->p, pubKeyLen, output, len, keyType, withAlg); } diff --git a/src/wolfcrypt/src/dsa.c b/src/wolfcrypt/src/dsa.c index 5be431a..cc45548 100644 --- a/src/wolfcrypt/src/dsa.c +++ b/src/wolfcrypt/src/dsa.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -141,12 +141,13 @@ static int CheckDsaLN(int modLen, int divLen) * return 0 on success, negative on error */ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) { - byte* cBuf; int qSz, pSz, cSz, err; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) mp_int *tmpQ = NULL; + byte* cBuf = NULL; #else mp_int tmpQ[1]; + byte cBuf[(3072+64)/WOLFSSL_BIT_SIZE ]; #endif if (rng == NULL || dsa == NULL) @@ -161,15 +162,22 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) /* generate extra 64 bits so that bias from mod function is negligible */ cSz = qSz + (64 / WOLFSSL_BIT_SIZE); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) cBuf = (byte*)XMALLOC((size_t)cSz, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (cBuf == NULL) { return MEMORY_E; } +#else + if (sizeof(cBuf) < (size_t)cSz) { + return BUFFER_E; + } +#endif SAVE_VECTOR_REGISTERS(;); -#ifdef WOLFSSL_SMALL_STACK - if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((tmpQ = (mp_int *)XMALLOC(sizeof(*tmpQ), NULL, + DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) err = MEMORY_E; else err = MP_OKAY; @@ -223,9 +231,8 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) mp_clear(&dsa->y); } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - -#ifdef WOLFSSL_SMALL_STACK if (tmpQ != NULL) { mp_clear(tmpQ); XFREE(tmpQ, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -239,19 +246,20 @@ int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa) return err; } - /* modulus_size in bits */ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) { -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) mp_int *tmp = NULL, *tmp2 = NULL; + unsigned char *buf = NULL; #else mp_int tmp[1], tmp2[1]; + unsigned char buf[(3072/WOLFSSL_BIT_SIZE)-32]; #endif int err, msize, qsize, loop_check_prime = 0, check_prime = MP_NO; - unsigned char *buf; + if (rng == NULL || dsa == NULL) return BAD_FUNC_ARG; @@ -278,17 +286,25 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) /* modulus size in bytes */ msize = modulus_size / WOLFSSL_BIT_SIZE; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) /* allocate ram */ buf = (unsigned char *)XMALLOC((size_t)(msize - qsize), dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) { return MEMORY_E; } +#else + if (sizeof(buf) < (size_t)(msize - qsize)) { + return BUFFER_E; + } +#endif /* make a random string that will be multiplied against q */ err = wc_RNG_GenerateBlock(rng, buf, (word32)(msize - qsize)); if (err != MP_OKAY) { + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return err; } @@ -298,7 +314,7 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) /* force even */ buf[msize - qsize - 1] &= (unsigned char)~1; -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (((tmp = (mp_int *)XMALLOC(sizeof(*tmp), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL) || ((tmp2 = (mp_int *)XMALLOC(sizeof(*tmp2), NULL, DYNAMIC_TYPE_WOLF_BIGINT)) == NULL)) err = MEMORY_E; @@ -380,9 +396,8 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) #endif } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - -#ifdef WOLFSSL_SMALL_STACK if (tmp != NULL) { mp_clear(tmp); XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT); diff --git a/src/wolfcrypt/src/ecc.c b/src/wolfcrypt/src/ecc.c index 6d4cd4d..03eaf13 100644 --- a/src/wolfcrypt/src/ecc.c +++ b/src/wolfcrypt/src/ecc.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2054,7 +2054,7 @@ static int _ecc_projective_add_point(ecc_point* P, ecc_point* Q, ecc_point* R, } if (err == MP_OKAY) { if ( (mp_cmp(P->x, Q->x) == MP_EQ) && - (get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) && + (mp_get_digit_count(Q->z) && mp_cmp(P->z, Q->z) == MP_EQ) && (mp_cmp(P->y, Q->y) == MP_EQ || mp_cmp(P->y, t1) == MP_EQ)) { mp_clear(t1); mp_clear(t2); @@ -2990,7 +2990,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* tG, ecc_point* R, mode = 0; bitcnt = 1; buf = 0; - digidx = get_digit_count(k) - 1; + digidx = mp_get_digit_count(k) - 1; bitcpy = bitbuf = 0; first = 1; @@ -3001,7 +3001,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* tG, ecc_point* R, if (digidx == -1) { break; } - buf = get_digit(k, digidx); + buf = mp_get_digit(k, digidx); bitcnt = (int) DIGIT_BIT; --digidx; } @@ -3250,10 +3250,8 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q, #else /* Swap R[0] and R[1] if other index is needed. */ swap ^= (int)b; - if (err == MP_OKAY) { - err = mp_cond_swap_ct_ex(R[0]->x, R[1]->x, (int)modulus->used, swap, - tmp); - } + err = mp_cond_swap_ct_ex(R[0]->x, R[1]->x, (int)modulus->used, swap, + tmp); if (err == MP_OKAY) { err = mp_cond_swap_ct_ex(R[0]->y, R[1]->y, (int)modulus->used, swap, tmp); @@ -3917,7 +3915,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a, #endif int i, err; #ifdef WOLFSSL_SMALL_STACK_CACHE - ecc_key key; + ecc_key *key = NULL; #endif mp_digit mp; @@ -3944,10 +3942,13 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a, XMEMSET(M, 0, sizeof(M)); #ifdef WOLFSSL_SMALL_STACK_CACHE - err = ecc_key_tmp_init(&key, heap); + key = (ecc_key *)XMALLOC(sizeof(*key), heap, DYNAMIC_TYPE_ECC); + if (key == NULL) + return MEMORY_E; + err = ecc_key_tmp_init(key, heap); if (err != MP_OKAY) goto exit; - R->key = &key; + R->key = key; #endif /* WOLFSSL_SMALL_STACK_CACHE */ /* alloc ram for window temps */ @@ -3960,7 +3961,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a, goto exit; } #ifdef WOLFSSL_SMALL_STACK_CACHE - M[i]->key = &key; + M[i]->key = key; #endif } @@ -4002,7 +4003,8 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a, } #ifdef WOLFSSL_SMALL_STACK_CACHE R->key = NULL; - ecc_key_tmp_final(&key, heap); + ecc_key_tmp_final(key, heap); + XFREE(key, heap, DYNAMIC_TYPE_ECC); #endif /* WOLFSSL_SMALL_STACK_CACHE */ return err; @@ -5393,6 +5395,7 @@ static WC_INLINE void wc_ecc_reset(ecc_key* key) key->state = ECC_STATE_NONE; } + /* create the public ECC key from a private key * * key an initialized private key to generate public part from @@ -5678,7 +5681,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, #endif key->flags = (byte)flags; -#ifdef WOLF_CRYPTO_CB +#if defined(WOLF_CRYPTO_CB) && defined(HAVE_ECC_DHE) #ifndef WOLF_CRYPTO_CB_FIND if (key->devId != INVALID_DEVID) #endif @@ -7645,8 +7648,12 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, /* 3.2 c. Set K = 0x00 0x00 ... */ XMEMSET(K, 0x00, KSz); - mp_init(z1); /* always init z1 and free z1 */ - ret = mp_to_unsigned_bin_len(priv, x, (int)qLen); + if (ret == 0) { + ret = mp_init(z1); /* always init z1 and free z1 */ + } + if (ret == 0) { + ret = mp_to_unsigned_bin_len(priv, x, (int)qLen); + } if (ret == 0) { #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen); @@ -7690,7 +7697,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, #endif { /* use original hash and keep leading 0's */ - mp_to_unsigned_bin_len(z1, h1, (int)h1len); + ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len); } } mp_free(z1); @@ -10257,7 +10264,7 @@ static int ecc_check_privkey_gen(ecc_key* key, mp_int* a, mp_int* prime) * (!WOLFSSL_SP_MATH && WOLFSSL_VALIDATE_ECC_IMPORT) */ #if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN)) && \ - !defined(WOLFSSL_KCAPI_ECC) + !defined(WOLFSSL_KCAPI_ECC) && defined(HAVE_ECC_DHE) /* check privkey generator helper, creates prime needed */ static int ecc_check_privkey_gen_helper(ecc_key* key) @@ -10372,7 +10379,7 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng) return err; } #endif /* (FIPS v5 or later || WOLFSSL_VALIDATE_ECC_KEYGEN) && \ - !WOLFSSL_KCAPI_ECC */ + !WOLFSSL_KCAPI_ECC && HAVE_ECC_DHE */ #ifndef WOLFSSL_SP_MATH /* validate order * pubkey = point at infinity, 0 on success */ diff --git a/src/wolfcrypt/src/eccsi.c b/src/wolfcrypt/src/eccsi.c index 537e64c..2717607 100644 --- a/src/wolfcrypt/src/eccsi.c +++ b/src/wolfcrypt/src/eccsi.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ed25519.c b/src/wolfcrypt/src/ed25519.c index 85f7f8a..7cc029b 100644 --- a/src/wolfcrypt/src/ed25519.c +++ b/src/wolfcrypt/src/ed25519.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ed448.c b/src/wolfcrypt/src/ed448.c index a5e63a1..be8582f 100644 --- a/src/wolfcrypt/src/ed448.c +++ b/src/wolfcrypt/src/ed448.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/error.c b/src/wolfcrypt/src/error.c index af5ba36..014345a 100644 --- a/src/wolfcrypt/src/error.c +++ b/src/wolfcrypt/src/error.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -182,10 +182,10 @@ const char* wc_GetErrorString(int error) return "ASN date error, bad size"; case ASN_BEFORE_DATE_E : - return "ASN date error, current date before"; + return "ASN date error, current date is before start of validity"; case ASN_AFTER_DATE_E : - return "ASN date error, current date after"; + return "ASN date error, current date is after expiration"; case ASN_SIG_OID_E : return "ASN signature error, mismatched oid"; @@ -647,6 +647,9 @@ const char* wc_GetErrorString(int error) case ASCON_AUTH_E: return "ASCON Authentication check fail"; + case WC_ACCEL_INHIBIT_E: + return "Crypto acceleration is currently inhibited"; + case MAX_CODE_E: case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: diff --git a/src/wolfcrypt/src/evp.c b/src/wolfcrypt/src/evp.c index 7054f80..5c9ac3e 100644 --- a/src/wolfcrypt/src/evp.c +++ b/src/wolfcrypt/src/evp.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2538,9 +2538,11 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E if (ctx == NULL) return NULL; XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX)); ctx->pkey = pkey; -#if !defined(NO_RSA) +#ifndef NO_RSA ctx->padding = WC_RSA_PKCS1_PADDING; ctx->md = NULL; + ctx->mgf1_md = NULL; + ctx->saltlen = 0; #endif #ifdef HAVE_ECC if (pkey->ecc && pkey->ecc->group) { @@ -2593,6 +2595,42 @@ int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx, return WOLFSSL_SUCCESS; } +int wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md(WOLFSSL_EVP_PKEY_CTX *ctx, + const WOLFSSL_EVP_MD *md) +{ + wolfSSL_EVP_PKEY_CTX_set_rsa_padding(ctx, WC_RSA_PKCS1_OAEP_PADDING); + return wolfSSL_EVP_PKEY_CTX_set_signature_md(ctx, md); +} + +int wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen(WOLFSSL_EVP_PKEY_CTX *ctx, + int saltlen) +{ + if (ctx == NULL) return 0; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen"); + wolfSSL_EVP_PKEY_CTX_set_rsa_padding(ctx, WC_RSA_PKCS1_PSS_PADDING); +#ifndef NO_RSA + ctx->saltlen = saltlen; +#else + (void)saltlen; +#endif + return WOLFSSL_SUCCESS; +} + +int wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md(WOLFSSL_EVP_PKEY_CTX *ctx, + const WOLFSSL_EVP_MD *md) +{ + if (ctx == NULL) return 0; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md"); +#ifndef NO_RSA + /* Hash digest algorithm used with Mask Generation Function 1 (MGF1) for + * RSA-PSS and RSA-OAEP. */ + ctx->mgf1_md = md; +#else + (void)md; +#endif + return WOLFSSL_SUCCESS; +} + /* create a PKEY context and return it */ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e) { @@ -3278,7 +3316,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, (void)tbslen; switch (ctx->pkey->type) { -#if !defined(NO_RSA) +#ifndef NO_RSA case WC_EVP_PKEY_RSA: { unsigned int usiglen = (unsigned int)*siglen; if (!sig) { @@ -3291,17 +3329,17 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, *siglen = (size_t)len; return WOLFSSL_SUCCESS; } - /* wolfSSL_RSA_sign_generic_padding performs a check that the output - * sig buffer is large enough */ - if (wolfSSL_RSA_sign_generic_padding(wolfSSL_EVP_MD_type(ctx->md), tbs, - (unsigned int)tbslen, sig, &usiglen, ctx->pkey->rsa, 1, - ctx->padding) != WOLFSSL_SUCCESS) { + + if (wolfSSL_RSA_sign_mgf(wolfSSL_EVP_MD_type(ctx->md), tbs, + (unsigned int)tbslen, sig, &usiglen, ctx->pkey->rsa, 1, + ctx->padding, wolfSSL_EVP_MD_type(ctx->mgf1_md), ctx->saltlen + ) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } *siglen = (size_t)usiglen; return WOLFSSL_SUCCESS; } -#endif /* NO_RSA */ +#endif /* !NO_RSA */ #ifndef NO_DSA case WC_EVP_PKEY_DSA: { @@ -3434,12 +3472,12 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, return WOLFSSL_FAILURE; switch (ctx->pkey->type) { -#if !defined(NO_RSA) +#ifndef NO_RSA case WC_EVP_PKEY_RSA: - return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs, + return wolfSSL_RSA_verify_mgf(wolfSSL_EVP_MD_type(ctx->md), tbs, (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa, - ctx->padding); -#endif /* NO_RSA */ + ctx->padding, wolfSSL_EVP_MD_type(ctx->mgf1_md), ctx->saltlen); +#endif /* !NO_RSA */ #ifndef NO_DSA case WC_EVP_PKEY_DSA: { @@ -10193,8 +10231,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return WC_NID_undef; } - for( ent = md_tbl; ent->name != NULL; ent++){ - if(XSTRCMP((const char *)type, ent->name) == 0) { + for (ent = md_tbl; ent->name != NULL; ent++) { + if (XSTRCMP((const char *)type, ent->name) == 0) { return ent->nid; } } diff --git a/src/wolfcrypt/src/ext_lms.c b/src/wolfcrypt/src/ext_lms.c index 00a3e55..2486a42 100644 --- a/src/wolfcrypt/src/ext_lms.c +++ b/src/wolfcrypt/src/ext_lms.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1043,6 +1043,15 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, return 0; } +int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, word32* kidSz) +{ + if ((key == NULL) || (kid == NULL) || (kidSz == NULL)) { + return BAD_FUNC_ARG; + } + + return NOT_COMPILED_IN; +} + const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) { if ((priv == NULL) || (privSz < 16)) { diff --git a/src/wolfcrypt/src/ext_mlkem.c b/src/wolfcrypt/src/ext_mlkem.c index 3a9ccee..0a9bd9b 100644 --- a/src/wolfcrypt/src/ext_mlkem.c +++ b/src/wolfcrypt/src/ext_mlkem.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ext_xmss.c b/src/wolfcrypt/src/ext_xmss.c index 48912a3..f1bc422 100644 --- a/src/wolfcrypt/src/ext_xmss.c +++ b/src/wolfcrypt/src/ext_xmss.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/falcon.c b/src/wolfcrypt/src/falcon.c index 6562a80..7200018 100644 --- a/src/wolfcrypt/src/falcon.c +++ b/src/wolfcrypt/src/falcon.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/fe_448.c b/src/wolfcrypt/src/fe_448.c index 8cf0245..9d8308d 100644 --- a/src/wolfcrypt/src/fe_448.c +++ b/src/wolfcrypt/src/fe_448.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/fe_low_mem.c b/src/wolfcrypt/src/fe_low_mem.c index febc123..d2b2d8a 100644 --- a/src/wolfcrypt/src/fe_low_mem.c +++ b/src/wolfcrypt/src/fe_low_mem.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/fe_operations.c b/src/wolfcrypt/src/fe_operations.c index 135d703..6ae70e7 100644 --- a/src/wolfcrypt/src/fe_operations.c +++ b/src/wolfcrypt/src/fe_operations.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -192,7 +192,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p, fe z3 = {0}; fe tmp0 = {0}; fe tmp1 = {0}; - int pos = 0; + unsigned int pos; unsigned int b; fe_frombytes(x1,p); @@ -208,7 +208,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p, fe_cswap(x2,x3,(int)b); fe_cswap(z2,z3,(int)b); for (pos = 255;pos >= 1;--pos) { - b = n[pos / 8] >> (pos & 7); + b = (unsigned int)n[pos / 8] >> (pos & 7); b &= 1; fe_cswap(x2,x3,(int)b); fe_cswap(z2,z3,(int)b); @@ -233,7 +233,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p, fe_mul(z3,x1,z2); fe_mul(z2,tmp1,tmp0); - b = mask[(pos-1) / 8] >> ((pos-1) & 7); + b = (unsigned int)mask[(pos-1) / 8] >> ((pos-1) & 7); b &= 1; fe_cswap(x2,x3,(int)b); fe_cswap(z2,z3,(int)b); diff --git a/src/wolfcrypt/src/ge_448.c b/src/wolfcrypt/src/ge_448.c index a09a92d..3e3ba9d 100644 --- a/src/wolfcrypt/src/ge_448.c +++ b/src/wolfcrypt/src/ge_448.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ge_low_mem.c b/src/wolfcrypt/src/ge_low_mem.c index c0a952b..308e73a 100644 --- a/src/wolfcrypt/src/ge_low_mem.c +++ b/src/wolfcrypt/src/ge_low_mem.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ge_operations.c b/src/wolfcrypt/src/ge_operations.c index bde5a06..184c54e 100644 --- a/src/wolfcrypt/src/ge_operations.c +++ b/src/wolfcrypt/src/ge_operations.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/hash.c b/src/wolfcrypt/src/hash.c index c709fa3..c3bae41 100644 --- a/src/wolfcrypt/src/hash.c +++ b/src/wolfcrypt/src/hash.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -37,27 +37,6 @@ #endif -#ifdef NO_ASN -enum Hash_Sum { - MD2h = 646, - MD5h = 649, - SHAh = 88, - SHA224h = 417, - SHA256h = 414, - SHA384h = 415, - SHA512h = 416, - SHA512_224h = 418, - SHA512_256h = 419, - SHA3_224h = 420, - SHA3_256h = 421, - SHA3_384h = 422, - SHA3_512h = 423, - SHAKE128h = 424, - SHAKE256h = 425, - SM3h = 640 /* 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11 */ -}; -#endif /* !NO_ASN */ - #if !defined(NO_PWDBASED) || !defined(NO_ASN) /* function converts int hash type to enum */ enum wc_HashType wc_HashTypeConvert(int hashType) @@ -1498,13 +1477,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) void* heap, int devId) { int ret = 0; - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) wc_Sha256* sha256; #else wc_Sha256 sha256[1]; #endif - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) sha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sha256 == NULL) @@ -1525,7 +1504,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) } - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/src/wolfcrypt/src/hmac.c b/src/wolfcrypt/src/hmac.c index 912b26d..fdbe30f 100644 --- a/src/wolfcrypt/src/hmac.c +++ b/src/wolfcrypt/src/hmac.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -400,6 +400,32 @@ static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad) return ret; } +#ifdef WOLFSSL_HMAC_COPY_HASH +int _HmacInitIOHashes(Hmac* hmac) +{ + int ret; +#ifdef WOLF_CRYPTO_CB + int devId = hmac->devId; +#else + int devId = INVALID_DEVID; +#endif + + ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, hmac->heap, devId); + if (ret == 0) { + ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, hmac->heap, devId); + } + if (ret == 0) { + ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash, + (byte*)hmac->ipad); + } + if (ret == 0) { + ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash, + (byte*)hmac->opad); + } + + return ret; +} +#endif int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, int allowFlag) @@ -761,25 +787,8 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length, } #ifdef WOLFSSL_HMAC_COPY_HASH - if ( ret == 0) { - #ifdef WOLF_CRYPTO_CB - int devId = hmac->devId; - #else - int devId = INVALID_DEVID; - #endif - - ret = HmacKeyInitHash(&hmac->i_hash, hmac->macType, heap, devId); - if (ret != 0) - return ret; - ret = HmacKeyInitHash(&hmac->o_hash, hmac->macType, heap, devId); - if (ret != 0) - return ret; - ret = HmacKeyHashUpdate(hmac->macType, &hmac->i_hash, ip); - if (ret != 0) - return ret; - ret = HmacKeyHashUpdate(hmac->macType, &hmac->o_hash, op); - if (ret != 0) - return ret; + if (ret == 0) { + ret = _HmacInitIOHashes(hmac); } #endif @@ -1581,7 +1590,7 @@ int wolfSSL_GetHmacMaxSize(void) left = min(left, hashSz); XMEMCPY(out+outIdx, tmp, left); - outIdx += hashSz; + outIdx += left; n++; } diff --git a/src/wolfcrypt/src/hpke.c b/src/wolfcrypt/src/hpke.c index 8ce209f..848b53a 100644 --- a/src/wolfcrypt/src/hpke.c +++ b/src/wolfcrypt/src/hpke.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -987,7 +987,7 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey, word16 pubKeySz, byte* sharedSecret) { int ret; -#ifdef ECC_TIMING_RESISTANT +#if defined(ECC_TIMING_RESISTANT) || defined(WOLFSSL_CURVE25519_BLINDING) WC_RNG* rng; #endif word32 dh_len; @@ -1052,9 +1052,22 @@ static int wc_HpkeDecap(Hpke* hpke, void* receiverKey, const byte* pubKey, #endif #if defined(HAVE_CURVE25519) case DHKEM_X25519_HKDF_SHA256: + #ifdef WOLFSSL_CURVE25519_BLINDING + rng = wc_rng_new(NULL, 0, hpke->heap); + + if (rng == NULL) { + ret = RNG_FAILURE_E; + break; + } + + wc_curve25519_set_rng((curve25519_key*)receiverKey, rng); + #endif ret = wc_curve25519_shared_secret_ex( (curve25519_key*)receiverKey, (curve25519_key*)ephemeralKey, dh, &dh_len, EC25519_LITTLE_ENDIAN); + #ifdef WOLFSSL_CURVE25519_BLINDING + wc_rng_free(rng); + #endif break; #endif case DHKEM_X448_HKDF_SHA512: diff --git a/src/wolfcrypt/src/integer.c b/src/wolfcrypt/src/integer.c index 341d99d..418df6d 100644 --- a/src/wolfcrypt/src/integer.c +++ b/src/wolfcrypt/src/integer.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/kdf.c b/src/wolfcrypt/src/kdf.c index 0e092dd..ce278d0 100644 --- a/src/wolfcrypt/src/kdf.c +++ b/src/wolfcrypt/src/kdf.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -902,12 +902,12 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, * @param [in] saltSz Size of random value in bytes. * @param [in] kdrIdx Key derivation rate. kdr = 0 when -1, otherwise * kdr = 2^kdrIdx. - * @param [in] index Index value to XOR in. - * @param [in] indexSz Size of index value in bytes. + * @param [in] idx Index value to XOR in. + * @param [in] idxSz Size of index value in bytes. * @param [out] block First block to encrypt. */ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx, - const byte* index, int indexSz, unsigned char* block) + const byte* idx, int idxSz, unsigned char* block) { int i; @@ -924,21 +924,21 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx, /* Get the number of bits to shift index by. */ word32 bits = kdrIdx & 0x7; /* Reduce index size by number of bytes to remove. */ - indexSz -= kdrIdx >> 3; + idxSz -= kdrIdx >> 3; if ((kdrIdx & 0x7) == 0) { /* Just XOR in as no bit shifting. */ - for (i = 0; i < indexSz; i++) { - block[i + WC_SRTP_MAX_SALT - indexSz] ^= index[i]; + for (i = 0; i < idxSz; i++) { + block[i + WC_SRTP_MAX_SALT - idxSz] ^= idx[i]; } } else { /* XOR in as bit shifted index. */ - block[WC_SRTP_MAX_SALT - indexSz] ^= (byte)(index[0] >> bits); - for (i = 1; i < indexSz; i++) { - block[i + WC_SRTP_MAX_SALT - indexSz] ^= - (byte)((index[i-1] << (8 - bits)) | - (index[i+0] >> bits )); + block[WC_SRTP_MAX_SALT - idxSz] ^= (byte)(idx[0] >> bits); + for (i = 1; i < idxSz; i++) { + block[i + WC_SRTP_MAX_SALT - idxSz] ^= + (byte)((idx[i-1] << (8 - bits)) | + (idx[i+0] >> bits )); } } } @@ -955,7 +955,7 @@ static void wc_srtp_kdf_first_block(const byte* salt, word32 saltSz, int kdrIdx, * @param [in] aes AES object to encrypt with. * @return 0 on success. */ -static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, +static int wc_srtp_kdf_derive_key(byte* block, int idxSz, byte label, byte* key, word32 keySz, Aes* aes) { int i; @@ -964,7 +964,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, int blocks = (int)(keySz / WC_AES_BLOCK_SIZE); /* XOR in label. */ - block[WC_SRTP_MAX_SALT - indexSz - 1] ^= label; + block[WC_SRTP_MAX_SALT - idxSz - 1] ^= label; for (i = 0; (ret == 0) && (i < blocks); i++) { /* Set counter. */ block[15] = (byte)i; @@ -988,7 +988,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, } } /* XOR out label. */ - block[WC_SRTP_MAX_SALT - indexSz - 1] ^= label; + block[WC_SRTP_MAX_SALT - idxSz - 1] ^= label; return ret; } @@ -1018,7 +1018,7 @@ static int wc_srtp_kdf_derive_key(byte* block, int indexSz, byte label, * @return 0 on success. */ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, - int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2, + int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz) { int ret = 0; @@ -1056,7 +1056,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, /* Calculate first block that can be used in each derivation. */ if (ret == 0) { - wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, WC_SRTP_INDEX_LEN, + wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, idx, WC_SRTP_INDEX_LEN, block); } @@ -1109,7 +1109,7 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, * @return 0 on success. */ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 saltSz, - int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2, + int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator) { int ret = 0; @@ -1156,7 +1156,7 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt /* Calculate first block that can be used in each derivation. */ if (ret == 0) { - wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, idxLen, block); + wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, idx, idxLen, block); } /* Calculate first key if required. */ @@ -1184,11 +1184,11 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt } int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, - int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2, + int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz) { /* The default 32-bit IDX expected by many implementations */ - return wc_SRTCP_KDF_ex(key, keySz, salt, saltSz, kdrIdx, index, + return wc_SRTCP_KDF_ex(key, keySz, salt, saltSz, kdrIdx, idx, key1, key1Sz, key2, key2Sz, key3, key3Sz, WC_SRTCP_32BIT_IDX); } @@ -1214,7 +1214,7 @@ int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, * @return 0 on success. */ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, - word32 saltSz, int kdrIdx, const byte* index, byte label, byte* outKey, + word32 saltSz, int kdrIdx, const byte* idx, byte label, byte* outKey, word32 outKeySz) { int ret = 0; @@ -1253,7 +1253,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, /* Calculate first block that can be used in each derivation. */ if (ret == 0) { - wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, WC_SRTP_INDEX_LEN, + wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, idx, WC_SRTP_INDEX_LEN, block); } if (ret == 0) { @@ -1293,7 +1293,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, * @return 0 on success. */ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt, - word32 saltSz, int kdrIdx, const byte* index, byte label, byte* outKey, + word32 saltSz, int kdrIdx, const byte* idx, byte label, byte* outKey, word32 outKeySz) { int ret = 0; @@ -1332,7 +1332,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt, /* Calculate first block that can be used in each derivation. */ if (ret == 0) { - wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, index, WC_SRTCP_INDEX_LEN, + wc_srtp_kdf_first_block(salt, saltSz, kdrIdx, idx, WC_SRTCP_INDEX_LEN, block); } if (ret == 0) { diff --git a/src/wolfcrypt/src/logging.c b/src/wolfcrypt/src/logging.c index 29b9221..98fcb35 100644 --- a/src/wolfcrypt/src/logging.c +++ b/src/wolfcrypt/src/logging.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -230,42 +230,6 @@ void WOLFSSL_TIME(int count) #ifdef DEBUG_WOLFSSL -#if defined(ARDUINO) - /* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */ -#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - /* see wc_port.h for fio.h and nio.h includes */ -#elif defined(WOLFSSL_SGX) - /* Declare sprintf for ocall */ - int sprintf(char* buf, const char *fmt, ...); -#elif defined(WOLFSSL_DEOS) -#elif defined(MICRIUM) - #if (BSP_SER_COMM_EN == DEF_ENABLED) - #include - #endif -#elif defined(WOLFSSL_USER_LOG) - /* user includes their own headers */ -#elif defined(WOLFSSL_ESPIDF) - #include "esp_types.h" - #include "esp_log.h" -#elif defined(WOLFSSL_TELIT_M2MB) - #include - #include "m2m_log.h" -#elif defined(WOLFSSL_ANDROID_DEBUG) - #include -#elif defined(WOLFSSL_XILINX) - #include "xil_printf.h" -#elif defined(WOLFSSL_LINUXKM) - /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */ -#elif defined(FUSION_RTOS) - #include - #define fprintf FCL_FPRINTF -#else - #include /* for default printf stuff */ -#endif - -#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) - int dc_log_printf(char*, ...); -#endif #ifdef HAVE_STACK_SIZE_VERBOSE #include @@ -281,106 +245,40 @@ static void wolfssl_log(const int logLevel, const char* const file_name, else { #if defined(WOLFSSL_USER_LOG) WOLFSSL_USER_LOG(logMessage); -#elif defined(ARDUINO) - wolfSSL_Arduino_Serial_Print(logMessage); -#elif defined(WOLFSSL_LOG_PRINTF) - if (file_name != NULL) - printf("[%s L %d] %s\n", file_name, line_number, logMessage); - else - printf("%s\n", logMessage); -#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) - if (file_name != NULL) - dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage); - else - dc_log_printf("%s\n", logMessage); -#elif defined(WOLFSSL_DEOS) - if (file_name != NULL) - printf("[%s L %d] %s\r\n", file_name, line_number, logMessage); - else - printf("%s\r\n", logMessage); -#elif defined(MICRIUM) - if (file_name != NULL) - BSP_Ser_Printf("[%s L %d] %s\r\n", - file_name, line_number, logMessage); - else - BSP_Ser_Printf("%s\r\n", logMessage); -#elif defined(WOLFSSL_MDK_ARM) - fflush(stdout) ; - if (file_name != NULL) - printf("[%s L %d] %s\n", file_name, line_number, logMessage); - else - printf("%s\n", logMessage); - fflush(stdout) ; -#elif defined(WOLFSSL_UTASKER) - fnDebugMsg((char*)logMessage); - fnDebugMsg("\r\n"); -#elif defined(MQX_USE_IO_OLD) - if (file_name != NULL) - fprintf(_mqxio_stderr, "[%s L %d] %s\n", - file_name, line_number, logMessage); - else - fprintf(_mqxio_stderr, "%s\n", logMessage); -#elif defined(WOLFSSL_APACHE_MYNEWT) - if (file_name != NULL) - LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n", - file_name, line_number, logMessage); - else - LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage); -#elif defined(WOLFSSL_ESPIDF) - if (file_name != NULL) - ESP_LOGI("wolfssl", "[%s L %d] %s", - file_name, line_number, logMessage); - else - ESP_LOGI("wolfssl", "%s", logMessage); -#elif defined(WOLFSSL_ZEPHYR) - if (file_name != NULL) - printk("[%s L %d] %s\n", file_name, line_number, logMessage); - else - printk("%s\n", logMessage); -#elif defined(WOLFSSL_TELIT_M2MB) - if (file_name != NULL) - M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage); - else - M2M_LOG_INFO("%s\n", logMessage); -#elif defined(WOLFSSL_ANDROID_DEBUG) - if (file_name != NULL) - __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s", - file_name, line_number, logMessage); - else - __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s", - logMessage); -#elif defined(WOLFSSL_XILINX) - if (file_name != NULL) - xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage); - else - xil_printf("%s\r\n", logMessage); -#elif defined(WOLFSSL_LINUXKM) - if (file_name != NULL) - printk("[%s L %d] %s\n", file_name, line_number, logMessage); - else - printk("%s\n", logMessage); -#elif defined(WOLFSSL_RENESAS_RA6M4) - if (file_name != NULL) - myprintf("[%s L %d] %s\n", file_name, line_number, logMessage); - else - myprintf("%s\n", logMessage); -#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \ - defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG) - STACK_SIZE_CHECKPOINT_MSG(logMessage); -#else +#elif defined(WOLFSSL_DEBUG_PRINTF_FN) + #ifdef WOLFSSL_MDK_ARM + fflush(stdout); + #endif if (log_prefix != NULL) { if (file_name != NULL) - fprintf(stderr, "[%s]: [%s L %d] %s\n", + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS + "[%s]: [%s L %d] %s\n", log_prefix, file_name, line_number, logMessage); else - fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage); + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS + "[%s]: %s\n", log_prefix, logMessage); } else { if (file_name != NULL) - fprintf(stderr, "[%s L %d] %s\n", + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS + "[%s L %d] %s\n", file_name, line_number, logMessage); else - fprintf(stderr, "%s\n", logMessage); + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS + "%s\n", logMessage); } + #ifdef WOLFSSL_MDK_ARM + fflush(stdout); + #endif +#elif defined(ARDUINO) + wolfSSL_Arduino_Serial_Print(logMessage); +#elif defined(WOLFSSL_UTASKER) + fnDebugMsg((char*)logMessage); + fnDebugMsg("\r\n"); +#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \ + defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG) + STACK_SIZE_CHECKPOINT_MSG(logMessage); +#else + #error No log method defined. #endif } } diff --git a/src/wolfcrypt/src/md2.c b/src/wolfcrypt/src/md2.c index 89cec62..d6a7e56 100644 --- a/src/wolfcrypt/src/md2.c +++ b/src/wolfcrypt/src/md2.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/md4.c b/src/wolfcrypt/src/md4.c index 53d206e..e7342d6 100644 --- a/src/wolfcrypt/src/md4.c +++ b/src/wolfcrypt/src/md4.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/md5.c b/src/wolfcrypt/src/md5.c index 84f1117..e62a841 100644 --- a/src/wolfcrypt/src/md5.c +++ b/src/wolfcrypt/src/md5.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/memory.c b/src/wolfcrypt/src/memory.c index 928dd7b..17663b3 100644 --- a/src/wolfcrypt/src/memory.c +++ b/src/wolfcrypt/src/memory.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/misc.c b/src/wolfcrypt/src/misc.c index 98b83c7..e681d2b 100644 --- a/src/wolfcrypt/src/misc.c +++ b/src/wolfcrypt/src/misc.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -633,7 +633,13 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b, } #endif -#ifndef WOLFSSL_NO_CT_OPS + +#if defined(WOLFSSL_NO_CT_OPS) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)) +/* constant time operations with mask are required for RSA and TLS operations */ +#warning constant time operations required unless using NO_RSA & WOLFCRYPT_ONLY +#endif + +#if !defined(WOLFSSL_NO_CT_OPS) || !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY) /* Constant time - mask set when a > b. */ WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b) { @@ -761,7 +767,8 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, /* returns the smaller of a and b */ WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b) { -#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) +#if !defined(WOLFSSL_NO_CT_OPS) && !defined(WOLFSSL_NO_CT_MAX_MIN) && \ + defined(WORD64_AVAILABLE) word32 gte_mask = (word32)ctMaskWord32GTE(a, b); return (a & ~gte_mask) | (b & gte_mask); #else /* WOLFSSL_NO_CT_OPS */ @@ -777,7 +784,8 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src, #endif WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b) { -#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE) +#if !defined(WOLFSSL_NO_CT_OPS) && !defined(WOLFSSL_NO_CT_MAX_MIN) && \ + defined(WORD64_AVAILABLE) word32 gte_mask = (word32)ctMaskWord32GTE(a, b); return (a & gte_mask) | (b & ~gte_mask); #else /* WOLFSSL_NO_CT_OPS */ @@ -1001,9 +1009,12 @@ WC_MISC_STATIC WC_INLINE void ato64(const byte *in, w64wrapper *w64) #ifdef BIG_ENDIAN_ORDER XMEMCPY(&w64->n, in, sizeof(w64->n)); #else - word64 _in; - XMEMCPY(&_in, in, sizeof(_in)); - w64->n = ByteReverseWord64(_in); + union { + word64 w; + byte b[sizeof(word64)]; + } _in; + XMEMCPY(_in.b, in, sizeof(_in)); + w64->n = ByteReverseWord64(_in.w); #endif /* BIG_ENDIAN_ORDER */ } diff --git a/src/wolfcrypt/src/pkcs12.c b/src/wolfcrypt/src/pkcs12.c index 5f8b85a..8739354 100644 --- a/src/wolfcrypt/src/pkcs12.c +++ b/src/wolfcrypt/src/pkcs12.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -44,16 +44,6 @@ #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } enum { - WC_PKCS12_KeyBag = 667, - WC_PKCS12_ShroudedKeyBag = 668, - WC_PKCS12_CertBag = 669, - WC_PKCS12_CertBag_Type1 = 675, - WC_PKCS12_CrlBag = 670, - WC_PKCS12_SecretBag = 671, - WC_PKCS12_SafeContentsBag = 672, - WC_PKCS12_DATA = 651, - WC_PKCS12_ENCRYPTED_DATA = 656, - WC_PKCS12_DATA_OBJ_SZ = 11, WC_PKCS12_MAC_SALT_SZ = 8 }; @@ -1770,6 +1760,51 @@ int wc_PKCS12_parse_ex(WC_PKCS12* pkcs12, const char* psw, } +/* Helper function to get parameters for key and cert encryptions */ +static int wc_PKCS12_get_enc_params(int inAlgo, int* vPKCS, int* outAlgo, + int* blkOid, int* hmacOid) +{ + int ret = 0; + + if (inAlgo == PBE_SHA1_RC4_128) { + *vPKCS = 1; /* PKCS#12 */ + *outAlgo = PBE_SHA1_RC4_128; + *blkOid = 0; /* Unused */ + *hmacOid = 0; /* Use SHA1 as default */ + } + else if (inAlgo == PBE_SHA1_DES) { + *vPKCS = PKCS5; + *outAlgo = PBES1_SHA1_DES; + *blkOid = 0; /* Unused */ + *hmacOid = 0; /* Use SHA1 as default */ + } + else if (inAlgo == PBE_SHA1_DES3) { + *vPKCS = 1; /* PKCS#12 */ + *outAlgo = PBE_SHA1_DES3; + *blkOid = 0; /* Unused */ + *hmacOid = 0; /* Use SHA1 as default */ + } + else if (inAlgo == PBE_AES256_CBC) { + *vPKCS = PKCS5; + *outAlgo = PBES2; + *blkOid = AES256CBCb; + *hmacOid = HMAC_SHA256_OID; + } + else if (inAlgo == PBE_AES128_CBC) { + *vPKCS = PKCS5; + *outAlgo = PBES2; + *blkOid = AES128CBCb; + *hmacOid = HMAC_SHA256_OID; + } + else { + WOLFSSL_MSG("Unsupported algorithm for PKCS12 encryption"); + ret = ALGO_ID_E; + } + + return ret; +} + + /* Helper function to shroud keys. * * pkcs12 structure to use with shrouding key @@ -1791,11 +1826,17 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, { void* heap; word32 tmpIdx = 0; - int vPKCS = 1; /* PKCS#12 default set to 1 */ word32 sz; word32 totalSz = 0; int ret; byte* pkcs8Key = NULL; + byte salt[PKCS5V2_SALT_SZ]; /* PKCS5V2_SALT_SZ > PKCS5_SALT_SZ */ + word32 saltSz = 0; + + int vPKCS = -1; + int outAlgo = -1; + int blkOid = 0; + int hmacOid = 0; if (outSz == NULL || pkcs12 == NULL || rng == NULL || key == NULL || pass == NULL) { @@ -1832,13 +1873,17 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, else { WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag"); - if (vAlgo == PBE_SHA1_DES) { - vPKCS = PKCS5; - vAlgo = 10; + if ((ret = wc_PKCS12_get_enc_params(vAlgo, &vPKCS, &outAlgo, &blkOid, + &hmacOid)) < 0) { + return ret; + } + saltSz = (outAlgo != PBES2) ? PKCS5_SALT_SZ : PKCS5V2_SALT_SZ; + if ((ret = wc_RNG_GenerateBlock(rng, salt, saltSz)) < 0) { + return ret; } - ret = UnTraditionalEnc(key, keySz, pkcs8Key, &sz, pass, passSz, - vPKCS, vAlgo, NULL, 0, itt, rng, heap); + ret = TraditionalEnc_ex(key, keySz, pkcs8Key, &sz, pass, passSz, + vPKCS, outAlgo, blkOid, salt, saltSz, itt, hmacOid, rng, heap); } if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { *outSz = sz + MAX_LENGTH_SZ + 1; @@ -2078,7 +2123,6 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, const char* pass, int passSz, int iter, int type) { void* heap; - int vPKCS = 1; /* PKCS#12 is always set to 1 */ int ret; byte* tmp; word32 idx = 0; @@ -2087,6 +2131,11 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, word32 tmpSz; word32 encSz; + int vPKCS = -1; + int outAlgo = -1; + int blkOid = 0; + int hmacOid = 0; + byte seq[MAX_SEQ_SZ]; WOLFSSL_MSG("encrypting PKCS12 content"); @@ -2103,9 +2152,15 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, if (type == WC_PKCS12_ENCRYPTED_DATA) { word32 outerSz = 0; + if ((ret = wc_PKCS12_get_enc_params(vAlgo, &vPKCS, &outAlgo, &blkOid, + &hmacOid)) < 0) { + return ret; + } + encSz = contentSz; if ((ret = EncryptContent(NULL, contentSz, NULL, &encSz, - pass, passSz, vPKCS, vAlgo, NULL, 0, iter, rng, heap)) < 0) { + pass, passSz, vPKCS, outAlgo, blkOid, NULL, 0, iter, hmacOid, + rng, heap)) < 0) { if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } @@ -2157,7 +2212,8 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, } if ((ret = EncryptContent(content, contentSz, tmp, &encSz, - pass, passSz, vPKCS, vAlgo, NULL, 0, iter, rng, heap)) < 0) { + pass, passSz, vPKCS, outAlgo, blkOid, NULL, 0, iter, hmacOid, + rng, heap)) < 0) { XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -2271,6 +2327,7 @@ static byte* PKCS12_create_key_content(WC_PKCS12* pkcs12, int nidKey, heap = wc_PKCS12_GetHeap(pkcs12); *keyCiSz = 0; switch (nidKey) { + /* supported key encryptions */ case PBE_SHA1_RC4_128: algo = 1; break; @@ -2283,8 +2340,15 @@ static byte* PKCS12_create_key_content(WC_PKCS12* pkcs12, int nidKey, algo = 3; break; - /* no encryption */ - case -1: + case PBE_AES256_CBC: + algo = PBE_AES256_CBC; + break; + + case PBE_AES128_CBC: + algo = PBE_AES128_CBC; + break; + + case -1: /* no encryption */ algo = -1; break; @@ -2391,6 +2455,7 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert, heap = wc_PKCS12_GetHeap(pkcs12); switch (nidCert) { + /* supported certificate encryptions */ case PBE_SHA1_RC4_128: type = WC_PKCS12_ENCRYPTED_DATA; algo = 1; @@ -2406,7 +2471,17 @@ static byte* PKCS12_create_cert_content(WC_PKCS12* pkcs12, int nidCert, algo = 3; break; - case -1: + case PBE_AES256_CBC: + type = WC_PKCS12_ENCRYPTED_DATA; + algo = PBE_AES256_CBC; + break; + + case PBE_AES128_CBC: + type = WC_PKCS12_ENCRYPTED_DATA; + algo = PBE_AES128_CBC; + break; + + case -1: /* no encryption */ type = WC_PKCS12_DATA; algo = -1; break; diff --git a/src/wolfcrypt/src/pkcs7.c b/src/wolfcrypt/src/pkcs7.c index a8545ba..1b4fcf6 100644 --- a/src/wolfcrypt/src/pkcs7.c +++ b/src/wolfcrypt/src/pkcs7.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -12659,8 +12659,13 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in, case WC_PKCS7_ENV_5: #ifndef NO_PKCS7_STREAM + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected, &pkiMsg, &idx)) != 0) { + if (ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + wc_PKCS7_StreamGetVar(pkcs7, &encOID, NULL, NULL); + wc_PKCS7_DecryptContentFree(pkcs7, encOID, pkcs7->heap); + } return ret; } @@ -13106,11 +13111,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 case AES128GCMb: - FALL_THROUGH; #endif #ifdef WOLFSSL_AES_192 case AES192GCMb: - FALL_THROUGH; #endif #ifdef WOLFSSL_AES_256 case AES256GCMb: @@ -13125,11 +13128,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, #ifdef HAVE_AESCCM #ifdef WOLFSSL_AES_128 case AES128CCMb: - FALL_THROUGH; #endif #ifdef WOLFSSL_AES_192 case AES192CCMb: - FALL_THROUGH; #endif #ifdef WOLFSSL_AES_256 case AES256CCMb: @@ -14877,6 +14878,62 @@ int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx) #endif /* NO_PKCS7_ENCRYPTED_DATA */ +/* Unwrap and decrypt PKCS#7/CMS EncryptedKeyPackage object, return the + * decoded size. */ +int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, + byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz) +{ + int ret = 0; + word32 pkiIndex = 0; + word32 contentType = 0; + int length = 0; + + if (pkiMsg == NULL) { + ret = BAD_FUNC_ARG; + } + /* Expect a SEQUENCE header to start the EncryptedKeyPackage + * ContentInfo. */ + else if (GetSequence_ex(pkiMsg, &pkiIndex, &length, pkiMsgSz, 1) < 0) { + ret = ASN_PARSE_E; + } + /* Validate the EncryptedKeyPackage OBJECT IDENTIFIER. */ + else if (wc_GetContentType(pkiMsg, &pkiIndex, &contentType, pkiMsgSz) < 0) { + ret = ASN_PARSE_E; + } + else if (contentType != ENCRYPTED_KEY_PACKAGE) { + WOLFSSL_MSG("PKCS#7 input not of type EncryptedKeyPackage"); + ret = PKCS7_OID_E; + } + /* Expect content [0] tag */ + else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + &pkiIndex, &length, pkiMsgSz) < 0) { + ret = ASN_PARSE_E; + } + /* Check for an EncryptedKeyPackage explicit CHOICE [0] tag, indicating + * an EnvelopedData subtype. */ + else if (GetASNHeader(pkiMsg, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, + &pkiIndex, &length, pkiMsgSz) >= 0) { + /* An explicit CHOICE [0] tag was found. pkiIndex now should point + * to the EnvelopedData ContentInfo object within the + * EncryptedKeyPackage. */ + ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, &pkiMsg[pkiIndex], + pkiMsgSz - pkiIndex, output, outputSz); + } + else { +#ifndef NO_PKCS7_ENCRYPTED_DATA + /* An explicit CHOICE [0] tag was not found. Check if we have an + * EncryptedData blob. */ + ret = wc_PKCS7_DecodeEncryptedData(pkcs7, &pkiMsg[pkiIndex], + pkiMsgSz - pkiIndex, output, outputSz); +#else + ret = ASN_PARSE_E; +#endif + } + + return ret; +} + + /* set stream mode for encoding and signing * returns 0 on success */ int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag, diff --git a/src/wolfcrypt/src/poly1305.c b/src/wolfcrypt/src/poly1305.c index bd72a40..f8e230f 100644 --- a/src/wolfcrypt/src/poly1305.c +++ b/src/wolfcrypt/src/poly1305.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/port/Espressif/esp32_aes.c b/src/wolfcrypt/src/port/Espressif/esp32_aes.c index b1479de..4eed1d8 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/port/Espressif/esp32_mp.c b/src/wolfcrypt/src/port/Espressif/esp32_mp.c index dbfd133..9092f77 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/port/Espressif/esp32_sha.c b/src/wolfcrypt/src/port/Espressif/esp32_sha.c index f9f8d90..6722a93 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/port/Espressif/esp32_util.c b/src/wolfcrypt/src/port/Espressif/esp32_util.c index 90b3cdc..c7db477 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_util.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -31,6 +31,11 @@ #include "sdkconfig.h" /* programmatically generated from sdkconfig */ #include +#if HAVE_LIBWOLFSSL_OUTPUT_HEADER + /* see wolfssl component CMakeLists.txt that may have generated this: */ + #include "libwolfssl_output.h" +#endif + /* Espressif */ #include #include @@ -647,6 +652,16 @@ int ShowExtendedSystemInfo(void) LIBWOLFSSL_VERSION_HEX); #endif +#if defined(LIBWOLFSSL_CMAKE_OUTPUT) + /* For some environments such as PlatformIO that may hide CMake output, + * we can have important messages propagated to the app: */ + ESP_LOGI(TAG, "----------------------------------------------------------"); + ESP_LOGI(TAG, "LIBWOLFSSL_CMAKE_OUTPUT:%s", LIBWOLFSSL_CMAKE_OUTPUT); + ESP_LOGI(TAG, "----------------------------------------------------------"); +#else + ESP_LOGW(TAG, "LIBWOLFSSL_CMAKE_OUTPUT: No cmake messages detected"); +#endif + /* some interesting settings are target specific (ESP32, -C3, -S3, etc */ #if defined(CONFIG_IDF_TARGET_ESP32) /* ESP_RSA_MULM_BITS should be set to at least 16 for ESP32 */ diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 5bd7a64..d1e51a5 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 036174e..7f27a2d 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -181,10 +181,15 @@ int set_fixed_default_time(void) { /* ideally, we'd like to set time from network, * but let's set a default time, just in case */ + + ESP_LOGV(TAG, "Default Date %s", __DATE__); + ESP_LOGV(TAG, "YEAR %d", YEAR); + ESP_LOGV(TAG, "MONTH %d", MONTH); + ESP_LOGV(TAG, "DAY %d", DAY); struct tm timeinfo = { - .tm_year = YEAR, - .tm_mon = MONTH, /* Month, where 0 = Jan */ - .tm_mday = DAY, /* Numeric decimal day of the month */ + .tm_year = YEAR - 1900, /* years since 1900 */ + .tm_mon = MONTH - 1, /* Month, where 0 = Jan */ + .tm_mday = DAY - 1, /* Numeric decimal day of the month */ .tm_hour = 13, .tm_min = 1, .tm_sec = 5 diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index db7c954..b3c62e9 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/port/atmel/atmel.c b/src/wolfcrypt/src/port/atmel/atmel.c index 6aabe5d..386a8f4 100644 --- a/src/wolfcrypt/src/port/atmel/atmel.c +++ b/src/wolfcrypt/src/port/atmel/atmel.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/pwdbased.c b/src/wolfcrypt/src/pwdbased.c index c60db6a..8c7c64c 100644 --- a/src/wolfcrypt/src/pwdbased.c +++ b/src/wolfcrypt/src/pwdbased.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/random.c b/src/wolfcrypt/src/random.c index 746a06b..f8107d0 100644 --- a/src/wolfcrypt/src/random.c +++ b/src/wolfcrypt/src/random.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -147,12 +147,13 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) #include "cyhal_trng.h" /* Infineon/Cypress HAL RNG implementation */ -#elif defined(WOLFSSL_GETRANDOM) - #include - #include #elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" #else + #if defined(WOLFSSL_GETRANDOM) || defined(HAVE_GETRANDOM) + #include + #include + #endif /* include headers that may be needed to get good seed */ #include #ifndef EBSNET @@ -188,8 +189,7 @@ This library contains implementation for the random number generator. { intel_flags = cpuid_get_flags(); } - #if (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \ - !defined(WOLFSSL_LINUXKM) + #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED) static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz); #endif #ifdef HAVE_INTEL_RDRAND @@ -231,7 +231,6 @@ This library contains implementation for the random number generator. #define OUTPUT_BLOCK_LEN (WC_SHA256_DIGEST_SIZE) #define MAX_REQUEST_LEN (0x10000) -#define RESEED_INTERVAL WC_RESEED_INTERVAL /* The security strength for the RNG is the target number of bits of @@ -254,7 +253,12 @@ This library contains implementation for the random number generator. #endif #elif defined(HAVE_AMD_RDSEED) /* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0, - * we'll add an additional 8kb on top. */ + * we'll add an additional 8kb on top. + * + * See "AMD RNG ESV Public Use Document". Version 0.7 of October 24, + * 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of + * RDSEED output, depending on CPU family. + */ #define ENTROPY_SCALE_FACTOR (512) #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) /* The value of 2 applies to Intel's RDSEED which provides about @@ -306,7 +310,11 @@ This library contains implementation for the random number generator. #ifdef WC_RNG_SEED_CB +#ifndef HAVE_FIPS +static wc_RngSeed_Cb seedCb = wc_GenerateSeed; +#else static wc_RngSeed_Cb seedCb = NULL; +#endif int wc_SetSeed_Cb(wc_RngSeed_Cb cb) { @@ -365,7 +373,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type, #else wc_Sha256 sha[1]; #endif -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM) byte* digest; #else byte digest[WC_SHA256_DIGEST_SIZE]; @@ -375,7 +383,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type, return DRBG_FAILURE; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM) digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap, DYNAMIC_TYPE_DIGEST); if (digest == NULL) @@ -436,7 +444,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type, ForceZero(digest, WC_SHA256_DIGEST_SIZE); -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM) XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST); #endif @@ -634,26 +642,31 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz) wc_Sha256 sha[1]; #endif byte type; +#ifdef WORD64_AVAILABLE + word64 reseedCtr; +#else word32 reseedCtr; +#endif if (drbg == NULL) { return DRBG_FAILURE; } - if (drbg->reseedCtr == RESEED_INTERVAL) { -#if FIPS_VERSION3_GE(6,0,0) - printf("Reseed triggered\n"); -#endif + if (drbg->reseedCtr >= WC_RESEED_INTERVAL) { + #if defined(DEBUG_WOLFSSL) || defined(DEBUG_DRBG_RESEEDS) + printf("DRBG reseed triggered, reseedCtr == %lu", + (unsigned long)drbg->reseedCtr); + #endif return DRBG_NEED_RESEED; } else { - #ifndef WOLFSSL_SMALL_STACK - byte digest[WC_SHA256_DIGEST_SIZE]; - #else + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM) byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap, DYNAMIC_TYPE_DIGEST); if (digest == NULL) return DRBG_FAILURE; + #else + byte digest[WC_SHA256_DIGEST_SIZE]; #endif type = drbgGenerateH; @@ -683,7 +696,11 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz) array_add(drbg->V, sizeof(drbg->V), digest, WC_SHA256_DIGEST_SIZE); array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C)); #ifdef LITTLE_ENDIAN_ORDER + #ifdef WORD64_AVAILABLE + reseedCtr = ByteReverseWord64(reseedCtr); + #else reseedCtr = ByteReverseWord32(reseedCtr); + #endif #endif array_add(drbg->V, sizeof(drbg->V), (byte*)&reseedCtr, sizeof(reseedCtr)); @@ -692,7 +709,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz) drbg->reseedCtr++; } ForceZero(digest, WC_SHA256_DIGEST_SIZE); - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM) XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST); #endif } @@ -1124,6 +1141,16 @@ static word64 Entropy_GetSample(void) word64 now; word64 ret; +#ifdef HAVE_FIPS + /* First sample must be disregard when in FIPS. */ + if (entropy_last_time == 0) { + /* Get sample which triggers CAST in FIPS mode. */ + Entropy_MemUse(); + /* Start entropy time after CASTs. */ + entropy_last_time = Entropy_TimeHiRes(); + } +#endif + /* Use memory such that it will take an unpredictable amount of time. */ Entropy_MemUse(); @@ -1225,6 +1252,7 @@ static int Entropy_HealthTest_Repetition(byte noise) if (!rep_have_prev) { rep_prev_noise = noise; rep_have_prev = 1; + rep_cnt = 1; } /* Check whether this sample matches last. */ else if (noise == rep_prev_noise) { @@ -1258,7 +1286,7 @@ static int Entropy_HealthTest_Repetition(byte noise) /* SP800-90b 4.4.2 - Adaptive Proportion Test * Note 10 * C = 1 + CRITBINOM(W, power(2,( -H)),1-alpha) - * alpa = 2^-30 = POWER(2,-30), H = 1, W = 512 + * alpha = 2^-30 = POWER(2,-30), H = 1, W = 512 * C = 1 + CRITBINOM(512, 0.5, 1-POWER(2,-30)) = 1 + 324 = 325 */ #define PROP_CUTOFF 325 @@ -1308,8 +1336,9 @@ static int Entropy_HealthTest_Proportion(byte noise) { int ret = 0; - /* Need at least 512-1 samples to test with. */ - if (prop_total < PROP_WINDOW_SIZE - 1) { + /* Need minimum samples in queue to test with - keep adding while we have + * less. */ + if (prop_total < PROP_CUTOFF - 1) { /* Store sample at last position in circular queue. */ prop_samples[prop_last++] = noise; /* Update count of seen value based on new sample. */ @@ -1318,27 +1347,36 @@ static int Entropy_HealthTest_Proportion(byte noise) prop_total++; } else { - /* Get first value in queue - value to test. */ - byte val = (byte)prop_samples[prop_first]; - /* Store new sample in queue. */ + /* We have at least a minimum set of samples in queue. */ + /* Store new sample at end of queue. */ prop_samples[prop_last] = noise; - /* Update first index now that we have removed in from the queue. */ - prop_first = (prop_first + 1) % PROP_WINDOW_SIZE; /* Update last index now that we have added new sample to queue. */ prop_last = (prop_last + 1) % PROP_WINDOW_SIZE; - /* Removed sample from queue - remove count. */ - prop_cnt[val]--; /* Added sample to queue - add count. */ prop_cnt[noise]++; - /* Check whether removed value has too many repetitions in queue. */ - if (prop_cnt[val] >= PROP_CUTOFF) { + /* Update count of store values. */ + prop_total++; + + /* Check whether first value has too many repetitions in queue. */ + if (prop_cnt[noise] >= PROP_CUTOFF) { #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE - fprintf(stderr, "PROPORTION FAILED: %d %d\n", val, prop_cnt[val]); + fprintf(stderr, "PROPORTION FAILED: %d %d\n", val, prop_cnt[noise]); #endif Entropy_HealthTest_Proportion_Reset(); /* Error code returned. */ ret = ENTROPY_APT_E; } + else if (prop_total == PROP_WINDOW_SIZE) { + /* Return to 511 samples in queue. */ + /* Get first value in queue - value to test. */ + byte val = (byte)prop_samples[prop_first]; + /* Update first index to remove first sample from the queue. */ + prop_first = (prop_first + 1) % PROP_WINDOW_SIZE; + /* Removed first sample from queue - remove count. */ + prop_cnt[val]--; + /* Update count of store values. */ + prop_total--; + } } return ret; @@ -1371,6 +1409,10 @@ static int Entropy_HealthTest_Startup(void) #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE fprintf(stderr, "STARTUP HEALTH TEST\n"); #endif + + /* Reset cached values before testing. */ + Entropy_HealthTest_Reset(); + /* Fill initial sample buffer with noise. */ Entropy_GetNoise(initial, ENTROPY_INITIAL_COUNT); /* Health check initial noise. */ @@ -1452,13 +1494,23 @@ static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mute int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len) { int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + byte *noise = NULL; +#else byte noise[MAX_NOISE_CNT]; +#endif /* Noise length is the number of 8 byte samples required to get the bits of * entropy requested. */ int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN; +#ifdef WOLFSSL_SMALL_STACK + noise = (byte *)XMALLOC(MAX_NOISE_CNT, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (noise == NULL) + return MEMORY_E; +#endif + /* Lock the mutex as collection uses globals. */ - if (wc_LockMutex(&entropy_mutex) != 0) { + if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) { ret = BAD_MUTEX_E; } @@ -1516,6 +1568,10 @@ int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len) wc_UnLockMutex(&entropy_mutex); } +#ifdef WOLFSSL_SMALL_STACK + XFREE(noise, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } @@ -1537,8 +1593,6 @@ int wc_Entropy_OnDemandTest(void) } if (ret == 0) { - /* Reset health test state for startup test. */ - Entropy_HealthTest_Reset(); /* Perform startup tests. */ ret = Entropy_HealthTest_Startup(); } @@ -1640,6 +1694,9 @@ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, #else rng->heap = heap; #endif +#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) + rng->pid = getpid(); +#endif #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) rng->devId = devId; #if defined(WOLF_CRYPTO_CB) @@ -1895,6 +1952,63 @@ int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, return _InitRng(rng, nonce, nonceSz, heap, devId); } +#ifdef HAVE_HASHDRBG +static int PollAndReSeed(WC_RNG* rng) +{ + int ret = DRBG_NEED_RESEED; + int devId = INVALID_DEVID; +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + devId = rng->devId; +#endif + if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) { + #ifndef WOLFSSL_SMALL_STACK + byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; + ret = DRBG_SUCCESS; + #else + byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap, + DYNAMIC_TYPE_SEED); + ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS; + #endif + if (ret == DRBG_SUCCESS) { + #ifdef WC_RNG_SEED_CB + if (seedCb == NULL) { + ret = DRBG_NO_SEED_CB; + } + else { + ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ); + if (ret != 0) { + ret = DRBG_FAILURE; + } + } + #else + ret = wc_GenerateSeed(&rng->seed, newSeed, + SEED_SZ + SEED_BLOCK_SZ); + #endif + if (ret != 0) + ret = DRBG_FAILURE; + } + if (ret == DRBG_SUCCESS) + ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); + + if (ret == DRBG_SUCCESS) + ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, + newSeed + SEED_BLOCK_SZ, SEED_SZ); + #ifdef WOLFSSL_SMALL_STACK + if (newSeed != NULL) { + ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ); + } + XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED); + #else + ForceZero(newSeed, sizeof(newSeed)); + #endif + } + else { + ret = DRBG_CONT_FAILURE; + } + + return ret; +} +#endif /* place a generated block in output */ WOLFSSL_ABI @@ -1954,60 +2068,22 @@ int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) if (rng->status != DRBG_OK) return RNG_FAILURE_E; +#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) + if (rng->pid != getpid()) { + rng->pid = getpid(); + ret = PollAndReSeed(rng); + if (ret != DRBG_SUCCESS) { + rng->status = DRBG_FAILED; + return RNG_FAILURE_E; + } + } +#endif + ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); if (ret == DRBG_NEED_RESEED) { - int devId = INVALID_DEVID; - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) - devId = rng->devId; - #endif - if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) { - #ifndef WOLFSSL_SMALL_STACK - byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; - ret = DRBG_SUCCESS; - #else - byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap, - DYNAMIC_TYPE_SEED); - ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS; - #endif - if (ret == DRBG_SUCCESS) { - #ifdef WC_RNG_SEED_CB - if (seedCb == NULL) { - ret = DRBG_NO_SEED_CB; - } - else { - ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ); - if (ret != 0) { - ret = DRBG_FAILURE; - } - } - #else - ret = wc_GenerateSeed(&rng->seed, newSeed, - SEED_SZ + SEED_BLOCK_SZ); - #endif - if (ret != 0) - ret = DRBG_FAILURE; - } - if (ret == DRBG_SUCCESS) - ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); - - if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, - newSeed + SEED_BLOCK_SZ, SEED_SZ); - if (ret == DRBG_SUCCESS) - ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); - - #ifdef WOLFSSL_SMALL_STACK - if (newSeed != NULL) { - ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ); - } - XFREE(newSeed, rng->heap, DYNAMIC_TYPE_SEED); - #else - ForceZero(newSeed, sizeof(newSeed)); - #endif - } - else { - ret = DRBG_CONT_FAILURE; - } + ret = PollAndReSeed(rng); + if (ret == DRBG_SUCCESS) + ret = Hash_DRBG_Generate((DRBG_internal *)rng->drbg, output, sz); } if (ret == DRBG_SUCCESS) { @@ -2523,7 +2599,6 @@ static WC_INLINE int IntelRDseed64_r(word64* rnd) return -1; } -#ifndef WOLFSSL_LINUXKM /* return 0 on success */ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) { @@ -2554,7 +2629,6 @@ static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz) return 0; } -#endif #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */ @@ -2711,6 +2785,34 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(USE_WINDOWS_API) +#ifdef WIN_REUSE_CRYPT_HANDLE +/* shared crypt handle for RNG use */ +static ProviderHandle gHandle = 0; + +int wc_WinCryptHandleInit(void) +{ + int ret = 0; + if (gHandle == 0) { + if(!CryptAcquireContext(&gHandle, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { + DWORD dw = GetLastError(); + WOLFSSL_MSG("CryptAcquireContext failed!"); + WOLFSSL_ERROR((int)dw); + ret = WINCRYPT_E; + } + } + return ret; +} + +void wc_WinCryptHandleCleanup(void) +{ + if (gHandle != 0) { + CryptReleaseContext(gHandle, 0); + gHandle = 0; + } +} +#endif /* WIN_REUSE_CRYPT_HANDLE */ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { #ifdef WOLF_CRYPTO_CB @@ -2741,14 +2843,27 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #endif /* HAVE_INTEL_RDSEED */ - if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) +#ifdef WIN_REUSE_CRYPT_HANDLE + /* Check that handle was initialized. + * Note: initialization should be done through: + * wolfSSL_Init -> wolfCrypt_Init -> wc_WinCryptHandleInit + */ + if (wc_WinCryptHandleInit() != 0) { return WINCRYPT_E; - - if (!CryptGenRandom(os->handle, sz, output)) + } + if (!CryptGenRandom(gHandle, sz, output)) return CRYPTGEN_E; - +#else + if (!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { + return WINCRYPT_E; + } + if (!CryptGenRandom(os->handle, sz, output)) { + return CRYPTGEN_E; + } CryptReleaseContext(os->handle, 0); + os->handle = 0; +#endif return 0; } @@ -3687,16 +3802,69 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #endif /* end WOLFSSL_ESPIDF */ #elif defined(WOLFSSL_LINUXKM) + + /* When registering the kernel default DRBG with a native/intrinsic entropy + * source, fallback to get_random_bytes() isn't allowed because we replace + * it with our DRBG. + */ + + #if defined(HAVE_ENTROPY_MEMUSE) && \ + defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + return wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz); + } + + #elif (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \ + defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + return wc_GenerateSeed_IntelRD(NULL, output, sz); + } + + #else /* !((HAVE_ENTROPY_MEMUSE || HAVE_*_RDSEED) && LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) */ + #include int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { (void)os; + int ret; - get_random_bytes(output, sz); + #ifdef HAVE_ENTROPY_MEMUSE + ret = wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz); + if (ret == 0) { + return 0; + } + #ifdef ENTROPY_MEMUSE_FORCE_FAILURE + /* Don't fallback to /dev/urandom. */ + return ret; + #endif + #endif + #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED) + if (IS_INTEL_RDSEED(intel_flags)) { + ret = wc_GenerateSeed_IntelRD(NULL, output, sz); + #ifndef FORCE_FAILURE_RDSEED + if (ret == 0) + #endif + { + return ret; + } + } + #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */ + + (void)ret; + + get_random_bytes(output, sz); return 0; } + #endif /* !(HAVE_*_RDSEED && LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) */ + #elif defined(WOLFSSL_RENESAS_TSIP) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) @@ -3908,37 +4076,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return wc_MXC_TRNG_Random(output, sz); } -#elif defined(WOLFSSL_GETRANDOM) - - /* getrandom() was added to the Linux kernel in version 3.17. - * Added to glibc in version 2.25. */ - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - int ret = 0; - (void)os; - - while (sz) { - int len; - - errno = 0; - len = (int)getrandom(output, sz, 0); - if (len == -1) { - if (errno == EINTR) { - /* interrupted, call getrandom again */ - continue; - } - else { - ret = READ_RAN_E; - } - break; - } - - sz -= len; - output += len; - } - return ret; - } - #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) /* Infineon/Cypress HAL RNG implementation */ @@ -4074,6 +4211,43 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */ + #if defined(WOLFSSL_GETRANDOM) || defined(HAVE_GETRANDOM) + { + word32 grSz = sz; + byte* grOutput = output; + + while (grSz) { + ssize_t len; + + errno = 0; + len = getrandom(grOutput, grSz, 0); + if (len == -1) { + if (errno == EINTR) { + /* interrupted, call getrandom again */ + continue; + } + else { + ret = READ_RAN_E; + } + break; + } + + grSz -= (word32)len; + grOutput += len; + } + if (ret == 0) + return ret; + #ifdef FORCE_FAILURE_GETRANDOM + /* don't fallback to /dev/urandom */ + return ret; + #else + /* reset error and fallback to using /dev/urandom */ + ret = 0; + #endif + } + #endif + +#ifndef NO_FILESYSTEM #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) @@ -4113,6 +4287,9 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) } } close(os->fd); +#else + ret = NOT_COMPILED_IN; +#endif /* NO_FILESYSTEM */ return ret; } diff --git a/src/wolfcrypt/src/rc2.c b/src/wolfcrypt/src/rc2.c index 33d2bd2..a754139 100644 --- a/src/wolfcrypt/src/rc2.c +++ b/src/wolfcrypt/src/rc2.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/ripemd.c b/src/wolfcrypt/src/ripemd.c index 7f3b6d8..73e9d32 100644 --- a/src/wolfcrypt/src/ripemd.c +++ b/src/wolfcrypt/src/ripemd.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/rsa.c b/src/wolfcrypt/src/rsa.c index 94d57bd..78c0c9e 100644 --- a/src/wolfcrypt/src/rsa.c +++ b/src/wolfcrypt/src/rsa.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2551,7 +2551,7 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng) if (ret == 0) { /* blind */ - ret = mp_rand(rnd, get_digit_count(&key->n), rng); + ret = mp_rand(rnd, mp_get_digit_count(&key->n), rng); } if (ret == 0) { /* rndi = 1/rnd mod n */ @@ -2924,7 +2924,8 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ -#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Performs direct RSA computation without padding. The input and output must * match the key size (ex: 2048-bits = 256 bytes). Returns the size of the * output on success or negative value on failure. */ @@ -3010,7 +3011,8 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, return ret; } -#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING || OPENSSL_EXTRA || \ + * OPENSSL_EXTRA_X509_SMALL */ #if defined(WOLFSSL_CRYPTOCELL) static int cc310_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -3761,6 +3763,9 @@ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -3782,6 +3787,9 @@ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -3802,6 +3810,9 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -3823,6 +3834,9 @@ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -3843,6 +3857,9 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -3856,7 +3873,7 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) } #endif -#ifndef WOLFSSL_RSA_VERIFY_ONLY +#ifndef WOLFSSL_RSA_VERIFY_INLINE int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { @@ -3951,6 +3968,9 @@ int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out, WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -4006,6 +4026,9 @@ int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out, word32 outLen, WC_RNG* rng; int ret; #ifdef WC_RSA_BLINDING + if (key == NULL) { + return BAD_FUNC_ARG; + } rng = key->rng; #else rng = NULL; @@ -4192,6 +4215,9 @@ int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out, saltLen = hLen; #ifdef WOLFSSL_SHA512 + if (key == NULL) { + return BAD_FUNC_ARG; + } /* See FIPS 186-4 section 5.5 item (e). */ bits = mp_count_bits(&key->n); if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE) @@ -4238,6 +4264,9 @@ int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, byte* out, word32 outLen, saltLen = hLen; #ifdef WOLFSSL_SHA512 + if (key == NULL) { + return BAD_FUNC_ARG; + } /* See FIPS 186-4 section 5.5 item (e). */ bits = mp_count_bits(&key->n); if (bits == 1024 && hLen == WC_SHA512_DIGEST_SIZE) @@ -5063,7 +5092,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) /* Blind the inverse operation with a value that is invertable */ if (err == MP_OKAY) { do { - err = mp_rand(&key->p, get_digit_count(tmp3), rng); + err = mp_rand(&key->p, mp_get_digit_count(tmp3), rng); if (err == MP_OKAY) err = mp_set_bit(&key->p, 0); if (err == MP_OKAY) diff --git a/src/wolfcrypt/src/sakke.c b/src/wolfcrypt/src/sakke.c index d428c59..3e8db92 100644 --- a/src/wolfcrypt/src/sakke.c +++ b/src/wolfcrypt/src/sakke.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sha.c b/src/wolfcrypt/src/sha.c index 887541a..8dc9662 100644 --- a/src/wolfcrypt/src/sha.c +++ b/src/wolfcrypt/src/sha.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -780,6 +780,7 @@ int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) { #ifdef LITTLE_ENDIAN_ORDER word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; + XMEMSET(digest, 0, sizeof(digest)); #endif if (sha == NULL || hash == NULL) { diff --git a/src/wolfcrypt/src/sha256.c b/src/wolfcrypt/src/sha256.c index 5b990a2..08434c9 100644 --- a/src/wolfcrypt/src/sha256.c +++ b/src/wolfcrypt/src/sha256.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -206,6 +206,8 @@ on the specific device platform. #endif #elif defined(FREESCALE_MMCAU_SHA) #define SHA256_UPDATE_REV_BYTES(ctx) 0 /* reverse not needed on update */ +#elif defined(WOLFSSL_PPC32_ASM) + #define SHA256_UPDATE_REV_BYTES(ctx) 0 #else #define SHA256_UPDATE_REV_BYTES(ctx) SHA256_REV_BYTES(ctx) #endif @@ -1067,6 +1069,35 @@ static int InitSha256(wc_Sha256* sha256) #elif defined(WOLFSSL_RENESAS_RX64_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ +#elif defined(WOLFSSL_PPC32_ASM) + +extern void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, + word32 len); + +int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) +{ + int ret = 0; + + if (sha256 == NULL) + return BAD_FUNC_ARG; + ret = InitSha256(sha256); + if (ret != 0) + return ret; + + sha256->heap = heap; + (void)devId; + + return ret; +} + +static int Transform_Sha256(wc_Sha256* sha256, const byte* data) +{ + Transform_Sha256_Len(sha256, data, WC_SHA256_BLOCK_SIZE); + return 0; +} + +#define XTRANSFORM Transform_Sha256 +#define XTRANSFORM_LEN Transform_Sha256_Len #else #define NEED_SOFT_SHA256 @@ -1171,7 +1202,7 @@ static int InitSha256(wc_Sha256* sha256) word32 S[8], t0, t1; int i; - #ifdef WOLFSSL_SMALL_STACK_CACHE + #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_NO_MALLOC) word32* W = sha256->W; if (W == NULL) { W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL, @@ -1180,7 +1211,7 @@ static int InitSha256(wc_Sha256* sha256) return MEMORY_E; sha256->W = W; } - #elif defined(WOLFSSL_SMALL_STACK) + #elif defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) word32* W; W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1221,7 +1252,8 @@ static int InitSha256(wc_Sha256* sha256) sha256->digest[i] += S[i]; } - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) &&\ + !defined(WOLFSSL_NO_MALLOC) ForceZero(W, sizeof(word32) * WC_SHA256_BLOCK_SIZE); XFREE(W, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1683,6 +1715,7 @@ static int InitSha256(wc_Sha256* sha256) { #ifdef LITTLE_ENDIAN_ORDER word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + XMEMSET(digest, 0, sizeof(digest)); #endif if (sha256 == NULL || hash == NULL) { diff --git a/src/wolfcrypt/src/sha3.c b/src/wolfcrypt/src/sha3.c index a9795ff..145c666 100644 --- a/src/wolfcrypt/src/sha3.c +++ b/src/wolfcrypt/src/sha3.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -21,6 +21,12 @@ #include +#ifdef WC_SHA3_NO_ASM + #undef USE_INTEL_SPEEDUP + #undef WOLFSSL_ARMASM + #undef WOLFSSL_RISCV_ASM +#endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ !defined(WOLFSSL_AFALG_XILINX_SHA3) @@ -242,9 +248,6 @@ while (0) * * s The state. */ -#ifndef USE_INTEL_SPEEDUP -static -#endif void BlockSha3(word64* s) { byte i, x, y; @@ -535,9 +538,6 @@ while (0) * * s The state. */ -#ifndef USE_INTEL_SPEEDUP -static -#endif void BlockSha3(word64* s) { word64 n[25]; diff --git a/src/wolfcrypt/src/sha512.c b/src/wolfcrypt/src/sha512.c index 73ef412..b0ca4c2 100644 --- a/src/wolfcrypt/src/sha512.c +++ b/src/wolfcrypt/src/sha512.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/signature.c b/src/wolfcrypt/src/signature.c index 5576e2e..4a403c8 100644 --- a/src/wolfcrypt/src/signature.c +++ b/src/wolfcrypt/src/signature.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/siphash.c b/src/wolfcrypt/src/siphash.c index 05c2690..67e26a1 100644 --- a/src/wolfcrypt/src/siphash.c +++ b/src/wolfcrypt/src/siphash.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -21,6 +21,10 @@ #include +#if defined(WC_SIPHASH_NO_ASM) && !defined(WOLFSSL_NO_ASM) + #define WOLFSSL_NO_ASM +#endif + #include #ifdef NO_INLINE diff --git a/src/wolfcrypt/src/sm2.c b/src/wolfcrypt/src/sm2.c index b866522..18612c0 100644 --- a/src/wolfcrypt/src/sm2.c +++ b/src/wolfcrypt/src/sm2.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sm3.c b/src/wolfcrypt/src/sm3.c index b4723d8..e5e294b 100644 --- a/src/wolfcrypt/src/sm3.c +++ b/src/wolfcrypt/src/sm3.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sm4.c b/src/wolfcrypt/src/sm4.c index 4da6f0b..8001d4e 100644 --- a/src/wolfcrypt/src/sm4.c +++ b/src/wolfcrypt/src/sm4.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_arm32.c b/src/wolfcrypt/src/sp_arm32.c index a70eb35..ed50bff 100644 --- a/src/wolfcrypt/src/sp_arm32.c +++ b/src/wolfcrypt/src/sp_arm32.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -252,10 +252,11 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2260,10 +2261,11 @@ static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2626,10 +2628,11 @@ static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2770,10 +2773,11 @@ static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2817,9 +2821,11 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_16(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2876,11 +2882,11 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3003,9 +3009,11 @@ SP_NOINLINE static void sp_2048_mul_16(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3090,11 +3098,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3249,9 +3257,11 @@ SP_NOINLINE static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3392,11 +3402,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3608,9 +3618,10 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4830,9 +4841,10 @@ static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5085,9 +5097,10 @@ static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5214,10 +5227,11 @@ static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5297,11 +5311,11 @@ SP_NOINLINE static void sp_2048_sqr_16(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5395,11 +5409,11 @@ SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5523,11 +5537,11 @@ SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5575,9 +5589,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5624,10 +5640,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5835,9 +5852,10 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_64(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6025,11 +6043,11 @@ static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6077,9 +6095,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6126,10 +6146,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6337,9 +6358,10 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_32(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6531,9 +6553,11 @@ static void sp_2048_mont_setup(const sp_digit* a, sp_digit* rho) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6640,9 +6664,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8734,11 +8760,11 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8787,11 +8813,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8937,11 +8963,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -9931,11 +9957,11 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -10240,11 +10266,11 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -10490,9 +10516,11 @@ SP_NOINLINE static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -10599,9 +10627,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11655,9 +11685,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_32(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11725,9 +11757,11 @@ static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_32(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11872,9 +11906,11 @@ static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_32(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12678,11 +12714,11 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12731,11 +12767,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12993,11 +13029,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14915,11 +14951,11 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15480,11 +15516,11 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15890,11 +15926,11 @@ SP_NOINLINE static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15941,11 +15977,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16092,9 +16128,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_64(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16162,9 +16200,11 @@ static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_64(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16413,9 +16453,11 @@ static void sp_2048_mask_64(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_64(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17693,11 +17735,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17746,11 +17788,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -18203,9 +18245,11 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef HAVE_FFDHE_2048 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_2048_lshift_64(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_2048_lshift_64(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_2048_lshift_64(sp_digit* r, + const sp_digit* a, byte n) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19036,10 +19080,11 @@ static void sp_3072_to_bin_96(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24545,11 +24590,11 @@ static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24600,9 +24645,11 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_24(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24673,11 +24720,11 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_24(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_24(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24818,9 +24865,11 @@ SP_NOINLINE static void sp_3072_mul_24(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24933,11 +24982,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -25120,9 +25169,11 @@ SP_NOINLINE static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -25319,11 +25370,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -25590,9 +25641,10 @@ SP_NOINLINE static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -28665,11 +28717,11 @@ static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -28756,11 +28808,11 @@ SP_NOINLINE static void sp_3072_sqr_24(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_24(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_24(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -28868,11 +28920,11 @@ SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_48(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29024,11 +29076,11 @@ SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29076,9 +29128,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29125,10 +29179,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29336,9 +29391,10 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_96(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29526,11 +29582,11 @@ static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29578,9 +29634,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29627,10 +29685,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -29838,9 +29897,10 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_48(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -30032,9 +30092,11 @@ static void sp_3072_mont_setup(const sp_digit* a, sp_digit* rho) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -30141,9 +30203,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33259,11 +33323,11 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33312,11 +33376,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33518,11 +33582,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34976,11 +35040,11 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35413,11 +35477,11 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35743,9 +35807,11 @@ SP_NOINLINE static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35852,9 +35918,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -37420,9 +37488,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_48(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -37490,9 +37560,11 @@ static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_48(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -37637,9 +37709,11 @@ static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_48(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -38619,11 +38693,11 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -38672,11 +38746,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -39046,11 +39120,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41896,11 +41970,11 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -42717,11 +42791,11 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43287,11 +43361,11 @@ SP_NOINLINE static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43338,11 +43412,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43545,9 +43619,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_96(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43615,9 +43691,11 @@ static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_96(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43866,9 +43944,11 @@ static void sp_3072_mask_96(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_96(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45503,11 +45583,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45556,11 +45636,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -46069,9 +46149,11 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef HAVE_FFDHE_3072 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_3072_lshift_96(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_3072_lshift_96(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_3072_lshift_96(sp_digit* r, + const sp_digit* a, byte n) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -47093,9 +47175,11 @@ static void sp_4096_to_bin_128(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -47348,11 +47432,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -47684,11 +47768,11 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -47736,9 +47820,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -47785,10 +47871,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -47996,9 +48083,11 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_4096_sqr_128(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_4096_sqr_128(sp_digit* r, + const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -48188,9 +48277,11 @@ static void sp_4096_mont_setup(const sp_digit* a, sp_digit* rho) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -48297,9 +48388,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -52440,11 +52533,11 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -52493,11 +52586,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -52979,11 +53072,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56757,11 +56850,11 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57834,11 +57927,11 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58564,11 +58657,11 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58615,11 +58708,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58878,9 +58971,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_4096_word_128(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_4096_word_128(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58948,9 +59043,11 @@ static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_4096_word_128(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_4096_word_128(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -59199,9 +59296,11 @@ static void sp_4096_mask_128(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_4096_cmp_128(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -61188,11 +61287,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -61241,11 +61340,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -61810,9 +61909,11 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef HAVE_FFDHE_4096 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_4096_lshift_128(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_4096_lshift_128(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_4096_lshift_128(sp_digit* r, + const sp_digit* a, byte n) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -62834,11 +62935,13 @@ static const sp_digit p256_order[8] = { 0x00000000,0xffffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[8] = { 0xfc63254f,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff, 0x00000000,0xffffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[8] = { @@ -62876,7 +62979,8 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[8] = { 0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55, 0xaa3a93e7,0x5ac635d8 @@ -62891,10 +62995,11 @@ static const sp_digit p256_b[8] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63105,10 +63210,11 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -65113,10 +65219,11 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -65479,10 +65586,11 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -65624,9 +65732,10 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -65795,9 +65904,10 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -67017,9 +67127,10 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -67272,9 +67383,10 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -67403,10 +67515,11 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -67454,10 +67567,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -67503,11 +67617,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * m The modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static int sp_256_mod_mul_norm_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static int sp_256_mod_mul_norm_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -67956,11 +68070,12 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, + sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70098,11 +70213,12 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, + sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70597,11 +70713,12 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, + sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70873,11 +70990,11 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, + const sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72092,11 +72209,11 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, + const sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72480,11 +72597,11 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r, + const sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72838,9 +72955,11 @@ static void sp_256_mont_inv_8(sp_digit* r, const sp_digit* a, sp_digit* td) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_256_cmp_8(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_256_cmp_8(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72991,11 +73110,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73044,11 +73163,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73113,11 +73232,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73411,11 +73530,11 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73528,11 +73647,11 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73628,11 +73747,11 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73801,11 +73920,11 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_order_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_order_8( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74099,11 +74218,11 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_order_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_order_8( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74216,11 +74335,11 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_order_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_256_mont_reduce_order_8( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74357,11 +74476,11 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_mont_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_mont_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74430,10 +74549,11 @@ static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_mont_dbl_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_mont_dbl_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74497,10 +74617,11 @@ static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_mont_tpl_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_mont_tpl_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74597,11 +74718,11 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, const sp_digit* m) * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_mont_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_mont_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -74668,11 +74789,11 @@ static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_mont_div2_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_mont_div2_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -78249,14 +78370,15 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_add_one_8(sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_add_one_8(sp_digit* a_p) #else -static void sp_256_add_one_8(sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_add_one_8(sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -78287,6 +78409,7 @@ static void sp_256_add_one_8(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -78673,9 +78796,11 @@ int sp_ecc_secret_gen_256_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -78720,9 +78845,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -78767,9 +78894,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, + sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -78876,9 +79005,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, + sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -79164,9 +79295,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_256_word_8(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -79234,9 +79367,11 @@ static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_256_word_8(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -80027,10 +80162,11 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -80077,10 +80213,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -80119,9 +80256,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_SP_SMALL */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_rshift1_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_rshift1_8(sp_digit* r, + const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -80213,10 +80352,11 @@ static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_div2_mod_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_div2_mod_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -80342,9 +80482,9 @@ static const byte L_sp_256_num_bits_8_table[] = { }; #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_256_num_bits_8(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_256_num_bits_8(const sp_digit* a_p) #else -static int sp_256_num_bits_8(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_256_num_bits_8(const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -80683,9 +80823,9 @@ static int sp_256_num_bits_8(const sp_digit* a) #else #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_256_num_bits_8(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_256_num_bits_8(const sp_digit* a_p) #else -static int sp_256_num_bits_8(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_256_num_bits_8(const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -81217,7 +81357,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -81786,7 +81926,7 @@ static const sp_digit p384_norm_mod[12] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x00000001; +static const sp_digit p384_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -81795,11 +81935,13 @@ static const sp_digit p384_order[12] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[12] = { 0xccc52971,0xecec196a,0x48b0a77a,0x581a0db2,0xf4372ddf,0xc7634d81, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[12] = { @@ -81809,7 +81951,7 @@ static const sp_digit p384_norm_order[12] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0xe88fdc45; +static const sp_digit p384_mp_order = 0xe88fdc45; #endif /* The base point of curve P384. */ static const sp_point_384 p384_base = { @@ -81840,7 +81982,8 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[12] = { 0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f, 0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7 @@ -81855,10 +81998,11 @@ static const sp_digit p384_b[12] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -82068,10 +82212,11 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -87578,9 +87723,10 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -87748,9 +87894,10 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -90825,10 +90972,11 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -90876,10 +91024,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -91231,11 +91380,11 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -91284,11 +91433,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -91366,11 +91515,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_384_mont_reduce_12( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -91780,11 +91929,11 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_384_mont_reduce_12( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -91929,11 +92078,11 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_384_mont_reduce_12( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92191,9 +92340,11 @@ static void sp_384_mont_inv_12(sp_digit* r, const sp_digit* a, sp_digit* td) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_384_cmp_12(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_384_cmp_12(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92426,11 +92577,11 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_384_mont_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_384_mont_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92453,11 +92604,11 @@ static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_384_mont_dbl_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_384_mont_dbl_12(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92479,11 +92630,11 @@ static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_384_mont_tpl_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_384_mont_tpl_12(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92508,10 +92659,11 @@ static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92558,10 +92710,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92616,11 +92769,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92669,11 +92822,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92749,11 +92902,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_384_mont_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_384_mont_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -92773,9 +92926,11 @@ static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, #else #endif /* WOLFSSL_SP_SMALL */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_rshift1_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_384_rshift1_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_rshift1_12(sp_digit* r, + const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -96412,14 +96567,15 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_add_one_12(sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_add_one_12(sp_digit* a_p) #else -static void sp_384_add_one_12(sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_add_one_12(sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -96456,6 +96612,7 @@ static void sp_384_add_one_12(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -96842,9 +96999,11 @@ int sp_ecc_secret_gen_384_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -96889,9 +97048,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -96943,9 +97104,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -97052,9 +97215,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -97468,9 +97633,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_384_word_12(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -97538,9 +97705,11 @@ static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_384_word_12(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -98301,11 +98470,11 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_384_div2_mod_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_384_div2_mod_12(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -98453,9 +98622,9 @@ static const byte L_sp_384_num_bits_12_table[] = { }; #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_384_num_bits_12(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_384_num_bits_12(const sp_digit* a_p) #else -static int sp_384_num_bits_12(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_384_num_bits_12(const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -99025,9 +99194,9 @@ static int sp_384_num_bits_12(const sp_digit* a) #else #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_384_num_bits_12(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_384_num_bits_12(const sp_digit* a_p) #else -static int sp_384_num_bits_12(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_384_num_bits_12(const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -99619,7 +99788,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -100220,7 +100389,7 @@ static const sp_digit p521_norm_mod[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x00000001; +static const sp_digit p521_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -100230,12 +100399,14 @@ static const sp_digit p521_order[17] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[17] = { 0x91386407,0xbb6fb71e,0x899c47ae,0x3bb5c9b8,0xf709a5d0,0x7fcc0148, 0xbf2f966b,0x51868783,0xfffffffa,0xffffffff,0xffffffff,0xffffffff, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[17] = { @@ -100246,7 +100417,7 @@ static const sp_digit p521_norm_order[17] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x79a995c7; +static const sp_digit p521_mp_order = 0x79a995c7; #endif /* The base point of curve P521. */ static const sp_point_521 p521_base = { @@ -100283,7 +100454,8 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[17] = { 0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd, 0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b, @@ -100299,10 +100471,11 @@ static const sp_digit p521_b[17] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -100515,10 +100688,11 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -111544,9 +111718,10 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -111717,9 +111892,10 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -117603,10 +117779,11 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -117660,10 +117837,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -117943,11 +118121,11 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -117996,11 +118174,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -118094,11 +118272,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -118244,11 +118422,11 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_order_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_order_17( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -118885,11 +119063,11 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_order_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_order_17( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -119156,11 +119334,11 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_order_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_521_mont_reduce_order_17( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -119522,9 +119700,11 @@ static void sp_521_mont_inv_17(sp_digit* r, const sp_digit* a, sp_digit* td) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_521_cmp_17(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_521_cmp_17(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -119812,11 +119992,11 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_521_mont_add_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_521_mont_add_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -119915,11 +120095,11 @@ static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_521_mont_dbl_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_521_mont_dbl_17(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -120008,11 +120188,11 @@ static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_521_mont_tpl_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_521_mont_tpl_17(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -120122,11 +120302,11 @@ static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_521_mont_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_521_mont_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -120220,9 +120400,11 @@ static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_rshift1_17(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_521_rshift1_17(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_rshift1_17(sp_digit* r, + const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -124501,14 +124683,15 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_add_one_17(sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_add_one_17(sp_digit* a_p) #else -static void sp_521_add_one_17(sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_add_one_17(sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -124554,6 +124737,7 @@ static void sp_521_add_one_17(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -124933,9 +125117,11 @@ int sp_ecc_secret_gen_521_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_521_rshift_17(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_521_rshift_17(sp_digit* r, + const sp_digit* a, byte n) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -125052,9 +125238,11 @@ static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n) #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_17(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_17(sp_digit* r, + const sp_digit* a, byte n) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -125179,9 +125367,11 @@ static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n) } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_34(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_34(sp_digit* r, + const sp_digit* a, byte n) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -125414,9 +125604,11 @@ static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -125466,9 +125658,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -125531,9 +125725,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -125640,9 +125836,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -126216,9 +126414,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_521_word_17(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -126286,9 +126486,11 @@ static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_521_word_17(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -127080,10 +127282,11 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -127135,10 +127338,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -127201,11 +127405,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_521_div2_mod_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_521_div2_mod_17(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -127388,9 +127592,9 @@ static const byte L_sp_521_num_bits_17_table[] = { }; #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_521_num_bits_17(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_521_num_bits_17(const sp_digit* a_p) #else -static int sp_521_num_bits_17(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_521_num_bits_17(const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -128250,9 +128454,9 @@ static int sp_521_num_bits_17(const sp_digit* a) #else #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_521_num_bits_17(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_521_num_bits_17(const sp_digit* a_p) #else -static int sp_521_num_bits_17(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_521_num_bits_17(const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -128921,7 +129125,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -129472,10 +129676,11 @@ typedef struct sp_point_1024 { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -139242,9 +139447,10 @@ static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_16(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -144487,11 +144693,11 @@ static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -144549,9 +144755,11 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -144636,11 +144844,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -144796,11 +145004,11 @@ SP_NOINLINE static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -144895,10 +145103,11 @@ SP_NOINLINE static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145106,9 +145315,10 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_32(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145362,9 +145572,11 @@ static const sp_point_1024 p1024_base = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145413,11 +145625,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145466,11 +145678,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145616,11 +145828,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145669,9 +145881,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -145778,9 +145992,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -146834,9 +147050,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_1024_word_32(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -146904,9 +147122,11 @@ static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) +WC_OMIT_FRAME_POINTER static sp_digit div_1024_word_32(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit div) +WC_OMIT_FRAME_POINTER static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, + sp_digit div) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -147081,9 +147301,11 @@ static void sp_1024_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_1024_cmp_32(const sp_digit* a, + const sp_digit* b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -147819,11 +148041,11 @@ static int sp_1024_point_to_ecc_point_32(const sp_point_1024* p, ecc_point* pm) * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_1024_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_1024_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -148818,11 +149040,11 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_1024_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_1024_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -149132,11 +149354,11 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_1024_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER static SP_NOINLINE void sp_1024_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -149494,11 +149716,11 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -149680,11 +149902,11 @@ static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_dbl_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_dbl_32(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -149849,11 +150071,11 @@ static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_tpl_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_tpl_32(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -150174,11 +150396,11 @@ static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_1024_mont_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -150357,11 +150579,11 @@ static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -150410,11 +150632,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -150553,9 +150775,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, #endif /* WOLFSSL_SP_SMALL */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_1024_rshift1_32(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_1024_rshift1_32(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_1024_rshift1_32(sp_digit* r, + const sp_digit* a) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -159628,7 +159852,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. diff --git a/src/wolfcrypt/src/sp_arm64.c b/src/wolfcrypt/src/sp_arm64.c index 3b9bc25..f34b598 100644 --- a/src/wolfcrypt/src/sp_arm64.c +++ b/src/wolfcrypt/src/sp_arm64.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -93,7 +93,7 @@ static void sp_2048_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" @@ -3351,7 +3351,7 @@ SP_NOINLINE static void sp_2048_mont_reduce_16(sp_digit* a, const sp_digit* m, "adc x3, x3, xzr\n\t" "subs x4, x4, 1\n\t" "add %[a], %[a], 8\n\t" - "bne 1b\n\t" + "b.ne 1b\n\t" "# Create mask\n\t" "neg x3, x3\n\t" "mov x9, %[a]\n\t" @@ -6980,7 +6980,7 @@ static void sp_3072_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" @@ -16577,7 +16577,7 @@ static void sp_4096_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" @@ -21745,11 +21745,13 @@ static const sp_digit p256_order[4] = { 0xffffffff00000000L }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[4] = { 0xf3b9cac2fc63254fL,0xbce6faada7179e84L,0xffffffffffffffffL, 0xffffffff00000000L }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[4] = { @@ -21786,7 +21788,8 @@ static const sp_point_256 p256_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[4] = { 0x3bce3c3e27d2604bL,0x651d06b0cc53b0f6L,0xb3ebbd55769886bcL, 0x5ac635d8aa3a93e7L @@ -39614,6 +39617,7 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. @@ -39636,6 +39640,7 @@ static void sp_256_add_one_4(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -39654,7 +39659,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" @@ -42051,7 +42056,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. @@ -42664,7 +42669,7 @@ static const sp_digit p384_norm_mod[6] = { 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x0000000100000001; +static const sp_digit p384_mp_mod = 0x0000000100000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -42673,11 +42678,13 @@ static const sp_digit p384_order[6] = { 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[6] = { 0xecec196accc52971L,0x581a0db248b0a77aL,0xc7634d81f4372ddfL, 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[6] = { @@ -42687,7 +42694,7 @@ static const sp_digit p384_norm_order[6] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0x6ed46089e88fdc45L; +static const sp_digit p384_mp_order = 0x6ed46089e88fdc45L; #endif #ifdef WOLFSSL_SP_SMALL /* The base point of curve P384. */ @@ -42717,7 +42724,8 @@ static const sp_point_384 p384_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[6] = { 0x2a85c8edd3ec2aefL,0xc656398d8a2ed19dL,0x0314088f5013875aL, 0x181d9c6efe814112L,0x988e056be3f82d19L,0xb3312fa7e23ee7e4L @@ -43857,7 +43865,7 @@ SP_NOINLINE static void sp_384_mont_reduce_order_6(sp_digit* a, const sp_digit* "adc x3, x3, xzr\n\t" "subs x4, x4, 1\n\t" "add %[a], %[a], 8\n\t" - "bne 1b\n\t" + "b.ne 1b\n\t" "# Create mask\n\t" "neg x3, x3\n\t" "mov x9, %[a]\n\t" @@ -66354,6 +66362,7 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. @@ -66380,6 +66389,7 @@ static void sp_384_add_one_6(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -66398,7 +66408,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" @@ -68152,7 +68162,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -68753,7 +68763,7 @@ static const sp_digit p521_norm_mod[9] = { 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x0000000000000001; +static const sp_digit p521_mp_mod = 0x0000000000000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -68763,12 +68773,14 @@ static const sp_digit p521_order[9] = { 0xffffffffffffffffL,0xffffffffffffffffL,0x00000000000001ffL }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[9] = { 0xbb6fb71e91386407L,0x3bb5c9b8899c47aeL,0x7fcc0148f709a5d0L, 0x51868783bf2f966bL,0xfffffffffffffffaL,0xffffffffffffffffL, 0xffffffffffffffffL,0xffffffffffffffffL,0x00000000000001ffL }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[9] = { @@ -68779,7 +68791,7 @@ static const sp_digit p521_norm_order[9] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x1d2f5ccd79a995c7L; +static const sp_digit p521_mp_order = 0x1d2f5ccd79a995c7L; #endif #ifdef WOLFSSL_SP_SMALL /* The base point of curve P521. */ @@ -68812,7 +68824,8 @@ static const sp_point_521 p521_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[9] = { 0xef451fd46b503f00L,0x3573df883d2c34f1L,0x1652c0bd3bb1bf07L, 0x56193951ec7e937bL,0xb8b489918ef109e1L,0xa2da725b99b315f3L, @@ -72225,7 +72238,7 @@ SP_NOINLINE static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, "# mu = a[i] * mp\n\t" "mul x9, %[mp], x13\n\t" "cmp x4, #1\n\t" - "bne L_521_mont_reduce_9_nomask\n\t" + "b.ne L_521_mont_reduce_9_nomask\n\t" "and x9, x9, #0x1ff\n\t" "L_521_mont_reduce_9_nomask:\n\t" "# a[i+0] += m[0] * mu\n\t" @@ -72299,7 +72312,7 @@ SP_NOINLINE static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, "adc x3, x3, xzr\n\t" "subs x4, x4, 1\n\t" "add %[a], %[a], 8\n\t" - "bne 1b\n\t" + "b.ne 1b\n\t" "extr x12, x13, x12, 9\n\t" "extr x13, x14, x13, 9\n\t" "extr x14, x15, x14, 9\n\t" @@ -111488,6 +111501,7 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. @@ -111522,6 +111536,7 @@ static void sp_521_add_one_9(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -111540,7 +111555,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" @@ -113074,7 +113089,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -115978,7 +115993,7 @@ SP_NOINLINE static void sp_1024_mont_reduce_16(sp_digit* a, const sp_digit* m, "adc x3, x3, xzr\n\t" "subs x4, x4, 1\n\t" "add %[a], %[a], 8\n\t" - "bne 1b\n\t" + "b.ne 1b\n\t" "# Create mask\n\t" "subs x11, x10, x28\n\t" "neg x3, x3\n\t" @@ -125109,7 +125124,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -125128,7 +125143,7 @@ static void sp_1024_from_bin(sp_digit* r, int size, const byte* a, int n) "sub x4, x4, 8\n\t" "subs x6, %[n], 8\n\t" "mov x7, xzr\n\t" - "blt 2f\n\t" + "b.lt 2f\n\t" /* Put in multiples of 8 bytes. */ "1:\n\t" "ldr x8, [x4], -8\n\t" diff --git a/src/wolfcrypt/src/sp_armthumb.c b/src/wolfcrypt/src/sp_armthumb.c index 4868f7f..76c85f9 100644 --- a/src/wolfcrypt/src/sp_armthumb.c +++ b/src/wolfcrypt/src/sp_armthumb.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -96690,11 +96690,13 @@ static const sp_digit p256_order[8] = { 0x00000000,0xffffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[8] = { 0xfc63254f,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff, 0x00000000,0xffffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[8] = { @@ -96732,7 +96734,8 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[8] = { 0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55, 0xaa3a93e7,0x5ac635d8 @@ -103819,6 +103822,7 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. @@ -103904,6 +103908,7 @@ SP_NOINLINE static void sp_256_add_one_8(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -107681,7 +107686,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -108250,7 +108255,7 @@ static const sp_digit p384_norm_mod[12] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x00000001; +static const sp_digit p384_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -108259,11 +108264,13 @@ static const sp_digit p384_order[12] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[12] = { 0xccc52971,0xecec196a,0x48b0a77a,0x581a0db2,0xf4372ddf,0xc7634d81, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[12] = { @@ -108273,7 +108280,7 @@ static const sp_digit p384_norm_order[12] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0xe88fdc45; +static const sp_digit p384_mp_order = 0xe88fdc45; #endif /* The base point of curve P384. */ static const sp_point_384 p384_base = { @@ -108304,7 +108311,8 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[12] = { 0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f, 0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7 @@ -114692,6 +114700,7 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. @@ -114813,6 +114822,7 @@ SP_NOINLINE static void sp_384_add_one_12(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -118866,7 +118876,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -119467,7 +119477,7 @@ static const sp_digit p521_norm_mod[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x00000001; +static const sp_digit p521_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -119477,12 +119487,14 @@ static const sp_digit p521_order[17] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[17] = { 0x91386407,0xbb6fb71e,0x899c47ae,0x3bb5c9b8,0xf709a5d0,0x7fcc0148, 0xbf2f966b,0x51868783,0xfffffffa,0xffffffff,0xffffffff,0xffffffff, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[17] = { @@ -119493,7 +119505,7 @@ static const sp_digit p521_norm_order[17] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x79a995c7; +static const sp_digit p521_mp_order = 0x79a995c7; #endif /* The base point of curve P521. */ static const sp_point_521 p521_base = { @@ -119530,7 +119542,8 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[17] = { 0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd, 0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b, @@ -128889,6 +128902,7 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. @@ -129055,6 +129069,7 @@ SP_NOINLINE static void sp_521_add_one_17(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -135798,7 +135813,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -218497,7 +218512,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. diff --git a/src/wolfcrypt/src/sp_c32.c b/src/wolfcrypt/src/sp_c32.c index 10d646a..6edd9f4 100644 --- a/src/wolfcrypt/src/sp_c32.c +++ b/src/wolfcrypt/src/sp_c32.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -19973,11 +19973,13 @@ static const sp_digit p256_order[9] = { 0x0003ffff,0x1fe00000,0x00ffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[9] = { 0x1c63254f,0x1dce5617,0x05e7a13c,0x0df55b4e,0x1ffffbce,0x1fffffff, 0x0003ffff,0x1fe00000,0x00ffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[9] = { @@ -20015,7 +20017,8 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[9] = { 0x07d2604b,0x1e71e1f1,0x14ec3d8e,0x1a0d6198,0x086bc651,0x1eaabb4c, 0x0f9ecfae,0x1b154752,0x005ac635 @@ -24790,6 +24793,7 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * r A single precision integer. @@ -24801,6 +24805,7 @@ SP_NOINLINE static void sp_256_add_one_9(sp_digit* a) sp_256_norm_9(a); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -26467,7 +26472,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -27038,7 +27043,7 @@ static const sp_digit p384_norm_mod[15] = { 0x0000000 }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x000001; +static const sp_digit p384_mp_mod = 0x000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -27048,12 +27053,14 @@ static const sp_digit p384_order[15] = { 0x00fffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[15] = { 0x0c52971,0x3065ab3,0x277aece,0x2c922c2,0x3581a0d,0x10dcb77,0x234d81f, 0x3ffff1d,0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff,0x3ffffff, 0x00fffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[15] = { @@ -27064,7 +27071,7 @@ static const sp_digit p384_norm_order[15] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0x8fdc45; +static const sp_digit p384_mp_order = 0x8fdc45; #endif /* The base point of curve P384. */ static const sp_point_384 p384_base = { @@ -27098,7 +27105,8 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[15] = { 0x3ec2aef,0x1723b74,0x119d2a8,0x23628bb,0x2c65639,0x004e1d6,0x14088f5, 0x104480c,0x06efe81,0x2460767,0x23f82d1,0x23815af,0x2e7e498,0x3e9f88f, @@ -32831,6 +32839,7 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * r A single precision integer. @@ -32842,6 +32851,7 @@ SP_NOINLINE static void sp_384_add_one_15(sp_digit* a) sp_384_norm_15(a); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -34523,7 +34533,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -35124,7 +35134,7 @@ static const sp_digit p521_norm_mod[21] = { 0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000,0x0000000 }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x000001; +static const sp_digit p521_mp_mod = 0x000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -35134,12 +35144,14 @@ static const sp_digit p521_order[21] = { 0x1ffffff,0x1ffffff,0x1ffffff,0x1ffffff,0x1ffffff,0x1ffffff,0x01fffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[21] = { 0x1386407,0x1db8f48,0x1ebaedb,0x1113388,0x1bb5c9b,0x04d2e81,0x00523dc, 0x0d6ff98,0x1bf2f96,0x0c343c1,0x1fffe94,0x1ffffff,0x1ffffff,0x1ffffff, 0x1ffffff,0x1ffffff,0x1ffffff,0x1ffffff,0x1ffffff,0x1ffffff,0x01fffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[21] = { @@ -35150,7 +35162,7 @@ static const sp_digit p521_norm_order[21] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x1a995c7; +static const sp_digit p521_mp_order = 0x1a995c7; #endif /* The base point of curve P521. */ static const sp_point_521 p521_base = { @@ -35190,7 +35202,8 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[21] = { 0x1503f00,0x08fea35,0x13c7bd1,0x107a586,0x1573df8,0x18df839,0x102f4ee, 0x0f62ca5,0x1ec7e93,0x10c9ca8,0x0427855,0x13231de,0x13b8b48,0x0cd98af, @@ -40920,6 +40933,7 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * r A single precision integer. @@ -40931,6 +40945,7 @@ SP_NOINLINE static void sp_521_add_one_21(sp_digit* a) sp_521_norm_21(a); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -42673,7 +42688,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -54491,7 +54506,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. diff --git a/src/wolfcrypt/src/sp_c64.c b/src/wolfcrypt/src/sp_c64.c index 06dc0bd..56d8083 100644 --- a/src/wolfcrypt/src/sp_c64.c +++ b/src/wolfcrypt/src/sp_c64.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -21122,11 +21122,13 @@ static const sp_digit p256_order[5] = { 0x0ffffffff0000L }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[5] = { 0x9cac2fc63254fL,0xada7179e84f3bL,0xfffffffbce6faL,0x0000fffffffffL, 0x0ffffffff0000L }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[5] = { @@ -21161,7 +21163,8 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[5] = { 0xe3c3e27d2604bL,0xb0cc53b0f63bcL,0x69886bc651d06L,0x93e7b3ebbd557L, 0x05ac635d8aa3aL @@ -25686,6 +25689,7 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * r A single precision integer. @@ -25697,6 +25701,7 @@ SP_NOINLINE static void sp_256_add_one_5(sp_digit* a) sp_256_norm_5(a); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -27350,7 +27355,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -27919,7 +27924,7 @@ static const sp_digit p384_norm_mod[7] = { 0x00000000000000L,0x00000000000000L,0x00000000000000L }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x0000100000001; +static const sp_digit p384_mp_mod = 0x0000100000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -27928,11 +27933,13 @@ static const sp_digit p384_order[7] = { 0x7fffffffffffffL,0x7fffffffffffffL,0x3fffffffffffffL }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[7] = { 0x6c196accc52971L,0x1b6491614ef5d9L,0x07d0dcb77d6068L,0x7ffffffe3b1a6cL, 0x7fffffffffffffL,0x7fffffffffffffL,0x3fffffffffffffL }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[7] = { @@ -27942,7 +27949,7 @@ static const sp_digit p384_norm_order[7] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0x546089e88fdc45L; +static const sp_digit p384_mp_order = 0x546089e88fdc45L; #endif /* The base point of curve P384. */ static const sp_point_384 p384_base = { @@ -27970,7 +27977,8 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[7] = { 0x05c8edd3ec2aefL,0x731b145da33a55L,0x3d404e1d6b1958L,0x740a089018a044L, 0x02d19181d9c6efL,0x7c9311c0ad7c7fL,0x2ccc4be9f88fb9L @@ -33152,6 +33160,7 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * r A single precision integer. @@ -33163,6 +33172,7 @@ SP_NOINLINE static void sp_384_add_one_7(sp_digit* a) sp_384_norm_7(a); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -34793,7 +34803,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -35394,7 +35404,7 @@ static const sp_digit p521_norm_mod[9] = { 0x000000000000000L }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x00000000000001; +static const sp_digit p521_mp_mod = 0x00000000000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -35404,12 +35414,14 @@ static const sp_digit p521_order[9] = { 0x1ffffffffffffffL }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[9] = { 0x36fb71e91386407L,0x1726e226711ebaeL,0x0148f709a5d03bbL,0x20efcbe59adff30L, 0x3fffffffa518687L,0x3ffffffffffffffL,0x3ffffffffffffffL,0x3ffffffffffffffL, 0x1ffffffffffffffL }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[9] = { @@ -35420,7 +35432,7 @@ static const sp_digit p521_norm_order[9] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x12f5ccd79a995c7L; +static const sp_digit p521_mp_order = 0x12f5ccd79a995c7L; #endif /* The base point of curve P521. */ static const sp_point_521 p521_base = { @@ -35451,7 +35463,8 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[9] = { 0x3451fd46b503f00L,0x0f7e20f4b0d3c7bL,0x00bd3bb1bf07357L,0x147b1fa4dec594bL, 0x18ef109e1561939L,0x26cc57cee2d2264L,0x0540eea2da725b9L,0x2687e4a688682daL, @@ -40569,6 +40582,7 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * r A single precision integer. @@ -40580,6 +40594,7 @@ SP_NOINLINE static void sp_521_add_one_9(sp_digit* a) sp_521_norm_9(a); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -42253,7 +42268,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -53064,7 +53079,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. diff --git a/src/wolfcrypt/src/sp_cortexm.c b/src/wolfcrypt/src/sp_cortexm.c index fc756ff..bb4937e 100644 --- a/src/wolfcrypt/src/sp_cortexm.c +++ b/src/wolfcrypt/src/sp_cortexm.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -252,11 +252,11 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -614,11 +614,11 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -754,10 +754,11 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -796,9 +797,11 @@ static sp_digit sp_2048_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_16(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -850,11 +853,11 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -972,9 +975,11 @@ SP_NOINLINE static void sp_2048_mul_16(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1054,11 +1059,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1208,9 +1213,11 @@ SP_NOINLINE static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1346,11 +1353,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1557,9 +1564,11 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1807,9 +1816,11 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1926,10 +1937,11 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2004,11 +2016,11 @@ SP_NOINLINE static void sp_2048_sqr_16(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2097,11 +2109,11 @@ SP_NOINLINE static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2220,11 +2232,11 @@ SP_NOINLINE static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2277,9 +2289,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_64(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2331,10 +2345,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2457,9 +2472,10 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_64(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2596,11 +2612,11 @@ static void sp_2048_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2653,9 +2669,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2707,10 +2725,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2833,9 +2852,10 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_32(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -2976,9 +2996,11 @@ static void sp_2048_mont_setup(const sp_digit* a, sp_digit* rho) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3035,9 +3057,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_64(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3399,11 +3423,11 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3457,11 +3481,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3603,11 +3627,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3917,11 +3941,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4040,11 +4064,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4264,11 +4288,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4405,9 +4429,11 @@ SP_NOINLINE static void sp_2048_mont_sqr_32(sp_digit* r, const sp_digit* a, * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4464,9 +4490,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_2048_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4654,11 +4682,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_32( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4721,11 +4749,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_32( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4803,9 +4831,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_32(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5611,11 +5641,11 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5669,11 +5699,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -5927,11 +5957,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6497,11 +6527,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -6620,11 +6650,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7004,11 +7034,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_2048_mont_reduce_64( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7145,11 +7175,11 @@ SP_NOINLINE static void sp_2048_mont_sqr_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7201,11 +7231,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_sub_64(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7347,11 +7377,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_64( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7414,11 +7444,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_64( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -7599,9 +7629,11 @@ static void sp_2048_mask_64(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_2048_cmp_64(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8881,11 +8913,11 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -8939,11 +8971,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_2048_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -9391,9 +9423,11 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef HAVE_FFDHE_2048 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_2048_lshift_64(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_2048_lshift_64(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_2048_lshift_64(sp_digit* r, + const sp_digit* a, byte n) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -10219,10 +10253,11 @@ static void sp_3072_to_bin_96(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11248,11 +11283,11 @@ static void sp_3072_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11298,9 +11333,11 @@ static sp_digit sp_3072_add_12(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_24(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11366,11 +11403,11 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_24(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_24(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_24(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11506,9 +11543,11 @@ SP_NOINLINE static void sp_3072_mul_24(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11616,11 +11655,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11798,9 +11837,11 @@ SP_NOINLINE static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11992,11 +12033,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12258,9 +12299,10 @@ SP_NOINLINE static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -12960,11 +13002,11 @@ static void sp_3072_sqr_12(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13046,11 +13088,11 @@ SP_NOINLINE static void sp_3072_sqr_24(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_24(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_24(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_24(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13153,11 +13195,11 @@ SP_NOINLINE static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_48(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_48(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13304,11 +13346,11 @@ SP_NOINLINE static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13361,9 +13403,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_96(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13415,10 +13459,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13541,9 +13586,10 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_96(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13680,11 +13726,11 @@ static void sp_3072_mask_48(sp_digit* r, const sp_digit* a, sp_digit m) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13737,9 +13783,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_in_place_48(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13791,10 +13839,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -13917,9 +13966,10 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_48(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14060,9 +14110,11 @@ static void sp_3072_mont_setup(const sp_digit* a, sp_digit* rho) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14119,9 +14171,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_96(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14643,11 +14697,11 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14701,11 +14755,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -14903,11 +14957,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15345,11 +15399,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15468,11 +15522,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15772,11 +15826,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_48( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15913,9 +15967,11 @@ SP_NOINLINE static void sp_3072_mont_sqr_48(sp_digit* r, const sp_digit* a, * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -15972,9 +16028,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_3072_mul_d_48(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16242,11 +16300,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_48( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16309,11 +16367,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_48( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -16391,9 +16449,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_48(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17375,11 +17435,11 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17433,11 +17493,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -17803,11 +17863,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -18629,11 +18689,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -18752,11 +18812,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19296,11 +19356,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_3072_mont_reduce_96( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19437,11 +19497,11 @@ SP_NOINLINE static void sp_3072_mont_sqr_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19493,11 +19553,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_sub_96(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19695,11 +19755,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_96( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19762,11 +19822,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_96( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -19947,9 +20007,11 @@ static void sp_3072_mask_96(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_3072_cmp_96(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -21581,11 +21643,11 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -21639,11 +21701,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_3072_cond_add_48(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -22147,9 +22209,11 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef HAVE_FFDHE_3072 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_3072_lshift_96(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_3072_lshift_96(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_3072_lshift_96(sp_digit* r, + const sp_digit* a, byte n) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23166,9 +23230,11 @@ static void sp_4096_to_bin_128(sp_digit* r, byte* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23416,11 +23482,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23747,11 +23813,11 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_add_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23804,9 +23870,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_in_place_128(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23858,10 +23926,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -23984,9 +24053,11 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_4096_sqr_128(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_4096_sqr_128(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24125,9 +24196,11 @@ static void sp_4096_mont_setup(const sp_digit* a, sp_digit* rho) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24184,9 +24257,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_4096_mul_d_128(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24869,11 +24944,11 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -24927,11 +25002,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -25409,11 +25484,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -26491,11 +26566,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -26614,11 +26689,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27318,11 +27393,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_4096_mont_reduce_128( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27459,11 +27534,11 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27515,11 +27590,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_sub_128(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27773,11 +27848,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_4096_word_128( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -27840,11 +27915,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_4096_word_128( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -28025,9 +28100,11 @@ static void sp_4096_mask_128(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_4096_cmp_128(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -30011,11 +30088,11 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -30069,11 +30146,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_4096_cond_add_64(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -30633,9 +30710,11 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, #ifdef HAVE_FFDHE_4096 #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_4096_lshift_128(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_4096_lshift_128(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_4096_lshift_128(sp_digit* r, + const sp_digit* a, byte n) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -31652,11 +31731,13 @@ static const sp_digit p256_order[8] = { 0x00000000,0xffffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[8] = { 0xfc63254f,0xf3b9cac2,0xa7179e84,0xbce6faad,0xffffffff,0xffffffff, 0x00000000,0xffffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[8] = { @@ -31694,7 +31775,8 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[8] = { 0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55, 0xaa3a93e7,0x5ac635d8 @@ -31709,10 +31791,11 @@ static const sp_digit p256_b[8] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_8(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -31838,11 +31921,11 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32200,11 +32283,11 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32341,9 +32424,10 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32461,9 +32545,11 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32711,9 +32797,11 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_sqr_8(sp_digit* r_p, + const sp_digit* a_p) #else -SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32832,10 +32920,11 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32888,10 +32977,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -32932,11 +33022,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * m The modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static int sp_256_mod_mul_norm_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static int sp_256_mod_mul_norm_8(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static int sp_256_mod_mul_norm_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33380,11 +33470,12 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, + sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -33874,11 +33965,12 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, + sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34145,11 +34237,11 @@ SP_NOINLINE static void sp_256_mont_mul_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, + const sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34528,11 +34620,11 @@ SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, * mp Montgomery multiplier. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, const sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_sqr_8(sp_digit* r, + const sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -34876,9 +34968,11 @@ static void sp_256_mont_inv_8(sp_digit* r, const sp_digit* a, sp_digit* td) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_256_cmp_8(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_256_cmp_8(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35032,11 +35126,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35090,11 +35184,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_cond_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35154,11 +35248,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35276,11 +35370,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35381,11 +35475,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, - sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35549,11 +35643,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_order_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_order_8( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35671,11 +35765,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_order_8( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_reduce_order_8( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35817,11 +35911,11 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35885,11 +35979,11 @@ SP_NOINLINE static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -35948,11 +36042,11 @@ SP_NOINLINE static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -36044,11 +36138,11 @@ SP_NOINLINE static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -36110,11 +36204,11 @@ SP_NOINLINE static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_256_mont_div2_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -39666,14 +39760,15 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_add_one_8(sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_add_one_8(sp_digit* a_p) #else -static void sp_256_add_one_8(sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_add_one_8(sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -39699,6 +39794,7 @@ static void sp_256_add_one_8(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -40085,9 +40181,11 @@ int sp_ecc_secret_gen_256_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40137,9 +40235,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_in_place_8(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40179,9 +40279,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, + sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40238,9 +40340,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, + sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40308,11 +40412,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -40375,11 +40479,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41102,10 +41206,11 @@ int sp_ecc_sign_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41157,10 +41262,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_256_sub_8(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41194,9 +41300,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) #endif /* WOLFSSL_SP_SMALL */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_256_rshift1_8(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_256_rshift1_8(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41245,10 +41353,11 @@ static void sp_256_rshift1_8(sp_digit* r, const sp_digit* a) * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_256_div2_mod_8(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_256_div2_mod_8(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41333,9 +41442,9 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_256_num_bits_8(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_256_num_bits_8(const sp_digit* a_p) #else -static int sp_256_num_bits_8(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_256_num_bits_8(const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -41977,7 +42086,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -42546,7 +42655,7 @@ static const sp_digit p384_norm_mod[12] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x00000001; +static const sp_digit p384_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -42555,11 +42664,13 @@ static const sp_digit p384_order[12] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[12] = { 0xccc52971,0xecec196a,0x48b0a77a,0x581a0db2,0xf4372ddf,0xc7634d81, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff,0xffffffff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[12] = { @@ -42569,7 +42680,7 @@ static const sp_digit p384_norm_order[12] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0xe88fdc45; +static const sp_digit p384_mp_order = 0xe88fdc45; #endif /* The base point of curve P384. */ static const sp_point_384 p384_base = { @@ -42600,7 +42711,8 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[12] = { 0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f, 0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7 @@ -42615,10 +42727,11 @@ static const sp_digit p384_b[12] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -42743,10 +42856,11 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_12(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43773,9 +43887,10 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -43892,9 +44007,10 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -44596,10 +44712,11 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -44652,10 +44769,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45002,11 +45120,11 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45060,11 +45178,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45137,11 +45255,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_reduce_12( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45291,11 +45409,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_reduce_12( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45558,9 +45676,11 @@ static void sp_384_mont_inv_12(sp_digit* r, const sp_digit* a, sp_digit* td) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_384_cmp_12(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_384_cmp_12(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45796,11 +45916,11 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45823,11 +45943,11 @@ SP_NOINLINE static void sp_384_mont_add_12(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45849,11 +45969,11 @@ SP_NOINLINE static void sp_384_mont_dbl_12(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45878,10 +45998,11 @@ SP_NOINLINE static void sp_384_mont_tpl_12(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45933,10 +46054,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -45986,11 +46108,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -46044,11 +46166,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_cond_add_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -46119,11 +46241,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -46143,9 +46265,11 @@ SP_NOINLINE static void sp_384_mont_sub_12(sp_digit* r, const sp_digit* a, #else #endif /* WOLFSSL_SP_SMALL */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_rshift1_12(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_384_rshift1_12(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_rshift1_12(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -49777,14 +49901,15 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_add_one_12(sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_384_add_one_12(sp_digit* a_p) #else -static void sp_384_add_one_12(sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_384_add_one_12(sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -49816,6 +49941,7 @@ static void sp_384_add_one_12(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -50202,9 +50328,11 @@ int sp_ecc_secret_gen_384_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50254,9 +50382,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_in_place_12(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50303,9 +50433,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50362,9 +50494,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_384_mul_d_12(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50452,11 +50586,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -50519,11 +50653,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -51216,11 +51350,11 @@ int sp_ecc_sign_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_384_div2_mod_12(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_384_div2_mod_12(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -51343,9 +51477,9 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_384_num_bits_12(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_384_num_bits_12(const sp_digit* a_p) #else -static int sp_384_num_bits_12(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_384_num_bits_12(const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -52091,7 +52225,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -52692,7 +52826,7 @@ static const sp_digit p521_norm_mod[17] = { 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000 }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x00000001; +static const sp_digit p521_mp_mod = 0x00000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -52702,12 +52836,14 @@ static const sp_digit p521_order[17] = { 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[17] = { 0x91386407,0xbb6fb71e,0x899c47ae,0x3bb5c9b8,0xf709a5d0,0x7fcc0148, 0xbf2f966b,0x51868783,0xfffffffa,0xffffffff,0xffffffff,0xffffffff, 0xffffffff,0xffffffff,0xffffffff,0xffffffff,0x000001ff }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[17] = { @@ -52718,7 +52854,7 @@ static const sp_digit p521_norm_order[17] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x79a995c7; +static const sp_digit p521_mp_order = 0x79a995c7; #endif /* The base point of curve P521. */ static const sp_point_521 p521_base = { @@ -52755,7 +52891,8 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[17] = { 0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd, 0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b, @@ -52771,10 +52908,11 @@ static const sp_digit p521_b[17] = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -52902,10 +53040,11 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_17(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -54946,9 +55085,10 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -55068,9 +55208,10 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56356,10 +56497,11 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56418,10 +56560,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_add_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56696,11 +56839,11 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56754,11 +56897,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_cond_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56847,11 +56990,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_reduce_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, + const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -56987,11 +57130,11 @@ SP_NOINLINE static void sp_521_mont_reduce_17(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_reduce_order_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_reduce_order_17( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57268,11 +57411,11 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_reduce_order_17( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, - const sp_digit* m, sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_reduce_order_17( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57644,9 +57787,11 @@ static void sp_521_mont_inv_17(sp_digit* r, const sp_digit* a, sp_digit* td) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_521_cmp_17(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_521_cmp_17(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -57937,11 +58082,11 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58030,11 +58175,11 @@ SP_NOINLINE static void sp_521_mont_add_17(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58113,11 +58258,11 @@ SP_NOINLINE static void sp_521_mont_dbl_17(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58217,11 +58362,11 @@ SP_NOINLINE static void sp_521_mont_tpl_17(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58305,9 +58450,11 @@ SP_NOINLINE static void sp_521_mont_sub_17(sp_digit* r, const sp_digit* a, } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_rshift1_17(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_521_rshift1_17(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_rshift1_17(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -62581,14 +62728,15 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG /* Add 1 to a. (a = a + 1) * * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_add_one_17(sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_521_add_one_17(sp_digit* a_p) #else -static void sp_521_add_one_17(sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_521_add_one_17(sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -62629,6 +62777,7 @@ static void sp_521_add_one_17(sp_digit* a) ); } +#endif /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -63008,9 +63157,11 @@ int sp_ecc_secret_gen_521_nb(sp_ecc_ctx_t* sp_ctx, const mp_int* priv, #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_521_rshift_17(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_521_rshift_17(sp_digit* r, + const sp_digit* a, byte n) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63113,9 +63264,11 @@ static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n) #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_17(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_17(sp_digit* r, + const sp_digit* a, byte n) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63235,9 +63388,11 @@ static void sp_521_lshift_17(sp_digit* r, const sp_digit* a, byte n) } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_34(sp_digit* r_p, + const sp_digit* a_p, byte n_p) #else -static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n) +WC_OMIT_FRAME_POINTER static void sp_521_lshift_34(sp_digit* r, + const sp_digit* a, byte n) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63465,9 +63620,11 @@ static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63522,9 +63679,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_in_place_17(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63582,9 +63741,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63641,9 +63802,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_521_mul_d_17(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63756,11 +63919,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -63823,11 +63986,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1_p, + sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -64551,10 +64714,11 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -64611,10 +64775,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_521_sub_17(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -64672,11 +64837,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) * m Modulus. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER static void sp_521_div2_mod_17(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER static void sp_521_div2_mod_17(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -64834,9 +64999,9 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static int sp_521_num_bits_17(const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static int sp_521_num_bits_17(const sp_digit* a_p) #else -static int sp_521_num_bits_17(const sp_digit* a) +WC_OMIT_FRAME_POINTER static int sp_521_num_bits_17(const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -65719,7 +65884,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -66270,10 +66435,11 @@ typedef struct sp_point_1024 { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -68080,9 +68246,10 @@ static void sp_1024_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_16(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69234,11 +69401,11 @@ static void sp_1024_sqr_16(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69291,9 +69458,11 @@ static sp_digit sp_1024_add_16(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69373,11 +69542,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69528,11 +69697,11 @@ SP_NOINLINE static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_16(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_sub_16(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_16(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69622,10 +69791,11 @@ SP_NOINLINE static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69748,9 +69918,10 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) * a A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_32(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -69953,9 +70124,11 @@ static const sp_point_1024 p1024_base = { * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, + const sp_digit* b_p) #else -static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_sub_in_place_32(sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70009,11 +70182,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70067,11 +70240,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70212,11 +70385,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, * b A single precision integer. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p) #else -static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70270,9 +70443,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70329,9 +70504,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * b A single precision digit. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r_p, + const sp_digit* a_p, sp_digit b_p) #else -static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) +WC_OMIT_FRAME_POINTER static void sp_1024_mul_d_32(sp_digit* r, + const sp_digit* a, sp_digit b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70519,11 +70696,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_1024_word_32( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70586,11 +70763,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, * Note that this is an approximate div. It may give an answer 1 larger. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, - sp_digit div_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_1024_word_32( + sp_digit d1_p, sp_digit d0_p, sp_digit div_p) #else -SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, - sp_digit div) +WC_OMIT_FRAME_POINTER SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, + sp_digit d0, sp_digit div) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -70698,9 +70875,11 @@ static void sp_1024_mask_32(sp_digit* r, const sp_digit* a, sp_digit m) * respectively. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) +WC_OMIT_FRAME_POINTER static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, + const sp_digit* b_p) #else -static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) +WC_OMIT_FRAME_POINTER static sp_int32 sp_1024_cmp_32(const sp_digit* a, + const sp_digit* b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -71438,11 +71617,11 @@ static int sp_1024_point_to_ecc_point_32(const sp_point_1024* p, ecc_point* pm) * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -71757,11 +71936,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, * mp The digit representing the negative inverse of m mod 2^n. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a_p, - const sp_digit* m_p, sp_digit mp_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_reduce_32( + sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) #else -SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, - sp_digit mp) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_reduce_32( + sp_digit* a, const sp_digit* m, sp_digit mp) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72124,11 +72303,11 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72305,11 +72484,11 @@ SP_NOINLINE static void sp_1024_mont_add_32(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72469,11 +72648,11 @@ SP_NOINLINE static void sp_1024_mont_dbl_32(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, - const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, + const sp_digit* a, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72789,11 +72968,11 @@ SP_NOINLINE static void sp_1024_mont_tpl_32(sp_digit* r, const sp_digit* a, * m Modulus (prime). */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, const sp_digit* m_p) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) #else -SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, const sp_digit* m) +WC_OMIT_FRAME_POINTER SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, const sp_digit* m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -72967,11 +73146,11 @@ SP_NOINLINE static void sp_1024_mont_sub_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73025,11 +73204,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, * m Mask value to apply. */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, - const sp_digit* b_p, sp_digit m_p) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r_p, + const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) #else -static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, - const sp_digit* b, sp_digit m) +WC_OMIT_FRAME_POINTER static sp_digit sp_1024_cond_add_32(sp_digit* r, + const sp_digit* a, const sp_digit* b, sp_digit m) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -73163,9 +73342,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, #endif /* WOLFSSL_SP_SMALL */ #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) +WC_OMIT_FRAME_POINTER static void sp_1024_rshift1_32(sp_digit* r_p, + const sp_digit* a_p) #else -static void sp_1024_rshift1_32(sp_digit* r, const sp_digit* a) +WC_OMIT_FRAME_POINTER static void sp_1024_rshift1_32(sp_digit* r, + const sp_digit* a) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -82233,7 +82414,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. diff --git a/src/wolfcrypt/src/sp_dsp32.c b/src/wolfcrypt/src/sp_dsp32.c index f218860..b47c57f 100644 --- a/src/wolfcrypt/src/sp_dsp32.c +++ b/src/wolfcrypt/src/sp_dsp32.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_int.c b/src/wolfcrypt/src/sp_int.c index 1769840..ebccf39 100644 --- a/src/wolfcrypt/src/sp_int.c +++ b/src/wolfcrypt/src/sp_int.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -31,19 +31,6 @@ This library provides single precision (SP) integer math functions. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) -#if (!defined(WOLFSSL_SMALL_STACK) && !defined(SP_ALLOC)) || \ - defined(WOLFSSL_SP_NO_MALLOC) -#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) -PRAGMA_GCC_DIAG_PUSH -/* We are statically declaring a variable smaller than sp_int. - * We track available memory in the 'size' field. - * Disable warnings of sp_int being partly outside array bounds of variable. - */ -PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"") -#endif -#endif - #ifdef NO_INLINE #include #else @@ -112,6 +99,15 @@ PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"") #include +#ifdef WOLFSSL_SP_DYN_STACK +/* We are statically declaring a variable smaller than sp_int. + * We track available memory in the 'size' field. + * Disable warnings of sp_int being partly outside array bounds of variable. + */ + PRAGMA_GCC_DIAG_PUSH + PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"") +#endif + #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS @@ -127,11 +123,10 @@ PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"") #define DECL_SP_INT(n, s) \ sp_int* n = NULL #else - #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) + #ifdef WOLFSSL_SP_DYN_STACK /* Declare a variable on the stack with the required data size. */ - #define DECL_SP_INT(n, s) \ - byte n##d[MP_INT_SIZEOF(s)]; \ + #define DECL_SP_INT(n, s) \ + sp_int_digit n##d[MP_INT_SIZEOF_DIGITS(s)]; \ sp_int* (n) = (sp_int*)n##d #else /* Declare a variable on the stack. */ @@ -218,11 +213,10 @@ PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"") /* Declare a variable that will be assigned a value on XMALLOC. */ #define DECL_SP_INT_ARRAY(n, s, c) \ DECL_DYN_SP_INT_ARRAY(n, s, c) -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) /* Declare a variable on the stack with the required data size. */ - #define DECL_SP_INT_ARRAY(n, s, c) \ - byte n##d[MP_INT_SIZEOF(s) * (c)]; \ + #define DECL_SP_INT_ARRAY(n, s, c) \ + sp_int_digit n##d[MP_INT_SIZEOF_DIGITS(s) * (c)]; \ sp_int* (n)[c] = { NULL, } #else /* Declare a variable on the stack. */ @@ -264,8 +258,7 @@ while (0) !defined(WOLFSSL_SP_NO_MALLOC) #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \ ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h) -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) /* Data declared on stack that supports multiple sp_ints of the * required size. Use pointers into data to make up array and set sizes. */ @@ -5109,7 +5102,7 @@ static void _sp_init_size(sp_int* a, unsigned int size) #endif _sp_zero((sp_int*)am); - a->size = (sp_size_t)size; + am->size = (sp_size_t)size; } /* Initialize the multi-precision number to be zero with a given max size. @@ -5248,7 +5241,7 @@ int sp_grow(sp_int* a, int l) #endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC */ #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(HAVE_ECC) + defined(HAVE_ECC) || defined(WOLFSSL_PUBLIC_MP) /* Set the multi-precision number to zero. * * @param [out] a SP integer to set to zero. @@ -5329,10 +5322,10 @@ static void _sp_copy(const sp_int* a, sp_int* r) XMEMCPY(r->dp, a->dp, a->used * (word32)SP_WORD_SIZEOF); } /* Set number of used words in result. */ - r->used = a->used; + r->used = a->used;/* // NOLINT(clang-analyzer-core.uninitialized.Assign) */ #ifdef WOLFSSL_SP_INT_NEGATIVE /* Set sign of result. */ - r->sign = a->sign; + r->sign = a->sign;/* // NOLINT(clang-analyzer-core.uninitialized.Assign) */ #endif } @@ -5833,7 +5826,7 @@ int sp_cmp_ct(const sp_int* a, const sp_int* b, unsigned int n) #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ ((defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_SM2)) && \ - defined(HAVE_ECC)) || defined(OPENSSL_EXTRA) + defined(HAVE_ECC)) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_PUBLIC_MP) /* Check if a bit is set * * When a is NULL, result is 0. @@ -7607,7 +7600,7 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o) * @param [in] o Number of digits to offset b. */ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r, - unsigned int o) + sp_size_t o) { sp_size_t i = 0; sp_size_t j; @@ -7625,7 +7618,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r, } } else { - i = (sp_size_t)o; + i = o; } /* Index to add at is the offset now. */ @@ -7909,28 +7902,30 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, unsigned int used = ((a->used >= m->used) ? ((a->used >= b->used) ? (a->used + 1U) : (b->used + 1U)) : ((b->used >= m->used)) ? (b->used + 1U) : (m->used + 1U)); - DECL_SP_INT_ARRAY(t, used, 2); + DECL_SP_INT(t0, used); + DECL_SP_INT(t1, used); - ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL); + ALLOC_SP_INT_SIZE(t0, used, err, NULL); + ALLOC_SP_INT_SIZE(t1, used, err, NULL); if (err == MP_OKAY) { /* Reduce a to less than m. */ if (_sp_cmp(a, m) != MP_LT) { - err = sp_mod(a, m, t[0]); - a = t[0]; + err = sp_mod(a, m, t0); + a = t0; } } if (err == MP_OKAY) { /* Reduce b to less than m. */ if (_sp_cmp(b, m) != MP_LT) { - err = sp_mod(b, m, t[1]); - b = t[1]; + err = sp_mod(b, m, t1); + b = t1; } } if (err == MP_OKAY) { /* Add m to a if a smaller than b. */ if (_sp_cmp(a, b) == MP_LT) { - err = sp_add(a, m, t[0]); - a = t[0]; + err = sp_add(a, m, t0); + a = t0; } } if (err == MP_OKAY) { @@ -7938,7 +7933,8 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, err = sp_sub(a, b, r); } - FREE_SP_INT_ARRAY(t, NULL); + FREE_SP_INT(t0, NULL); + FREE_SP_INT(t1, NULL); #else /* WOLFSSL_SP_INT_NEGATIVE */ sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1); DECL_SP_INT(t, used); @@ -8029,8 +8025,8 @@ static void sp_clamp_ct(sp_int* a) (sp_int_digit)((sp_int_sdigit)(negVal & minusOne) >> (SP_WORD_SIZE - 1)); #else - sp_int_digit zeroMask = - (sp_int_digit)((((sp_int_sword)a->dp[i]) - 1) >> SP_WORD_SIZE); + sp_size_t zeroMask = + (sp_size_t)((((sp_int_sword)a->dp[i]) - 1) >> SP_WORD_SIZE); #endif mask &= (sp_size_t)zeroMask; used = (sp_size_t)(used + mask); @@ -9172,8 +9168,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r) unsigned int k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) sp_int_digit t[a->used]; #else sp_int_digit t[SP_INT_DIGITS / 2]; @@ -9249,8 +9244,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) sp_int_digit t[a->used + b->used]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -9326,8 +9320,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) sp_int_digit t[a->used + b->used]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -14876,8 +14869,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) sp_int_digit t[((a->used + 1) / 2) * 2 + 1]; #else sp_int_digit t[(SP_INT_DIGITS + 1) / 2]; @@ -14991,8 +14983,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; -#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#elif defined(WOLFSSL_SP_DYN_STACK) sp_int_digit t[a->used * 2]; #else sp_int_digit t[SP_INT_DIGITS]; @@ -19280,18 +19271,15 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result) { int err = MP_OKAY; int i; - sp_int* n1; - sp_int* r; - DECL_SP_INT_ARRAY(t, a->used + 1, 2); + DECL_SP_INT(n1, a->used + 1); + DECL_SP_INT(r, a->used + 1); DECL_SP_INT(b, a->used * 2 + 1); - ALLOC_SP_INT_ARRAY(t, a->used + 1, 2, err, NULL); + ALLOC_SP_INT(n1, a->used + 1, err, NULL); + ALLOC_SP_INT(r, a->used + 1, err, NULL); /* Allocate number that will hold modular exponentiation result. */ ALLOC_SP_INT(b, a->used * 2 + 1, err, NULL); if (err == MP_OKAY) { - n1 = t[0]; - r = t[1]; - _sp_init_size(n1, a->used + 1U); _sp_init_size(r, a->used + 1U); _sp_init_size(b, (sp_size_t)(a->used * 2U + 1U)); @@ -19314,7 +19302,8 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result) /* Free allocated temporary. */ FREE_SP_INT(b, NULL); - FREE_SP_INT_ARRAY(t, NULL); + FREE_SP_INT(r, NULL); + FREE_SP_INT(n1, NULL); return err; } @@ -19888,12 +19877,8 @@ void sp_memzero_check(sp_int* sp) } #endif /* WOLFSSL_CHECK_MEM_ZERO */ -#if (!defined(WOLFSSL_SMALL_STACK) && !defined(SP_ALLOC)) || \ - defined(WOLFSSL_SP_NO_MALLOC) -#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) -PRAGMA_GCC_DIAG_POP -#endif +#ifdef WOLFSSL_SP_DYN_STACK + PRAGMA_GCC_DIAG_POP #endif #endif /* WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */ diff --git a/src/wolfcrypt/src/sp_sm2_arm32.c b/src/wolfcrypt/src/sp_sm2_arm32.c index 0a458bd..aad6a42 100644 --- a/src/wolfcrypt/src/sp_sm2_arm32.c +++ b/src/wolfcrypt/src/sp_sm2_arm32.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_sm2_arm64.c b/src/wolfcrypt/src/sp_sm2_arm64.c index db67898..772a7df 100644 --- a/src/wolfcrypt/src/sp_sm2_arm64.c +++ b/src/wolfcrypt/src/sp_sm2_arm64.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_sm2_armthumb.c b/src/wolfcrypt/src/sp_sm2_armthumb.c index 21e49dc..d26a45f 100644 --- a/src/wolfcrypt/src/sp_sm2_armthumb.c +++ b/src/wolfcrypt/src/sp_sm2_armthumb.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_sm2_c32.c b/src/wolfcrypt/src/sp_sm2_c32.c index 5aae8d2..4106669 100644 --- a/src/wolfcrypt/src/sp_sm2_c32.c +++ b/src/wolfcrypt/src/sp_sm2_c32.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_sm2_c64.c b/src/wolfcrypt/src/sp_sm2_c64.c index d848104..4dafb8e 100644 --- a/src/wolfcrypt/src/sp_sm2_c64.c +++ b/src/wolfcrypt/src/sp_sm2_c64.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_sm2_cortexm.c b/src/wolfcrypt/src/sp_sm2_cortexm.c index 4ea4b8f..722f20a 100644 --- a/src/wolfcrypt/src/sp_sm2_cortexm.c +++ b/src/wolfcrypt/src/sp_sm2_cortexm.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_sm2_x86_64.c b/src/wolfcrypt/src/sp_sm2_x86_64.c index fd6f0d2..2ba3cb0 100644 --- a/src/wolfcrypt/src/sp_sm2_x86_64.c +++ b/src/wolfcrypt/src/sp_sm2_x86_64.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/sp_x86_64.c b/src/wolfcrypt/src/sp_x86_64.c index 298ec47..f8bf541 100644 --- a/src/wolfcrypt/src/sp_x86_64.c +++ b/src/wolfcrypt/src/sp_x86_64.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -8021,11 +8021,13 @@ static const sp_digit p256_order[4] = { 0xffffffff00000000L }; #endif +#ifndef WC_NO_RNG /* The order of the curve P256 minus 2. */ static const sp_digit p256_order2[4] = { 0xf3b9cac2fc63254fL,0xbce6faada7179e84L,0xffffffffffffffffL, 0xffffffff00000000L }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P256. */ static const sp_digit p256_norm_order[4] = { @@ -8062,7 +8064,8 @@ static const sp_point_256 p256_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p256_b[4] = { 0x3bce3c3e27d2604bL,0x651d06b0cc53b0f6L,0xb3ebbd55769886bcL, 0x5ac635d8aa3a93e7L @@ -24510,6 +24513,7 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG #ifdef __cplusplus extern "C" { #endif @@ -24517,6 +24521,7 @@ extern void sp_256_add_one_4(sp_digit* a); #ifdef __cplusplus } #endif +#endif #ifdef __cplusplus extern "C" { #endif @@ -26433,7 +26438,7 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -27098,7 +27103,7 @@ static const sp_digit p384_norm_mod[6] = { 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; /* The Montgomery multiplier for modulus of the curve P384. */ -static sp_digit p384_mp_mod = 0x0000000100000001; +static const sp_digit p384_mp_mod = 0x0000000100000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P384. */ @@ -27107,11 +27112,13 @@ static const sp_digit p384_order[6] = { 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; #endif +#ifndef WC_NO_RNG /* The order of the curve P384 minus 2. */ static const sp_digit p384_order2[6] = { 0xecec196accc52971L,0x581a0db248b0a77aL,0xc7634d81f4372ddfL, 0xffffffffffffffffL,0xffffffffffffffffL,0xffffffffffffffffL }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P384. */ static const sp_digit p384_norm_order[6] = { @@ -27121,7 +27128,7 @@ static const sp_digit p384_norm_order[6] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P384. */ -static sp_digit p384_mp_order = 0x6ed46089e88fdc45L; +static const sp_digit p384_mp_order = 0x6ed46089e88fdc45L; #endif #ifdef WOLFSSL_SP_SMALL /* The base point of curve P384. */ @@ -27151,7 +27158,8 @@ static const sp_point_384 p384_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p384_b[6] = { 0x2a85c8edd3ec2aefL,0xc656398d8a2ed19dL,0x0314088f5013875aL, 0x181d9c6efe814112L,0x988e056be3f82d19L,0xb3312fa7e23ee7e4L @@ -49544,6 +49552,7 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG #ifdef __cplusplus extern "C" { #endif @@ -49551,6 +49560,7 @@ extern void sp_384_add_one_6(sp_digit* a); #ifdef __cplusplus } #endif +#endif #ifdef __cplusplus extern "C" { #endif @@ -51408,7 +51418,7 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -52130,7 +52140,7 @@ static const sp_digit p521_norm_mod[9] = { 0x0000000000000000L,0x0000000000000000L,0x0000000000000000L }; /* The Montgomery multiplier for modulus of the curve P521. */ -static sp_digit p521_mp_mod = 0x0000000000000001; +static const sp_digit p521_mp_mod = 0x0000000000000001; #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) /* The order of the curve P521. */ @@ -52140,12 +52150,14 @@ static const sp_digit p521_order[9] = { 0xffffffffffffffffL,0xffffffffffffffffL,0x00000000000001ffL }; #endif +#ifndef WC_NO_RNG /* The order of the curve P521 minus 2. */ static const sp_digit p521_order2[9] = { 0xbb6fb71e91386407L,0x3bb5c9b8899c47aeL,0x7fcc0148f709a5d0L, 0x51868783bf2f966bL,0xfffffffffffffffaL,0xffffffffffffffffL, 0xffffffffffffffffL,0xffffffffffffffffL,0x00000000000001ffL }; +#endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery normalizer for order of the curve P521. */ static const sp_digit p521_norm_order[9] = { @@ -52156,7 +52168,7 @@ static const sp_digit p521_norm_order[9] = { #endif #if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY) /* The Montgomery multiplier for order of the curve P521. */ -static sp_digit p521_mp_order = 0x1d2f5ccd79a995c7L; +static const sp_digit p521_mp_order = 0x1d2f5ccd79a995c7L; #endif #ifdef WOLFSSL_SP_SMALL /* The base point of curve P521. */ @@ -52189,7 +52201,8 @@ static const sp_point_521 p521_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || defined(HAVE_COMP_KEY) +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ + defined(HAVE_COMP_KEY) static const sp_digit p521_b[9] = { 0xef451fd46b503f00L,0x3573df883d2c34f1L,0x1652c0bd3bb1bf07L, 0x56193951ec7e937bL,0xb8b489918ef109e1L,0xa2da725b99b315f3L, @@ -90637,6 +90650,7 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(HAVE_ECC_SIGN) || \ defined(HAVE_ECC_VERIFY) #endif /* WOLFSSL_VALIDATE_ECC_KEYGEN | HAVE_ECC_SIGN | HAVE_ECC_VERIFY */ +#ifndef WC_NO_RNG #ifdef __cplusplus extern "C" { #endif @@ -90644,6 +90658,7 @@ extern void sp_521_add_one_9(sp_digit* a); #ifdef __cplusplus } #endif +#endif #ifdef __cplusplus extern "C" { #endif @@ -92575,7 +92590,7 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -105446,7 +105461,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, mp_int* re return err; } -#ifdef HAVE_ECC_CHECK_KEY +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) #ifdef __cplusplus extern "C" { #endif diff --git a/src/wolfcrypt/src/sphincs.c b/src/wolfcrypt/src/sphincs.c index 94be4ac..c8510b4 100644 --- a/src/wolfcrypt/src/sphincs.c +++ b/src/wolfcrypt/src/sphincs.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/srp.c b/src/wolfcrypt/src/srp.c index c7f5986..5ea5a25 100644 --- a/src/wolfcrypt/src/srp.c +++ b/src/wolfcrypt/src/srp.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/tfm.c b/src/wolfcrypt/src/tfm.c index 5bd7328..1f07d8e 100644 --- a/src/wolfcrypt/src/tfm.c +++ b/src/wolfcrypt/src/tfm.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -4198,6 +4198,58 @@ int fp_to_unsigned_bin(fp_int *a, unsigned char *b) return FP_OKAY; } +int fp_to_unsigned_bin_len_ct(fp_int *a, unsigned char *out, int outSz) +{ + int err = MP_OKAY; + + /* Validate parameters. */ + if ((a == NULL) || (out == NULL) || (outSz < 0)) { + err = MP_VAL; + } + +#if DIGIT_BIT > 8 + if (err == MP_OKAY) { + /* Start at the end of the buffer - least significant byte. */ + int j; + unsigned int i; + fp_digit mask = (fp_digit)-1; + fp_digit d; + + /* Put each digit in. */ + i = 0; + for (j = outSz - 1; j >= 0; ) { + unsigned int b; + d = a->dp[i]; + /* Place each byte of a digit into the buffer. */ + for (b = 0; (j >= 0) && (b < (DIGIT_BIT / 8)); b++) { + out[j--] = (byte)(d & mask); + d >>= 8; + } + mask &= (fp_digit)0 - (i < (unsigned int)a->used - 1); + i += (unsigned int)(1 & mask); + } + } +#else + if ((err == MP_OKAY) && ((unsigned int)outSz < a->used)) { + err = MP_VAL; + } + if (err == MP_OKAY) { + unsigned int i; + int j; + fp_digit mask = (fp_digit)-1; + + i = 0; + for (j = outSz - 1; j >= 0; j--) { + out[j] = a->dp[i] & mask; + mask &= (fp_digit)0 - (i < (unsigned int)a->used - 1); + i += (unsigned int)(1 & mask); + } + } +#endif + + return err; +} + int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c) { #if DIGIT_BIT == 64 || DIGIT_BIT == 32 || DIGIT_BIT == 16 @@ -4823,6 +4875,11 @@ int mp_to_unsigned_bin (mp_int * a, unsigned char *b) return fp_to_unsigned_bin(a,b); } +int mp_to_unsigned_bin_len_ct(mp_int * a, unsigned char *b, int c) +{ + return fp_to_unsigned_bin_len_ct(a, b, c); +} + int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c) { return fp_to_unsigned_bin_len(a, b, c); diff --git a/src/wolfcrypt/src/wc_dsp.c b/src/wolfcrypt/src/wc_dsp.c index 09c7ea1..856245b 100644 --- a/src/wolfcrypt/src/wc_dsp.c +++ b/src/wolfcrypt/src/wc_dsp.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/wc_encrypt.c b/src/wolfcrypt/src/wc_encrypt.c index b1e8b82..dca1640 100644 --- a/src/wolfcrypt/src/wc_encrypt.c +++ b/src/wolfcrypt/src/wc_encrypt.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -512,8 +512,10 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, switch (version) { #ifndef NO_HMAC case PKCS5v2: + PRIVATE_KEY_UNLOCK(); ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations, (int)derivedLen, typeH); + PRIVATE_KEY_LOCK(); break; #endif #ifndef NO_SHA @@ -636,10 +638,14 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, break; } #endif - #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + (defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_128)) #ifdef WOLFSSL_AES_256 case PBE_AES256_CBC: + #endif /* WOLFSSL_AES_256 */ + #ifdef WOLFSSL_AES_128 case PBE_AES128_CBC: + #endif /* WOLFSSL_AES_128 */ { int free_aes; @@ -686,8 +692,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, #endif break; } - #endif /* WOLFSSL_AES_256 */ - #endif /* !NO_AES && HAVE_AES_CBC */ + #endif /* !NO_AES && HAVE_AES_CBC && (WOLFSSL_AES_256 || WOLFSSL_AES_128) */ #ifdef WC_RC2 case PBE_SHA1_40RC2_CBC: { diff --git a/src/wolfcrypt/src/wc_lms.c b/src/wolfcrypt/src/wc_lms.c index 9de58da..d4f2963 100644 --- a/src/wolfcrypt/src/wc_lms.c +++ b/src/wolfcrypt/src/wc_lms.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -281,79 +281,79 @@ static const wc_LmsParamsMap wc_lms_map[] = { #ifdef WOLFSSL_LMS_SHA256_192 #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2", - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2, + LMS_PARAMS(1, 15, 2, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4", - LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4, + LMS_PARAMS(1, 15, 4, 3, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2", - LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + LMS_PARAMS(2, 10, 2, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4", - LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + LMS_PARAMS(2, 10, 4, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8", - LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + LMS_PARAMS(2, 10, 8, 4, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" , - LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + LMS_PARAMS(3, 5, 2, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" , - LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + LMS_PARAMS(3, 5, 4, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" , - LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + LMS_PARAMS(3, 5, 8, 4, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4", - LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + LMS_PARAMS(3, 10, 4, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" , - LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + LMS_PARAMS(4, 5, 8, 4, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #endif { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" , - LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1, + LMS_PARAMS(1, 5, 1, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" , - LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + LMS_PARAMS(1, 5, 2, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" , - LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + LMS_PARAMS(1, 5, 4, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" , - LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + LMS_PARAMS(1, 5, 8, 4, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2", - LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + LMS_PARAMS(1, 10, 2, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4", - LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + LMS_PARAMS(1, 10, 4, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8", - LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + LMS_PARAMS(1, 10, 8, 4, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_SHA256_192_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2", - LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W2, + LMS_PARAMS(1, 20, 2, 2, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W2, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4", - LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W4, + LMS_PARAMS(1, 20, 4, 3, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W4, WC_SHA256_192_DIGEST_SIZE) }, { WC_LMS_PARM_SHA256_192_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8", - LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W8, + LMS_PARAMS(1, 20, 8, 4, LMS_SHA256_M24_H20, LMOTS_SHA256_N24_W8, WC_SHA256_192_DIGEST_SIZE) }, #endif #endif /* WOLFSSL_LMS_SHA256_192 */ @@ -586,11 +586,14 @@ void wc_LmsKey_Free(LmsKey* key) #ifndef WOLFSSL_LMS_VERIFY_ONLY if (key->priv_data != NULL) { const LmsParams* params = key->params; - - ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels, + int priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height, params->p, params->rootLevels, - params->cacheBits, params->hash_len)); + params->cacheBits, params->hash_len); +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + priv_data_len += HSS_PRIVATE_KEY_LEN(key->params->hash_len); +#endif + ForceZero(key->priv_data, priv_data_len); XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS); } #endif @@ -717,6 +720,7 @@ int wc_LmsKey_SetContext(LmsKey* key, void* context) int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) { int ret = 0; + int priv_data_len = 0; /* Validate parameters. */ if ((key == NULL) || (rng == NULL)) { @@ -738,17 +742,26 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->priv_data == NULL)) { + if (ret == 0) { const LmsParams* params = key->params; + priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height, + params->p, params->rootLevels, params->cacheBits, params->hash_len); +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + priv_data_len += HSS_PRIVATE_KEY_LEN(key->params->hash_len); +#endif + } + if ((ret == 0) && (key->priv_data == NULL)) { /* Allocate memory for the private key data. */ - key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits, - params->hash_len), key->heap, DYNAMIC_TYPE_LMS); + key->priv_data = (byte *)XMALLOC(priv_data_len, key->heap, + DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; } +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + XMEMSET(key->priv_data, 0, priv_data_len); +#endif } if (ret == 0) { #ifdef WOLFSSL_SMALL_STACK @@ -759,7 +772,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -781,9 +795,18 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) } } if (ret == 0) { + int rv; /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + XMEMCPY(key->priv_data + priv_data_len - + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len)); + rv = key->write_private_key(key->priv_data, priv_data_len, + key->context); +#else + rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); +#endif if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -816,6 +839,7 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) int wc_LmsKey_Reload(LmsKey* key) { int ret = 0; + int priv_data_len = 0; /* Validate parameter. */ if (key == NULL) { @@ -837,25 +861,46 @@ int wc_LmsKey_Reload(LmsKey* key) ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->priv_data == NULL)) { + if (ret == 0) { const LmsParams* params = key->params; + priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height, + params->p, params->rootLevels, params->cacheBits, params->hash_len); +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + priv_data_len += HSS_PRIVATE_KEY_LEN(params->hash_len); +#endif + } + if ((ret == 0) && (key->priv_data == NULL)) { /* Allocate memory for the private key data. */ - key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits, - params->hash_len), key->heap, DYNAMIC_TYPE_LMS); + key->priv_data = (byte *)XMALLOC(priv_data_len, key->heap, + DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; } } if (ret == 0) { + int rv; + /* Load private key. */ - int rv = key->read_private_key(key->priv_raw, +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + const LmsParams* params = key->params; + + rv = key->read_private_key(key->priv_data, priv_data_len, key->context); +#else + rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); +#endif if (rv != WC_LMS_RC_READ_TO_MEMORY) { ret = IO_FAILED_E; } +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + if (ret == 0) { + XMEMCPY(key->priv_raw, key->priv_data + priv_data_len - + HSS_PRIVATE_KEY_LEN(params->hash_len), + HSS_PRIVATE_KEY_LEN(params->hash_len)); + } +#endif } /* Double check the key actually has signatures left. */ @@ -874,7 +919,8 @@ int wc_LmsKey_Reload(LmsKey* key) #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -972,7 +1018,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -997,9 +1044,24 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, *sigSz = (word32)key->params->sig_len; } if (ret == 0) { + int rv; + /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + const LmsParams* params = key->params; + int priv_data_len = LMS_PRIV_DATA_LEN(params->levels, params->height, + params->p, params->rootLevels, params->cacheBits, + params->hash_len) + HSS_PRIVATE_KEY_LEN(key->params->hash_len); + + XMEMCPY(key->priv_data + priv_data_len - + HSS_PRIVATE_KEY_LEN(params->hash_len), key->priv_raw, + HSS_PRIVATE_KEY_LEN(params->hash_len)); + rv = key->write_private_key(key->priv_data, priv_data_len, + key->context); +#else + rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); +#endif if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -1234,7 +1296,8 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, + DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1258,6 +1321,36 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, return ret; } +#ifndef WOLFSSL_LMS_VERIFY_ONLY + +/* Get the Key ID from the LMS key. + * + * PRIV = Q | PARAMS | SEED | I + * where I is the Key ID. + * + * @param [in] key LMS key. + * @param [out] kid Key ID data. + * @param [out] kidSz Size of key ID. + * @return 0 on success. + * @return BAD_FUNC_ARG when a key, kid or kidSz is NULL. + */ +int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, word32* kidSz) +{ + word32 offset; + + if ((key == NULL) || (kid == NULL) || (kidSz == NULL)) { + return BAD_FUNC_ARG; + } + + /* SEED length is hash length. */ + offset = HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + key->params->hash_len; + *kid = key->priv_raw + offset; + *kidSz = HSS_PRIVATE_KEY_LEN(key->params->hash_len) - offset; + + return 0; +} + + /* Get the Key ID from the raw private key data. * * PRIV = Q | PARAMS | SEED | I @@ -1270,7 +1363,7 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, */ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) { - word32 seedSz = privSz - LMS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN - LMS_I_LEN; + word32 seedSz = privSz - HSS_Q_LEN - HSS_PRIV_KEY_PARAM_SET_LEN - LMS_I_LEN; if (priv == NULL) { return NULL; @@ -1279,7 +1372,9 @@ const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz) (seedSz != WC_SHA256_DIGEST_SIZE)) { return NULL; } - return priv - LMS_I_LEN; + return priv + privSz - LMS_I_LEN; } +#endif + #endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS */ diff --git a/src/wolfcrypt/src/wc_lms_impl.c b/src/wolfcrypt/src/wc_lms_impl.c index 47b60a6..5defb10 100644 --- a/src/wolfcrypt/src/wc_lms_impl.c +++ b/src/wolfcrypt/src/wc_lms_impl.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -3208,7 +3208,7 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key, int wc_hss_reload_key(LmsState* state, const byte* priv_raw, HssPrivKey* priv_key, byte* priv_data, byte* pub_root) { - int ret; + int ret = 0; (void)pub_root; @@ -3217,27 +3217,34 @@ int wc_hss_reload_key(LmsState* state, const byte* priv_raw, priv_key->inited = 0; #endif - /* Expand the raw private key into the private key data. */ - ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 0); -#ifndef WOLFSSL_WC_LMS_SMALL - if ((ret == 0) && (!priv_key->inited)) { - /* Initialize the authentication paths and caches for all trees. */ - ret = wc_hss_init_auth_path(state, priv_key, pub_root); - #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING - if (ret == 0) { - ret = wc_hss_next_subtrees_init(state, priv_key); - } - #endif - #if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1) - if (ret == 0) { - /* Calculate signatures for trees not at bottom. */ - ret = wc_hss_presign(state, priv_key); +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + if (pub_root != NULL) +#endif + { + /* Expand the raw private key into the private key data. */ + ret = wc_hss_expand_private_key(state, priv_key->priv, priv_raw, 0); + #ifndef WOLFSSL_WC_LMS_SMALL + if ((ret == 0) && (!priv_key->inited)) { + /* Initialize the authentication paths and caches for all trees. */ + ret = wc_hss_init_auth_path(state, priv_key, pub_root); + #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING + if (ret == 0) { + ret = wc_hss_next_subtrees_init(state, priv_key); + } + #endif + #if !defined(WOLFSSL_LMS_NO_SIG_CACHE) && (LMS_MAX_LEVELS > 1) + if (ret == 0) { + /* Calculate signatures for trees not at bottom. */ + ret = wc_hss_presign(state, priv_key); + } + #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ } - #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ - /* Set initialized flag. */ - priv_key->inited = (ret == 0); + #endif /* WOLFSSL_WC_LMS_SMALL */ } -#endif /* WOLFSSL_WC_LMS_SMALL */ +#ifndef WOLFSSL_WC_LMS_SMALL + /* Set initialized flag. */ + priv_key->inited = (ret == 0); +#endif return ret; } @@ -3301,6 +3308,10 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, wc_lmots_public_key_encode(params, priv_key->priv, pub); } +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE + wc_hss_priv_data_store(state->params, priv_key, priv_data); +#endif + return ret; } @@ -3581,7 +3592,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, * * @param [in, out] state LMS state. * @param [in, out] priv_raw Raw private key bytes. - * @param [in, out] priv_key Private key data. + * @param [in, out] priv_key Private key. * @param [in, out] priv_data Private key data. * @param [in] msg Message to sign. * @param [in] msgSz Length of message in bytes. diff --git a/src/wolfcrypt/src/wc_mlkem.c b/src/wolfcrypt/src/wc_mlkem.c index a370279..cebdc00 100644 --- a/src/wolfcrypt/src/wc_mlkem.c +++ b/src/wolfcrypt/src/wc_mlkem.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -65,6 +65,12 @@ #include +#ifdef WC_MLKEM_NO_ASM + #undef USE_INTEL_SPEEDUP + #undef WOLFSSL_ARMASM + #undef WOLFSSL_RISCV_ASM +#endif + #include #include #include @@ -668,8 +674,8 @@ static int mlkemkey_encapsulate(MlKemKey* key, const byte* m, byte* r, byte* c) sword16 y[3 * WC_ML_KEM_MAX_K * MLKEM_N]; #endif #endif - sword16* u; - sword16* v; + sword16* u = 0; + sword16* v = 0; /* Establish parameters based on key type. */ switch (key->type) { @@ -1144,7 +1150,8 @@ static MLKEM_NOINLINE int mlkemkey_decapsulate(MlKemKey* key, byte* m, sword16* w; unsigned int k = 0; unsigned int compVecSz; -#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) || \ + (!defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)) sword16* u = NULL; #else sword16 u[(WC_ML_KEM_MAX_K + 1) * MLKEM_N]; @@ -1198,7 +1205,8 @@ static MLKEM_NOINLINE int mlkemkey_decapsulate(MlKemKey* key, byte* m, break; } -#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) || \ + (!defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)) if (ret == 0) { /* Allocate dynamic memory for a vector and a polynomial. */ u = (sword16*)XMALLOC((k + 1) * MLKEM_N * sizeof(sword16), key->heap, @@ -1254,7 +1262,8 @@ static MLKEM_NOINLINE int mlkemkey_decapsulate(MlKemKey* key, byte* m, /* Step 8: return m */ } -#if !defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC) +#if defined(WOLFSSL_SMALL_STACK) || \ + (!defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_NO_MALLOC)) /* Dispose of dynamically memory allocated in function. */ XFREE(u, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif diff --git a/src/wolfcrypt/src/wc_mlkem_poly.c b/src/wolfcrypt/src/wc_mlkem_poly.c index e5f4a18..e2e1849 100644 --- a/src/wolfcrypt/src/wc_mlkem_poly.c +++ b/src/wolfcrypt/src/wc_mlkem_poly.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -69,6 +69,12 @@ #include +#ifdef WC_MLKEM_NO_ASM + #undef USE_INTEL_SPEEDUP + #undef WOLFSSL_ARMASM + #undef WOLFSSL_RISCV_ASM +#endif + #include #include @@ -2274,14 +2280,31 @@ void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u, static int mlkem_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed) { int i; +#ifdef WOLFSSL_SMALL_STACK + byte *rand = NULL; + word64 *state = NULL; +#else byte rand[4 * GEN_MATRIX_SIZE + 2]; word64 state[25 * 4]; +#endif unsigned int ctr0; unsigned int ctr1; unsigned int ctr2; unsigned int ctr3; byte* p; +#ifdef WOLFSSL_SMALL_STACK + rand = (byte*)XMALLOC(4 * GEN_MATRIX_SIZE + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if ((rand == NULL) || (state == NULL)) { + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ rand[4 * GEN_MATRIX_SIZE + 0] = 0xff; rand[4 * GEN_MATRIX_SIZE + 1] = 0xff; @@ -2345,6 +2368,11 @@ static int mlkem_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed) p, XOF_BLOCK_SIZE); } +#ifdef WOLFSSL_SMALL_STACK + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; } #endif @@ -2365,14 +2393,31 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) { int i; int k; +#ifdef WOLFSSL_SMALL_STACK + byte *rand = NULL; + word64 *state = NULL; +#else byte rand[4 * GEN_MATRIX_SIZE + 2]; word64 state[25 * 4]; +#endif unsigned int ctr0; unsigned int ctr1; unsigned int ctr2; unsigned int ctr3; byte* p; +#ifdef WOLFSSL_SMALL_STACK + rand = (byte*)XMALLOC(4 * GEN_MATRIX_SIZE + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if ((rand == NULL) || (state == NULL)) { + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ rand[4 * GEN_MATRIX_SIZE + 0] = 0xff; rand[4 * GEN_MATRIX_SIZE + 1] = 0xff; @@ -2442,6 +2487,7 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); state[20] = W64LIT(0x8000000000000000); for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { +#ifndef WC_SHA3_NO_ASM if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } @@ -2450,13 +2496,16 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) sha3_block_avx2(state); RESTORE_VECTOR_REGISTERS(); } - else { + else +#endif /* !WC_SHA3_NO_ASM */ + { BlockSha3(state); } XMEMCPY(rand + i, state, SHA3_128_BYTES); } ctr0 = mlkem_rej_uniform_n_avx2(a, MLKEM_N, rand, GEN_MATRIX_SIZE); while (ctr0 < MLKEM_N) { +#ifndef WC_SHA3_NO_ASM if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } @@ -2465,7 +2514,9 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) sha3_block_avx2(state); RESTORE_VECTOR_REGISTERS(); } - else { + else +#endif /* !WC_SHA3_NO_ASM */ + { BlockSha3(state); } XMEMCPY(rand, state, SHA3_128_BYTES); @@ -2473,6 +2524,11 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) XOF_BLOCK_SIZE); } +#ifdef WOLFSSL_SMALL_STACK + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; } #endif @@ -2492,14 +2548,31 @@ static int mlkem_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) { int i; int k; +#ifdef WOLFSSL_SMALL_STACK + byte *rand = NULL; + word64 *state = NULL; +#else byte rand[4 * GEN_MATRIX_SIZE + 2]; word64 state[25 * 4]; +#endif unsigned int ctr0; unsigned int ctr1; unsigned int ctr2; unsigned int ctr3; byte* p; +#ifdef WOLFSSL_SMALL_STACK + rand = (byte*)XMALLOC(4 * GEN_MATRIX_SIZE + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if ((rand == NULL) || (state == NULL)) { + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ rand[4 * GEN_MATRIX_SIZE + 0] = 0xff; rand[4 * GEN_MATRIX_SIZE + 1] = 0xff; @@ -2563,6 +2636,11 @@ static int mlkem_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) a += 4 * MLKEM_N; } +#ifdef WOLFSSL_SMALL_STACK + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; } #endif /* WOLFSSL_KYBER1024 || WOLFSSL_WC_ML_KEM_1024 */ @@ -2988,6 +3066,7 @@ static int mlkem_prf(wc_Shake* shake256, byte* out, unsigned int outLen, unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE); /* Perform a block operation on the state for next block of output. */ +#ifndef WC_SHA3_NO_ASM if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } @@ -2996,7 +3075,9 @@ static int mlkem_prf(wc_Shake* shake256, byte* out, unsigned int outLen, sha3_block_avx2(state); RESTORE_VECTOR_REGISTERS(); } - else { + else +#endif /* !WC_SHA3_NO_ASM */ + { BlockSha3(state); } @@ -3043,6 +3124,7 @@ int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen) XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); +#ifndef WC_SHA3_NO_ASM if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } @@ -3050,7 +3132,9 @@ int mlkem_kdf(byte* seed, int seedLen, byte* out, int outLen) sha3_block_avx2(state); RESTORE_VECTOR_REGISTERS(); } - else { + else +#endif + { BlockSha3(state); } XMEMCPY(out, state, outLen); @@ -4055,6 +4139,7 @@ static int mlkem_get_noise_eta2_avx2(MLKEM_PRF_T* prf, sword16* p, state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); /* Perform a block operation on the state for next block of output. */ +#ifndef WC_SHA3_NO_ASM if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } @@ -4062,7 +4147,9 @@ static int mlkem_get_noise_eta2_avx2(MLKEM_PRF_T* prf, sword16* p, sha3_block_avx2(state); RESTORE_VECTOR_REGISTERS(); } - else { + else +#endif /* !WC_SHA3_NO_ASM */ + { BlockSha3(state); } mlkem_cbd_eta2_avx2(p, (byte*)state); @@ -4120,7 +4207,17 @@ static int mlkem_get_noise_k2_avx2(MLKEM_PRF_T* prf, sword16* vec1, sword16* vec2, sword16* poly, byte* seed) { int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + byte *rand; +#else byte rand[4 * PRF_RAND_SZ]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + rand = (byte*)XMALLOC(4 * PRF_RAND_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (rand == NULL) + return MEMORY_E; +#endif mlkem_get_noise_x4_eta3_avx2(rand, seed); mlkem_cbd_eta3_avx2(vec1 , rand + 0 * PRF_RAND_SZ); @@ -4137,6 +4234,10 @@ static int mlkem_get_noise_k2_avx2(MLKEM_PRF_T* prf, sword16* vec1, ret = mlkem_get_noise_eta2_avx2(prf, poly, seed); } +#ifdef WOLFSSL_SMALL_STACK + XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif diff --git a/src/wolfcrypt/src/wc_pkcs11.c b/src/wolfcrypt/src/wc_pkcs11.c index efacd74..d8a2916 100644 --- a/src/wolfcrypt/src/wc_pkcs11.c +++ b/src/wolfcrypt/src/wc_pkcs11.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -535,7 +535,7 @@ static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev, CK_RV rv; CK_ULONG slotCnt = 0; CK_TOKEN_INFO tinfo; - int index = -1; + int idx = -1; CK_SLOT_ID* slot = NULL; rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt); @@ -547,12 +547,12 @@ static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev, rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt); if (rv != CKR_OK) goto out; - for (index = 0; index < (int)slotCnt; index++) { - rv = dev->func->C_GetTokenInfo(slot[index], &tinfo); + for (idx = 0; idx < (int)slotCnt; idx++) { + rv = dev->func->C_GetTokenInfo(slot[idx], &tinfo); PKCS11_RV("C_GetTokenInfo", rv); if (rv == CKR_OK && XMEMCMP(tinfo.label, tokenName, tokenNameSz) == 0) { - ret = (int)slot[index]; + ret = (int)slot[idx]; break; } } diff --git a/src/wolfcrypt/src/wc_port.c b/src/wolfcrypt/src/wc_port.c index a757852..3c63d26 100644 --- a/src/wolfcrypt/src/wc_port.c +++ b/src/wolfcrypt/src/wc_port.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -25,6 +25,10 @@ #include #endif +#include +#ifdef HAVE_ENTROPY_MEMUSE + #include +#endif #ifdef HAVE_ECC #include #endif @@ -68,6 +72,10 @@ #include #endif +#if defined(WOLFSSL_TROPIC01) + #include +#endif + #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) \ && !defined(WOLFCRYPT_ONLY) #include @@ -145,6 +153,10 @@ /* prevent multiple mutex initializations */ static volatile int initRefCount = 0; +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM_BARRIER_DETECT) +int aarch64_use_sb = 0; +#endif + /* Used to initialize state for wolfcrypt return 0 on success */ @@ -155,6 +167,10 @@ int wolfCrypt_Init(void) if (initRefCount == 0) { WOLFSSL_ENTER("wolfCrypt_Init"); + #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_BARRIER_DETECT) + aarch64_use_sb = IS_AARCH64_SB(cpuid_get_flags()); + #endif + #ifdef WOLFSSL_CHECK_MEM_ZERO /* Initialize the mutex for access to the list of memory locations that * must be freed. */ @@ -285,7 +301,13 @@ int wolfCrypt_Init(void) #if defined(WOLFSSL_STSAFEA100) stsafe_interface_init(); #endif - + #if defined(WOLFSSL_TROPIC01) + ret = Tropic01_Init(); + if (ret != 0) { + WOLFSSL_MSG("Tropic01 init failed"); + return ret; + } + #endif #if defined(WOLFSSL_PSOC6_CRYPTO) ret = psoc6_crypto_port_init(); if (ret != 0) { @@ -339,13 +361,20 @@ int wolfCrypt_Init(void) return ret; #endif -#ifdef HAVE_ENTROPY_MEMUSE - ret = Entropy_Init(); - if (ret != 0) { - WOLFSSL_MSG("Error initializing entropy"); - return ret; - } -#endif + #if defined(USE_WINDOWS_API) && defined(WIN_REUSE_CRYPT_HANDLE) + /* A failure here should not happen, but if it does the actual RNG seed + * call will fail. This init is for a shared crypt provider handle for + * RNG */ + (void)wc_WinCryptHandleInit(); + #endif + + #ifdef HAVE_ENTROPY_MEMUSE + ret = Entropy_Init(); + if (ret != 0) { + WOLFSSL_MSG("Error initializing entropy"); + return ret; + } + #endif #ifdef HAVE_ECC #ifdef FP_ECC @@ -498,6 +527,9 @@ int wolfCrypt_Cleanup(void) #ifdef WOLFSSL_SILABS_SE_ACCEL ret = sl_se_deinit(); #endif + #if defined(WOLFSSL_TROPIC01) + Tropic01_Deinit(); + #endif #if defined(WOLFSSL_RENESAS_TSIP) tsip_Close(); #endif @@ -516,6 +548,10 @@ int wolfCrypt_Cleanup(void) Entropy_Final(); #endif + #if defined(USE_WINDOWS_API) && defined(WIN_REUSE_CRYPT_HANDLE) + wc_WinCryptHandleCleanup(); + #endif + #ifdef WOLF_CRYPTO_CB wc_CryptoCb_Cleanup(); #endif @@ -2177,32 +2213,7 @@ int wolfSSL_HwPkMutexUnLock(void) } #elif defined(WOLFSSL_LINUXKM) - /* Linux kernel mutex routines are voids, alas. */ - - int wc_InitMutex(wolfSSL_Mutex* m) - { - mutex_init(m); - return 0; - } - - int wc_FreeMutex(wolfSSL_Mutex* m) - { - mutex_destroy(m); - return 0; - } - - int wc_LockMutex(wolfSSL_Mutex* m) - { - mutex_lock(m); - return 0; - } - - - int wc_UnLockMutex(wolfSSL_Mutex* m) - { - mutex_unlock(m); - return 0; - } + /* defined as inlines in linuxkm/linuxkm_wc_port.h */ #elif defined(WOLFSSL_VXWORKS) @@ -3929,7 +3940,21 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) { if (cond == NULL) return BAD_FUNC_ARG; - #if defined(__OS2__) + #if defined(__MACH__) + cond->cond = dispatch_semaphore_create(0); + if (cond->cond == NULL) + return MEMORY_E; + + /* dispatch_release() fails hard, with Trace/BPT trap signal, if the + * sem's internal count is less than the value passed in with + * dispatch_semaphore_create(). work around this by initializing + * with 0, then incrementing it afterwards. + */ + if (dispatch_semaphore_signal(s->sem) < 0) { + dispatch_release(s->sem); + return MEMORY_E; + } + #elif defined(__OS2__) DosCreateMutexSem( NULL, &cond->mutex, 0, FALSE ); DosCreateEventSem( NULL, &cond->cond, DCE_POSTONE, FALSE ); #elif defined(__NT__) @@ -3960,7 +3985,9 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) { if (cond == NULL) return BAD_FUNC_ARG; - #if defined(__OS2__) + #if defined(__MACH__) + dispatch_release(cond->cond); + #elif defined(__OS2__) DosCloseMutexSem(cond->mutex); DosCloseEventSem(cond->cond); #elif defined(__NT__) @@ -3980,7 +4007,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) { if (cond == NULL) return BAD_FUNC_ARG; - #if defined(__OS2__) + #if defined(__MACH__) + #elif defined(__OS2__) #elif defined(__NT__) if (wc_LockMutex(&cond->mutex) != 0) return BAD_MUTEX_E; @@ -3995,7 +4023,9 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) { if (cond == NULL) return BAD_FUNC_ARG; - #if defined(__OS2__) + #if defined(__MACH__) + dispatch_semaphore_signal(cond->cond); + #elif defined(__OS2__) #elif defined(__NT__) if (wc_UnLockMutex(&cond->mutex) != 0) return BAD_MUTEX_E; @@ -4016,7 +4046,9 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) { if (cond == NULL) return BAD_FUNC_ARG; - #if defined(__OS2__) + #if defined(__MACH__) + dispatch_semaphore_wait(cond->cond, DISPATCH_TIME_FOREVER); + #elif defined(__OS2__) #elif defined(__NT__) if (wc_UnLockMutex(&cond->mutex) != 0) return BAD_MUTEX_E; @@ -4599,4 +4631,10 @@ noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr, return (wolfssl_linuxkm_get_pie_redirect_table()-> alt_cb_patch_nops)(alt, origptr, updptr, nr_inst); } + +void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val) +{ + return (wolfssl_linuxkm_get_pie_redirect_table()-> + queued_spin_lock_slowpath)(lock, val); +} #endif diff --git a/src/wolfcrypt/src/wc_xmss.c b/src/wolfcrypt/src/wc_xmss.c index 51b308b..6957471 100644 --- a/src/wolfcrypt/src/wc_xmss.c +++ b/src/wolfcrypt/src/wc_xmss.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -149,7 +149,13 @@ static WC_INLINE void wc_xmss_state_free(XmssState* state) */ typedef struct wc_XmssString { /* Name of algorithm as a string. */ +#ifdef WOLFSSL_NAMES_STATIC + const char str[32]; /* large enough for largest string in wc_xmss_alg[] or + * wc_xmssmt_alg[] + */ +#else const char* str; +#endif /* OID for algorithm. */ word32 oid; /* XMSS parameters. */ diff --git a/src/wolfcrypt/src/wc_xmss_impl.c b/src/wolfcrypt/src/wc_xmss_impl.c index 15b2184..720cfb2 100644 --- a/src/wolfcrypt/src/wc_xmss_impl.c +++ b/src/wolfcrypt/src/wc_xmss_impl.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2590,7 +2590,7 @@ static void wc_xmss_bds_state_treehash_set_next_idx(BdsState* bds, int i, static void wc_xmss_bds_state_treehash_complete(BdsState* bds, int i) { byte* sk = bds->treeHash + i * 4; - sk[3] |= 1 << 7; + sk[3] |= 1 << 7; /* // NOLINT(clang-analyzer-core.NullDereference) */ } /* Get the tree hash data at specified index for the BDS state. diff --git a/src/wolfcrypt/src/wolfevent.c b/src/wolfcrypt/src/wolfevent.c index 34d5740..5f3818f 100644 --- a/src/wolfcrypt/src/wolfevent.c +++ b/src/wolfcrypt/src/wolfevent.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfcrypt/src/wolfmath.c b/src/wolfcrypt/src/wolfmath.c index 9f14d01..c29e294 100644 --- a/src/wolfcrypt/src/wolfmath.c +++ b/src/wolfcrypt/src/wolfmath.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -85,7 +85,7 @@ void mp_reverse(unsigned char *s, int len) } } -int get_digit_count(const mp_int* a) +int mp_get_digit_count(const mp_int* a) { if (a == NULL) return 0; @@ -93,7 +93,7 @@ int get_digit_count(const mp_int* a) return (int)a->used; } -mp_digit get_digit(const mp_int* a, int n) +mp_digit mp_get_digit(const mp_int* a, int n) { if (a == NULL) return 0; @@ -135,13 +135,13 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) * When mask all set, b ^ b ^ a = a */ /* Conditionally copy all digits and then number of used digits. - * get_digit() returns 0 when index greater than available digit. + * mp_get_digit() returns 0 when index greater than available digit. */ for (i = 0; i < a->used; i++) { - b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask; + b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask; } for (; i < b->used; i++) { - b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask; + b->dp[i] ^= (mp_get_digit(a, (int)i) ^ mp_get_digit(b, (int)i)) & mask; } b->used ^= (a->used ^ b->used) & (wc_mp_size_t)mask; #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ @@ -156,7 +156,7 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) #ifndef WC_NO_RNG -int get_rand_digit(WC_RNG* rng, mp_digit* d) +int mp_get_rand_digit(WC_RNG* rng, mp_digit* d) { return wc_RNG_GenerateBlock(rng, (byte*)d, sizeof(mp_digit)); } @@ -205,7 +205,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) #endif /* ensure top digit is not zero */ while ((ret == MP_OKAY) && (a->dp[a->used - 1] == 0)) { - ret = get_rand_digit(rng, &a->dp[a->used - 1]); + ret = mp_get_rand_digit(rng, &a->dp[a->used - 1]); #ifdef USE_INTEGER_HEAP_MATH a->dp[a->used - 1] &= MP_MASK; #endif @@ -511,6 +511,54 @@ const char *wc_GetMathInfo(void) " no-malloc" #endif #endif + + /* ARM Assembly speedups */ + #if defined(WOLFSSL_ARMASM) || defined(USE_INTEL_SPEEDUP) + "\n\tAssembly Speedups:" + + #ifdef WOLFSSL_ARMASM + " ARMASM" + #ifdef WOLFSSL_ARMASM_THUMB2 + " THUMB2" + #endif + #ifdef WOLFSSL_ARMASM_INLINE + " INLINE" + #endif + #ifdef WOLFSSL_ARMASM_NO_HW_CRYPTO + " NO_HW_CRYPTO" + #endif + #ifdef WOLFSSL_ARMASM_NO_NEON + " NO_NEON" + #endif + #ifdef WOLFSSL_ARM_ARCH + " ARM ARCH=" WC_STRINGIFY(WOLFSSL_ARM_ARCH) + #endif + #endif + + #ifdef USE_INTEL_SPEEDUP + " INTELASM" + #ifdef USE_INTEL_SPEEDUP_FOR_AES + " AES" + #endif + #endif + + #ifdef WOLFSSL_USE_ALIGN + " ALIGN" + #endif + #ifdef HAVE_INTEL_RDRAND + " INTEL_RDRAND" + #endif + #ifdef HAVE_AMD_RDSEED + " AMD_RDSEED" + #endif + #ifdef WOLFSSL_X86_64_BUILD + " X86_64_BUILD" + #endif + #ifdef WOLFSSL_X86_BUILD + " X86_BUILD" + #endif + #endif + ; } #endif /* HAVE_WC_INTROSPECTION */ diff --git a/src/wolfssl-arduino.cpp b/src/wolfssl-arduino.cpp index 19c50a6..a047eff 100644 --- a/src/wolfssl-arduino.cpp +++ b/src/wolfssl-arduino.cpp @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl.h b/src/wolfssl.h index 8b29806..85f2bf5 100644 --- a/src/wolfssl.h +++ b/src/wolfssl.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/bio.c b/src/wolfssl/bio.c index 0b52a6c..ce74983 100644 --- a/src/wolfssl/bio.c +++ b/src/wolfssl/bio.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2392,13 +2392,28 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_new_connect"); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); if (bio) { - const char* port = XSTRSTR(str, ":"); + const char* port; +#ifdef WOLFSSL_IPV6 + const char* ipv6Start = XSTRSTR(str, "["); + const char* ipv6End = XSTRSTR(str, "]"); + + if (ipv6End) + port = XSTRSTR(ipv6End, ":"); + else +#endif + port = XSTRSTR(str, ":"); if (port != NULL) bio->port = (word16)XATOI(port + 1); else port = str + XSTRLEN(str); /* point to null terminator */ +#ifdef WOLFSSL_IPV6 + if (ipv6Start && ipv6End) { + str = ipv6Start + 1; + port = ipv6End; + } +#endif bio->ip = (char*)XMALLOC( (size_t)(port - str) + 1, /* +1 for null char */ bio->heap, DYNAMIC_TYPE_OPENSSL); diff --git a/src/wolfssl/callbacks.h b/src/wolfssl/callbacks.h index a75e483..4d58676 100644 --- a/src/wolfssl/callbacks.h +++ b/src/wolfssl/callbacks.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/crl.h b/src/wolfssl/crl.h index 56f5003..059edee 100644 --- a/src/wolfssl/crl.h +++ b/src/wolfssl/crl.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/error-ssl.h b/src/wolfssl/error-ssl.h index bc3e641..3873b25 100644 --- a/src/wolfssl/error-ssl.h +++ b/src/wolfssl/error-ssl.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -220,6 +220,7 @@ enum wolfSSL_ErrorCodes { POST_HAND_AUTH_ERROR = -504, /* client won't do post-hand auth */ HRR_COOKIE_ERROR = -505, /* HRR msg cookie mismatch */ UNSUPPORTED_CERTIFICATE = -506, /* unsupported certificate type */ + DTLS_PARTIAL_RECORD_READ = -455, /* received a partial record in a datagram */ /* PEM and EVP errors */ WOLFSSL_PEM_R_NO_START_LINE_E = -507, diff --git a/src/wolfssl/evp.c b/src/wolfssl/evp.c index 7054f80..5c9ac3e 100644 --- a/src/wolfssl/evp.c +++ b/src/wolfssl/evp.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -2538,9 +2538,11 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_E if (ctx == NULL) return NULL; XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX)); ctx->pkey = pkey; -#if !defined(NO_RSA) +#ifndef NO_RSA ctx->padding = WC_RSA_PKCS1_PADDING; ctx->md = NULL; + ctx->mgf1_md = NULL; + ctx->saltlen = 0; #endif #ifdef HAVE_ECC if (pkey->ecc && pkey->ecc->group) { @@ -2593,6 +2595,42 @@ int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx, return WOLFSSL_SUCCESS; } +int wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md(WOLFSSL_EVP_PKEY_CTX *ctx, + const WOLFSSL_EVP_MD *md) +{ + wolfSSL_EVP_PKEY_CTX_set_rsa_padding(ctx, WC_RSA_PKCS1_OAEP_PADDING); + return wolfSSL_EVP_PKEY_CTX_set_signature_md(ctx, md); +} + +int wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen(WOLFSSL_EVP_PKEY_CTX *ctx, + int saltlen) +{ + if (ctx == NULL) return 0; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen"); + wolfSSL_EVP_PKEY_CTX_set_rsa_padding(ctx, WC_RSA_PKCS1_PSS_PADDING); +#ifndef NO_RSA + ctx->saltlen = saltlen; +#else + (void)saltlen; +#endif + return WOLFSSL_SUCCESS; +} + +int wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md(WOLFSSL_EVP_PKEY_CTX *ctx, + const WOLFSSL_EVP_MD *md) +{ + if (ctx == NULL) return 0; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md"); +#ifndef NO_RSA + /* Hash digest algorithm used with Mask Generation Function 1 (MGF1) for + * RSA-PSS and RSA-OAEP. */ + ctx->mgf1_md = md; +#else + (void)md; +#endif + return WOLFSSL_SUCCESS; +} + /* create a PKEY context and return it */ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e) { @@ -3278,7 +3316,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, (void)tbslen; switch (ctx->pkey->type) { -#if !defined(NO_RSA) +#ifndef NO_RSA case WC_EVP_PKEY_RSA: { unsigned int usiglen = (unsigned int)*siglen; if (!sig) { @@ -3291,17 +3329,17 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, *siglen = (size_t)len; return WOLFSSL_SUCCESS; } - /* wolfSSL_RSA_sign_generic_padding performs a check that the output - * sig buffer is large enough */ - if (wolfSSL_RSA_sign_generic_padding(wolfSSL_EVP_MD_type(ctx->md), tbs, - (unsigned int)tbslen, sig, &usiglen, ctx->pkey->rsa, 1, - ctx->padding) != WOLFSSL_SUCCESS) { + + if (wolfSSL_RSA_sign_mgf(wolfSSL_EVP_MD_type(ctx->md), tbs, + (unsigned int)tbslen, sig, &usiglen, ctx->pkey->rsa, 1, + ctx->padding, wolfSSL_EVP_MD_type(ctx->mgf1_md), ctx->saltlen + ) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } *siglen = (size_t)usiglen; return WOLFSSL_SUCCESS; } -#endif /* NO_RSA */ +#endif /* !NO_RSA */ #ifndef NO_DSA case WC_EVP_PKEY_DSA: { @@ -3434,12 +3472,12 @@ int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig, return WOLFSSL_FAILURE; switch (ctx->pkey->type) { -#if !defined(NO_RSA) +#ifndef NO_RSA case WC_EVP_PKEY_RSA: - return wolfSSL_RSA_verify_ex(WC_HASH_TYPE_NONE, tbs, + return wolfSSL_RSA_verify_mgf(wolfSSL_EVP_MD_type(ctx->md), tbs, (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa, - ctx->padding); -#endif /* NO_RSA */ + ctx->padding, wolfSSL_EVP_MD_type(ctx->mgf1_md), ctx->saltlen); +#endif /* !NO_RSA */ #ifndef NO_DSA case WC_EVP_PKEY_DSA: { @@ -10193,8 +10231,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) return WC_NID_undef; } - for( ent = md_tbl; ent->name != NULL; ent++){ - if(XSTRCMP((const char *)type, ent->name) == 0) { + for (ent = md_tbl; ent->name != NULL; ent++) { + if (XSTRCMP((const char *)type, ent->name) == 0) { return ent->nid; } } diff --git a/src/wolfssl/internal.h b/src/wolfssl/internal.h index 9cdbdb6..07b75f2 100644 --- a/src/wolfssl/internal.h +++ b/src/wolfssl/internal.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -249,8 +249,8 @@ #endif #endif -#if !defined(CHAR_BIT) || (defined(OPENSSL_EXTRA) && !defined(INT_MAX)) - /* Needed for DTLS without big math and INT_MAX */ +#if !defined(WOLFCRYPT_ONLY) && !defined(INT_MAX) + /* Needed for TLS/DTLS limit checking (Added in 91aad90c59 Jan 24, 2025) */ #include #endif @@ -300,6 +300,10 @@ #include #endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_KEYLOGFILE */ +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + #include +#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ + #ifdef __cplusplus extern "C" { #endif @@ -532,12 +536,13 @@ #endif #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ - !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) - #ifdef HAVE_AES_CBC + !defined(NO_AES) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_128) #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA #endif - - #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) + #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 #endif #endif @@ -1085,13 +1090,17 @@ #undef WSSL_HARDEN_TLS -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) -#define SSL_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? (ssl)->client_ca_names : \ +/* Client CA Names feature */ +#if !defined(WOLFSSL_NO_CA_NAMES) && defined(OPENSSL_EXTRA) + #define SSL_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? \ + (ssl)->client_ca_names : \ (ssl)->ctx->client_ca_names) #else -#define WOLFSSL_NO_CA_NAMES + #undef WOLFSSL_NO_CA_NAMES + #define WOLFSSL_NO_CA_NAMES #endif + /* actual cipher values, 2nd byte */ enum { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16, @@ -2547,6 +2556,8 @@ typedef struct CRL_Entry CRL_Entry; #error CRL_MAX_REVOKED_CERTS too big, max is 22000 #endif #endif + +#ifdef HAVE_CRL /* Complete CRL */ struct CRL_Entry { byte* toBeSigned; @@ -2559,6 +2570,7 @@ struct CRL_Entry { /* DupCRL_Entry copies data after the `verifyMutex` member. Using the mutex * as the marker because clang-tidy doesn't like taking the sizeof a * pointer. */ + byte crlNumber[CRL_MAX_NUM_SZ]; /* CRL number extension */ byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ /* restore the hash here if needed for optimized comparisons */ @@ -2586,10 +2598,10 @@ struct CRL_Entry { byte* sigParams; /* buffer with signature parameters */ #endif #if !defined(NO_SKID) && !defined(NO_ASN) - byte extAuthKeyIdSet; byte extAuthKeyId[KEYID_SIZE]; + byte extAuthKeyIdSet:1; /* Auth key identifier set indicator */ #endif - int crlNumber; /* CRL number extension */ + byte crlNumberSet:1; /* CRL number set indicator */ }; @@ -2642,6 +2654,7 @@ struct WOLFSSL_CRL { #endif void* heap; /* heap hint for dynamic memory */ }; +#endif #ifdef NO_ASN @@ -4233,6 +4246,10 @@ struct WOLFSSL_CTX { #if defined(WOLFSSL_SYS_CRYPTO_POLICY) int secLevel; /* The security level of system-wide crypto policy. */ #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + CFMutableArrayRef testTrustedCAs; +#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ }; WOLFSSL_LOCAL @@ -4269,6 +4286,13 @@ int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif #endif +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + WOLFSSL_API + int wolfSSL_TestAppleNativeCertValidation_AppendCA(WOLFSSL_CTX* ctx, + const byte* derCert, + int derLen); +#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ + /* All cipher suite related info * Keep as a constant size (no ifdefs) for session export */ typedef struct CipherSpecs { @@ -6389,7 +6413,8 @@ WOLFSSL_TEST_VIS void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, int format, int type, WOLFSSL* ssl, - long* used, int userChain, int verify); + long* used, int userChain, int verify, + const char *source_name); WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify); @@ -6707,6 +6732,8 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted); WOLFSSL_LOCAL int EarlySanityCheckMsgReceived(WOLFSSL* ssl, byte type, word32 msgSz); +WOLFSSL_LOCAL int GetHandshakeHeader(WOLFSSL* ssl, const byte* input, + word32* inOutIdx, byte* type, word32* size, word32 totalSz); #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret); #endif @@ -7122,8 +7149,9 @@ WOLFSSL_LOCAL WC_RNG* wolfssl_make_global_rng(void); #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) -WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, const WOLFSSL_EVP_CIPHER* cipher, - unsigned char* passwd, int passwdSz, byte **cipherInfo, int maxDerSz); +WOLFSSL_LOCAL int EncryptDerKey(byte *der, int *derSz, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + byte **cipherInfo, int maxDerSz, int hashType); #endif #endif diff --git a/src/wolfssl/ocsp.h b/src/wolfssl/ocsp.h index 69b5c14..a887299 100644 --- a/src/wolfssl/ocsp.h +++ b/src/wolfssl/ocsp.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/aes.h b/src/wolfssl/openssl/aes.h index 4710f72..9a644ac 100644 --- a/src/wolfssl/openssl/aes.h +++ b/src/wolfssl/openssl/aes.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/asn1.h b/src/wolfssl/openssl/asn1.h index b9e2c19..5ec5486 100644 --- a/src/wolfssl/openssl/asn1.h +++ b/src/wolfssl/openssl/asn1.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/asn1t.h b/src/wolfssl/openssl/asn1t.h index 2a52b3b..47aba84 100644 --- a/src/wolfssl/openssl/asn1t.h +++ b/src/wolfssl/openssl/asn1t.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/bio.h b/src/wolfssl/openssl/bio.h index 73214ab..a9db325 100644 --- a/src/wolfssl/openssl/bio.h +++ b/src/wolfssl/openssl/bio.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/bn.h b/src/wolfssl/openssl/bn.h index 45411f5..3fea539 100644 --- a/src/wolfssl/openssl/bn.h +++ b/src/wolfssl/openssl/bn.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -132,6 +132,7 @@ WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn); WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b); +WOLFSSL_API int wolfSSL_BN_ucmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b); WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, @@ -243,6 +244,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_is_word wolfSSL_BN_is_word #define BN_cmp wolfSSL_BN_cmp +#define BN_ucmp wolfSSL_BN_ucmp #define BN_bn2bin wolfSSL_BN_bn2bin #define BN_bin2bn wolfSSL_BN_bin2bn diff --git a/src/wolfssl/openssl/buffer.h b/src/wolfssl/openssl/buffer.h index 548d744..fa9bf3e 100644 --- a/src/wolfssl/openssl/buffer.h +++ b/src/wolfssl/openssl/buffer.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/camellia.h b/src/wolfssl/openssl/camellia.h index fe5b17c..b3d7c83 100644 --- a/src/wolfssl/openssl/camellia.h +++ b/src/wolfssl/openssl/camellia.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/cmac.h b/src/wolfssl/openssl/cmac.h index 489396c..cadf514 100644 --- a/src/wolfssl/openssl/cmac.h +++ b/src/wolfssl/openssl/cmac.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/cms.h b/src/wolfssl/openssl/cms.h index 291c08d..88c4f82 100644 --- a/src/wolfssl/openssl/cms.h +++ b/src/wolfssl/openssl/cms.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/compat_types.h b/src/wolfssl/openssl/compat_types.h index 58113c4..2fb133e 100644 --- a/src/wolfssl/openssl/compat_types.h +++ b/src/wolfssl/openssl/compat_types.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/conf.h b/src/wolfssl/openssl/conf.h index d2e2eb4..d059c59 100644 --- a/src/wolfssl/openssl/conf.h +++ b/src/wolfssl/openssl/conf.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/crypto.h b/src/wolfssl/openssl/crypto.h index e05468e..9673d55 100644 --- a/src/wolfssl/openssl/crypto.h +++ b/src/wolfssl/openssl/crypto.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/des.h b/src/wolfssl/openssl/des.h index 9554c2a..ae569dc 100644 --- a/src/wolfssl/openssl/des.h +++ b/src/wolfssl/openssl/des.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/dh.h b/src/wolfssl/openssl/dh.h index 70b1087..d723451 100644 --- a/src/wolfssl/openssl/dh.h +++ b/src/wolfssl/openssl/dh.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/dsa.h b/src/wolfssl/openssl/dsa.h index d5f64bb..055d97b 100644 --- a/src/wolfssl/openssl/dsa.h +++ b/src/wolfssl/openssl/dsa.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ec.h b/src/wolfssl/openssl/ec.h index d68217b..f1d76aa 100644 --- a/src/wolfssl/openssl/ec.h +++ b/src/wolfssl/openssl/ec.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ec25519.h b/src/wolfssl/openssl/ec25519.h index 92cf807..9757935 100644 --- a/src/wolfssl/openssl/ec25519.h +++ b/src/wolfssl/openssl/ec25519.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ec448.h b/src/wolfssl/openssl/ec448.h index ce2cc7c..11aab35 100644 --- a/src/wolfssl/openssl/ec448.h +++ b/src/wolfssl/openssl/ec448.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ecdh.h b/src/wolfssl/openssl/ecdh.h index 7fbc5a3..5f72bcf 100644 --- a/src/wolfssl/openssl/ecdh.h +++ b/src/wolfssl/openssl/ecdh.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ecdsa.h b/src/wolfssl/openssl/ecdsa.h index 12d003f..35989d8 100644 --- a/src/wolfssl/openssl/ecdsa.h +++ b/src/wolfssl/openssl/ecdsa.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ed25519.h b/src/wolfssl/openssl/ed25519.h index 9d67c6f..2a6aabb 100644 --- a/src/wolfssl/openssl/ed25519.h +++ b/src/wolfssl/openssl/ed25519.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ed448.h b/src/wolfssl/openssl/ed448.h index 793e66f..cf4b54c 100644 --- a/src/wolfssl/openssl/ed448.h +++ b/src/wolfssl/openssl/ed448.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/err.h b/src/wolfssl/openssl/err.h index 6723ded..864070a 100644 --- a/src/wolfssl/openssl/err.h +++ b/src/wolfssl/openssl/err.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/evp.h b/src/wolfssl/openssl/evp.h index 3192dbf..0d9cf86 100644 --- a/src/wolfssl/openssl/evp.h +++ b/src/wolfssl/openssl/evp.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -752,7 +752,9 @@ struct WOLFSSL_EVP_PKEY_CTX { #endif #ifndef NO_RSA const WOLFSSL_EVP_MD* md; -#endif + const WOLFSSL_EVP_MD* mgf1_md; + int saltlen; +#endif /* !NO_RSA */ }; struct WOLFSSL_ASN1_PCTX { @@ -947,6 +949,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx, const WOLFSSL_EVP_MD* md); WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen(WOLFSSL_EVP_PKEY_CTX *ctx, int saltlen); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md(WOLFSSL_EVP_PKEY_CTX *ctx, const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md(WOLFSSL_EVP_PKEY_CTX *ctx, const WOLFSSL_EVP_MD *md); WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer); @@ -1363,6 +1368,9 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_PKEY_CTX_set_signature_md wolfSSL_EVP_PKEY_CTX_set_signature_md #define EVP_PKEY_CTX_new_id wolfSSL_EVP_PKEY_CTX_new_id #define EVP_PKEY_CTX_set_rsa_keygen_bits wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits +#define EVP_PKEY_CTX_set_rsa_mgf1_md wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md +#define EVP_PKEY_CTX_set_rsa_pss_saltlen wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen +#define EVP_PKEY_CTX_set_rsa_oaep_md wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md #define EVP_PKEY_derive_init wolfSSL_EVP_PKEY_derive_init #define EVP_PKEY_derive_set_peer wolfSSL_EVP_PKEY_derive_set_peer #define EVP_PKEY_derive wolfSSL_EVP_PKEY_derive diff --git a/src/wolfssl/openssl/fips_rand.h b/src/wolfssl/openssl/fips_rand.h index 4142e7e..ab6f44d 100644 --- a/src/wolfssl/openssl/fips_rand.h +++ b/src/wolfssl/openssl/fips_rand.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/hmac.h b/src/wolfssl/openssl/hmac.h index b29d4fc..09d9901 100644 --- a/src/wolfssl/openssl/hmac.h +++ b/src/wolfssl/openssl/hmac.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -42,6 +42,7 @@ extern "C" { #endif +#define HMAC_MAX_MD_CBLOCK WC_MAX_BLOCK_SIZE WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, int key_len, diff --git a/src/wolfssl/openssl/kdf.h b/src/wolfssl/openssl/kdf.h index f36aedc..a618eb2 100644 --- a/src/wolfssl/openssl/kdf.h +++ b/src/wolfssl/openssl/kdf.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/lhash.h b/src/wolfssl/openssl/lhash.h index 6a86992..33f22de 100644 --- a/src/wolfssl/openssl/lhash.h +++ b/src/wolfssl/openssl/lhash.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/md4.h b/src/wolfssl/openssl/md4.h index 3d0549f..3babc18 100644 --- a/src/wolfssl/openssl/md4.h +++ b/src/wolfssl/openssl/md4.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/md5.h b/src/wolfssl/openssl/md5.h index 709c03f..6738106 100644 --- a/src/wolfssl/openssl/md5.h +++ b/src/wolfssl/openssl/md5.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/modes.h b/src/wolfssl/openssl/modes.h index 50342bd..8458db8 100644 --- a/src/wolfssl/openssl/modes.h +++ b/src/wolfssl/openssl/modes.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/obj_mac.h b/src/wolfssl/openssl/obj_mac.h index 3304158..d0eb3d3 100644 --- a/src/wolfssl/openssl/obj_mac.h +++ b/src/wolfssl/openssl/obj_mac.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/objects.h b/src/wolfssl/openssl/objects.h index 3325c83..d9e1a14 100644 --- a/src/wolfssl/openssl/objects.h +++ b/src/wolfssl/openssl/objects.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ocsp.h b/src/wolfssl/openssl/ocsp.h index 67ae0f1..588bbd5 100644 --- a/src/wolfssl/openssl/ocsp.h +++ b/src/wolfssl/openssl/ocsp.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/opensslv.h b/src/wolfssl/openssl/opensslv.h index e643a64..8d72cd5 100644 --- a/src/wolfssl/openssl/opensslv.h +++ b/src/wolfssl/openssl/opensslv.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ossl_typ.h b/src/wolfssl/openssl/ossl_typ.h index 084558d..743779f 100644 --- a/src/wolfssl/openssl/ossl_typ.h +++ b/src/wolfssl/openssl/ossl_typ.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/pem.h b/src/wolfssl/openssl/pem.h index 1cf4247..41c3524 100644 --- a/src/wolfssl/openssl/pem.h +++ b/src/wolfssl/openssl/pem.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/pkcs12.h b/src/wolfssl/openssl/pkcs12.h index a59798c..e202aa9 100644 --- a/src/wolfssl/openssl/pkcs12.h +++ b/src/wolfssl/openssl/pkcs12.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/pkcs7.h b/src/wolfssl/openssl/pkcs7.h index 84ae285..9f2a9c0 100644 --- a/src/wolfssl/openssl/pkcs7.h +++ b/src/wolfssl/openssl/pkcs7.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/rand.h b/src/wolfssl/openssl/rand.h index 4c41ed7..7971642 100644 --- a/src/wolfssl/openssl/rand.h +++ b/src/wolfssl/openssl/rand.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/rc4.h b/src/wolfssl/openssl/rc4.h index 309174b..524fdbc 100644 --- a/src/wolfssl/openssl/rc4.h +++ b/src/wolfssl/openssl/rc4.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ripemd.h b/src/wolfssl/openssl/ripemd.h index 0e80bb3..57ffb81 100644 --- a/src/wolfssl/openssl/ripemd.h +++ b/src/wolfssl/openssl/ripemd.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/rsa.h b/src/wolfssl/openssl/rsa.h index 111a89e..2b81525 100644 --- a/src/wolfssl/openssl/rsa.h +++ b/src/wolfssl/openssl/rsa.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -42,6 +42,17 @@ #define WC_RSA_PKCS1_OAEP_PADDING 1 #define WC_RSA_PKCS1_PSS_PADDING 2 +/* RSA PSS Salt special cases */ +/* Salt length same as digest length */ +#define WC_RSA_PSS_SALTLEN_DIGEST (-1) +/* Old max salt length */ +#define WC_RSA_PSS_SALTLEN_MAX_SIGN (-2) +/* Verification only value to indicate to discover salt length. */ +#define WC_RSA_PSS_SALTLEN_AUTO (-2) +/* Max salt length */ +#define WC_RSA_PSS_SALTLEN_MAX (-3) + + #ifndef OPENSSL_COEXIST /* Padding types */ @@ -60,14 +71,10 @@ #define RSA_FLAG_NO_BLINDING (1 << 7) #define RSA_FLAG_NO_CONSTTIME (1 << 8) -/* Salt length same as digest length */ -#define RSA_PSS_SALTLEN_DIGEST (-1) -/* Old max salt length */ -#define RSA_PSS_SALTLEN_MAX_SIGN (-2) -/* Verification only value to indicate to discover salt length. */ -#define RSA_PSS_SALTLEN_AUTO (-2) -/* Max salt length */ -#define RSA_PSS_SALTLEN_MAX (-3) +#define RSA_PSS_SALTLEN_DIGEST WC_RSA_PSS_SALTLEN_DIGEST +#define RSA_PSS_SALTLEN_MAX_SIGN WC_RSA_PSS_SALTLEN_MAX_SIGN +#define RSA_PSS_SALTLEN_AUTO WC_RSA_PSS_SALTLEN_AUTO +#define RSA_PSS_SALTLEN_MAX WC_RSA_PSS_SALTLEN_MAX #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* !OPENSSL_COEXIST */ @@ -140,21 +147,34 @@ WOLFSSL_API int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa); -WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa, - int flag); -WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, - int padding); -WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, - unsigned int mLen, const unsigned char* sig, - unsigned int sigLen, WOLFSSL_RSA* rsa); -WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, - unsigned int mLen, const unsigned char* sig, - unsigned int sigLen, WOLFSSL_RSA* rsa, - int padding); +WOLFSSL_API int wolfSSL_RSA_sign_ex(int hashAlg, + const unsigned char* hash, unsigned int hLen, + unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag); +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int hashAlg, + const unsigned char* hash, unsigned int hLen, + unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag, int padding); + +WOLFSSL_LOCAL int wolfSSL_RSA_sign_mgf(int hashAlg, + const unsigned char* hash, unsigned int hLen, + unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag, int padding, + int mgf1Hash, int saltLen); + +WOLFSSL_API int wolfSSL_RSA_verify(int hashAlg, + const unsigned char* hash, unsigned int hLen, + const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa); +WOLFSSL_API int wolfSSL_RSA_verify_ex(int hashAlg, + const unsigned char* hash, unsigned int hLen, + const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa, int padding); +WOLFSSL_LOCAL int wolfSSL_RSA_verify_mgf(int hashAlg, + const unsigned char* hash, unsigned int hLen, + const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa, int padding, + int mgf1Hash, int saltLen); WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, unsigned char* to, WOLFSSL_RSA* rsa, int padding); WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa); diff --git a/src/wolfssl/openssl/safestack.h b/src/wolfssl/openssl/safestack.h index e059a6e..7126af0 100644 --- a/src/wolfssl/openssl/safestack.h +++ b/src/wolfssl/openssl/safestack.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/sha.h b/src/wolfssl/openssl/sha.h index 4644a33..5c1802d 100644 --- a/src/wolfssl/openssl/sha.h +++ b/src/wolfssl/openssl/sha.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/sha3.h b/src/wolfssl/openssl/sha3.h index a970bfd..d3a2c4c 100644 --- a/src/wolfssl/openssl/sha3.h +++ b/src/wolfssl/openssl/sha3.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/srp.h b/src/wolfssl/openssl/srp.h index 978e05d..bd4e154 100644 --- a/src/wolfssl/openssl/srp.h +++ b/src/wolfssl/openssl/srp.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/ssl.h b/src/wolfssl/openssl/ssl.h index da16168..326f0fd 100644 --- a/src/wolfssl/openssl/ssl.h +++ b/src/wolfssl/openssl/ssl.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -505,6 +505,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define PEM_X509_INFO_read wolfSSL_PEM_X509_INFO_read #define i2d_PrivateKey wolfSSL_i2d_PrivateKey #define i2d_PublicKey wolfSSL_i2d_PublicKey +#define i2d_PrivateKey_bio wolfSSL_i2d_PrivateKey_bio #define i2d_X509_REQ wolfSSL_i2d_X509_REQ #define d2i_X509_REQ wolfSSL_d2i_X509_REQ diff --git a/src/wolfssl/openssl/stack.h b/src/wolfssl/openssl/stack.h index 16f71d3..56b54f3 100644 --- a/src/wolfssl/openssl/stack.h +++ b/src/wolfssl/openssl/stack.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/tls1.h b/src/wolfssl/openssl/tls1.h index b1992fc..20a0459 100644 --- a/src/wolfssl/openssl/tls1.h +++ b/src/wolfssl/openssl/tls1.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/txt_db.h b/src/wolfssl/openssl/txt_db.h index aa05d92..8ad0b18 100644 --- a/src/wolfssl/openssl/txt_db.h +++ b/src/wolfssl/openssl/txt_db.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/x509.h b/src/wolfssl/openssl/x509.h index e1eb78e..c61fbbb 100644 --- a/src/wolfssl/openssl/x509.h +++ b/src/wolfssl/openssl/x509.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/x509_vfy.h b/src/wolfssl/openssl/x509_vfy.h index c26b94d..8cbc0c5 100644 --- a/src/wolfssl/openssl/x509_vfy.h +++ b/src/wolfssl/openssl/x509_vfy.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/openssl/x509v3.h b/src/wolfssl/openssl/x509v3.h index c0ae5cc..123a9e3 100644 --- a/src/wolfssl/openssl/x509v3.h +++ b/src/wolfssl/openssl/x509v3.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -132,6 +132,11 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509v3_get_ext( + const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int loc); +WOLFSSL_API int wolfSSL_X509v3_get_ext_by_NID( + const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int nid, int lastpos); + WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #ifndef OPENSSL_COEXIST @@ -218,6 +223,8 @@ typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; #define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) #define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb #define X509v3_get_ext_count wolfSSL_sk_num +#define X509v3_get_ext_by_NID wolfSSL_X509v3_get_ext_by_NID +#define X509v3_get_ext wolfSSL_X509v3_get_ext #endif /* !OPENSSL_COEXIST */ diff --git a/src/wolfssl/quic.h b/src/wolfssl/quic.h index da8c50a..e1dab03 100644 --- a/src/wolfssl/quic.h +++ b/src/wolfssl/quic.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/sniffer.h b/src/wolfssl/sniffer.h index 929fcdc..f91ee66 100644 --- a/src/wolfssl/sniffer.h +++ b/src/wolfssl/sniffer.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -150,6 +150,8 @@ SSL_SNIFFER_API void ssl_InitSniffer_ex2(int threadNum); WOLFSSL_API SSL_SNIFFER_API void ssl_FreeSniffer(void); +WOLFSSL_API +SSL_SNIFFER_API void ssl_RemoveStaleSessions(void); /* ssl_SetPrivateKey typeKs */ enum { @@ -343,6 +345,11 @@ typedef int (*SSLSnifferSecretCb)(unsigned char* client_random, #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ +WOLFSSL_API +SSL_SNIFFER_API int ssl_RemoveSession(const char* clientIp, int clientPort, + const char* serverIp, int serverPort, + char* error); + #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/sniffer_error.h b/src/wolfssl/sniffer_error.h index bb574b4..e6a1852 100644 --- a/src/wolfssl/sniffer_error.h +++ b/src/wolfssl/sniffer_error.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/ssl.h b/src/wolfssl/ssl.h index 908d5c6..3e6865b 100644 --- a/src/wolfssl/ssl.h +++ b/src/wolfssl/ssl.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -1841,6 +1841,12 @@ WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e); WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e); /* -------- EXTRAS BEGIN -------- */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_EXTRA) +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx); +#endif + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); @@ -2144,9 +2150,6 @@ WOLFSSL_API int wolfSSL_num_locks(void); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( WOLFSSL_X509_STORE_CTX* ctx); -WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx); -WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx); - WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, @@ -2323,6 +2326,8 @@ WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der); WOLFSSL_API int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der); +WOLFSSL_API int wolfSSL_i2d_PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY* key); #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) WOLFSSL_API int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, const WOLFSSL_EVP_PKEY* pkey, @@ -2407,6 +2412,8 @@ WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t); #endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname); + +#ifndef WOLFSSL_NO_CA_NAMES WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( const WOLFSSL_CTX *ctx); /* deprecated function name */ @@ -2418,6 +2425,7 @@ WOLFSSL_API void wolfSSL_set_client_CA_list(WOLFSSL* ssl, WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( const WOLFSSL* ssl); +#endif /* !WOLFSSL_NO_CA_NAMES */ typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509, WOLFSSL_EVP_PKEY **pkey); @@ -3749,6 +3757,7 @@ typedef int (*CbCrlIO)(WOLFSSL_CRL* crl, const char* url, int urlSz); #ifdef HAVE_CRL_UPDATE_CB typedef struct CrlInfo { + byte crlNumber[CRL_MAX_NUM_SZ]; byte *issuerHash; word32 issuerHashLen; byte *lastDate; @@ -3757,7 +3766,7 @@ typedef struct CrlInfo { byte *nextDate; word32 nextDateMaxLen; byte nextDateFormat; - sword32 crlNumber; + byte crlNumberSet:1; } CrlInfo; typedef void (*CbUpdateCRL)(CrlInfo* old, CrlInfo* cnew); @@ -4617,6 +4626,11 @@ enum { * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/ * oqs-kem-info.md */ +#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + WOLFSSL_P256_ML_KEM_512_OLD = 12103, + WOLFSSL_P384_ML_KEM_768_OLD = 12104, + WOLFSSL_P521_ML_KEM_1024_OLD = 12105, +#endif WOLFSSL_P256_ML_KEM_512 = 12107, WOLFSSL_P384_ML_KEM_768 = 12108, WOLFSSL_P521_ML_KEM_1024 = 12109, diff --git a/src/wolfssl/test.h b/src/wolfssl/test.h index fa84ab0..ecce217 100644 --- a/src/wolfssl/test.h +++ b/src/wolfssl/test.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -527,6 +527,7 @@ err_sys_with_errno(const char* msg) #define cliEd448CertFile "certs/ed448/client-ed448.pem" #define cliEd448KeyFile "certs/ed448/client-ed448-priv.pem" #define caEd448CertFile "certs/ed448/ca-ed448.pem" +#define noIssuerCertFile "certs/empty-issuer-cert.pem" #define caCertFolder "certs/" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ @@ -590,6 +591,7 @@ err_sys_with_errno(const char* msg) #define cliEd448CertFile "./certs/ed448/client-ed448.pem" #define cliEd448KeyFile "./certs/ed448/client-ed448-priv.pem" #define caEd448CertFile "./certs/ed448/ca-ed448.pem" +#define noIssuerCertFile "./certs/empty-issuer-cert.pem" #define caCertFolder "./certs/" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ @@ -2084,6 +2086,7 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl, numCiphers = sk_num(supportedCiphers); for (i = 0; i < numCiphers; ++i) { + XMEMSET(buf, 0, sizeof(buf)); if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); @@ -2464,14 +2467,14 @@ static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR; static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) { char err_buffer[WOLFSSL_MAX_ERROR_SZ]; + int err; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_X509* peer; -#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(OPENSSL_EXTRA_X509_SMALL) +#endif +#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) WOLFSSL_BIO* bio = NULL; WOLFSSL_STACK* sk = NULL; X509* x509 = NULL; -#endif #endif /* Verify Callback Arguments: @@ -2489,10 +2492,17 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) will be discarded (only with SESSION_CERTS) */ - fprintf(stderr, "In verification callback, error = %d, %s\n", store->error, - wolfSSL_ERR_error_string((unsigned long) store->error, err_buffer)); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_EXTRA) + err = wolfSSL_X509_STORE_CTX_get_error(store); +#else + err = store->error; +#endif + + fprintf(stderr, "In verification callback, error = %d, %s\n", err, + wolfSSL_ERR_error_string((unsigned long) err, err_buffer)); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - peer = store->current_cert; + peer = wolfSSL_X509_STORE_CTX_get_current_cert(store); if (peer) { char* issuer = wolfSSL_X509_NAME_oneline( wolfSSL_X509_get_issuer_name(peer), 0, 0); @@ -2512,8 +2522,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); -#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(OPENSSL_EXTRA_X509_SMALL) +#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) /* avoid printing duplicate certs */ if (store->depth == 1) { int i; diff --git a/src/wolfssl/version.h b/src/wolfssl/version.h index c128a21..656a12e 100644 --- a/src/wolfssl/version.h +++ b/src/wolfssl/version.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.8.0" -#define LIBWOLFSSL_VERSION_HEX 0x05008000 +#define LIBWOLFSSL_VERSION_STRING "5.8.2" +#define LIBWOLFSSL_VERSION_HEX 0x05008002 #ifdef __cplusplus } diff --git a/src/wolfssl/wolfcrypt/aes.h b/src/wolfssl/wolfcrypt/aes.h index 128611c..90c9f47 100644 --- a/src/wolfssl/wolfcrypt/aes.h +++ b/src/wolfssl/wolfcrypt/aes.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/arc4.h b/src/wolfssl/wolfcrypt/arc4.h index cdddde8..f26f488 100644 --- a/src/wolfssl/wolfcrypt/arc4.h +++ b/src/wolfssl/wolfcrypt/arc4.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ascon.h b/src/wolfssl/wolfcrypt/ascon.h index 196a8ca..e67d995 100644 --- a/src/wolfssl/wolfcrypt/ascon.h +++ b/src/wolfssl/wolfcrypt/ascon.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/asn.h b/src/wolfssl/wolfcrypt/asn.h index e553059..03ebfd3 100644 --- a/src/wolfssl/wolfcrypt/asn.h +++ b/src/wolfssl/wolfcrypt/asn.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -44,12 +44,37 @@ that can be serialized and deserialized in a cross-platform way. #include +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + #ifndef NO_DH #include #endif #ifndef NO_DSA #include #endif +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_ED448 + #include +#endif +#ifdef HAVE_SPHINCS + #include +#endif +#ifdef HAVE_FALCON + #include +#endif +#ifdef HAVE_DILITHIUM + #include +#endif #ifndef NO_SHA #include #endif @@ -327,7 +352,7 @@ WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data, WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output); WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, - int complete, const byte* input, word32* inOutIdx, word32 maxIdx); + int complete, const byte* input, word32* inOutIdx, word32 length); #ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num); @@ -789,13 +814,14 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; /* otherName strings */ #define WOLFSSL_SN_MS_UPN "msUPN" #define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name" - #define WOLFSSL_MS_UPN_SUM 265 + #define WOLFSSL_MS_UPN_SUM UPN_OID #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV" #define WOLFSSL_LN_DNS_SRV "SRVName" + #define WOLFSSL_DNS_SRV_SUM DNS_SRV_OID /* TLS features extension strings */ #define WOLFSSL_SN_TLS_FEATURE "tlsfeature" #define WOLFSSL_LN_TLS_FEATURE "TLS Feature" - #define WOLFSSL_TLS_FEATURE_SUM 92 + #define WOLFSSL_TLS_FEATURE_SUM TLS_FEATURE_OID #endif /* Maximum number of allowed subject alternative names in a certificate. @@ -875,7 +901,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WC_SN_sm3 "SM3" /* NIDs */ -#define WC_NID_netscape_cert_type WC_NID_undef +#define WC_NID_netscape_cert_type 71 #define WC_NID_des 66 #define WC_NID_des3 67 #define WC_NID_sha256 672 @@ -898,23 +924,23 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WC_NID_initials 101 /* 2.5.4.43 */ #define WC_NID_title 106 #define WC_NID_description 107 -#define WC_NID_basic_constraints 133 -#define WC_NID_key_usage 129 /* 2.5.29.15 */ -#define WC_NID_ext_key_usage 151 /* 2.5.29.37 */ -#define WC_NID_subject_key_identifier 128 -#define WC_NID_authority_key_identifier 149 -#define WC_NID_private_key_usage_period 130 /* 2.5.29.16 */ -#define WC_NID_subject_alt_name 131 -#define WC_NID_issuer_alt_name 132 -#define WC_NID_info_access 69 -#define WC_NID_sinfo_access 79 /* id-pe 11 */ -#define WC_NID_name_constraints 144 /* 2.5.29.30 */ -#define WC_NID_crl_distribution_points 145 /* 2.5.29.31 */ -#define WC_NID_certificate_policies 146 -#define WC_NID_policy_mappings 147 -#define WC_NID_policy_constraints 150 -#define WC_NID_inhibit_any_policy 168 /* 2.5.29.54 */ -#define WC_NID_tlsfeature 1020 /* id-pe 24 */ +#define WC_NID_basic_constraints BASIC_CA_OID +#define WC_NID_key_usage KEY_USAGE_OID /* 2.5.29.15 */ +#define WC_NID_ext_key_usage EXT_KEY_USAGE_OID /* 2.5.29.37 */ +#define WC_NID_subject_key_identifier SUBJ_KEY_OID +#define WC_NID_authority_key_identifier AUTH_KEY_OID +#define WC_NID_private_key_usage_period PRIV_KEY_USAGE_PERIOD_OID +#define WC_NID_subject_alt_name ALT_NAMES_OID +#define WC_NID_issuer_alt_name ISSUE_ALT_NAMES_OID +#define WC_NID_info_access AUTH_INFO_OID +#define WC_NID_sinfo_access SUBJ_INFO_ACC_OID /* id-pe 11 */ +#define WC_NID_name_constraints NAME_CONS_OID /* 2.5.29.30 */ +#define WC_NID_crl_distribution_points CRL_DIST_OID /* 2.5.29.31 */ +#define WC_NID_certificate_policies CERT_POLICY_OID +#define WC_NID_policy_mappings POLICY_MAP_OID +#define WC_NID_policy_constraints POLICY_CONST_OID +#define WC_NID_inhibit_any_policy INHIBIT_ANY_OID /* 2.5.29.54 */ +#define WC_NID_tlsfeature TLS_FEATURE_OID /* id-pe 24 */ #define WC_NID_buildingName 1494 #define WC_NID_dnQualifier 174 /* 2.5.4.46 */ @@ -940,7 +966,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define WC_NID_registeredAddress 870 #define WC_NID_emailAddress 0x30 /* emailAddress */ #define WC_NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */ -#define WC_NID_ms_upn 265 /* 1.3.6.1.4.1.311.20.2.3 */ +#define WC_NID_ms_upn UPN_OID /* 1.3.6.1.4.1.311.20.2.3 */ #define WC_NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ @@ -1081,8 +1107,6 @@ enum ECC_TYPES #endif enum Misc_ASN { - MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ - MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ ASN_BOOL_SIZE = 2, /* including type */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ @@ -1103,60 +1127,10 @@ enum Misc_ASN { , DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ - DSA_PUB_INTS = 4, /* DSA ints in public key */ - DSA_INTS = 5, /* DSA ints in private key */ MIN_DATE_SIZE = 12, MAX_DATE_SIZE = 32, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ -#ifdef HAVE_SPHINCS - MAX_ENCODED_SIG_SZ = 51200, -#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - MAX_ENCODED_SIG_SZ = 5120, -#elif !defined(NO_RSA) -#ifdef WOLFSSL_HAPROXY - MAX_ENCODED_SIG_SZ = 1024, /* Supports 8192 bit keys */ -#else - MAX_ENCODED_SIG_SZ = 512, /* Supports 4096 bit keys */ -#endif -#elif defined(HAVE_ECC) - MAX_ENCODED_SIG_SZ = 140, -#elif defined(HAVE_CURVE448) - MAX_ENCODED_SIG_SZ = 114, -#else - MAX_ENCODED_SIG_SZ = 64, -#endif - MAX_SIG_SZ = 256, - MAX_ALGO_SZ = 20, - MAX_LENGTH_SZ = WOLFSSL_ASN_MAX_LENGTH_SZ, /* Max length size for DER encoding */ - MAX_SHORT_SZ = (1 + MAX_LENGTH_SZ), /* asn int + byte len + 4 byte length */ - MAX_SEQ_SZ = (1 + MAX_LENGTH_SZ), /* enum(seq | con) + length(5) */ - MAX_SET_SZ = (1 + MAX_LENGTH_SZ), /* enum(set | con) + length(5) */ - MAX_OCTET_STR_SZ = (1 + MAX_LENGTH_SZ), /* enum(set | con) + length(5) */ - MAX_EXP_SZ = (1 + MAX_LENGTH_SZ), /* enum(contextspec|con|exp) + length(5) */ - MAX_PRSTR_SZ = (1 + MAX_LENGTH_SZ), /* enum(prstr) + length(5) */ - MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ - MAX_ENCODED_DIG_ASN_SZ = (5 + MAX_LENGTH_SZ), /* enum(bit or octet) + length(5) */ - MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ - MAX_RSA_INT_SZ = (512 + 1 + MAX_LENGTH_SZ), /* RSA raw sz 4096 for bits + tag + len(5) */ - MAX_DSA_INT_SZ = (384 + 1 + MAX_LENGTH_SZ), /* DSA raw sz 3072 for bits + tag + len(5) */ - MAX_DSA_PUBKEY_SZ = (DSA_PUB_INTS * MAX_DSA_INT_SZ) + (2 * MAX_SEQ_SZ) + - 2 + MAX_LENGTH_SZ, /* Maximum size of a DSA public - key taken from wc_SetDsaPublicKey. */ - MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ + - MAX_VERSION_SZ, /* Maximum size of a DSA Private - key taken from DsaKeyIntsToDer. */ -#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */ -#endif - MAX_RSA_E_SZ = 16, /* Max RSA public e size */ - MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ - MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ - MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, - /* Maximum DER digest size */ - MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, - /* Maximum DER digest ASN header size */ - /* Max X509 header length indicates the max length + 2 ('\n', '\0') */ - MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */ + #ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_REQ /* Max encoded cert req attributes length */ @@ -1169,12 +1143,14 @@ enum Misc_ASN { #else MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, #endif - /* Max total extensions, id + len + others */ + /* Max total extensions, id + len + others */ +#endif +#ifndef MAX_OID_SZ + MAX_OID_SZ = 32, /* Max DER length of OID*/ #endif #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) || \ defined(HAVE_OID_DECODING) || defined(HAVE_OID_ENCODING) - MAX_OID_SZ = 32, /* Max DER length of OID*/ MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif #ifdef WOLFSSL_CERT_EXT @@ -1194,16 +1170,6 @@ enum Misc_ASN { OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ -#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - MAX_PUBLIC_KEY_SZ = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, -#else - MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, -#endif -#ifdef WOLFSSL_ENCRYPTED_KEYS - HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ -#else - HEADER_ENCRYPTED_KEY_SIZE = 0, -#endif TRAILING_ZERO = 1, /* Used for size of zero pad */ ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ ASN_INDEF_END_SZ = 2, /* 0x00 0x00 at end of indef */ @@ -1220,6 +1186,7 @@ enum Misc_ASN { #endif PKCS5_SALT_SZ = 8, + PKCS5V2_SALT_SZ = 16, PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ @@ -1267,375 +1234,6 @@ enum Oid_Types { }; -enum Hash_Sum { - MD2h = 646, - MD4h = 648, - MD5h = 649, - SHAh = 88, - SHA224h = 417, - SHA256h = 414, - SHA384h = 415, - SHA512h = 416, - SHA512_224h = 418, - SHA512_256h = 419, - SHA3_224h = 420, - SHA3_256h = 421, - SHA3_384h = 422, - SHA3_512h = 423, - SHAKE128h = 424, - SHAKE256h = 425, - SM3h = 640 -}; - -#if !defined(NO_DES3) || !defined(NO_AES) -enum Block_Sum { -#ifdef WOLFSSL_AES_128 - AES128CBCb = 414, - AES128GCMb = 418, - AES128CCMb = 419, -#endif -#ifdef WOLFSSL_AES_192 - AES192CBCb = 434, - AES192GCMb = 438, - AES192CCMb = 439, -#endif -#ifdef WOLFSSL_AES_256 - AES256CBCb = 454, - AES256GCMb = 458, - AES256CCMb = 459, -#endif -#ifndef NO_DES3 - DESb = 69, - DES3b = 652 -#endif -}; -#endif /* !NO_DES3 || !NO_AES */ - - -enum Key_Sum { - ANONk = 0, - DSAk = 515, - RSAk = 645, - RSAPSSk = 654, - RSAESOAEPk = 651, /* 1.2.840.113549.1.1.7 */ - ECDSAk = 518, - SM2k = 667, - ED25519k = 256, /* 1.3.101.112 */ - X25519k = 254, /* 1.3.101.110 */ - ED448k = 257, /* 1.3.101.113 */ - X448k = 255, /* 1.3.101.111 */ - DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ - FALCON_LEVEL1k = 273, /* 1.3.9999.3.6 */ - FALCON_LEVEL5k = 276, /* 1.3.9999.3.9 */ - DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ - DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ - DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ - ML_DSA_LEVEL2k = 431, /* 2.16.840.1.101.3.4.3.17 */ - ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */ - ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */ - SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */ - SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */ - SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */ - SPHINCS_SMALL_LEVEL1k = 287, /* 1 3 9999 6 7 10 */ - SPHINCS_SMALL_LEVEL3k = 285, /* 1 3 9999 6 8 7 */ - SPHINCS_SMALL_LEVEL5k = 286 /* 1 3 9999 6 9 7 */ -}; - -#if !defined(NO_AES) || defined(HAVE_PKCS7) -enum KeyWrap_Sum { -#ifdef WOLFSSL_AES_128 - AES128_WRAP = 417, -#endif -#ifdef WOLFSSL_AES_192 - AES192_WRAP = 437, -#endif -#ifdef WOLFSSL_AES_256 - AES256_WRAP = 457, -#endif -#ifdef HAVE_PKCS7 - PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */ -#endif -}; -#endif /* !NO_AES || PKCS7 */ - -enum Key_Agree { - dhSinglePass_stdDH_sha1kdf_scheme = 464, - dhSinglePass_stdDH_sha224kdf_scheme = 188, - dhSinglePass_stdDH_sha256kdf_scheme = 189, - dhSinglePass_stdDH_sha384kdf_scheme = 190, - dhSinglePass_stdDH_sha512kdf_scheme = 191 -}; - - - -enum KDF_Sum { - PBKDF2_OID = 660, - MGF1_OID = 652 -}; - - -enum HMAC_Sum { - HMAC_SHA224_OID = 652, - HMAC_SHA256_OID = 653, - HMAC_SHA384_OID = 654, - HMAC_SHA512_OID = 655, - HMAC_SHA3_224_OID = 426, - HMAC_SHA3_256_OID = 427, - HMAC_SHA3_384_OID = 428, - HMAC_SHA3_512_OID = 429 -}; - - -enum Extensions_Sum { - BASIC_CA_OID = 133, /* 2.5.29.19 */ - ALT_NAMES_OID = 131, /* 2.5.29.17 */ - CRL_DIST_OID = 145, /* 2.5.29.31 */ - AUTH_INFO_OID = 69, /* 1.3.6.1.5.5.7.1.1 */ - AUTH_KEY_OID = 149, /* 2.5.29.35 */ - SUBJ_KEY_OID = 128, /* 2.5.29.14 */ - CERT_POLICY_OID = 146, /* 2.5.29.32 */ - CRL_NUMBER_OID = 134, /* 2.5.29.20 */ - KEY_USAGE_OID = 129, /* 2.5.29.15 */ - INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ - EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ - NAME_CONS_OID = 144, /* 2.5.29.30 */ - PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ - SUBJ_INFO_ACC_OID = 79, /* 1.3.6.1.5.5.7.1.11 */ - POLICY_MAP_OID = 147, /* 2.5.29.33 */ - POLICY_CONST_OID = 150, /* 2.5.29.36 */ - ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */ - TLS_FEATURE_OID = 92, /* 1.3.6.1.5.5.7.1.24 */ - NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */ - OCSP_NOCHECK_OID = 121, /* 1.3.6.1.5.5.7.48.1.5 - id-pkix-ocsp-nocheck */ - SUBJ_DIR_ATTR_OID = 123, /* 2.5.29.9 */ - - AKEY_PACKAGE_OID = 1048, /* 2.16.840.1.101.2.1.2.78.5 - RFC 5958 - Asymmetric Key Packages */ - FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 Federal PKI Policy FASC-N */ - UPN_OID = 265, /* 1.3.6.1.4.1.311.20.2.3 UPN */ -#ifdef WOLFSSL_DUAL_ALG_CERTS - SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */ - ALT_SIG_ALG_OID = 187, /* 2.5.29.73 alt sig alg */ - ALT_SIG_VAL_OID = 188, /* 2.5.29.74 alt sig val */ -#endif - WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum) -}; - -enum CertificatePolicy_Sum { - CP_ANY_OID = 146, /* id-ce 32 0 */ - CP_ISRG_DOMAIN_VALID = 430, /* 1.3.6.1.4.1.44947.1.1.1 */ -#ifdef WOLFSSL_FPKI - /* Federal PKI OIDs */ - CP_FPKI_HIGH_ASSURANCE_OID = 417, /* 2.16.840.1.101.3.2.1.3.4 */ - CP_FPKI_COMMON_HARDWARE_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ - CP_FPKI_MEDIUM_HARDWARE_OID = 425, /* 2.16.840.1.101.3.2.1.3.12 */ - CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ - CP_FPKI_COMMON_HIGH_OID = 429, /* 2.16.840.1.101.3.2.1.3.16 */ - CP_FPKI_PIVI_HARDWARE_OID = 431, /* 2.16.840.1.101.3.2.1.3.18 */ - CP_FPKI_PIVI_CONTENT_SIGNING_OID = 433, /* 2.16.840.1.101.3.2.1.3.20 */ - CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */ - CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, /* 2.16.840.1.101.3.2.1.3.38 */ - CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ - CP_FPKI_PIV_AUTH_OID = 453, /* 2.16.840.1.101.3.2.1.3.40 */ - CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ - CP_FPKI_PIVI_AUTH_OID = 458, /* 2.16.840.1.101.3.2.1.3.45 */ - CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, /* 2.16.840.1.101.3.2.1.3.47 */ - - /* Federal PKI Test OIDs */ - CP_FPKI_AUTH_TEST_OID = 469, /* 2.16.840.1.101.3.2.1.48.11 */ - CP_FPKI_CARDAUTH_TEST_OID = 471, /* 2.16.840.1.101.3.2.1.48.13 */ - CP_FPKI_PIV_CONTENT_TEST_OID = 544, /* 2.16.840.1.101.3.2.1.48.86 */ - CP_FPKI_PIV_AUTH_DERIVED_TEST_OID = 567, /* 2.16.840.1.101.3.2.1.48.109 */ - CP_FPKI_PIV_AUTH_DERIVED_HW_TEST_OID = 568, /* 2.16.840.1.101.3.2.1.48.110 */ - - /* DoD PKI OIDs */ - CP_DOD_MEDIUM_OID = 423, /* 2.16.840.1.101.2.1.11.5 */ - CP_DOD_MEDIUM_HARDWARE_OID = 427, /* 2.16.840.1.101.2.1.11.9 */ - CP_DOD_PIV_AUTH_OID = 428, /* 2.16.840.1.101.2.1.11.10 */ - CP_DOD_MEDIUM_NPE_OID = 435, /* 2.16.840.1.101.2.1.11.17 */ - CP_DOD_MEDIUM_2048_OID = 436, /* 2.16.840.1.101.2.1.11.18 */ - CP_DOD_MEDIUM_HARDWARE_2048_OID = 437, /* 2.16.840.1.101.2.1.11.19 */ - CP_DOD_PIV_AUTH_2048_OID = 438, /* 2.16.840.1.101.2.1.11.20 */ - CP_DOD_PEER_INTEROP_OID = 100449, /* 2.16.840.1.101.2.1.11.31 */ - CP_DOD_MEDIUM_NPE_112_OID = 100454, /* 2.16.840.1.101.2.1.11.36 */ - CP_DOD_MEDIUM_NPE_128_OID = 455, /* 2.16.840.1.101.2.1.11.37 */ - CP_DOD_MEDIUM_NPE_192_OID = 456, /* 2.16.840.1.101.2.1.11.38 */ - CP_DOD_MEDIUM_112_OID = 457, /* 2.16.840.1.101.2.1.11.39 */ - CP_DOD_MEDIUM_128_OID = 100458, /* 2.16.840.1.101.2.1.11.40 */ - CP_DOD_MEDIUM_192_OID = 459, /* 2.16.840.1.101.2.1.11.41 */ - CP_DOD_MEDIUM_HARDWARE_112_OID = 100460, /* 2.16.840.1.101.2.1.11.42 */ - CP_DOD_MEDIUM_HARDWARE_128_OID = 461, /* 2.16.840.1.101.2.1.11.43 */ - CP_DOD_MEDIUM_HARDWARE_192_OID = 462, /* 2.16.840.1.101.2.1.11.44 */ - CP_DOD_ADMIN_OID = 477, /* 2.16.840.1.101.2.1.11.59 */ - CP_DOD_INTERNAL_NPE_112_OID = 478, /* 2.16.840.1.101.2.1.11.60 */ - CP_DOD_INTERNAL_NPE_128_OID = 479, /* 2.16.840.1.101.2.1.11.61 */ - CP_DOD_INTERNAL_NPE_192_OID = 480, /* 2.16.840.1.101.2.1.11.62 */ - - /* ECA PKI OIDs */ - CP_ECA_MEDIUM_OID = 100423, /* 2.16.840.1.101.3.2.1.12.1 */ - CP_ECA_MEDIUM_HARDWARE_OID = 424, /* 2.16.840.1.101.3.2.1.12.2 */ - CP_ECA_MEDIUM_TOKEN_OID = 100425, /* 2.16.840.1.101.3.2.1.12.3 */ - CP_ECA_MEDIUM_SHA256_OID = 100426, /* 2.16.840.1.101.3.2.1.12.4 */ - CP_ECA_MEDIUM_TOKEN_SHA256_OID = 100427, /* 2.16.840.1.101.3.2.1.12.5 */ - CP_ECA_MEDIUM_HARDWARE_PIVI_OID = 100428, /* 2.16.840.1.101.3.2.1.12.6 */ - CP_ECA_CONTENT_SIGNING_PIVI_OID = 100430, /* 2.16.840.1.101.3.2.1.12.8 */ - CP_ECA_MEDIUM_DEVICE_SHA256_OID = 431, /* 2.16.840.1.101.3.2.1.12.9 */ - CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 432, /* 2.16.840.1.101.3.2.1.12.10 */ - - /* Department of State PKI OIDs */ - CP_STATE_BASIC_OID = 100417, /* 2.16.840.1.101.3.2.1.6.1 */ - CP_STATE_LOW_OID = 418, /* 2.16.840.1.101.3.2.1.6.2 */ - CP_STATE_MODERATE_OID = 100419, /* 2.16.840.1.101.3.2.1.6.3 */ - CP_STATE_HIGH_OID = 100420, /* 2.16.840.1.101.3.2.1.6.4 */ - CP_STATE_MEDHW_OID = 101428, /* 2.16.840.1.101.3.2.1.6.12 */ - CP_STATE_MEDDEVHW_OID = 101454, /* 2.16.840.1.101.3.2.1.6.38 */ - - /* U.S. Treasury SSP PKI OIDs */ - CP_TREAS_MEDIUMHW_OID = 419, /* 2.16.840.1.101.3.2.1.5.4 */ - CP_TREAS_HIGH_OID = 101420, /* 2.16.840.1.101.3.2.1.5.5 */ - CP_TREAS_PIVI_HW_OID = 101425, /* 2.16.840.1.101.3.2.1.5.10 */ - CP_TREAS_PIVI_CONTENT_OID = 101427, /* 2.16.840.1.101.3.2.1.5.12 */ - - /* Boeing PKI OIDs */ - CP_BOEING_MEDIUMHW_SHA256_OID = 159, /* 1.3.6.1.4.1.73.15.3.1.12 */ - CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID = 164, /* 1.3.6.1.4.1.73.15.3.1.17 */ - - /* Carillon Federal Services OIDs */ - CP_CARILLON_MEDIUMHW_256_OID = 467, /* 1.3.6.1.4.1.45606.3.1.12 */ - CP_CARILLON_AIVHW_OID = 475, /* 1.3.6.1.4.1.45606.3.1.20 */ - CP_CARILLON_AIVCONTENT_OID = 100477, /* 1.3.6.1.4.1.45606.3.1.22 */ - - /* Carillon Information Security OIDs */ - CP_CIS_MEDIUMHW_256_OID = 489, /* 1.3.6.1.4.1.25054.3.1.12 */ - CP_CIS_MEDDEVHW_256_OID = 491, /* 1.3.6.1.4.1.25054.3.1.14 */ - CP_CIS_ICECAP_HW_OID = 497, /* 1.3.6.1.4.1.25054.3.1.20 */ - CP_CIS_ICECAP_CONTENT_OID = 499, /* 1.3.6.1.4.1.25054.3.1.22 */ - - /* CertiPath Bridge OIDs */ - CP_CERTIPATH_MEDIUMHW_OID = 100459, /* 1.3.6.1.4.1.24019.1.1.1.2 */ - CP_CERTIPATH_HIGHHW_OID = 101460, /* 1.3.6.1.4.1.24019.1.1.1.3 */ - CP_CERTIPATH_ICECAP_HW_OID = 464, /* 1.3.6.1.4.1.24019.1.1.1.7 */ - CP_CERTIPATH_ICECAP_CONTENT_OID = 466, /* 1.3.6.1.4.1.24019.1.1.1.9 */ - CP_CERTIPATH_VAR_MEDIUMHW_OID = 100475, /* 1.3.6.1.4.1.24019.1.1.1.18 */ - CP_CERTIPATH_VAR_HIGHHW_OID = 476, /* 1.3.6.1.4.1.24019.1.1.1.19 */ - - /* TSCP Bridge OIDs */ - CP_TSCP_MEDIUMHW_OID = 442, /* 1.3.6.1.4.1.38099.1.1.1.2 */ - CP_TSCP_PIVI_OID = 445, /* 1.3.6.1.4.1.38099.1.1.1.5 */ - CP_TSCP_PIVI_CONTENT_OID = 447, /* 1.3.6.1.4.1.38099.1.1.1.7 */ - - /* DigiCert NFI PKI OIDs */ - CP_DIGICERT_NFSSP_MEDIUMHW_OID = 796, /* 2.16.840.1.113733.1.7.23.3.1.7 */ - CP_DIGICERT_NFSSP_AUTH_OID = 802, /* 2.16.840.1.113733.1.7.23.3.1.13 */ - CP_DIGICERT_NFSSP_PIVI_HW_OID = 807, /* 2.16.840.1.113733.1.7.23.3.1.18 */ - CP_DIGICERT_NFSSP_PIVI_CONTENT_OID = 809, /* 2.16.840.1.113733.1.7.23.3.1.20 */ - CP_DIGICERT_NFSSP_MEDDEVHW_OID = 825, /* 2.16.840.1.113733.1.7.23.3.1.36 */ - - /* Entrust Managed Services NFI PKI OIDs */ - CP_ENTRUST_NFSSP_MEDIUMHW_OID = 1017, /* 2.16.840.1.114027.200.3.10.7.2 */ - CP_ENTRUST_NFSSP_MEDAUTH_OID = 1019, /* 2.16.840.1.114027.200.3.10.7.4 */ - CP_ENTRUST_NFSSP_PIVI_HW_OID = 1021, /* 2.16.840.1.114027.200.3.10.7.6 */ - CP_ENTRUST_NFSSP_PIVI_CONTENT_OID = 1024, /* 2.16.840.1.114027.200.3.10.7.9 */ - CP_ENTRUST_NFSSP_MEDDEVHW_OID = 1031, /* 2.16.840.1.114027.200.3.10.7.16 */ - - /* Exostar LLC PKI OIDs */ - CP_EXOSTAR_MEDIUMHW_SHA2_OID = 100424, /* 1.3.6.1.4.1.13948.1.1.1.6 */ - - /* IdenTrust NFI OIDs */ - CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, /* 2.16.840.1.113839.0.100.12.1 */ - CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, /* 2.16.840.1.113839.0.100.12.2 */ - CP_IDENTRUST_PIVI_HW_ID_OID = 851, /* 2.16.840.1.113839.0.100.18.0 */ - CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, /* 2.16.840.1.113839.0.100.18.1 */ - CP_IDENTRUST_PIVI_HW_ENC_OID = 853, /* 2.16.840.1.113839.0.100.18.2 */ - CP_IDENTRUST_PIVI_CONTENT_OID = 854, /* 2.16.840.1.113839.0.100.20.1 */ - - /* Lockheed Martin PKI OIDs */ - CP_LOCKHEED_MEDIUMHW_OID = 266, /* 1.3.6.1.4.1.103.100.1.1.3.3 */ - - /* Northrop Grumman PKI OIDs */ - CP_NORTHROP_MEDIUM_256_HW_OID = 654, /* 1.3.6.1.4.1.16334.509.2.8 */ - CP_NORTHROP_PIVI_256_HW_OID = 655, /* 1.3.6.1.4.1.16334.509.2.9 */ - CP_NORTHROP_PIVI_256_CONTENT_OID = 657, /* 1.3.6.1.4.1.16334.509.2.11 */ - CP_NORTHROP_MEDIUM_384_HW_OID = 660, /* 1.3.6.1.4.1.16334.509.2.14 */ - - /* Raytheon PKI OIDs */ - CP_RAYTHEON_MEDIUMHW_OID = 251, /* 1.3.6.1.4.1.1569.10.1.12 */ - CP_RAYTHEON_MEDDEVHW_OID = 257, /* 1.3.6.1.4.1.1569.10.1.18 */ - CP_RAYTHEON_SHA2_MEDIUMHW_OID = 433, /* 1.3.6.1.4.1.26769.10.1.12 */ - CP_RAYTHEON_SHA2_MEDDEVHW_OID = 439, /* 1.3.6.1.4.1.26769.10.1.18 */ - - /* WidePoint NFI PKI OIDs */ - CP_WIDEPOINT_MEDIUMHW_OID = 310, /* 1.3.6.1.4.1.3922.1.1.1.12 */ - CP_WIDEPOINT_PIVI_HW_OID = 316, /* 1.3.6.1.4.1.3922.1.1.1.18 */ - CP_WIDEPOINT_PIVI_CONTENT_OID = 318, /* 1.3.6.1.4.1.3922.1.1.1.20 */ - CP_WIDEPOINT_MEDDEVHW_OID = 336, /* 1.3.6.1.4.1.3922.1.1.1.38 */ - - /* Australian Defence Organisation PKI OIDs */ - CP_ADO_MEDIUM_OID = 293, /* 1.2.36.1.334.1.2.1.2 */ - CP_ADO_HIGH_OID = 294, /* 1.2.36.1.334.1.2.1.3 */ - CP_ADO_RESOURCE_MEDIUM_OID = 100294, /* 1.2.36.1.334.1.2.2.2 */ - - /* Comodo Ltd PKI OID */ - CP_COMODO_OID = 100293, /* 1.3.6.1.4.1.6449.1.2.1.3.4 */ - - /* Netherlands Ministry of Defence PKI OIDs */ - CP_NL_MOD_AUTH_OID = 496, /* 2.16.528.1.1003.1.2.5.1 */ - CP_NL_MOD_IRREFUT_OID = 100497, /* 2.16.528.1.1003.1.2.5.2 */ - CP_NL_MOD_CONFID_OID = 498, /* 2.16.528.1.1003.1.2.5.3 */ -#endif /* WOLFSSL_FPKI */ - WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum) -}; - -enum SepHardwareName_Sum { - HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ -}; - -enum AuthInfo_Sum { - AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1, id-ad-ocsp */ - AIA_CA_ISSUER_OID = 117, /* 1.3.6.1.5.5.7.48.2, id-ad-caIssuers */ - #ifdef WOLFSSL_SUBJ_INFO_ACC - AIA_CA_REPO_OID = 120, /* 1.3.6.1.5.5.7.48.5, id-ad-caRepository */ - #endif /* WOLFSSL_SUBJ_INFO_ACC */ - WOLF_ENUM_DUMMY_LAST_ELEMENT(AuthInfo_Sum) -}; - -#define ID_PKIX(num) (67+(num)) /* 1.3.6.1.5.5.7.num, id-pkix num */ -#define ID_KP(num) (ID_PKIX(3)+(num)) /* 1.3.6.1.5.5.7.3.num, id-kp num */ -enum ExtKeyUsage_Sum { /* From RFC 5280 */ - EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ - EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ - EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ - EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */ - EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */ - EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */ - EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */ - - /* From RFC 6187: X.509v3 Certificates for Secure Shell Authentication */ - EKU_SSH_CLIENT_AUTH_OID = ID_KP(21), /* id-kp-secureShellClient */ - EKU_SSH_MSCL_OID = 264, - /* 1.3.6.1.4.1.311.20.2.2, MS Smart Card Logon */ - EKU_SSH_KP_CLIENT_AUTH_OID = 64 - /* 1.3.6.1.5.2.3.4, id-pkinit-KPClientAuth*/ -}; - -#ifdef WOLFSSL_SUBJ_DIR_ATTR -#define ID_PDA(num) (ID_PKIX(9)+(num)) /* 1.3.6.1.5.5.7.9.num, id-pda num */ -enum SubjDirAttr_Sum { /* From RFC 3739, section 3.3.2 */ - SDA_DOB_OID = ID_PDA(1), /* id-pda-dateOfBirth */ - SDA_POB_OID = ID_PDA(2), /* id-pda-placeOfBirth */ - SDA_GENDER_OID = ID_PDA(3), /* id-pda-gender */ - SDA_COC_OID = ID_PDA(4), /* id-pda-countryOfCitizenship */ - SDA_COR_OID = ID_PDA(5) /* id-pda-countryOfResidence */ -}; -#endif /* WOLFSSL_SUBJ_DIR_ATTR */ - -#ifdef HAVE_LIBZ -enum CompressAlg_Sum { - ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */ -}; -#endif - enum VerifyType { NO_VERIFY = 0, VERIFY = 1, @@ -1653,22 +1251,6 @@ enum KeyIdType { }; #endif -#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_NAME_ALL) -enum CsrAttrType { - UNSTRUCTURED_NAME_OID = 654, - PKCS9_CONTENT_TYPE_OID = 655, - CHALLENGE_PASSWORD_OID = 659, - SERIAL_NUMBER_OID = 94, - EXTENSION_REQUEST_OID = 666, - USER_ID_OID = 865, - DNQUALIFIER_OID = 135, - INITIALS_OID = 132, - SURNAME_OID = 93, - NAME_OID = 130, - GIVEN_NAME_OID = 131 -}; -#endif - /* Key usage extension bits (based on RFC 5280) */ #define KEYUSE_DIGITAL_SIG 0x0080 #define KEYUSE_CONTENT_COMMIT 0x0040 @@ -1791,12 +1373,20 @@ typedef struct tagCertAttribute { struct SignatureCtx { void* heap; + #ifdef WOLFSSL_NO_MALLOC + byte digest[WC_MAX_DIGEST_SIZE]; + #else byte* digest; + #endif #ifndef NO_RSA byte* out; #endif -#if !(defined(NO_RSA) && defined(NO_DSA)) +#if !defined(NO_RSA) || !defined(NO_DSA) + #ifdef WOLFSSL_NO_MALLOC + byte sigCpy[MAX_SIG_SZ]; + #else byte* sigCpy; + #endif #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ !defined(NO_DSA) || defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) || \ @@ -1805,30 +1395,64 @@ struct SignatureCtx { #endif union { #ifndef NO_RSA + #ifdef WOLFSSL_NO_MALLOC + struct RsaKey rsa[1]; + #else struct RsaKey* rsa; + #endif #endif #ifndef NO_DSA + #ifdef WOLFSSL_NO_MALLOC + struct DsaKey dsa[1]; + #else struct DsaKey* dsa; + #endif #endif #ifdef HAVE_ECC + #ifdef WOLFSSL_NO_MALLOC + struct ecc_key ecc[1]; + #else struct ecc_key* ecc; + #endif #endif #ifdef HAVE_ED25519 + #ifdef WOLFSSL_NO_MALLOC + struct ed25519_key ed25519[1]; + #else struct ed25519_key* ed25519; + #endif #endif #ifdef HAVE_ED448 + #ifdef WOLFSSL_NO_MALLOC + struct ed448_key ed448[1]; + #else struct ed448_key* ed448; + #endif #endif - #if defined(HAVE_FALCON) + #ifdef HAVE_FALCON + #ifdef WOLFSSL_NO_MALLOC + struct falcon_key falcon[1]; + #else struct falcon_key* falcon; + #endif #endif - #if defined(HAVE_DILITHIUM) + #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_NO_MALLOC + struct dilithium_key dilithium[1]; + #else struct dilithium_key* dilithium; + #endif #endif - #if defined(HAVE_SPHINCS) + #ifdef HAVE_SPHINCS + #ifdef WOLFSSL_NO_MALLOC + struct sphincs_key sphincs[1]; + #else struct sphincs_key* sphincs; + #endif #endif + #ifndef WOLFSSL_NO_MALLOC void* ptr; + #endif } key; int devId; int state; @@ -1863,23 +1487,6 @@ struct SignatureCtx { #endif }; -enum CertSignState { - CERTSIGN_STATE_BEGIN, - CERTSIGN_STATE_DIGEST, - CERTSIGN_STATE_ENCODE, - CERTSIGN_STATE_DO -}; - -struct CertSignCtx { - byte* sig; - byte* digest; - #ifndef NO_RSA - byte* encSig; - int encSigSz; - #endif - int state; /* enum CertSignState */ -}; - #define DOMAIN_COMPONENT_MAX 10 struct DecodedName { @@ -1961,7 +1568,6 @@ typedef struct Signer Signer; typedef struct TrustedPeerCert TrustedPeerCert; #endif /* WOLFSSL_TRUST_PEER_CERT */ typedef struct SignatureCtx SignatureCtx; -typedef struct CertSignCtx CertSignCtx; #ifdef WC_ASN_UNKNOWN_EXT_CB typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, @@ -2544,29 +2150,33 @@ WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert** table, int rows, void* heap); #endif /* WOLFSSL_TRUST_PEER_CERT */ -WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); -WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length, - word32* algId); +WOLFSSL_ASN_API int ToTraditional(byte* input, word32 sz); +WOLFSSL_ASN_API int ToTraditional_ex(byte* input, word32 sz, word32* algId); WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, - word32 length); + word32 sz); WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, - word32 length, word32* algId); + word32 sz, word32* algId); WOLFSSL_LOCAL int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, - word32 length, word32* algId, + word32 sz, word32* algId, word32* eccOid); WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password, int passwordSz, word32* algId); WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); +WOLFSSL_ASN_API int TraditionalEnc_ex(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, int passwordSz, int vPKCS, + int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt, + int hmacOid, WC_RNG* rng, void* heap); WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); -WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); +WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz); WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz, - const char* password,int passwordSz, int vPKCS, int vAlgo, - byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); + const char* password,int passwordSz, int vPKCS, int vAlgo, int encAlgId, + byte* salt, word32 saltSz, int itt, int hmacOid, WC_RNG* rng, + void* heap); WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, int* algoID, void* heap); @@ -2583,6 +2193,8 @@ WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, wolfssl_tm* certTime, int* idx); WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType); +WOLFSSL_TEST_VIS int wc_AsnSetSkipDateCheck(int skip_p); +WOLFSSL_LOCAL int wc_AsnGetSkipDateCheck(void); /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN @@ -2593,7 +2205,7 @@ WOLFSSL_LOCAL byte GetCertNameId(int idx); #endif WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx); -WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, +WOLFSSL_TEST_VIS int SetShortInt(byte* output, word32* inOutIdx, word32 number, word32 maxIdx); WOLFSSL_LOCAL const char* GetSigName(int oid); @@ -2622,6 +2234,8 @@ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_ASN_API int GetASNInt(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); +WOLFSSL_LOCAL word32 wc_oid_sum(const byte* input, int length); + #ifdef HAVE_OID_ENCODING WOLFSSL_API int wc_EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz); @@ -2642,8 +2256,8 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); WOLFSSL_LOCAL int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx, byte *absentParams); -WOLFSSL_ASN_API int GetASNTag(const byte* input, word32* idx, byte* tag, - word32 inputSz); +WOLFSSL_ASN_API int GetASNTag(const byte* input, word32* inOutIdx, byte* tag, + word32 maxIdx); WOLFSSL_LOCAL int GetASN_BitString(const byte* input, word32 idx, int length); WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output); @@ -2741,9 +2355,9 @@ WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, const char** pBuffer, size_t bufSz); -WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, +WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long longSz, int type, DerBuffer** pDer, void* heap, EncryptedInfo* info, - int* eccKey); + int* keyFormat); WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff, @@ -2818,11 +2432,6 @@ enum Ocsp_Cert_Status { }; -enum Ocsp_Sums { - OCSP_BASIC_OID = 117, - OCSP_NONCE_OID = 118 -}; - #ifdef OPENSSL_EXTRA enum Ocsp_Verify_Error { OCSP_VERIFY_ERROR_NONE = 0, @@ -3006,6 +2615,11 @@ struct RevokedCert { byte revDateFormat; }; +#ifndef CRL_MAX_NUM_SZ +#define CRL_MAX_NUM_SZ 20 /* RFC5280 states that CRL number can be up to 20 */ +#endif /* octets long */ + + typedef struct DecodedCRL DecodedCRL; struct DecodedCRL { @@ -3018,6 +2632,7 @@ struct DecodedCRL { word32 sigParamsLength; /* length of signature parameters */ #endif byte* signature; /* pointer into raw source, not owned */ + byte crlNumber[CRL_MAX_NUM_SZ]; /* CRL number extension */ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */ @@ -3033,10 +2648,10 @@ struct DecodedCRL { int version; /* version of cert */ void* heap; #ifndef NO_SKID - byte extAuthKeyIdSet; - byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */ + byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */ + WC_BITFIELD extAuthKeyIdSet:1; /* Auth key identifier set indicator */ #endif - int crlNumber; /* CRL number extension */ + WC_BITFIELD crlNumberSet:1; /* CRL number set indicator */ }; WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL* dcrl, void* heap); diff --git a/src/wolfssl/wolfcrypt/asn_public.h b/src/wolfssl/wolfcrypt/asn_public.h index 08d9cc9..3bf071d 100644 --- a/src/wolfssl/wolfcrypt/asn_public.h +++ b/src/wolfssl/wolfcrypt/asn_public.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -32,7 +32,9 @@ This library defines the interface APIs for X509 certificates. #define WOLF_CRYPT_ASN_PUBLIC_H #include -#include +#ifndef NO_DSA + #include +#endif #include #ifdef __cplusplus @@ -81,42 +83,6 @@ This library defines the interface APIs for X509 certificates. #define WC_SPHINCSKEY_TYPE_DEFINED #endif -enum Ecc_Sum { - ECC_SECP112R1_OID = 182, - ECC_SECP112R2_OID = 183, - ECC_SECP128R1_OID = 204, - ECC_SECP128R2_OID = 205, - ECC_SECP160R1_OID = 184, - ECC_SECP160R2_OID = 206, - ECC_SECP160K1_OID = 185, - ECC_BRAINPOOLP160R1_OID = 98, - ECC_SECP192R1_OID = 520, - ECC_PRIME192V2_OID = 521, - ECC_PRIME192V3_OID = 522, - ECC_SECP192K1_OID = 207, - ECC_BRAINPOOLP192R1_OID = 100, - ECC_SECP224R1_OID = 209, - ECC_SECP224K1_OID = 208, - ECC_BRAINPOOLP224R1_OID = 102, - ECC_PRIME239V1_OID = 523, - ECC_PRIME239V2_OID = 524, - ECC_PRIME239V3_OID = 525, - ECC_SECP256R1_OID = 526, - ECC_SECP256K1_OID = 186, - ECC_BRAINPOOLP256R1_OID = 104, - ECC_SM2P256V1_OID = 667, - ECC_X25519_OID = 365, - ECC_ED25519_OID = 256, - ECC_BRAINPOOLP320R1_OID = 106, - ECC_X448_OID = 362, - ECC_ED448_OID = 257, - ECC_SECP384R1_OID = 210, - ECC_BRAINPOOLP384R1_OID = 108, - ECC_BRAINPOOLP512R1_OID = 110, - ECC_SECP521R1_OID = 211 -}; - - enum EncPkcs8Types { ENC_PKCS8_VER_PKCS12 = 1, ENC_PKCS8_VER_PKCS5 = 5, @@ -187,58 +153,6 @@ enum CertType { }; -/* Signature type, by OID sum */ -enum Ctc_SigType { - CTC_SHAwDSA = 517, - CTC_SHA256wDSA = 416, - CTC_MD2wRSA = 646, - CTC_MD5wRSA = 648, - CTC_SHAwRSA = 649, - CTC_SHAwECDSA = 520, - CTC_SHA224wRSA = 658, - CTC_SHA224wECDSA = 523, - CTC_SHA256wRSA = 655, - CTC_SHA256wECDSA = 524, - CTC_SHA384wRSA = 656, - CTC_SHA384wECDSA = 525, - CTC_SHA512wRSA = 657, - CTC_SHA512wECDSA = 526, - - /* https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration */ - CTC_SHA3_224wECDSA = 423, - CTC_SHA3_256wECDSA = 424, - CTC_SHA3_384wECDSA = 425, - CTC_SHA3_512wECDSA = 426, - CTC_SHA3_224wRSA = 427, - CTC_SHA3_256wRSA = 428, - CTC_SHA3_384wRSA = 429, - CTC_SHA3_512wRSA = 430, - - CTC_RSASSAPSS = 654, - - CTC_SM3wSM2 = 740, /* 1.2.156.10197.1.501 */ - - CTC_ED25519 = 256, - CTC_ED448 = 257, - - CTC_FALCON_LEVEL1 = 273, - CTC_FALCON_LEVEL5 = 276, - - CTC_DILITHIUM_LEVEL2 = 218, - CTC_DILITHIUM_LEVEL3 = 221, - CTC_DILITHIUM_LEVEL5 = 225, - CTC_ML_DSA_LEVEL2 = 431, - CTC_ML_DSA_LEVEL3 = 432, - CTC_ML_DSA_LEVEL5 = 433, - - CTC_SPHINCS_FAST_LEVEL1 = 281, - CTC_SPHINCS_FAST_LEVEL3 = 283, - CTC_SPHINCS_FAST_LEVEL5 = 282, - CTC_SPHINCS_SMALL_LEVEL1 = 287, - CTC_SPHINCS_SMALL_LEVEL3 = 285, - CTC_SPHINCS_SMALL_LEVEL5 = 286 -}; - enum Ctc_Encoding { CTC_UTF8 = 0x0c, /* utf8 */ CTC_PRINTABLE = 0x13 /* printable */ @@ -728,9 +642,9 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); #ifdef WOLFSSL_DER_TO_PEM WOLFSSL_ABI WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, - word32 outputSz, int type); + word32 outSz, int type); WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, - word32 outputSz, byte *cipherIno, int type); + word32 outSz, byte *cipher_info, int type); #endif WOLFSSL_API word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz); @@ -806,25 +720,6 @@ WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve); #endif -/* RFC 5958 (Asymmetric Key Packages) */ -#if !defined(WC_ENABLE_ASYM_KEY_EXPORT) && \ - ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)) || \ - (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \ - (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \ - (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \ - (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))) - #define WC_ENABLE_ASYM_KEY_EXPORT -#endif - -#if !defined(WC_ENABLE_ASYM_KEY_IMPORT) && \ - ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) || \ - (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \ - (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \ - (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \ - (defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))) - #define WC_ENABLE_ASYM_KEY_IMPORT -#endif - #ifdef HAVE_ED25519 #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx, @@ -903,6 +798,10 @@ WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input, WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); +WOLFSSL_API int wc_EncryptPKCS8Key_ex(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, int passwordSz, int vPKCS, + int pbeOid, int encAlgId, byte* salt, word32 saltSz, int itt, + int hmacOid, WC_RNG* rng, void* heap); WOLFSSL_API int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int pbeOid, int encAlgId, byte* salt, word32 saltSz, int itt, WC_RNG* rng, @@ -967,6 +866,10 @@ WOLFSSL_API int wc_ParseCert( WOLFSSL_API int wc_GetPubKeyDerFromCert(struct DecodedCert* cert, byte* derKey, word32* derKeySz); +WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer, + word32 certDerSz, + byte* pubKeyDer, + word32* pubKeyDerSz); #ifdef WOLFSSL_FPKI WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert, @@ -1058,6 +961,8 @@ typedef struct Asn1Item { /* Maximum supported depth of ASN.1 items. */ #define ASN_MAX_DEPTH 16 +typedef const char* (*Asn1OidToNameCb)(unsigned char* oid, word32 len); + /* ASN.1 parsing state. */ typedef struct Asn1 { /* ASN.1 item data. */ @@ -1080,6 +985,9 @@ typedef struct Asn1 { /* File pointer to print to. */ XFILE file; + + /* Callback to get a name for an hex OID. */ + Asn1OidToNameCb nameCb; } Asn1; WOLFSSL_API int wc_Asn1PrintOptions_Init(Asn1PrintOptions* opts); @@ -1088,6 +996,7 @@ WOLFSSL_API int wc_Asn1PrintOptions_Set(Asn1PrintOptions* opts, WOLFSSL_API int wc_Asn1_Init(Asn1* asn1); WOLFSSL_API int wc_Asn1_SetFile(Asn1* asn1, XFILE file); +WOLFSSL_API int wc_Asn1_SetOidToNameCb(Asn1* asn1, Asn1OidToNameCb nameCb); WOLFSSL_API int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data, word32 len); diff --git a/src/wolfssl/wolfcrypt/blake2-impl.h b/src/wolfssl/wolfcrypt/blake2-impl.h index 3f509c7..debfc3f 100644 --- a/src/wolfssl/wolfcrypt/blake2-impl.h +++ b/src/wolfssl/wolfcrypt/blake2-impl.h @@ -18,7 +18,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/blake2-int.h b/src/wolfssl/wolfcrypt/blake2-int.h index ec22921..1dcb1fd 100644 --- a/src/wolfssl/wolfcrypt/blake2-int.h +++ b/src/wolfssl/wolfcrypt/blake2-int.h @@ -18,7 +18,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/blake2.h b/src/wolfssl/wolfcrypt/blake2.h index 5d42c15..760ddef 100644 --- a/src/wolfssl/wolfcrypt/blake2.h +++ b/src/wolfssl/wolfcrypt/blake2.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/camellia.h b/src/wolfssl/wolfcrypt/camellia.h index a31f764..99709c9 100644 --- a/src/wolfssl/wolfcrypt/camellia.h +++ b/src/wolfssl/wolfcrypt/camellia.h @@ -33,7 +33,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/chacha.h b/src/wolfssl/wolfcrypt/chacha.h index 892b6ce..19a224b 100644 --- a/src/wolfssl/wolfcrypt/chacha.h +++ b/src/wolfssl/wolfcrypt/chacha.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/chacha20_poly1305.h b/src/wolfssl/wolfcrypt/chacha20_poly1305.h index 7f9ac16..ca57545 100644 --- a/src/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/src/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/cmac.h b/src/wolfssl/wolfcrypt/cmac.h index dd6e5b7..42795f9 100644 --- a/src/wolfssl/wolfcrypt/cmac.h +++ b/src/wolfssl/wolfcrypt/cmac.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/coding.h b/src/wolfssl/wolfcrypt/coding.h index ef87ab4..0e1d087 100644 --- a/src/wolfssl/wolfcrypt/coding.h +++ b/src/wolfssl/wolfcrypt/coding.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/compress.h b/src/wolfssl/wolfcrypt/compress.h index c4d5c25..4f401a6 100644 --- a/src/wolfssl/wolfcrypt/compress.h +++ b/src/wolfssl/wolfcrypt/compress.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/cpuid.h b/src/wolfssl/wolfcrypt/cpuid.h index bb883cb..e6b7eb6 100644 --- a/src/wolfssl/wolfcrypt/cpuid.h +++ b/src/wolfssl/wolfcrypt/cpuid.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -70,14 +70,15 @@ #elif defined(HAVE_CPUID_AARCH64) - #define CPUID_AES 0x0001 - #define CPUID_PMULL 0x0002 - #define CPUID_SHA256 0x0004 - #define CPUID_SHA512 0x0008 - #define CPUID_RDM 0x0010 - #define CPUID_SHA3 0x0020 - #define CPUID_SM3 0x0040 - #define CPUID_SM4 0x0080 + #define CPUID_AES 0x0001 /* AES enc/dec */ + #define CPUID_PMULL 0x0002 /* Carryless multiplication */ + #define CPUID_SHA256 0x0004 /* SHA-256 digest */ + #define CPUID_SHA512 0x0008 /* SHA-512 digest */ + #define CPUID_RDM 0x0010 /* SQRDMLAH and SQRDMLSH */ + #define CPUID_SHA3 0x0020 /* SHA-3 digest */ + #define CPUID_SM3 0x0040 /* SM3 digest */ + #define CPUID_SM4 0x0080 /* SM4 enc/dec */ + #define CPUID_SB 0x0100 /* Speculation barrier */ #define IS_AARCH64_AES(f) ((f) & CPUID_AES) #define IS_AARCH64_PMULL(f) ((f) & CPUID_PMULL) @@ -87,6 +88,7 @@ #define IS_AARCH64_SHA3(f) ((f) & CPUID_SHA3) #define IS_AARCH64_SM3(f) ((f) & CPUID_SM3) #define IS_AARCH64_SM4(f) ((f) & CPUID_SM4) + #define IS_AARCH64_SB(f) ((f) & CPUID_SB) #endif diff --git a/src/wolfssl/wolfcrypt/cryptocb.h b/src/wolfssl/wolfcrypt/cryptocb.h index f47cb0a..af5f912 100644 --- a/src/wolfssl/wolfcrypt/cryptocb.h +++ b/src/wolfssl/wolfcrypt/cryptocb.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -176,6 +176,7 @@ typedef struct wc_CryptoInfo { } rsa_get_size; #endif #ifdef HAVE_ECC + #ifdef HAVE_ECC_DHE struct { WC_RNG* rng; int size; @@ -188,6 +189,8 @@ typedef struct wc_CryptoInfo { byte* out; word32* outlen; } ecdh; + #endif + #ifdef HAVE_ECC_SIGN struct { const byte* in; word32 inlen; @@ -196,6 +199,8 @@ typedef struct wc_CryptoInfo { WC_RNG* rng; ecc_key* key; } eccsign; + #endif + #ifdef HAVE_ECC_VERIFY struct { const byte* sig; word32 siglen; @@ -204,12 +209,15 @@ typedef struct wc_CryptoInfo { int* res; ecc_key* key; } eccverify; + #endif + #ifdef HAVE_ECC_CHECK_KEY struct { ecc_key* key; const byte* pubKey; word32 pubKeySz; } ecc_check; - #endif + #endif + #endif /* HAVE_ECC */ #ifdef HAVE_CURVE25519 struct { WC_RNG* rng; @@ -466,7 +474,7 @@ typedef struct wc_CryptoInfo { } wc_CryptoInfo; -typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); +typedef int (*CryptoDevCallbackFunc)(int devId, struct wc_CryptoInfo* info, void* ctx); WOLFSSL_LOCAL void wc_CryptoCb_Init(void); WOLFSSL_LOCAL void wc_CryptoCb_Cleanup(void); diff --git a/src/wolfssl/wolfcrypt/curve25519.h b/src/wolfssl/wolfcrypt/curve25519.h index f1bb574..a791d67 100644 --- a/src/wolfssl/wolfcrypt/curve25519.h +++ b/src/wolfssl/wolfcrypt/curve25519.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/curve448.h b/src/wolfssl/wolfcrypt/curve448.h index 756c8a3..bb9b15c 100644 --- a/src/wolfssl/wolfcrypt/curve448.h +++ b/src/wolfssl/wolfcrypt/curve448.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/des3.h b/src/wolfssl/wolfcrypt/des3.h index 2568857..5473d30 100644 --- a/src/wolfssl/wolfcrypt/des3.h +++ b/src/wolfssl/wolfcrypt/des3.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/dh.h b/src/wolfssl/wolfcrypt/dh.h index 81c5623..bbb2536 100644 --- a/src/wolfssl/wolfcrypt/dh.h +++ b/src/wolfssl/wolfcrypt/dh.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -145,7 +145,6 @@ WOLFSSL_API const DhParams* wc_Dh_ffdhe8192_Get(void); WOLFSSL_API int wc_InitDhKey(DhKey* key); WOLFSSL_API int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeDhKey(DhKey* key); - WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, word32* privSz, byte* pub, word32* pubSz); WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, @@ -173,6 +172,17 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ, WOLFSSL_API int wc_DhCopyNamedKey(int name, byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz); +#ifndef WOLFSSL_NO_DH_GEN_PUB + #if defined(WOLFSSL_DH_EXTRA) && !defined(WOLFSSL_DH_GEN_PUB) + #define WOLFSSL_DH_GEN_PUB + #endif + #ifdef WOLFSSL_DH_GEN_PUB + WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, + word32 privSz, byte* pub, + word32* pubSz); + #endif /* WOLFSSL_DH_GEN_PUB */ +#endif /* !WOLFSSL_NO_DH_GEN_PUB */ + #ifdef WOLFSSL_DH_EXTRA WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz); diff --git a/src/wolfssl/wolfcrypt/dilithium.h b/src/wolfssl/wolfcrypt/dilithium.h index 306cef1..faa4e92 100644 --- a/src/wolfssl/wolfcrypt/dilithium.h +++ b/src/wolfssl/wolfcrypt/dilithium.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -144,9 +144,9 @@ #define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 #define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 #define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520 -/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and - * the footer "-----END PRIVATE KEY-----" */ -#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239 +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10267 #define ML_DSA_LEVEL2_KEY_SIZE 2560 #define ML_DSA_LEVEL2_SIG_SIZE 2420 @@ -183,8 +183,8 @@ #define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE #define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE -/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and - * the footer "-----END PRIVATE KEY-----" */ +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ #define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE @@ -574,9 +574,9 @@ #define DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE 2614 #define DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE 4924 #define DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE 7520 -/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and - * the footer "-----END PRIVATE KEY-----" */ -#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10239 +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ +#define DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE 10267 #define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key #define ML_DSA_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature @@ -613,8 +613,8 @@ #define ML_DSA_LEVEL5_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define ML_DSA_LEVEL5_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE #define ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE -/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and - * the footer "-----END PRIVATE KEY-----" */ +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ #define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE #endif @@ -627,8 +627,8 @@ #define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE #define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE #define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE -/* PEM size with the header "-----BEGIN PRIVATE KEY-----" and - * the footer "-----END PRIVATE KEY-----" */ +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ #define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE @@ -651,7 +651,7 @@ typedef struct wc_dilithium_params { byte omega; word16 lambda; byte gamma1_bits; - word32 gamma2; + sword32 gamma2; word32 w1EncSz; word16 aSz; word16 s1Sz; diff --git a/src/wolfssl/wolfcrypt/dsa.h b/src/wolfssl/wolfcrypt/dsa.h index 4ae42c3..ba56f0c 100644 --- a/src/wolfssl/wolfcrypt/dsa.h +++ b/src/wolfssl/wolfcrypt/dsa.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ecc.h b/src/wolfssl/wolfcrypt/ecc.h index 04a7a66..b188fa1 100644 --- a/src/wolfssl/wolfcrypt/ecc.h +++ b/src/wolfssl/wolfcrypt/ecc.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -215,7 +215,7 @@ enum { #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448) || defined(WOLFCRYPT_HAVE_SAKKE) /* Curve Types */ -typedef enum ecc_curve_id { +enum ecc_curve_ids { ECC_CURVE_INVALID = -1, ECC_CURVE_DEF = 0, /* NIST or SECP */ @@ -272,7 +272,8 @@ typedef enum ecc_curve_id { ECC_CURVE_CUSTOM, #endif ECC_CURVE_MAX -} ecc_curve_id; +}; +typedef enum ecc_curve_ids ecc_curve_id; #endif #ifdef HAVE_ECC diff --git a/src/wolfssl/wolfcrypt/eccsi.h b/src/wolfssl/wolfcrypt/eccsi.h index 5136d13..1e5a77c 100644 --- a/src/wolfssl/wolfcrypt/eccsi.h +++ b/src/wolfssl/wolfcrypt/eccsi.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ed25519.h b/src/wolfssl/wolfcrypt/ed25519.h index f7367b5..1abba3a 100644 --- a/src/wolfssl/wolfcrypt/ed25519.h +++ b/src/wolfssl/wolfcrypt/ed25519.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ed448.h b/src/wolfssl/wolfcrypt/ed448.h index e79a048..d56ac4a 100644 --- a/src/wolfssl/wolfcrypt/ed448.h +++ b/src/wolfssl/wolfcrypt/ed448.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/error-crypt.h b/src/wolfssl/wolfcrypt/error-crypt.h index f466e29..d95e527 100644 --- a/src/wolfssl/wolfcrypt/error-crypt.h +++ b/src/wolfssl/wolfcrypt/error-crypt.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -304,11 +304,12 @@ enum wolfCrypt_ErrorCodes { DEADLOCK_AVERTED_E = -1000, /* Deadlock averted -- retry the call */ ASCON_AUTH_E = -1001, /* ASCON Authentication check failure */ + WC_ACCEL_INHIBIT_E = -1002, /* Crypto acceleration is currently inhibited */ - WC_SPAN2_LAST_E = -1001, /* Update to indicate last used error code */ + WC_SPAN2_LAST_E = -1002, /* Update to indicate last used error code */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ - WC_LAST_E = -1001, /* the last code used either here or in + WC_LAST_E = -1002, /* the last code used either here or in * error-ssl.h */ diff --git a/src/wolfssl/wolfcrypt/ext_lms.h b/src/wolfssl/wolfcrypt/ext_lms.h index 2c7d116..18e1221 100644 --- a/src/wolfssl/wolfcrypt/ext_lms.h +++ b/src/wolfssl/wolfcrypt/ext_lms.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ext_mlkem.h b/src/wolfssl/wolfcrypt/ext_mlkem.h index 53c6c7d..bd6cd5c 100644 --- a/src/wolfssl/wolfcrypt/ext_mlkem.h +++ b/src/wolfssl/wolfcrypt/ext_mlkem.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ext_xmss.h b/src/wolfssl/wolfcrypt/ext_xmss.h index 1c7ed35..8183f08 100644 --- a/src/wolfssl/wolfcrypt/ext_xmss.h +++ b/src/wolfssl/wolfcrypt/ext_xmss.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/falcon.h b/src/wolfssl/wolfcrypt/falcon.h index 45ae673..904a68c 100644 --- a/src/wolfssl/wolfcrypt/falcon.h +++ b/src/wolfssl/wolfcrypt/falcon.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/fe_448.h b/src/wolfssl/wolfcrypt/fe_448.h index fef9d17..46a9717 100644 --- a/src/wolfssl/wolfcrypt/fe_448.h +++ b/src/wolfssl/wolfcrypt/fe_448.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/fe_operations.h b/src/wolfssl/wolfcrypt/fe_operations.h index dd029ec..844d938 100644 --- a/src/wolfssl/wolfcrypt/fe_operations.h +++ b/src/wolfssl/wolfcrypt/fe_operations.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/fips_test.h b/src/wolfssl/wolfcrypt/fips_test.h index 16f170b..709a5db 100644 --- a/src/wolfssl/wolfcrypt/fips_test.h +++ b/src/wolfssl/wolfcrypt/fips_test.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ge_448.h b/src/wolfssl/wolfcrypt/ge_448.h index 82665cf..df9a450 100644 --- a/src/wolfssl/wolfcrypt/ge_448.h +++ b/src/wolfssl/wolfcrypt/ge_448.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ge_operations.h b/src/wolfssl/wolfcrypt/ge_operations.h index 9a4d995..879cc72 100644 --- a/src/wolfssl/wolfcrypt/ge_operations.h +++ b/src/wolfssl/wolfcrypt/ge_operations.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/hash.h b/src/wolfssl/wolfcrypt/hash.h index 02d99d4..9ac6cff 100644 --- a/src/wolfssl/wolfcrypt/hash.h +++ b/src/wolfssl/wolfcrypt/hash.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -40,7 +40,7 @@ #if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) #include #endif -#ifdef HAVE_BLAKE2 +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) #include #endif #ifdef WOLFSSL_SHA3 @@ -52,9 +52,6 @@ #ifdef WOLFSSL_MD2 #include #endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) - #include -#endif #ifdef WOLFSSL_SM3 #include #endif @@ -122,11 +119,15 @@ typedef struct { } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ + /* Find largest possible digest size Note if this gets up to the size of 80 or over check smallstack build */ +#undef WC_MAX_DIGEST_SIZE +#undef WC_MAX_BLOCK_SIZE #if defined(WOLFSSL_SHA3) + /* note: SHA3-224 has the largest block size */ #define WC_MAX_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE - #define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE /* 224 is the largest block size */ + #define WC_MAX_BLOCK_SIZE WC_SHA3_224_BLOCK_SIZE #elif defined(WOLFSSL_SHA512) #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE diff --git a/src/wolfssl/wolfcrypt/hmac.h b/src/wolfssl/wolfcrypt/hmac.h index 96da94c..90b04fa 100644 --- a/src/wolfssl/wolfcrypt/hmac.h +++ b/src/wolfssl/wolfcrypt/hmac.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -194,6 +194,7 @@ WOLFSSL_API void wc_HmacFree(Hmac* hmac); WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap); +WOLFSSL_LOCAL int _HmacInitIOHashes(Hmac* hmac); #ifdef HAVE_HKDF diff --git a/src/wolfssl/wolfcrypt/hpke.h b/src/wolfssl/wolfcrypt/hpke.h index cacfca6..735df81 100644 --- a/src/wolfssl/wolfcrypt/hpke.h +++ b/src/wolfssl/wolfcrypt/hpke.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/integer.h b/src/wolfssl/wolfcrypt/integer.h index 68bda1f..7d3f6ea 100644 --- a/src/wolfssl/wolfcrypt/integer.h +++ b/src/wolfssl/wolfcrypt/integer.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -205,7 +205,12 @@ typedef int mp_err; #define NEW_MP_INT_SIZE(name, bits, heap, type) \ XMEMSET(name, 0, sizeof(mp_int)) /* Dispose of static mp_int. */ -#define FREE_MP_INT_SIZE(name, heap, type) WC_DO_NOTHING +#define FREE_MP_INT_SIZE(name, heap, type) \ + do { \ + if ((name) != NULL) { \ + mp_free(name); \ + } \ + } while (0) /* Initialize an mp_int. */ #define INIT_MP_INT_SIZE(name, bits) \ mp_init(name) diff --git a/src/wolfssl/wolfcrypt/kdf.h b/src/wolfssl/wolfcrypt/kdf.h index d2fd388..0421d82 100644 --- a/src/wolfssl/wolfcrypt/kdf.h +++ b/src/wolfssl/wolfcrypt/kdf.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -147,19 +147,19 @@ enum { #define WC_SRTP_MAX_SALT 14 WOLFSSL_API int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, - word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz, + word32 saltSz, int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz); WOLFSSL_API int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, - word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz, + word32 saltSz, int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz); WOLFSSL_API int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, - word32 saltSz, int kdrIdx, const byte* index, byte* key1, word32 key1Sz, + word32 saltSz, int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator); WOLFSSL_API int wc_SRTP_KDF_label(const byte* key, word32 keySz, - const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte label, + const byte* salt, word32 saltSz, int kdrIdx, const byte* idx, byte label, byte* outKey, word32 outKeySz); WOLFSSL_API int wc_SRTCP_KDF_label(const byte* key, word32 keySz, - const byte* salt, word32 saltSz, int kdrIdx, const byte* index, byte label, + const byte* salt, word32 saltSz, int kdrIdx, const byte* idx, byte label, byte* outKey, word32 outKeySz); WOLFSSL_API int wc_SRTP_KDF_kdr_to_idx(word32 kdr); diff --git a/src/wolfssl/wolfcrypt/libwolfssl_sources.h b/src/wolfssl/wolfcrypt/libwolfssl_sources.h index 474cbe1..a5d6972 100644 --- a/src/wolfssl/wolfcrypt/libwolfssl_sources.h +++ b/src/wolfssl/wolfcrypt/libwolfssl_sources.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h b/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h index a3d85c9..5ecd092 100644 --- a/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h +++ b/src/wolfssl/wolfcrypt/libwolfssl_sources_asm.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/lms.h b/src/wolfssl/wolfcrypt/lms.h index ee4ccc5..c9324cc 100644 --- a/src/wolfssl/wolfcrypt/lms.h +++ b/src/wolfssl/wolfcrypt/lms.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -31,6 +31,9 @@ #ifdef WOLFSSL_HAVE_LMS +/* Length of the Key ID. */ +#define WC_LMS_I_LEN 16 + typedef struct LmsKey LmsKey; /* Private key write and read callbacks. */ @@ -187,6 +190,8 @@ WOLFSSL_API int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, WOLFSSL_API const char * wc_LmsKey_ParmToStr(enum wc_LmsParm lmsParm); WOLFSSL_API const char * wc_LmsKey_RcToStr(enum wc_LmsRc lmsRc); +WOLFSSL_API int wc_LmsKey_GetKid(LmsKey * key, const byte ** kid, + word32* kidSz); WOLFSSL_API const byte * wc_LmsKey_GetKidFromPrivRaw(const byte * priv, word32 privSz); #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/logging.h b/src/wolfssl/wolfcrypt/logging.h index 49de701..f7ccf95 100644 --- a/src/wolfssl/wolfcrypt/logging.h +++ b/src/wolfssl/wolfcrypt/logging.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -89,11 +89,6 @@ enum wc_FuncNum { }; #endif -#if defined(ARDUINO) -/* implemented in Arduino wolfssl.h */ -extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s); -#endif /* ARDUINO */ - typedef void (*wolfSSL_Logging_cb)(const int logLevel, const char *const logMessage); @@ -268,6 +263,99 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix); extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer; #endif +/* Port-specific includes and printf methods: */ + +#if defined(ARDUINO) + /* implemented in Arduino wolfssl.h */ + extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s); +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + /* see wc_port.h for fio.h and nio.h includes */ +#elif defined(WOLFSSL_SGX) + /* Declare sprintf for ocall */ + int sprintf(char* buf, const char *fmt, ...); +#elif defined(WOLFSSL_DEOS) +#elif defined(MICRIUM) + #if (BSP_SER_COMM_EN == DEF_ENABLED) + #include + #endif +#elif defined(WOLFSSL_USER_LOG) + /* user includes their own headers */ +#elif defined(WOLFSSL_ESPIDF) + #include "esp_types.h" + #include "esp_log.h" +#elif defined(WOLFSSL_TELIT_M2MB) + #include + #include "m2m_log.h" +#elif defined(WOLFSSL_ANDROID_DEBUG) + #include +#elif defined(WOLFSSL_XILINX) + #include "xil_printf.h" +#elif defined(WOLFSSL_LINUXKM) + /* the requisite linux/kernel.h is included in linuxkm_wc_port.h, with + * incompatible warnings masked out. + */ +#elif defined(FUSION_RTOS) + #include + #define fprintf FCL_FPRINTF +#else + #include /* for default printf stuff */ +#endif + +#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) + int dc_log_printf(char*, ...); +#endif + +#ifdef WOLFSSL_DEBUG_PRINTF_FN + /* user-supplied definition */ +#elif defined(ARDUINO) + /* ARDUINO only has print and sprintf, no printf. */ +#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS) + #define WOLFSSL_DEBUG_PRINTF_FN printf +#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF) + #define WOLFSSL_DEBUG_PRINTF_FN dc_log_printf +#elif defined(MICRIUM) + #define WOLFSSL_DEBUG_PRINTF_FN BSP_Ser_Printf +#elif defined(WOLFSSL_MDK_ARM) + #define WOLFSSL_DEBUG_PRINTF_FN printf +#elif defined(WOLFSSL_UTASKER) + /* WOLFSSL_UTASKER only has fnDebugMsg and related primitives, no printf. */ +#elif defined(MQX_USE_IO_OLD) + #define WOLFSSL_DEBUG_PRINTF_FN fprintf + #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS _mqxio_stderr, +#elif defined(WOLFSSL_APACHE_MYNEWT) + #define WOLFSSL_DEBUG_PRINTF_FN LOG_DEBUG + #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS &mynewt_log, LOG_MODULE_DEFAULT, +#elif defined(WOLFSSL_ESPIDF) + #define WOLFSSL_DEBUG_PRINTF_FN ESP_LOGI + #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS "wolfssl", +#elif defined(WOLFSSL_ZEPHYR) + #define WOLFSSL_DEBUG_PRINTF_FN printk +#elif defined(WOLFSSL_TELIT_M2MB) + #define WOLFSSL_DEBUG_PRINTF_FN M2M_LOG_INFO +#elif defined(WOLFSSL_ANDROID_DEBUG) + #define WOLFSSL_DEBUG_PRINTF_FN __android_log_print + #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS ANDROID_LOG_VERBOSE, "[wolfSSL]" +#elif defined(WOLFSSL_XILINX) + #define WOLFSSL_DEBUG_PRINTF_FN xil_printf +#elif defined(WOLFSSL_LINUXKM) + #define WOLFSSL_DEBUG_PRINTF_FN printk +#elif defined(WOLFSSL_RENESAS_RA6M4) + #define WOLFSSL_DEBUG_PRINTF_FN myprintf +#else + #define WOLFSSL_DEBUG_PRINTF_FN fprintf + #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS stderr, +#endif + +#ifndef WOLFSSL_DEBUG_PRINTF_FIRST_ARGS + #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS +#endif + +#if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF) && \ + !defined(WOLF_NO_VARIADIC_MACROS) + #define WOLFSSL_DEBUG_PRINTF(...) \ + WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__) +#endif + #ifdef __cplusplus } #endif diff --git a/src/wolfssl/wolfcrypt/md2.h b/src/wolfssl/wolfcrypt/md2.h index 8fb5076..b77fa65 100644 --- a/src/wolfssl/wolfcrypt/md2.h +++ b/src/wolfssl/wolfcrypt/md2.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/md4.h b/src/wolfssl/wolfcrypt/md4.h index 78c4275..b536f60 100644 --- a/src/wolfssl/wolfcrypt/md4.h +++ b/src/wolfssl/wolfcrypt/md4.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/md5.h b/src/wolfssl/wolfcrypt/md5.h index 93b906d..56c306a 100644 --- a/src/wolfssl/wolfcrypt/md5.h +++ b/src/wolfssl/wolfcrypt/md5.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/mem_track.h b/src/wolfssl/wolfcrypt/mem_track.h index 205ec57..6a0d5aa 100644 --- a/src/wolfssl/wolfcrypt/mem_track.h +++ b/src/wolfssl/wolfcrypt/mem_track.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -177,7 +177,7 @@ static WC_INLINE void* TrackMalloc(size_t sz) (void)line; #endif #endif -#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) +#if !defined(SINGLE_THREADED) && (defined(DO_MEM_LIST) || defined(DO_MEM_STATS)) if (pthread_mutex_lock(&memLock) == 0) { #endif @@ -223,7 +223,7 @@ static WC_INLINE void* TrackMalloc(size_t sz) ourMemList.tail = header; /* add to the end either way */ ourMemList.count++; #endif -#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) +#if !defined(SINGLE_THREADED) && (defined(DO_MEM_LIST) || defined(DO_MEM_STATS)) pthread_mutex_unlock(&memLock); } #endif /* DO_MEM_LIST */ @@ -250,7 +250,7 @@ static WC_INLINE void TrackFree(void* ptr) header = &mt->u.hint; sz = header->thisSize; -#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) +#if !defined(SINGLE_THREADED) && (defined(DO_MEM_LIST) || defined(DO_MEM_STATS)) if (pthread_mutex_lock(&memLock) == 0) { #endif @@ -284,7 +284,7 @@ static WC_INLINE void TrackFree(void* ptr) ourMemList.count--; #endif -#if defined(DO_MEM_LIST) || defined(DO_MEM_STATS) +#if !defined(SINGLE_THREADED) && (defined(DO_MEM_LIST) || defined(DO_MEM_STATS)) pthread_mutex_unlock(&memLock); } #endif diff --git a/src/wolfssl/wolfcrypt/memory.h b/src/wolfssl/wolfcrypt/memory.h index 5170a8c..fa8e5d0 100644 --- a/src/wolfssl/wolfcrypt/memory.h +++ b/src/wolfssl/wolfcrypt/memory.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -133,7 +133,18 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #ifndef LARGEST_MEM_BUCKET #ifndef SESSION_CERTS - #define LARGEST_MEM_BUCKET 16128 + #ifdef HAVE_DILITHIUM + #if defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_VERIFY_ONLY) + #define LARGEST_MEM_BUCKET 14000 /* Dilithium low mem */ + #else + #define LARGEST_MEM_BUCKET 131072 /* Dilithium full mem */ + #endif + #else + #define LARGEST_MEM_BUCKET 16128 + #endif #elif defined(OPENSSL_EXTRA) #ifdef WOLFSSL_TLS13 #define LARGEST_MEM_BUCKET 30400 @@ -151,9 +162,24 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #ifndef WOLFMEM_BUCKETS #ifndef SESSION_CERTS - /* default size of chunks of memory to separate into */ - #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ - LARGEST_MEM_BUCKET + #ifdef HAVE_DILITHIUM + #if defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_VERIFY_ONLY) + /* default size of chunks of memory to separate into */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2048,4096,\ + 8192,LARGEST_MEM_BUCKET + #else + /* default size of chunks of memory to separate into */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,8192,32768,\ + 65536,LARGEST_MEM_BUCKET + #endif + #else + /* default size of chunks of memory to separate into */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ + LARGEST_MEM_BUCKET + #endif #elif defined(OPENSSL_EXTRA) /* extra storage in structs for multiple attributes and order */ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ @@ -168,7 +194,16 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb* mf, #endif #ifndef WOLFMEM_DIST - #ifndef WOLFSSL_STATIC_MEMORY_SMALL + #ifdef HAVE_DILITHIUM + #if defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_VERIFY_ONLY) + #define WOLFMEM_DIST 20,8,6,10,8,6,4,2,1 + #else + #define WOLFMEM_DIST 30,10,8,15,8,10,8,5,1 + #endif + #elif !defined(WOLFSSL_STATIC_MEMORY_SMALL) #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 #else /* Low resource and not RSA */ diff --git a/src/wolfssl/wolfcrypt/misc.h b/src/wolfssl/wolfcrypt/misc.h index 561c9a2..096f3dd 100644 --- a/src/wolfssl/wolfcrypt/misc.h +++ b/src/wolfssl/wolfcrypt/misc.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/mlkem.h b/src/wolfssl/wolfcrypt/mlkem.h index 4a922a1..f4ad34e 100644 --- a/src/wolfssl/wolfcrypt/mlkem.h +++ b/src/wolfssl/wolfcrypt/mlkem.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/mpi_class.h b/src/wolfssl/wolfcrypt/mpi_class.h index 4879a61..c540aaa 100644 --- a/src/wolfssl/wolfcrypt/mpi_class.h +++ b/src/wolfssl/wolfcrypt/mpi_class.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/mpi_superclass.h b/src/wolfssl/wolfcrypt/mpi_superclass.h index 69dee6b..a9f2f9a 100644 --- a/src/wolfssl/wolfcrypt/mpi_superclass.h +++ b/src/wolfssl/wolfcrypt/mpi_superclass.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/oid_sum.h b/src/wolfssl/wolfcrypt/oid_sum.h new file mode 100644 index 0000000..2c6eadc --- /dev/null +++ b/src/wolfssl/wolfcrypt/oid_sum.h @@ -0,0 +1,1903 @@ +/* oid_sum.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * ./scripts/asn1_oid_sum.pl > wolfssl/wolfcrypt/oid_sum.h + */ + +#ifndef WOLF_CRYPT_OID_SUM_H +#define WOLF_CRYPT_OID_SUM_H + +enum Hash_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02 */ + MD2h = 646, /* 1.2.840.113549.2.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x04 */ + MD4h = 648, /* 1.2.840.113549.2.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05 */ + MD5h = 649, /* 1.2.840.113549.2.5 */ + /* 0x2b,0x0e,0x03,0x02,0x1a */ + SHAh = 88, /* 1.3.14.3.2.26 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04 */ + SHA224h = 417, /* 2.16.840.1.101.3.4.2.4 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01 */ + SHA256h = 414, /* 2.16.840.1.101.3.4.2.1 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02 */ + SHA384h = 415, /* 2.16.840.1.101.3.4.2.2 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03 */ + SHA512h = 416, /* 2.16.840.1.101.3.4.2.3 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05 */ + SHA512_224h = 418, /* 2.16.840.1.101.3.4.2.5 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06 */ + SHA512_256h = 419, /* 2.16.840.1.101.3.4.2.6 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07 */ + SHA3_224h = 420, /* 2.16.840.1.101.3.4.2.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08 */ + SHA3_256h = 421, /* 2.16.840.1.101.3.4.2.8 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09 */ + SHA3_384h = 422, /* 2.16.840.1.101.3.4.2.9 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0a */ + SHA3_512h = 423, /* 2.16.840.1.101.3.4.2.10 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0b */ + SHAKE128h = 424, /* 2.16.840.1.101.3.4.2.11 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0c */ + SHAKE256h = 425, /* 2.16.840.1.101.3.4.2.12 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x83,0x11 */ + SM3h = 640 /* 1.2.156.10197.1.401 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02 */ + MD2h = 0x044a8bdd, /* 1.2.840.113549.2.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x04 */ + MD4h = 0x024a8bdd, /* 1.2.840.113549.2.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05 */ + MD5h = 0x034a8bdd, /* 1.2.840.113549.2.5 */ + /* 0x2b,0x0e,0x03,0x02,0x1a */ + SHAh = 0x7d03f131, /* 1.3.14.3.2.26 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04 */ + SHA224h = 0x7cb37afe, /* 2.16.840.1.101.3.4.2.4 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01 */ + SHA256h = 0x7cb37afb, /* 2.16.840.1.101.3.4.2.1 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02 */ + SHA384h = 0x7cb37af8, /* 2.16.840.1.101.3.4.2.2 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03 */ + SHA512h = 0x7cb37af9, /* 2.16.840.1.101.3.4.2.3 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05 */ + SHA512_224h = 0x7cb37aff, /* 2.16.840.1.101.3.4.2.5 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06 */ + SHA512_256h = 0x7cb37afc, /* 2.16.840.1.101.3.4.2.6 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07 */ + SHA3_224h = 0x7cb37afd, /* 2.16.840.1.101.3.4.2.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08 */ + SHA3_256h = 0x7cb37af2, /* 2.16.840.1.101.3.4.2.8 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09 */ + SHA3_384h = 0x7cb37af3, /* 2.16.840.1.101.3.4.2.9 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0a */ + SHA3_512h = 0x7cb37af0, /* 2.16.840.1.101.3.4.2.10 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0b */ + SHAKE128h = 0x7cb37af1, /* 2.16.840.1.101.3.4.2.11 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0c */ + SHAKE256h = 0x7cb37af6, /* 2.16.840.1.101.3.4.2.12 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x83,0x11 */ + SM3h = 0x5e9f807f /* 1.2.156.10197.1.401 */ +#endif +}; + +enum Block_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02 */ + AES128CBCb = 414, /* 2.16.840.1.101.3.4.1.2 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06 */ + AES128GCMb = 418, /* 2.16.840.1.101.3.4.1.6 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07 */ + AES128CCMb = 419, /* 2.16.840.1.101.3.4.1.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16 */ + AES192CBCb = 434, /* 2.16.840.1.101.3.4.1.22 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1a */ + AES192GCMb = 438, /* 2.16.840.1.101.3.4.1.26 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1b */ + AES192CCMb = 439, /* 2.16.840.1.101.3.4.1.27 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2a */ + AES256CBCb = 454, /* 2.16.840.1.101.3.4.1.42 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2e */ + AES256GCMb = 458, /* 2.16.840.1.101.3.4.1.46 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2f */ + AES256CCMb = 459, /* 2.16.840.1.101.3.4.1.47 */ + /* 0x2b,0x0e,0x03,0x02,0x07 */ + DESb = 69, /* 1.3.14.3.2.7 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x07 */ + DES3b = 652 /* 1.2.840.113549.3.7 */ +#else + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02 */ + AES128CBCb = 0x7fb37af8, /* 2.16.840.1.101.3.4.1.2 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06 */ + AES128GCMb = 0x7fb37afc, /* 2.16.840.1.101.3.4.1.6 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07 */ + AES128CCMb = 0x7fb37afd, /* 2.16.840.1.101.3.4.1.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16 */ + AES192CBCb = 0x7fb37aec, /* 2.16.840.1.101.3.4.1.22 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1a */ + AES192GCMb = 0x7fb37ae0, /* 2.16.840.1.101.3.4.1.26 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1b */ + AES192CCMb = 0x7fb37ae1, /* 2.16.840.1.101.3.4.1.27 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2a */ + AES256CBCb = 0x7fb37ad0, /* 2.16.840.1.101.3.4.1.42 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2e */ + AES256GCMb = 0x7fb37ad4, /* 2.16.840.1.101.3.4.1.46 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2f */ + AES256CCMb = 0x7fb37ad5, /* 2.16.840.1.101.3.4.1.47 */ + /* 0x2b,0x0e,0x03,0x02,0x07 */ + DESb = 0x7d03f12c, /* 1.3.14.3.2.7 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x03,0x07 */ + DES3b = 0x014b8bdd /* 1.2.840.113549.3.7 */ +#endif +}; + +enum Key_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x00 */ + ANONk = 0, /* 0.0 */ + /* 0x2a,0x86,0x48,0xce,0x38,0x04,0x01 */ + DSAk = 515, /* 1.2.840.10040.4.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01 */ + RSAk = 645, /* 1.2.840.113549.1.1.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a */ + RSAPSSk = 654, /* 1.2.840.113549.1.1.10 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x07 */ + RSAESOAEPk = 651, /* 1.2.840.113549.1.1.7 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x02,0x01 */ + ECDSAk = 518, /* 1.2.840.10045.2.1 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x82,0x2d */ + SM2k = 667, /* 1.2.156.10197.1.301 */ + /* 0x2b,0x65,0x70 */ + ED25519k = 256, /* 1.3.101.112 */ + /* 0x2b,0x65,0x6e */ + X25519k = 254, /* 1.3.101.110 */ + /* 0x2b,0x65,0x71 */ + ED448k = 257, /* 1.3.101.113 */ + /* 0x2b,0x65,0x6f */ + X448k = 255, /* 1.3.101.111 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x03,0x01 */ + DHk = 647, /* 1.2.840.113549.1.3.1 */ + /* 0x2b,0xce,0x0f,0x03,0x06 */ + FALCON_LEVEL1k = 273, /* 1.3.9999.3.6 */ + /* 0x2b,0xce,0x0f,0x03,0x09 */ + FALCON_LEVEL5k = 276, /* 1.3.9999.3.9 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x04,0x04 */ + DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x06,0x05 */ + DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */ + DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */ + ML_DSA_LEVEL2k = 431, /* 2.16.840.1.101.3.4.3.17 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */ + ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */ + ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x04 */ + SPHINCS_FAST_LEVEL1k = 281, /* 1.3.9999.6.7.4 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x03 */ + SPHINCS_FAST_LEVEL3k = 283, /* 1.3.9999.6.8.3 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x03 */ + SPHINCS_FAST_LEVEL5k = 282, /* 1.3.9999.6.9.3 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x0a */ + SPHINCS_SMALL_LEVEL1k = 287, /* 1.3.9999.6.7.10 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x07 */ + SPHINCS_SMALL_LEVEL3k = 285, /* 1.3.9999.6.8.7 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x07 */ + SPHINCS_SMALL_LEVEL5k = 286 /* 1.3.9999.6.9.7 */ +#else + /* 0x00 */ + ANONk = 0x7fffffff, /* 0.0 */ + /* 0x2a,0x86,0x48,0xce,0x38,0x04,0x01 */ + DSAk = 0x31498212, /* 1.2.840.10040.4.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01 */ + RSAk = 0x78b67423, /* 1.2.840.113549.1.1.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a */ + RSAPSSk = 0x78b67428, /* 1.2.840.113549.1.1.10 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x07 */ + RSAESOAEPk = 0x78b67425, /* 1.2.840.113549.1.1.7 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x02,0x01 */ + ECDSAk = 0x31498417, /* 1.2.840.10045.2.1 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x82,0x2d */ + SM2k = 0x629e807f, /* 1.2.156.10197.1.301 */ + /* 0x2b,0x65,0x70 */ + ED25519k = 0x7f8f65d4, /* 1.3.101.112 */ + /* 0x2b,0x65,0x6e */ + X25519k = 0x7f9165d4, /* 1.3.101.110 */ + /* 0x2b,0x65,0x71 */ + ED448k = 0x7f8e65d4, /* 1.3.101.113 */ + /* 0x2b,0x65,0x6f */ + X448k = 0x7f9065d4, /* 1.3.101.111 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x03,0x01 */ + DHk = 0x7ab67423, /* 1.2.840.113549.1.3.1 */ + /* 0x2b,0xce,0x0f,0x03,0x06 */ + FALCON_LEVEL1k = 0x7c0f312d, /* 1.3.9999.3.6 */ + /* 0x2b,0xce,0x0f,0x03,0x09 */ + FALCON_LEVEL5k = 0x7c0f3122, /* 1.3.9999.3.9 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x04,0x04 */ + DILITHIUM_LEVEL2k = 0x707800d9, /* 1.3.6.1.4.1.2.267.12.4.4 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x06,0x05 */ + DILITHIUM_LEVEL3k = 0x707902d9, /* 1.3.6.1.4.1.2.267.12.6.5 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */ + DILITHIUM_LEVEL5k = 0x707b0cd9, /* 1.3.6.1.4.1.2.267.12.8.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */ + ML_DSA_LEVEL2k = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */ + ML_DSA_LEVEL3k = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */ + ML_DSA_LEVEL5k = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x04 */ + SPHINCS_FAST_LEVEL1k = 0x06f0ca2c, /* 1.3.9999.6.7.4 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x03 */ + SPHINCS_FAST_LEVEL3k = 0x06f0cd23, /* 1.3.9999.6.8.3 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x03 */ + SPHINCS_FAST_LEVEL5k = 0x06f0cd22, /* 1.3.9999.6.9.3 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x0a */ + SPHINCS_SMALL_LEVEL1k = 0x06f0c42c, /* 1.3.9999.6.7.10 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x07 */ + SPHINCS_SMALL_LEVEL3k = 0x06f0c923, /* 1.3.9999.6.8.7 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x07 */ + SPHINCS_SMALL_LEVEL5k = 0x06f0c922 /* 1.3.9999.6.9.7 */ +#endif +}; + +enum KeyWrap_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05 */ + AES128_WRAP = 417, /* 2.16.840.1.101.3.4.1.5 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19 */ + AES192_WRAP = 437, /* 2.16.840.1.101.3.4.1.25 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2d */ + AES256_WRAP = 457, /* 2.16.840.1.101.3.4.1.45 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x03,0x09 */ + PWRI_KEK_WRAP = 680 /* 1.2.840.113549.1.9.16.3.9 */ +#else + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05 */ + AES128_WRAP = 0x7fb37aff, /* 2.16.840.1.101.3.4.1.5 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19 */ + AES192_WRAP = 0x7fb37ae3, /* 2.16.840.1.101.3.4.1.25 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2d */ + AES256_WRAP = 0x7fb37ad7, /* 2.16.840.1.101.3.4.1.45 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x03,0x09 */ + PWRI_KEK_WRAP = 0x70bf8832 /* 1.2.840.113549.1.9.16.3.9 */ +#endif +}; + +enum Key_Agree { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2b,0x81,0x05,0x10,0x86,0x48,0x3f,0x00,0x02 */ + /* 1.3.133.16.840.63.0.2 */ + dhSinglePass_stdDH_sha1kdf_scheme = 464, + /* 0x2b,0x81,0x04,0x01,0x0b,0x00 */ + /* 1.3.132.1.11.0 */ + dhSinglePass_stdDH_sha224kdf_scheme = 188, + /* 0x2b,0x81,0x04,0x01,0x0b,0x01 */ + /* 1.3.132.1.11.1 */ + dhSinglePass_stdDH_sha256kdf_scheme = 189, + /* 0x2b,0x81,0x04,0x01,0x0b,0x02 */ + /* 1.3.132.1.11.2 */ + dhSinglePass_stdDH_sha384kdf_scheme = 190, + /* 0x2b,0x81,0x04,0x01,0x0b,0x03 */ + /* 1.3.132.1.11.3 */ + dhSinglePass_stdDH_sha512kdf_scheme = 191 +#else + /* 0x2b,0x81,0x05,0x10,0x86,0x48,0x3f,0x00,0x02 */ + /* 1.3.133.16.840.63.0.2 */ + dhSinglePass_stdDH_sha1kdf_scheme = 0x6fc53650, + /* 0x2b,0x81,0x04,0x01,0x0b,0x00 */ + /* 1.3.132.1.11.0 */ + dhSinglePass_stdDH_sha224kdf_scheme = 0x01fb8120, + /* 0x2b,0x81,0x04,0x01,0x0b,0x01 */ + /* 1.3.132.1.11.1 */ + dhSinglePass_stdDH_sha256kdf_scheme = 0x01fb8020, + /* 0x2b,0x81,0x04,0x01,0x0b,0x02 */ + /* 1.3.132.1.11.2 */ + dhSinglePass_stdDH_sha384kdf_scheme = 0x01fb8320, + /* 0x2b,0x81,0x04,0x01,0x0b,0x03 */ + /* 1.3.132.1.11.3 */ + dhSinglePass_stdDH_sha512kdf_scheme = 0x01fb8220 +#endif +}; + +enum KDF_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x05,0x0c */ + PBKDF2_OID = 660, /* 1.2.840.113549.1.5.12 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08 */ + MGF1_OID = 652 /* 1.2.840.113549.1.1.8 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x05,0x0c */ + PBKDF2_OID = 0x7cb6742e, /* 1.2.840.113549.1.5.12 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x08 */ + MGF1_OID = 0x78b6742a /* 1.2.840.113549.1.1.8 */ +#endif +}; + +enum HMAC_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x08 */ + HMAC_SHA224_OID = 652, /* 1.2.840.113549.2.8 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x09 */ + HMAC_SHA256_OID = 653, /* 1.2.840.113549.2.9 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x0a */ + HMAC_SHA384_OID = 654, /* 1.2.840.113549.2.10 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x0b */ + HMAC_SHA512_OID = 655, /* 1.2.840.113549.2.11 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0d */ + HMAC_SHA3_224_OID = 426, /* 2.16.840.1.101.3.4.2.13 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0e */ + HMAC_SHA3_256_OID = 427, /* 2.16.840.1.101.3.4.2.14 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0f */ + HMAC_SHA3_384_OID = 428, /* 2.16.840.1.101.3.4.2.15 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10 */ + HMAC_SHA3_512_OID = 429 /* 2.16.840.1.101.3.4.2.16 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x08 */ + HMAC_SHA224_OID = 0x0e4a8bdd, /* 1.2.840.113549.2.8 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x09 */ + HMAC_SHA256_OID = 0x0f4a8bdd, /* 1.2.840.113549.2.9 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x0a */ + HMAC_SHA384_OID = 0x0c4a8bdd, /* 1.2.840.113549.2.10 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x0b */ + HMAC_SHA512_OID = 0x0d4a8bdd, /* 1.2.840.113549.2.11 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0d */ + HMAC_SHA3_224_OID = 0x7cb37af7, /* 2.16.840.1.101.3.4.2.13 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0e */ + HMAC_SHA3_256_OID = 0x7cb37af4, /* 2.16.840.1.101.3.4.2.14 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0f */ + HMAC_SHA3_384_OID = 0x7cb37af5, /* 2.16.840.1.101.3.4.2.15 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10 */ + HMAC_SHA3_512_OID = 0x7cb37aea /* 2.16.840.1.101.3.4.2.16 */ +#endif +}; + +enum Extensions_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x55,0x1d,0x13 */ + BASIC_CA_OID = 133, /* 2.5.29.19 */ + /* 0x55,0x1d,0x11 */ + ALT_NAMES_OID = 131, /* 2.5.29.17 */ + /* 0x55,0x1d,0x1f */ + CRL_DIST_OID = 145, /* 2.5.29.31 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01 */ + AUTH_INFO_OID = 69, /* 1.3.6.1.5.5.7.1.1 */ + /* 0x55,0x1d,0x23 */ + AUTH_KEY_OID = 149, /* 2.5.29.35 */ + /* 0x55,0x1d,0x0e */ + SUBJ_KEY_OID = 128, /* 2.5.29.14 */ + /* 0x55,0x1d,0x20 */ + CERT_POLICY_OID = 146, /* 2.5.29.32 */ + /* 0x55,0x1d,0x14 */ + CRL_NUMBER_OID = 134, /* 2.5.29.20 */ + /* 0x55,0x1d,0x0f */ + KEY_USAGE_OID = 129, /* 2.5.29.15 */ + /* 0x55,0x1d,0x36 */ + INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ + /* 0x55,0x1d,0x25 */ + EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ + /* 0x55,0x1d,0x1e */ + NAME_CONS_OID = 144, /* 2.5.29.30 */ + /* 0x55,0x1d,0x10 */ + PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x0b */ + SUBJ_INFO_ACC_OID = 79, /* 1.3.6.1.5.5.7.1.11 */ + /* 0x55,0x1d,0x21 */ + POLICY_MAP_OID = 147, /* 2.5.29.33 */ + /* 0x55,0x1d,0x24 */ + POLICY_CONST_OID = 150, /* 2.5.29.36 */ + /* 0x55,0x1d,0x12 */ + ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x18 */ + TLS_FEATURE_OID = 92, /* 1.3.6.1.5.5.7.1.24 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x08,0x07 */ + DNS_SRV_OID = 82, /* 1.3.6.1.5.5.7.8.7 */ + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01 */ + NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05 */ + OCSP_NOCHECK_OID = 121, /* 1.3.6.1.5.5.7.48.1.5 */ + /* 0x55,0x1d,0x09 */ + SUBJ_DIR_ATTR_OID = 123, /* 2.5.29.9 */ + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x02,0x4e,0x05 */ + AKEY_PACKAGE_OID = 492, /* 2.16.840.1.101.2.1.2.78.5 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x06,0x06 */ + FASCN_OID = 419, /* 2.16.840.1.101.3.6.6 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03 */ + UPN_OID = 265, /* 1.3.6.1.4.1.311.20.2.3 */ + /* 0x55,0x1d,0x48 */ + SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 */ + /* 0x55,0x1d,0x49 */ + ALT_SIG_ALG_OID = 187, /* 2.5.29.73 */ + /* 0x55,0x1d,0x4a */ + ALT_SIG_VAL_OID = 188 /* 2.5.29.74 */ +#else + /* 0x55,0x1d,0x13 */ + BASIC_CA_OID = 0x7fec1daa, /* 2.5.29.19 */ + /* 0x55,0x1d,0x11 */ + ALT_NAMES_OID = 0x7fee1daa, /* 2.5.29.17 */ + /* 0x55,0x1d,0x1f */ + CRL_DIST_OID = 0x7fe01daa, /* 2.5.29.31 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01 */ + AUTH_INFO_OID = 0x0400012e, /* 1.3.6.1.5.5.7.1.1 */ + /* 0x55,0x1d,0x23 */ + AUTH_KEY_OID = 0x7fdc1daa, /* 2.5.29.35 */ + /* 0x55,0x1d,0x0e */ + SUBJ_KEY_OID = 0x7ff11daa, /* 2.5.29.14 */ + /* 0x55,0x1d,0x20 */ + CERT_POLICY_OID = 0x7fdf1daa, /* 2.5.29.32 */ + /* 0x55,0x1d,0x14 */ + CRL_NUMBER_OID = 0x7feb1daa, /* 2.5.29.20 */ + /* 0x55,0x1d,0x0f */ + KEY_USAGE_OID = 0x7ff01daa, /* 2.5.29.15 */ + /* 0x55,0x1d,0x36 */ + INHIBIT_ANY_OID = 0x7fc91daa, /* 2.5.29.54 */ + /* 0x55,0x1d,0x25 */ + EXT_KEY_USAGE_OID = 0x7fda1daa, /* 2.5.29.37 */ + /* 0x55,0x1d,0x1e */ + NAME_CONS_OID = 0x7fe11daa, /* 2.5.29.30 */ + /* 0x55,0x1d,0x10 */ + PRIV_KEY_USAGE_PERIOD_OID = 0x7fef1daa, /* 2.5.29.16 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x0b */ + SUBJ_INFO_ACC_OID = 0x0e00012e, /* 1.3.6.1.5.5.7.1.11 */ + /* 0x55,0x1d,0x21 */ + POLICY_MAP_OID = 0x7fde1daa, /* 2.5.29.33 */ + /* 0x55,0x1d,0x24 */ + POLICY_CONST_OID = 0x7fdb1daa, /* 2.5.29.36 */ + /* 0x55,0x1d,0x12 */ + ISSUE_ALT_NAMES_OID = 0x7fed1daa, /* 2.5.29.18 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x18 */ + TLS_FEATURE_OID = 0x1d00012e, /* 1.3.6.1.5.5.7.1.24 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x08,0x07 */ + DNS_SRV_OID = 0x0209012e, /* 1.3.6.1.5.5.7.8.7 */ + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01 */ + NETSCAPE_CT_OID = 0x7ff58118, /* 2.16.840.1.113730.1.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05 */ + OCSP_NOCHECK_OID = 0x7bcefed4, /* 1.3.6.1.5.5.7.48.1.5 */ + /* 0x55,0x1d,0x09 */ + SUBJ_DIR_ATTR_OID = 0x7ff61daa, /* 2.5.29.9 */ + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x02,0x4e,0x05 */ + AKEY_PACKAGE_OID = 0x034981b4, /* 2.16.840.1.101.2.1.2.78.5 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x06,0x06 */ + FASCN_OID = 0x074e8505, /* 2.16.840.1.101.3.6.6 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03 */ + UPN_OID = 0x103687d7, /* 1.3.6.1.4.1.311.20.2.3 */ + /* 0x55,0x1d,0x48 */ + SUBJ_ALT_PUB_KEY_INFO_OID = 0x7fb71daa, /* 2.5.29.72 */ + /* 0x55,0x1d,0x49 */ + ALT_SIG_ALG_OID = 0x7fb61daa, /* 2.5.29.73 */ + /* 0x55,0x1d,0x4a */ + ALT_SIG_VAL_OID = 0x7fb51daa /* 2.5.29.74 */ +#endif +}; + +enum CertificatePolicy_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x55,0x1d,0x20,0x00 */ + /* 2.5.29.32.0 */ + CP_ANY_OID = 146, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xdf,0x13,0x01,0x01,0x01 */ + /* 1.3.6.1.4.1.44947.1.1.1 */ + CP_ISRG_DOMAIN_VALID = 430, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x04 */ + /* 2.16.840.1.101.3.2.1.3.4 */ + CP_FPKI_HIGH_ASSURANCE_OID = 417, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x07 */ + /* 2.16.840.1.101.3.2.1.3.7 */ + CP_FPKI_COMMON_HARDWARE_OID = 420, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x0c */ + /* 2.16.840.1.101.3.2.1.3.12 */ + CP_FPKI_MEDIUM_HARDWARE_OID = 425, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x0d */ + /* 2.16.840.1.101.3.2.1.3.13 */ + CP_FPKI_COMMON_AUTH_OID = 426, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x10 */ + /* 2.16.840.1.101.3.2.1.3.16 */ + CP_FPKI_COMMON_HIGH_OID = 429, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x12 */ + /* 2.16.840.1.101.3.2.1.3.18 */ + CP_FPKI_PIVI_HARDWARE_OID = 431, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x14 */ + /* 2.16.840.1.101.3.2.1.3.20 */ + CP_FPKI_PIVI_CONTENT_SIGNING_OID = 433, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x24 */ + /* 2.16.840.1.101.3.2.1.3.36 */ + CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x26 */ + /* 2.16.840.1.101.3.2.1.3.38 */ + CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x27 */ + /* 2.16.840.1.101.3.2.1.3.39 */ + CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x28 */ + /* 2.16.840.1.101.3.2.1.3.40 */ + CP_FPKI_PIV_AUTH_OID = 453, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x29 */ + /* 2.16.840.1.101.3.2.1.3.41 */ + CP_FPKI_PIV_AUTH_HW_OID = 454, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x2d */ + /* 2.16.840.1.101.3.2.1.3.45 */ + CP_FPKI_PIVI_AUTH_OID = 458, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x2f */ + /* 2.16.840.1.101.3.2.1.3.47 */ + CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x0b */ + /* 2.16.840.1.101.3.2.1.48.11 */ + CP_FPKI_AUTH_TEST_OID = 469, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x0d */ + /* 2.16.840.1.101.3.2.1.48.13 */ + CP_FPKI_CARDAUTH_TEST_OID = 471, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x56 */ + /* 2.16.840.1.101.3.2.1.48.86 */ + CP_FPKI_PIV_CONTENT_TEST_OID = 544, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x6d */ + /* 2.16.840.1.101.3.2.1.48.109 */ + CP_FPKI_PIV_AUTH_DERIVED_TEST_OID = 567, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x6e */ + /* 2.16.840.1.101.3.2.1.48.110 */ + CP_FPKI_PIV_AUTH_DERIVED_HW_TEST_OID = 568, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x05 */ + /* 2.16.840.1.101.2.1.11.5 */ + CP_DOD_MEDIUM_OID = 423, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x09 */ + /* 2.16.840.1.101.2.1.11.9 */ + CP_DOD_MEDIUM_HARDWARE_OID = 427, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x0a */ + /* 2.16.840.1.101.2.1.11.10 */ + CP_DOD_PIV_AUTH_OID = 428, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x11 */ + /* 2.16.840.1.101.2.1.11.17 */ + CP_DOD_MEDIUM_NPE_OID = 435, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x12 */ + /* 2.16.840.1.101.2.1.11.18 */ + CP_DOD_MEDIUM_2048_OID = 436, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x13 */ + /* 2.16.840.1.101.2.1.11.19 */ + CP_DOD_MEDIUM_HARDWARE_2048_OID = 437, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x14 */ + /* 2.16.840.1.101.2.1.11.20 */ + CP_DOD_PIV_AUTH_2048_OID = 438, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x1f */ + /* 2.16.840.1.101.2.1.11.31 */ + CP_DOD_PEER_INTEROP_OID = 100449, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x24 */ + /* 2.16.840.1.101.2.1.11.36 */ + CP_DOD_MEDIUM_NPE_112_OID = 100454, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x25 */ + /* 2.16.840.1.101.2.1.11.37 */ + CP_DOD_MEDIUM_NPE_128_OID = 455, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x26 */ + /* 2.16.840.1.101.2.1.11.38 */ + CP_DOD_MEDIUM_NPE_192_OID = 456, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x27 */ + /* 2.16.840.1.101.2.1.11.39 */ + CP_DOD_MEDIUM_112_OID = 457, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x28 */ + /* 2.16.840.1.101.2.1.11.40 */ + CP_DOD_MEDIUM_128_OID = 100458, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x29 */ + /* 2.16.840.1.101.2.1.11.41 */ + CP_DOD_MEDIUM_192_OID = 459, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x2a */ + /* 2.16.840.1.101.2.1.11.42 */ + CP_DOD_MEDIUM_HARDWARE_112_OID = 100460, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x2b */ + /* 2.16.840.1.101.2.1.11.43 */ + CP_DOD_MEDIUM_HARDWARE_128_OID = 461, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x2c */ + /* 2.16.840.1.101.2.1.11.44 */ + CP_DOD_MEDIUM_HARDWARE_192_OID = 462, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3b */ + /* 2.16.840.1.101.2.1.11.59 */ + CP_DOD_ADMIN_OID = 477, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3c */ + /* 2.16.840.1.101.2.1.11.60 */ + CP_DOD_INTERNAL_NPE_112_OID = 478, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3d */ + /* 2.16.840.1.101.2.1.11.61 */ + CP_DOD_INTERNAL_NPE_128_OID = 479, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3e */ + /* 2.16.840.1.101.2.1.11.62 */ + CP_DOD_INTERNAL_NPE_192_OID = 480, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x01 */ + /* 2.16.840.1.101.3.2.1.12.1 */ + CP_ECA_MEDIUM_OID = 100423, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x02 */ + /* 2.16.840.1.101.3.2.1.12.2 */ + CP_ECA_MEDIUM_HARDWARE_OID = 424, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x03 */ + /* 2.16.840.1.101.3.2.1.12.3 */ + CP_ECA_MEDIUM_TOKEN_OID = 100425, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x04 */ + /* 2.16.840.1.101.3.2.1.12.4 */ + CP_ECA_MEDIUM_SHA256_OID = 100426, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x05 */ + /* 2.16.840.1.101.3.2.1.12.5 */ + CP_ECA_MEDIUM_TOKEN_SHA256_OID = 100427, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x06 */ + /* 2.16.840.1.101.3.2.1.12.6 */ + CP_ECA_MEDIUM_HARDWARE_PIVI_OID = 100428, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x08 */ + /* 2.16.840.1.101.3.2.1.12.8 */ + CP_ECA_CONTENT_SIGNING_PIVI_OID = 100430, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x09 */ + /* 2.16.840.1.101.3.2.1.12.9 */ + CP_ECA_MEDIUM_DEVICE_SHA256_OID = 431, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x0a */ + /* 2.16.840.1.101.3.2.1.12.10 */ + CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 432, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x01 */ + /* 2.16.840.1.101.3.2.1.6.1 */ + CP_STATE_BASIC_OID = 100417, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x02 */ + /* 2.16.840.1.101.3.2.1.6.2 */ + CP_STATE_LOW_OID = 418, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x03 */ + /* 2.16.840.1.101.3.2.1.6.3 */ + CP_STATE_MODERATE_OID = 100419, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x04 */ + /* 2.16.840.1.101.3.2.1.6.4 */ + CP_STATE_HIGH_OID = 100420, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x0c */ + /* 2.16.840.1.101.3.2.1.6.12 */ + CP_STATE_MEDHW_OID = 101428, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x26 */ + /* 2.16.840.1.101.3.2.1.6.38 */ + CP_STATE_MEDDEVHW_OID = 101454, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x04 */ + /* 2.16.840.1.101.3.2.1.5.4 */ + CP_TREAS_MEDIUMHW_OID = 419, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x05 */ + /* 2.16.840.1.101.3.2.1.5.5 */ + CP_TREAS_HIGH_OID = 101420, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x0a */ + /* 2.16.840.1.101.3.2.1.5.10 */ + CP_TREAS_PIVI_HW_OID = 101425, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x0c */ + /* 2.16.840.1.101.3.2.1.5.12 */ + CP_TREAS_PIVI_CONTENT_OID = 101427, + /* 0x2b,0x06,0x01,0x04,0x01,0x49,0x0f,0x03,0x01,0x0c */ + /* 1.3.6.1.4.1.73.15.3.1.12 */ + CP_BOEING_MEDIUMHW_SHA256_OID = 159, + /* 0x2b,0x06,0x01,0x04,0x01,0x49,0x0f,0x03,0x01,0x11 */ + /* 1.3.6.1.4.1.73.15.3.1.17 */ + CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID = 164, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xe4,0x26,0x03,0x01,0x0c */ + /* 1.3.6.1.4.1.45606.3.1.12 */ + CP_CARILLON_MEDIUMHW_256_OID = 467, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xe4,0x26,0x03,0x01,0x14 */ + /* 1.3.6.1.4.1.45606.3.1.20 */ + CP_CARILLON_AIVHW_OID = 475, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xe4,0x26,0x03,0x01,0x16 */ + /* 1.3.6.1.4.1.45606.3.1.22 */ + CP_CARILLON_AIVCONTENT_OID = 100477, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x0c */ + /* 1.3.6.1.4.1.25054.3.1.12 */ + CP_CIS_MEDIUMHW_256_OID = 489, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x0e */ + /* 1.3.6.1.4.1.25054.3.1.14 */ + CP_CIS_MEDDEVHW_256_OID = 491, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x14 */ + /* 1.3.6.1.4.1.25054.3.1.20 */ + CP_CIS_ICECAP_HW_OID = 497, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x16 */ + /* 1.3.6.1.4.1.25054.3.1.22 */ + CP_CIS_ICECAP_CONTENT_OID = 499, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x02 */ + /* 1.3.6.1.4.1.24019.1.1.1.2 */ + CP_CERTIPATH_MEDIUMHW_OID = 100459, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x03 */ + /* 1.3.6.1.4.1.24019.1.1.1.3 */ + CP_CERTIPATH_HIGHHW_OID = 101460, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x07 */ + /* 1.3.6.1.4.1.24019.1.1.1.7 */ + CP_CERTIPATH_ICECAP_HW_OID = 464, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x09 */ + /* 1.3.6.1.4.1.24019.1.1.1.9 */ + CP_CERTIPATH_ICECAP_CONTENT_OID = 466, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x12 */ + /* 1.3.6.1.4.1.24019.1.1.1.18 */ + CP_CERTIPATH_VAR_MEDIUMHW_OID = 100475, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x13 */ + /* 1.3.6.1.4.1.24019.1.1.1.19 */ + CP_CERTIPATH_VAR_HIGHHW_OID = 476, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xa9,0x53,0x01,0x01,0x01,0x02 */ + /* 1.3.6.1.4.1.38099.1.1.1.2 */ + CP_TSCP_MEDIUMHW_OID = 442, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xa9,0x53,0x01,0x01,0x01,0x05 */ + /* 1.3.6.1.4.1.38099.1.1.1.5 */ + CP_TSCP_PIVI_OID = 445, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xa9,0x53,0x01,0x01,0x01,0x07 */ + /* 1.3.6.1.4.1.38099.1.1.1.7 */ + CP_TSCP_PIVI_CONTENT_OID = 447, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x07 */ + /* 2.16.840.1.113733.1.7.23.3.1.7 */ + CP_DIGICERT_NFSSP_MEDIUMHW_OID = 796, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x0d */ + /* 2.16.840.1.113733.1.7.23.3.1.13 */ + CP_DIGICERT_NFSSP_AUTH_OID = 802, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x12 */ + /* 2.16.840.1.113733.1.7.23.3.1.18 */ + CP_DIGICERT_NFSSP_PIVI_HW_OID = 807, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x14 */ + /* 2.16.840.1.113733.1.7.23.3.1.20 */ + CP_DIGICERT_NFSSP_PIVI_CONTENT_OID = 809, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x24 */ + /* 2.16.840.1.113733.1.7.23.3.1.36 */ + CP_DIGICERT_NFSSP_MEDDEVHW_OID = 825, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x02 */ + /* 2.16.840.1.114027.200.3.10.7.2 */ + CP_ENTRUST_NFSSP_MEDIUMHW_OID = 1017, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x04 */ + /* 2.16.840.1.114027.200.3.10.7.4 */ + CP_ENTRUST_NFSSP_MEDAUTH_OID = 1019, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x06 */ + /* 2.16.840.1.114027.200.3.10.7.6 */ + CP_ENTRUST_NFSSP_PIVI_HW_OID = 1021, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x09 */ + /* 2.16.840.1.114027.200.3.10.7.9 */ + CP_ENTRUST_NFSSP_PIVI_CONTENT_OID = 1024, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x10 */ + /* 2.16.840.1.114027.200.3.10.7.16 */ + CP_ENTRUST_NFSSP_MEDDEVHW_OID = 1031, + /* 0x2b,0x06,0x01,0x04,0x01,0xec,0x7c,0x01,0x01,0x01,0x06 */ + /* 1.3.6.1.4.1.13948.1.1.1.6 */ + CP_EXOSTAR_MEDIUMHW_SHA2_OID = 100424, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x0c,0x01 */ + /* 2.16.840.1.113839.0.100.12.1 */ + CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x0c,0x02 */ + /* 2.16.840.1.113839.0.100.12.2 */ + CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x12,0x00 */ + /* 2.16.840.1.113839.0.100.18.0 */ + CP_IDENTRUST_PIVI_HW_ID_OID = 851, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x12,0x01 */ + /* 2.16.840.1.113839.0.100.18.1 */ + CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x12,0x02 */ + /* 2.16.840.1.113839.0.100.18.2 */ + CP_IDENTRUST_PIVI_HW_ENC_OID = 853, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x14,0x01 */ + /* 2.16.840.1.113839.0.100.20.1 */ + CP_IDENTRUST_PIVI_CONTENT_OID = 854, + /* 0x2b,0x06,0x01,0x04,0x01,0x67,0x64,0x01,0x01,0x03,0x03 */ + /* 1.3.6.1.4.1.103.100.1.1.3.3 */ + CP_LOCKHEED_MEDIUMHW_OID = 266, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x08 */ + /* 1.3.6.1.4.1.16334.509.2.8 */ + CP_NORTHROP_MEDIUM_256_HW_OID = 654, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x09 */ + /* 1.3.6.1.4.1.16334.509.2.9 */ + CP_NORTHROP_PIVI_256_HW_OID = 655, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x0b */ + /* 1.3.6.1.4.1.16334.509.2.11 */ + CP_NORTHROP_PIVI_256_CONTENT_OID = 657, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x0e */ + /* 1.3.6.1.4.1.16334.509.2.14 */ + CP_NORTHROP_MEDIUM_384_HW_OID = 660, + /* 0x2b,0x06,0x01,0x04,0x01,0x8c,0x21,0x0a,0x01,0x0c */ + /* 1.3.6.1.4.1.1569.10.1.12 */ + CP_RAYTHEON_MEDIUMHW_OID = 251, + /* 0x2b,0x06,0x01,0x04,0x01,0x8c,0x21,0x0a,0x01,0x12 */ + /* 1.3.6.1.4.1.1569.10.1.18 */ + CP_RAYTHEON_MEDDEVHW_OID = 257, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xd1,0x11,0x0a,0x01,0x0c */ + /* 1.3.6.1.4.1.26769.10.1.12 */ + CP_RAYTHEON_SHA2_MEDIUMHW_OID = 433, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xd1,0x11,0x0a,0x01,0x12 */ + /* 1.3.6.1.4.1.26769.10.1.18 */ + CP_RAYTHEON_SHA2_MEDDEVHW_OID = 439, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x0c */ + /* 1.3.6.1.4.1.3922.1.1.1.12 */ + CP_WIDEPOINT_MEDIUMHW_OID = 310, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x12 */ + /* 1.3.6.1.4.1.3922.1.1.1.18 */ + CP_WIDEPOINT_PIVI_HW_OID = 316, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x14 */ + /* 1.3.6.1.4.1.3922.1.1.1.20 */ + CP_WIDEPOINT_PIVI_CONTENT_OID = 318, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x26 */ + /* 1.3.6.1.4.1.3922.1.1.1.38 */ + CP_WIDEPOINT_MEDDEVHW_OID = 336, + /* 0x2a,0x24,0x01,0x82,0x4e,0x01,0x02,0x01,0x02 */ + /* 1.2.36.1.334.1.2.1.2 */ + CP_ADO_MEDIUM_OID = 293, + /* 0x2a,0x24,0x01,0x82,0x4e,0x01,0x02,0x01,0x03 */ + /* 1.2.36.1.334.1.2.1.3 */ + CP_ADO_HIGH_OID = 294, + /* 0x2a,0x24,0x01,0x82,0x4e,0x01,0x02,0x02,0x02 */ + /* 1.2.36.1.334.1.2.2.2 */ + CP_ADO_RESOURCE_MEDIUM_OID = 100294, + /* 0x2b,0x06,0x01,0x04,0x01,0xb2,0x31,0x01,0x02,0x01,0x03,0x04 */ + /* 1.3.6.1.4.1.6449.1.2.1.3.4 */ + CP_COMODO_OID = 100293, + /* 0x60,0x84,0x10,0x01,0x87,0x6b,0x01,0x02,0x05,0x01 */ + /* 2.16.528.1.1003.1.2.5.1 */ + CP_NL_MOD_AUTH_OID = 496, + /* 0x60,0x84,0x10,0x01,0x87,0x6b,0x01,0x02,0x05,0x02 */ + /* 2.16.528.1.1003.1.2.5.2 */ + CP_NL_MOD_IRREFUT_OID = 100497, + /* 0x60,0x84,0x10,0x01,0x87,0x6b,0x01,0x02,0x05,0x03 */ + /* 2.16.528.1.1003.1.2.5.3 */ + CP_NL_MOD_CONFID_OID = 498 +#else + /* 0x55,0x1d,0x20,0x00 */ + /* 2.5.29.32.0 */ + CP_ANY_OID = 0x00df1daa, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xdf,0x13,0x01,0x01,0x01 */ + /* 1.3.6.1.4.1.44947.1.1.1 */ + CP_ISRG_DOMAIN_VALID = 0x682085d4, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x04 */ + /* 2.16.840.1.101.3.2.1.3.4 */ + CP_FPKI_HIGH_ASSURANCE_OID = 0x004a81f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x07 */ + /* 2.16.840.1.101.3.2.1.3.7 */ + CP_FPKI_COMMON_HARDWARE_OID = 0x004a82f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x0c */ + /* 2.16.840.1.101.3.2.1.3.12 */ + CP_FPKI_MEDIUM_HARDWARE_OID = 0x004a89f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x0d */ + /* 2.16.840.1.101.3.2.1.3.13 */ + CP_FPKI_COMMON_AUTH_OID = 0x004a88f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x10 */ + /* 2.16.840.1.101.3.2.1.3.16 */ + CP_FPKI_COMMON_HIGH_OID = 0x004a95f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x12 */ + /* 2.16.840.1.101.3.2.1.3.18 */ + CP_FPKI_PIVI_HARDWARE_OID = 0x004a97f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x14 */ + /* 2.16.840.1.101.3.2.1.3.20 */ + CP_FPKI_PIVI_CONTENT_SIGNING_OID = 0x004a91f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x24 */ + /* 2.16.840.1.101.3.2.1.3.36 */ + CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 0x004aa1f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x26 */ + /* 2.16.840.1.101.3.2.1.3.38 */ + CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 0x004aa3f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x27 */ + /* 2.16.840.1.101.3.2.1.3.39 */ + CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 0x004aa2f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x28 */ + /* 2.16.840.1.101.3.2.1.3.40 */ + CP_FPKI_PIV_AUTH_OID = 0x004aadf9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x29 */ + /* 2.16.840.1.101.3.2.1.3.41 */ + CP_FPKI_PIV_AUTH_HW_OID = 0x004aacf9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x2d */ + /* 2.16.840.1.101.3.2.1.3.45 */ + CP_FPKI_PIVI_AUTH_OID = 0x004aa8f9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x03,0x2f */ + /* 2.16.840.1.101.3.2.1.3.47 */ + CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 0x004aaaf9, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x0b */ + /* 2.16.840.1.101.3.2.1.48.11 */ + CP_FPKI_AUTH_TEST_OID = 0x004a8eca, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x0d */ + /* 2.16.840.1.101.3.2.1.48.13 */ + CP_FPKI_CARDAUTH_TEST_OID = 0x004a88ca, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x56 */ + /* 2.16.840.1.101.3.2.1.48.86 */ + CP_FPKI_PIV_CONTENT_TEST_OID = 0x004ad3ca, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x6d */ + /* 2.16.840.1.101.3.2.1.48.109 */ + CP_FPKI_PIV_AUTH_DERIVED_TEST_OID = 0x004ae8ca, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x30,0x6e */ + /* 2.16.840.1.101.3.2.1.48.110 */ + CP_FPKI_PIV_AUTH_DERIVED_HW_TEST_OID = 0x004aebca, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x05 */ + /* 2.16.840.1.101.2.1.11.5 */ + CP_DOD_MEDIUM_OID = 0x75b67bff, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x09 */ + /* 2.16.840.1.101.2.1.11.9 */ + CP_DOD_MEDIUM_HARDWARE_OID = 0x75b67bf3, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x0a */ + /* 2.16.840.1.101.2.1.11.10 */ + CP_DOD_PIV_AUTH_OID = 0x75b67bf0, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x11 */ + /* 2.16.840.1.101.2.1.11.17 */ + CP_DOD_MEDIUM_NPE_OID = 0x75b67beb, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x12 */ + /* 2.16.840.1.101.2.1.11.18 */ + CP_DOD_MEDIUM_2048_OID = 0x75b67be8, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x13 */ + /* 2.16.840.1.101.2.1.11.19 */ + CP_DOD_MEDIUM_HARDWARE_2048_OID = 0x75b67be9, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x14 */ + /* 2.16.840.1.101.2.1.11.20 */ + CP_DOD_PIV_AUTH_2048_OID = 0x75b67bee, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x1f */ + /* 2.16.840.1.101.2.1.11.31 */ + CP_DOD_PEER_INTEROP_OID = 0x75b67be5, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x24 */ + /* 2.16.840.1.101.2.1.11.36 */ + CP_DOD_MEDIUM_NPE_112_OID = 0x75b67bde, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x25 */ + /* 2.16.840.1.101.2.1.11.37 */ + CP_DOD_MEDIUM_NPE_128_OID = 0x75b67bdf, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x26 */ + /* 2.16.840.1.101.2.1.11.38 */ + CP_DOD_MEDIUM_NPE_192_OID = 0x75b67bdc, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x27 */ + /* 2.16.840.1.101.2.1.11.39 */ + CP_DOD_MEDIUM_112_OID = 0x75b67bdd, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x28 */ + /* 2.16.840.1.101.2.1.11.40 */ + CP_DOD_MEDIUM_128_OID = 0x75b67bd2, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x29 */ + /* 2.16.840.1.101.2.1.11.41 */ + CP_DOD_MEDIUM_192_OID = 0x75b67bd3, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x2a */ + /* 2.16.840.1.101.2.1.11.42 */ + CP_DOD_MEDIUM_HARDWARE_112_OID = 0x75b67bd0, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x2b */ + /* 2.16.840.1.101.2.1.11.43 */ + CP_DOD_MEDIUM_HARDWARE_128_OID = 0x75b67bd1, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x2c */ + /* 2.16.840.1.101.2.1.11.44 */ + CP_DOD_MEDIUM_HARDWARE_192_OID = 0x75b67bd6, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3b */ + /* 2.16.840.1.101.2.1.11.59 */ + CP_DOD_ADMIN_OID = 0x75b67bc1, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3c */ + /* 2.16.840.1.101.2.1.11.60 */ + CP_DOD_INTERNAL_NPE_112_OID = 0x75b67bc6, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3d */ + /* 2.16.840.1.101.2.1.11.61 */ + CP_DOD_INTERNAL_NPE_128_OID = 0x75b67bc7, + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x0b,0x3e */ + /* 2.16.840.1.101.2.1.11.62 */ + CP_DOD_INTERNAL_NPE_192_OID = 0x75b67bc4, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x01 */ + /* 2.16.840.1.101.3.2.1.12.1 */ + CP_ECA_MEDIUM_OID = 0x004a84f6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x02 */ + /* 2.16.840.1.101.3.2.1.12.2 */ + CP_ECA_MEDIUM_HARDWARE_OID = 0x004a87f6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x03 */ + /* 2.16.840.1.101.3.2.1.12.3 */ + CP_ECA_MEDIUM_TOKEN_OID = 0x004a86f6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x04 */ + /* 2.16.840.1.101.3.2.1.12.4 */ + CP_ECA_MEDIUM_SHA256_OID = 0x004a81f6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x05 */ + /* 2.16.840.1.101.3.2.1.12.5 */ + CP_ECA_MEDIUM_TOKEN_SHA256_OID = 0x004a80f6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x06 */ + /* 2.16.840.1.101.3.2.1.12.6 */ + CP_ECA_MEDIUM_HARDWARE_PIVI_OID = 0x004a83f6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x08 */ + /* 2.16.840.1.101.3.2.1.12.8 */ + CP_ECA_CONTENT_SIGNING_PIVI_OID = 0x004a8df6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x09 */ + /* 2.16.840.1.101.3.2.1.12.9 */ + CP_ECA_MEDIUM_DEVICE_SHA256_OID = 0x004a8cf6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x0c,0x0a */ + /* 2.16.840.1.101.3.2.1.12.10 */ + CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 0x004a8ff6, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x01 */ + /* 2.16.840.1.101.3.2.1.6.1 */ + CP_STATE_BASIC_OID = 0x004a84fc, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x02 */ + /* 2.16.840.1.101.3.2.1.6.2 */ + CP_STATE_LOW_OID = 0x004a87fc, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x03 */ + /* 2.16.840.1.101.3.2.1.6.3 */ + CP_STATE_MODERATE_OID = 0x004a86fc, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x04 */ + /* 2.16.840.1.101.3.2.1.6.4 */ + CP_STATE_HIGH_OID = 0x004a81fc, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x0c */ + /* 2.16.840.1.101.3.2.1.6.12 */ + CP_STATE_MEDHW_OID = 0x004a89fc, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x06,0x26 */ + /* 2.16.840.1.101.3.2.1.6.38 */ + CP_STATE_MEDDEVHW_OID = 0x004aa3fc, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x04 */ + /* 2.16.840.1.101.3.2.1.5.4 */ + CP_TREAS_MEDIUMHW_OID = 0x004a81ff, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x05 */ + /* 2.16.840.1.101.3.2.1.5.5 */ + CP_TREAS_HIGH_OID = 0x004a80ff, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x0a */ + /* 2.16.840.1.101.3.2.1.5.10 */ + CP_TREAS_PIVI_HW_OID = 0x004a8fff, + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x02,0x01,0x05,0x0c */ + /* 2.16.840.1.101.3.2.1.5.12 */ + CP_TREAS_PIVI_CONTENT_OID = 0x004a89ff, + /* 0x2b,0x06,0x01,0x04,0x01,0x49,0x0f,0x03,0x01,0x0c */ + /* 1.3.6.1.4.1.73.15.3.1.12 */ + CP_BOEING_MEDIUMHW_SHA256_OID = 0x070e43d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x49,0x0f,0x03,0x01,0x11 */ + /* 1.3.6.1.4.1.73.15.3.1.17 */ + CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID = 0x070e5ed4, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xe4,0x26,0x03,0x01,0x0c */ + /* 1.3.6.1.4.1.45606.3.1.12 */ + CP_CARILLON_MEDIUMHW_256_OID = 0x5d1685d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xe4,0x26,0x03,0x01,0x14 */ + /* 1.3.6.1.4.1.45606.3.1.20 */ + CP_CARILLON_AIVHW_OID = 0x5d0e85d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xe4,0x26,0x03,0x01,0x16 */ + /* 1.3.6.1.4.1.45606.3.1.22 */ + CP_CARILLON_AIVCONTENT_OID = 0x5d0c85d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x0c */ + /* 1.3.6.1.4.1.25054.3.1.12 */ + CP_CIS_MEDIUMHW_256_OID = 0x253186d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x0e */ + /* 1.3.6.1.4.1.25054.3.1.14 */ + CP_CIS_MEDDEVHW_256_OID = 0x253386d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x14 */ + /* 1.3.6.1.4.1.25054.3.1.20 */ + CP_CIS_ICECAP_HW_OID = 0x252986d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xc3,0x5e,0x03,0x01,0x16 */ + /* 1.3.6.1.4.1.25054.3.1.22 */ + CP_CIS_ICECAP_CONTENT_OID = 0x252b86d6, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x02 */ + /* 1.3.6.1.4.1.24019.1.1.1.2 */ + CP_CERTIPATH_MEDIUMHW_OID = 0x554486d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x03 */ + /* 1.3.6.1.4.1.24019.1.1.1.3 */ + CP_CERTIPATH_HIGHHW_OID = 0x544486d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x07 */ + /* 1.3.6.1.4.1.24019.1.1.1.7 */ + CP_CERTIPATH_ICECAP_HW_OID = 0x504486d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x09 */ + /* 1.3.6.1.4.1.24019.1.1.1.9 */ + CP_CERTIPATH_ICECAP_CONTENT_OID = 0x5e4486d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x12 */ + /* 1.3.6.1.4.1.24019.1.1.1.18 */ + CP_CERTIPATH_VAR_MEDIUMHW_OID = 0x454486d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xbb,0x53,0x01,0x01,0x01,0x13 */ + /* 1.3.6.1.4.1.24019.1.1.1.19 */ + CP_CERTIPATH_VAR_HIGHHW_OID = 0x444486d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xa9,0x53,0x01,0x01,0x01,0x02 */ + /* 1.3.6.1.4.1.38099.1.1.1.2 */ + CP_TSCP_MEDIUMHW_OID = 0x555685d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xa9,0x53,0x01,0x01,0x01,0x05 */ + /* 1.3.6.1.4.1.38099.1.1.1.5 */ + CP_TSCP_PIVI_OID = 0x525685d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0xa9,0x53,0x01,0x01,0x01,0x07 */ + /* 1.3.6.1.4.1.38099.1.1.1.7 */ + CP_TSCP_PIVI_CONTENT_OID = 0x505685d4, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x07 */ + /* 2.16.840.1.113733.1.7.23.3.1.7 */ + CP_DIGICERT_NFSSP_MEDIUMHW_OID = 0x7e0e96e6, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x0d */ + /* 2.16.840.1.113733.1.7.23.3.1.13 */ + CP_DIGICERT_NFSSP_AUTH_OID = 0x7e0e96ec, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x12 */ + /* 2.16.840.1.113733.1.7.23.3.1.18 */ + CP_DIGICERT_NFSSP_PIVI_HW_OID = 0x7e0e96f3, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x14 */ + /* 2.16.840.1.113733.1.7.23.3.1.20 */ + CP_DIGICERT_NFSSP_PIVI_CONTENT_OID = 0x7e0e96f5, + /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x45,0x01,0x07,0x17,0x03,0x01,0x24 */ + /* 2.16.840.1.113733.1.7.23.3.1.36 */ + CP_DIGICERT_NFSSP_MEDDEVHW_OID = 0x7e0e96c5, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x02 */ + /* 2.16.840.1.114027.200.3.10.7.2 */ + CP_ENTRUST_NFSSP_MEDIUMHW_OID = 0x782980ac, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x04 */ + /* 2.16.840.1.114027.200.3.10.7.4 */ + CP_ENTRUST_NFSSP_MEDAUTH_OID = 0x782980aa, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x06 */ + /* 2.16.840.1.114027.200.3.10.7.6 */ + CP_ENTRUST_NFSSP_PIVI_HW_OID = 0x782980a8, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x09 */ + /* 2.16.840.1.114027.200.3.10.7.9 */ + CP_ENTRUST_NFSSP_PIVI_CONTENT_OID = 0x782980a7, + /* 0x60,0x86,0x48,0x01,0x86,0xfa,0x6b,0x81,0x48,0x03,0x0a,0x07,0x10 */ + /* 2.16.840.1.114027.200.3.10.7.16 */ + CP_ENTRUST_NFSSP_MEDDEVHW_OID = 0x782980be, + /* 0x2b,0x06,0x01,0x04,0x01,0xec,0x7c,0x01,0x01,0x01,0x06 */ + /* 1.3.6.1.4.1.13948.1.1.1.6 */ + CP_EXOSTAR_MEDIUMHW_SHA2_OID = 0x7a84ebd4, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x0c,0x01 */ + /* 2.16.840.1.113839.0.100.12.1 */ + CP_IDENTRUST_MEDIUMHW_SIGN_OID = 0x7e99737d, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x0c,0x02 */ + /* 2.16.840.1.113839.0.100.12.2 */ + CP_IDENTRUST_MEDIUMHW_ENC_OID = 0x7e9a737d, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x12,0x00 */ + /* 2.16.840.1.113839.0.100.18.0 */ + CP_IDENTRUST_PIVI_HW_ID_OID = 0x7e986d7d, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x12,0x01 */ + /* 2.16.840.1.113839.0.100.18.1 */ + CP_IDENTRUST_PIVI_HW_SIGN_OID = 0x7e996d7d, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x12,0x02 */ + /* 2.16.840.1.113839.0.100.18.2 */ + CP_IDENTRUST_PIVI_HW_ENC_OID = 0x7e9a6d7d, + /* 0x60,0x86,0x48,0x01,0x86,0xf9,0x2f,0x00,0x64,0x14,0x01 */ + /* 2.16.840.1.113839.0.100.20.1 */ + CP_IDENTRUST_PIVI_CONTENT_OID = 0x7e996b7d, + /* 0x2b,0x06,0x01,0x04,0x01,0x67,0x64,0x01,0x01,0x03,0x03 */ + /* 1.3.6.1.4.1.103.100.1.1.3.3 */ + CP_LOCKHEED_MEDIUMHW_OID = 0x7a9962d4, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x08 */ + /* 1.3.6.1.4.1.16334.509.2.8 */ + CP_NORTHROP_MEDIUM_256_HW_OID = 0x78b8fba8, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x09 */ + /* 1.3.6.1.4.1.16334.509.2.9 */ + CP_NORTHROP_PIVI_256_HW_OID = 0x78b9fba8, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x0b */ + /* 1.3.6.1.4.1.16334.509.2.11 */ + CP_NORTHROP_PIVI_256_CONTENT_OID = 0x78bbfba8, + /* 0x2b,0x06,0x01,0x04,0x01,0xff,0x4e,0x83,0x7d,0x02,0x0e */ + /* 1.3.6.1.4.1.16334.509.2.14 */ + CP_NORTHROP_MEDIUM_384_HW_OID = 0x78befba8, + /* 0x2b,0x06,0x01,0x04,0x01,0x8c,0x21,0x0a,0x01,0x0c */ + /* 1.3.6.1.4.1.1569.10.1.12 */ + CP_RAYTHEON_MEDIUMHW_OID = 0x0e2086d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x8c,0x21,0x0a,0x01,0x12 */ + /* 1.3.6.1.4.1.1569.10.1.18 */ + CP_RAYTHEON_MEDDEVHW_OID = 0x0e2098d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xd1,0x11,0x0a,0x01,0x0c */ + /* 1.3.6.1.4.1.26769.10.1.12 */ + CP_RAYTHEON_SHA2_MEDIUMHW_OID = 0x6a2386df, + /* 0x2b,0x06,0x01,0x04,0x01,0x81,0xd1,0x11,0x0a,0x01,0x12 */ + /* 1.3.6.1.4.1.26769.10.1.18 */ + CP_RAYTHEON_SHA2_MEDDEVHW_OID = 0x6a3d86df, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x0c */ + /* 1.3.6.1.4.1.3922.1.1.1.12 */ + CP_WIDEPOINT_MEDIUMHW_OID = 0x7aa099d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x12 */ + /* 1.3.6.1.4.1.3922.1.1.1.18 */ + CP_WIDEPOINT_PIVI_HW_OID = 0x7abe99d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x14 */ + /* 1.3.6.1.4.1.3922.1.1.1.20 */ + CP_WIDEPOINT_PIVI_CONTENT_OID = 0x7ab899d4, + /* 0x2b,0x06,0x01,0x04,0x01,0x9e,0x52,0x01,0x01,0x01,0x26 */ + /* 1.3.6.1.4.1.3922.1.1.1.38 */ + CP_WIDEPOINT_MEDDEVHW_OID = 0x7a8a99d4, + /* 0x2a,0x24,0x01,0x82,0x4e,0x01,0x02,0x01,0x02 */ + /* 1.2.36.1.334.1.2.1.2 */ + CP_ADO_MEDIUM_OID = 0x7cfcda99, + /* 0x2a,0x24,0x01,0x82,0x4e,0x01,0x02,0x01,0x03 */ + /* 1.2.36.1.334.1.2.1.3 */ + CP_ADO_HIGH_OID = 0x7cfcda98, + /* 0x2a,0x24,0x01,0x82,0x4e,0x01,0x02,0x02,0x02 */ + /* 1.2.36.1.334.1.2.2.2 */ + CP_ADO_RESOURCE_MEDIUM_OID = 0x7ffcda99, + /* 0x2b,0x06,0x01,0x04,0x01,0xb2,0x31,0x01,0x02,0x01,0x03,0x04 */ + /* 1.3.6.1.4.1.6449.1.2.1.3.4 */ + CP_COMODO_OID = 0x01ccb5d7, + /* 0x60,0x84,0x10,0x01,0x87,0x6b,0x01,0x02,0x05,0x01 */ + /* 2.16.528.1.1003.1.2.5.1 */ + CP_NL_MOD_AUTH_OID = 0x0311ee1d, + /* 0x60,0x84,0x10,0x01,0x87,0x6b,0x01,0x02,0x05,0x02 */ + /* 2.16.528.1.1003.1.2.5.2 */ + CP_NL_MOD_IRREFUT_OID = 0x0311ed1d, + /* 0x60,0x84,0x10,0x01,0x87,0x6b,0x01,0x02,0x05,0x03 */ + /* 2.16.528.1.1003.1.2.5.3 */ + CP_NL_MOD_CONFID_OID = 0x0311ec1d +#endif +}; + +enum SepHardwareName_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x08,0x04 */ + HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 */ +#else + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x08,0x04 */ + HW_NAME_OID = 0x0109012e /* 1.3.6.1.5.5.7.8.4 */ +#endif +}; + +enum AuthInfo_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01 */ + AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x02 */ + AIA_CA_ISSUER_OID = 117, /* 1.3.6.1.5.5.7.48.2 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x05 */ + AIA_CA_REPO_OID = 120 /* 1.3.6.1.5.5.7.48.5 */ +#else + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01 */ + AIA_OCSP_OID = 0x0431012e, /* 1.3.6.1.5.5.7.48.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x02 */ + AIA_CA_ISSUER_OID = 0x0731012e, /* 1.3.6.1.5.5.7.48.2 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x05 */ + AIA_CA_REPO_OID = 0x0031012e /* 1.3.6.1.5.5.7.48.5 */ +#endif +}; + +enum ExtKeyUsage_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x55,0x1d,0x25,0x00 */ + EKU_ANY_OID = 151, /* 2.5.29.37.0 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x01 */ + EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02 */ + EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x03 */ + EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x04 */ + EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x08 */ + EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x09 */ + EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x15 */ + EKU_SSH_CLIENT_AUTH_OID = 91, /* 1.3.6.1.5.5.7.3.21 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02 */ + EKU_SSH_MSCL_OID = 264, /* 1.3.6.1.4.1.311.20.2.2 */ + /* 0x2b,0x06,0x01,0x05,0x02,0x03,0x04 */ + EKU_SSH_KP_CLIENT_AUTH_OID = 64 /* 1.3.6.1.5.2.3.4 */ +#else + /* 0x55,0x1d,0x25,0x00 */ + EKU_ANY_OID = 0x00da1daa, /* 2.5.29.37.0 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x01 */ + EKU_SERVER_AUTH_OID = 0x0402012e, /* 1.3.6.1.5.5.7.3.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x02 */ + EKU_CLIENT_AUTH_OID = 0x0702012e, /* 1.3.6.1.5.5.7.3.2 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x03 */ + EKU_CODESIGNING_OID = 0x0602012e, /* 1.3.6.1.5.5.7.3.3 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x04 */ + EKU_EMAILPROTECT_OID = 0x0102012e, /* 1.3.6.1.5.5.7.3.4 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x08 */ + EKU_TIMESTAMP_OID = 0x0d02012e, /* 1.3.6.1.5.5.7.3.8 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x09 */ + EKU_OCSP_SIGN_OID = 0x0c02012e, /* 1.3.6.1.5.5.7.3.9 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x15 */ + EKU_SSH_CLIENT_AUTH_OID = 0x1002012e, /* 1.3.6.1.5.5.7.3.21 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02 */ + EKU_SSH_MSCL_OID = 0x103686d7, /* 1.3.6.1.4.1.311.20.2.2 */ + /* 0x2b,0x06,0x01,0x05,0x02,0x03,0x04 */ + EKU_SSH_KP_CLIENT_AUTH_OID = 0x7a050529 /* 1.3.6.1.5.2.3.4 */ +#endif +}; + +enum SubjDirAttr_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x01 */ + SDA_DOB_OID = 77, /* 1.3.6.1.5.5.7.9.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x02 */ + SDA_POB_OID = 78, /* 1.3.6.1.5.5.7.9.2 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x03 */ + SDA_GENDER_OID = 79, /* 1.3.6.1.5.5.7.9.3 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x04 */ + SDA_COC_OID = 80, /* 1.3.6.1.5.5.7.9.4 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x05 */ + SDA_COR_OID = 81 /* 1.3.6.1.5.5.7.9.5 */ +#else + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x01 */ + SDA_DOB_OID = 0x0408012e, /* 1.3.6.1.5.5.7.9.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x02 */ + SDA_POB_OID = 0x0708012e, /* 1.3.6.1.5.5.7.9.2 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x03 */ + SDA_GENDER_OID = 0x0608012e, /* 1.3.6.1.5.5.7.9.3 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x04 */ + SDA_COC_OID = 0x0108012e, /* 1.3.6.1.5.5.7.9.4 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x09,0x05 */ + SDA_COR_OID = 0x0008012e /* 1.3.6.1.5.5.7.9.5 */ +#endif +}; + +enum CompressAlg_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x03,0x08 */ + ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x03,0x08 */ + ZLIBc = 0x70be8832 /* 1.2.840.113549.1.9.16.3.8 */ +#endif +}; + +enum CsrAttrType { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x02 */ + UNSTRUCTURED_NAME_OID = 654, /* 1.2.840.113549.1.9.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x03 */ + PKCS9_CONTENT_TYPE_OID = 655, /* 1.2.840.113549.1.9.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x07 */ + CHALLENGE_PASSWORD_OID = 659, /* 1.2.840.113549.1.9.7 */ + /* 0x55,0x04,0x05 */ + SERIAL_NUMBER_OID = 94, /* 2.5.4.5 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x0e */ + EXTENSION_REQUEST_OID = 666, /* 1.2.840.113549.1.9.14 */ + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x01 */ + USER_ID_OID = 865, /* 0.9.2342.19200300.100.1.1 */ + /* 0x55,0x04,0x2e */ + DNQUALIFIER_OID = 135, /* 2.5.4.46 */ + /* 0x55,0x04,0x2b */ + INITIALS_OID = 132, /* 2.5.4.43 */ + /* 0x55,0x04,0x04 */ + SURNAME_OID = 93, /* 2.5.4.4 */ + /* 0x55,0x04,0x29 */ + NAME_OID = 130, /* 2.5.4.41 */ + /* 0x55,0x04,0x2a */ + GIVEN_NAME_OID = 131 /* 2.5.4.42 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x02 */ + UNSTRUCTURED_NAME_OID = 0x70b67420, /* 1.2.840.113549.1.9.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x03 */ + PKCS9_CONTENT_TYPE_OID = 0x70b67421, /* 1.2.840.113549.1.9.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x07 */ + CHALLENGE_PASSWORD_OID = 0x70b67425, /* 1.2.840.113549.1.9.7 */ + /* 0x55,0x04,0x05 */ + SERIAL_NUMBER_OID = 0x7ffa04aa, /* 2.5.4.5 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x0e */ + EXTENSION_REQUEST_OID = 0x70b6742c, /* 1.2.840.113549.1.9.14 */ + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x01 */ + USER_ID_OID = 0x6d0a6164, /* 0.9.2342.19200300.100.1.1 */ + /* 0x55,0x04,0x2e */ + DNQUALIFIER_OID = 0x7fd104aa, /* 2.5.4.46 */ + /* 0x55,0x04,0x2b */ + INITIALS_OID = 0x7fd404aa, /* 2.5.4.43 */ + /* 0x55,0x04,0x04 */ + SURNAME_OID = 0x7ffb04aa, /* 2.5.4.4 */ + /* 0x55,0x04,0x29 */ + NAME_OID = 0x7fd604aa, /* 2.5.4.41 */ + /* 0x55,0x04,0x2a */ + GIVEN_NAME_OID = 0x7fd504aa /* 2.5.4.42 */ +#endif +}; + +enum Ocsp_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01 */ + OCSP_BASIC_OID = 117, /* 1.3.6.1.5.5.7.48.1.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02 */ + OCSP_NONCE_OID = 118 /* 1.3.6.1.5.5.7.48.1.2 */ +#else + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01 */ + OCSP_BASIC_OID = 0x7bcefed0, /* 1.3.6.1.5.5.7.48.1.1 */ + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02 */ + OCSP_NONCE_OID = 0x7bcefed3 /* 1.3.6.1.5.5.7.48.1.2 */ +#endif +}; + +enum Ecc_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2b,0x81,0x04,0x00,0x06 */ + ECC_SECP112R1_OID = 182, /* 1.3.132.0.6 */ + /* 0x2b,0x81,0x04,0x00,0x07 */ + ECC_SECP112R2_OID = 183, /* 1.3.132.0.7 */ + /* 0x2b,0x81,0x04,0x00,0x1c */ + ECC_SECP128R1_OID = 204, /* 1.3.132.0.28 */ + /* 0x2b,0x81,0x04,0x00,0x1d */ + ECC_SECP128R2_OID = 205, /* 1.3.132.0.29 */ + /* 0x2b,0x81,0x04,0x00,0x08 */ + ECC_SECP160R1_OID = 184, /* 1.3.132.0.8 */ + /* 0x2b,0x81,0x04,0x00,0x1e */ + ECC_SECP160R2_OID = 206, /* 1.3.132.0.30 */ + /* 0x2b,0x81,0x04,0x00,0x09 */ + ECC_SECP160K1_OID = 185, /* 1.3.132.0.9 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01 */ + ECC_BRAINPOOLP160R1_OID = 98, /* 1.3.36.3.3.2.8.1.1.1 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x01 */ + ECC_SECP192R1_OID = 520, /* 1.2.840.10045.3.1.1 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x02 */ + ECC_PRIME192V2_OID = 521, /* 1.2.840.10045.3.1.2 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x03 */ + ECC_PRIME192V3_OID = 522, /* 1.2.840.10045.3.1.3 */ + /* 0x2b,0x81,0x04,0x00,0x1f */ + ECC_SECP192K1_OID = 207, /* 1.3.132.0.31 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03 */ + ECC_BRAINPOOLP192R1_OID = 100, /* 1.3.36.3.3.2.8.1.1.3 */ + /* 0x2b,0x81,0x04,0x00,0x21 */ + ECC_SECP224R1_OID = 209, /* 1.3.132.0.33 */ + /* 0x2b,0x81,0x04,0x00,0x20 */ + ECC_SECP224K1_OID = 208, /* 1.3.132.0.32 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05 */ + ECC_BRAINPOOLP224R1_OID = 102, /* 1.3.36.3.3.2.8.1.1.5 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x04 */ + ECC_PRIME239V1_OID = 523, /* 1.2.840.10045.3.1.4 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x05 */ + ECC_PRIME239V2_OID = 524, /* 1.2.840.10045.3.1.5 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x06 */ + ECC_PRIME239V3_OID = 525, /* 1.2.840.10045.3.1.6 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07 */ + ECC_SECP256R1_OID = 526, /* 1.2.840.10045.3.1.7 */ + /* 0x2b,0x81,0x04,0x00,0x0a */ + ECC_SECP256K1_OID = 186, /* 1.3.132.0.10 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 */ + ECC_BRAINPOOLP256R1_OID = 104, /* 1.3.36.3.3.2.8.1.1.7 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x82,0x2d */ + ECC_SM2P256V1_OID = 667, /* 1.2.156.10197.1.301 */ + /* 0x2b,0x65,0x6e */ + ECC_X25519_OID = 254, /* 1.3.101.110 */ + /* 0x2b,0x65,0x70 */ + ECC_ED25519_OID = 256, /* 1.3.101.112 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09 */ + ECC_BRAINPOOLP320R1_OID = 106, /* 1.3.36.3.3.2.8.1.1.9 */ + /* 0x2b,0x65,0x6f */ + ECC_X448_OID = 255, /* 1.3.101.111 */ + /* 0x2b,0x65,0x71 */ + ECC_ED448_OID = 257, /* 1.3.101.113 */ + /* 0x2b,0x81,0x04,0x00,0x22 */ + ECC_SECP384R1_OID = 210, /* 1.3.132.0.34 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0b */ + ECC_BRAINPOOLP384R1_OID = 108, /* 1.3.36.3.3.2.8.1.1.11 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0d */ + ECC_BRAINPOOLP512R1_OID = 110, /* 1.3.36.3.3.2.8.1.1.13 */ + /* 0x2b,0x81,0x04,0x00,0x23 */ + ECC_SECP521R1_OID = 211 /* 1.3.132.0.35 */ +#else + /* 0x2b,0x81,0x04,0x00,0x06 */ + ECC_SECP112R1_OID = 0x7f047e2d, /* 1.3.132.0.6 */ + /* 0x2b,0x81,0x04,0x00,0x07 */ + ECC_SECP112R2_OID = 0x7f047e2c, /* 1.3.132.0.7 */ + /* 0x2b,0x81,0x04,0x00,0x1c */ + ECC_SECP128R1_OID = 0x7f047e37, /* 1.3.132.0.28 */ + /* 0x2b,0x81,0x04,0x00,0x1d */ + ECC_SECP128R2_OID = 0x7f047e36, /* 1.3.132.0.29 */ + /* 0x2b,0x81,0x04,0x00,0x08 */ + ECC_SECP160R1_OID = 0x7f047e23, /* 1.3.132.0.8 */ + /* 0x2b,0x81,0x04,0x00,0x1e */ + ECC_SECP160R2_OID = 0x7f047e35, /* 1.3.132.0.30 */ + /* 0x2b,0x81,0x04,0x00,0x09 */ + ECC_SECP160K1_OID = 0x7f047e22, /* 1.3.132.0.9 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01 */ + ECC_BRAINPOOLP160R1_OID = 0x7dfdd3d7, /* 1.3.36.3.3.2.8.1.1.1 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x01 */ + ECC_SECP192R1_OID = 0x4f498517, /* 1.2.840.10045.3.1.1 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x02 */ + ECC_PRIME192V2_OID = 0x4c498517, /* 1.2.840.10045.3.1.2 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x03 */ + ECC_PRIME192V3_OID = 0x4d498517, /* 1.2.840.10045.3.1.3 */ + /* 0x2b,0x81,0x04,0x00,0x1f */ + ECC_SECP192K1_OID = 0x7f047e34, /* 1.3.132.0.31 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03 */ + ECC_BRAINPOOLP192R1_OID = 0x7dfdd3d5, /* 1.3.36.3.3.2.8.1.1.3 */ + /* 0x2b,0x81,0x04,0x00,0x21 */ + ECC_SECP224R1_OID = 0x7f047e0a, /* 1.3.132.0.33 */ + /* 0x2b,0x81,0x04,0x00,0x20 */ + ECC_SECP224K1_OID = 0x7f047e0b, /* 1.3.132.0.32 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05 */ + ECC_BRAINPOOLP224R1_OID = 0x7dfdd3d3, /* 1.3.36.3.3.2.8.1.1.5 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x04 */ + ECC_PRIME239V1_OID = 0x4a498517, /* 1.2.840.10045.3.1.4 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x05 */ + ECC_PRIME239V2_OID = 0x4b498517, /* 1.2.840.10045.3.1.5 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x06 */ + ECC_PRIME239V3_OID = 0x48498517, /* 1.2.840.10045.3.1.6 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07 */ + ECC_SECP256R1_OID = 0x49498517, /* 1.2.840.10045.3.1.7 */ + /* 0x2b,0x81,0x04,0x00,0x0a */ + ECC_SECP256K1_OID = 0x7f047e21, /* 1.3.132.0.10 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 */ + ECC_BRAINPOOLP256R1_OID = 0x7dfdd3d1, /* 1.3.36.3.3.2.8.1.1.7 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x82,0x2d */ + ECC_SM2P256V1_OID = 0x629e807f, /* 1.2.156.10197.1.301 */ + /* 0x2b,0x65,0x6e */ + ECC_X25519_OID = 0x7f9165d4, /* 1.3.101.110 */ + /* 0x2b,0x65,0x70 */ + ECC_ED25519_OID = 0x7f8f65d4, /* 1.3.101.112 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09 */ + ECC_BRAINPOOLP320R1_OID = 0x7dfdd3df, /* 1.3.36.3.3.2.8.1.1.9 */ + /* 0x2b,0x65,0x6f */ + ECC_X448_OID = 0x7f9065d4, /* 1.3.101.111 */ + /* 0x2b,0x65,0x71 */ + ECC_ED448_OID = 0x7f8e65d4, /* 1.3.101.113 */ + /* 0x2b,0x81,0x04,0x00,0x22 */ + ECC_SECP384R1_OID = 0x7f047e09, /* 1.3.132.0.34 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0b */ + ECC_BRAINPOOLP384R1_OID = 0x7dfdd3dd, /* 1.3.36.3.3.2.8.1.1.11 */ + /* 0x2b,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0d */ + ECC_BRAINPOOLP512R1_OID = 0x7dfdd3db, /* 1.3.36.3.3.2.8.1.1.13 */ + /* 0x2b,0x81,0x04,0x00,0x23 */ + ECC_SECP521R1_OID = 0x7f047e08 /* 1.3.132.0.35 */ +#endif +}; + +enum Ctc_SigType { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0xce,0x38,0x04,0x03 */ + CTC_SHAwDSA = 517, /* 1.2.840.10040.4.3 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02 */ + CTC_SHA256wDSA = 416, /* 2.16.840.1.101.3.4.3.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02 */ + CTC_MD2wRSA = 646, /* 1.2.840.113549.1.1.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04 */ + CTC_MD5wRSA = 648, /* 1.2.840.113549.1.1.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05 */ + CTC_SHAwRSA = 649, /* 1.2.840.113549.1.1.5 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x01 */ + CTC_SHAwECDSA = 520, /* 1.2.840.10045.4.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0e */ + CTC_SHA224wRSA = 658, /* 1.2.840.113549.1.1.14 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x01 */ + CTC_SHA224wECDSA = 523, /* 1.2.840.10045.4.3.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b */ + CTC_SHA256wRSA = 655, /* 1.2.840.113549.1.1.11 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02 */ + CTC_SHA256wECDSA = 524, /* 1.2.840.10045.4.3.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0c */ + CTC_SHA384wRSA = 656, /* 1.2.840.113549.1.1.12 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x03 */ + CTC_SHA384wECDSA = 525, /* 1.2.840.10045.4.3.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0d */ + CTC_SHA512wRSA = 657, /* 1.2.840.113549.1.1.13 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x04 */ + CTC_SHA512wECDSA = 526, /* 1.2.840.10045.4.3.4 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09 */ + CTC_SHA3_224wECDSA = 423, /* 2.16.840.1.101.3.4.3.9 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0a */ + CTC_SHA3_256wECDSA = 424, /* 2.16.840.1.101.3.4.3.10 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0b */ + CTC_SHA3_384wECDSA = 425, /* 2.16.840.1.101.3.4.3.11 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0c */ + CTC_SHA3_512wECDSA = 426, /* 2.16.840.1.101.3.4.3.12 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0d */ + CTC_SHA3_224wRSA = 427, /* 2.16.840.1.101.3.4.3.13 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0e */ + CTC_SHA3_256wRSA = 428, /* 2.16.840.1.101.3.4.3.14 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0f */ + CTC_SHA3_384wRSA = 429, /* 2.16.840.1.101.3.4.3.15 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10 */ + CTC_SHA3_512wRSA = 430, /* 2.16.840.1.101.3.4.3.16 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a */ + CTC_RSASSAPSS = 654, /* 1.2.840.113549.1.1.10 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x83,0x75 */ + CTC_SM3wSM2 = 740, /* 1.2.156.10197.1.501 */ + /* 0x2b,0x65,0x70 */ + CTC_ED25519 = 256, /* 1.3.101.112 */ + /* 0x2b,0x65,0x71 */ + CTC_ED448 = 257, /* 1.3.101.113 */ + /* 0x2b,0xce,0x0f,0x03,0x06 */ + CTC_FALCON_LEVEL1 = 273, /* 1.3.9999.3.6 */ + /* 0x2b,0xce,0x0f,0x03,0x09 */ + CTC_FALCON_LEVEL5 = 276, /* 1.3.9999.3.9 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x04,0x04 */ + CTC_DILITHIUM_LEVEL2 = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x06,0x05 */ + CTC_DILITHIUM_LEVEL3 = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */ + CTC_DILITHIUM_LEVEL5 = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */ + CTC_ML_DSA_LEVEL2 = 431, /* 2.16.840.1.101.3.4.3.17 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */ + CTC_ML_DSA_LEVEL3 = 432, /* 2.16.840.1.101.3.4.3.18 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */ + CTC_ML_DSA_LEVEL5 = 433, /* 2.16.840.1.101.3.4.3.19 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x04 */ + CTC_SPHINCS_FAST_LEVEL1 = 281, /* 1.3.9999.6.7.4 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x03 */ + CTC_SPHINCS_FAST_LEVEL3 = 283, /* 1.3.9999.6.8.3 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x03 */ + CTC_SPHINCS_FAST_LEVEL5 = 282, /* 1.3.9999.6.9.3 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x0a */ + CTC_SPHINCS_SMALL_LEVEL1 = 287, /* 1.3.9999.6.7.10 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x07 */ + CTC_SPHINCS_SMALL_LEVEL3 = 285, /* 1.3.9999.6.8.7 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x07 */ + CTC_SPHINCS_SMALL_LEVEL5 = 286 /* 1.3.9999.6.9.7 */ +#else + /* 0x2a,0x86,0x48,0xce,0x38,0x04,0x03 */ + CTC_SHAwDSA = 0x314b8212, /* 1.2.840.10040.4.3 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02 */ + CTC_SHA256wDSA = 0x7db37af8, /* 2.16.840.1.101.3.4.3.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x02 */ + CTC_MD2wRSA = 0x78b67420, /* 1.2.840.113549.1.1.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x04 */ + CTC_MD5wRSA = 0x78b67426, /* 1.2.840.113549.1.1.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05 */ + CTC_SHAwRSA = 0x78b67427, /* 1.2.840.113549.1.1.5 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x01 */ + CTC_SHAwECDSA = 0x31498217, /* 1.2.840.10045.4.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0e */ + CTC_SHA224wRSA = 0x78b6742c, /* 1.2.840.113549.1.1.14 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x01 */ + CTC_SHA224wECDSA = 0x4f4b8217, /* 1.2.840.10045.4.3.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b */ + CTC_SHA256wRSA = 0x78b67429, /* 1.2.840.113549.1.1.11 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02 */ + CTC_SHA256wECDSA = 0x4c4b8217, /* 1.2.840.10045.4.3.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0c */ + CTC_SHA384wRSA = 0x78b6742e, /* 1.2.840.113549.1.1.12 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x03 */ + CTC_SHA384wECDSA = 0x4d4b8217, /* 1.2.840.10045.4.3.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0d */ + CTC_SHA512wRSA = 0x78b6742f, /* 1.2.840.113549.1.1.13 */ + /* 0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x04 */ + CTC_SHA512wECDSA = 0x4a4b8217, /* 1.2.840.10045.4.3.4 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09 */ + CTC_SHA3_224wECDSA = 0x7db37af3, /* 2.16.840.1.101.3.4.3.9 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0a */ + CTC_SHA3_256wECDSA = 0x7db37af0, /* 2.16.840.1.101.3.4.3.10 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0b */ + CTC_SHA3_384wECDSA = 0x7db37af1, /* 2.16.840.1.101.3.4.3.11 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0c */ + CTC_SHA3_512wECDSA = 0x7db37af6, /* 2.16.840.1.101.3.4.3.12 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0d */ + CTC_SHA3_224wRSA = 0x7db37af7, /* 2.16.840.1.101.3.4.3.13 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0e */ + CTC_SHA3_256wRSA = 0x7db37af4, /* 2.16.840.1.101.3.4.3.14 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0f */ + CTC_SHA3_384wRSA = 0x7db37af5, /* 2.16.840.1.101.3.4.3.15 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10 */ + CTC_SHA3_512wRSA = 0x7db37aea, /* 2.16.840.1.101.3.4.3.16 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0a */ + CTC_RSASSAPSS = 0x78b67428, /* 1.2.840.113549.1.1.10 */ + /* 0x2a,0x81,0x1c,0xcf,0x55,0x01,0x83,0x75 */ + CTC_SM3wSM2 = 0x3a9f807f, /* 1.2.156.10197.1.501 */ + /* 0x2b,0x65,0x70 */ + CTC_ED25519 = 0x7f8f65d4, /* 1.3.101.112 */ + /* 0x2b,0x65,0x71 */ + CTC_ED448 = 0x7f8e65d4, /* 1.3.101.113 */ + /* 0x2b,0xce,0x0f,0x03,0x06 */ + CTC_FALCON_LEVEL1 = 0x7c0f312d, /* 1.3.9999.3.6 */ + /* 0x2b,0xce,0x0f,0x03,0x09 */ + CTC_FALCON_LEVEL5 = 0x7c0f3122, /* 1.3.9999.3.9 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x04,0x04 */ + CTC_DILITHIUM_LEVEL2 = 0x707800d9, /* 1.3.6.1.4.1.2.267.12.4.4 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x06,0x05 */ + CTC_DILITHIUM_LEVEL3 = 0x707902d9, /* 1.3.6.1.4.1.2.267.12.6.5 */ + /* 0x2b,0x06,0x01,0x04,0x01,0x02,0x82,0x0b,0x0c,0x08,0x07 */ + CTC_DILITHIUM_LEVEL5 = 0x707b0cd9, /* 1.3.6.1.4.1.2.267.12.8.7 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x11 */ + CTC_ML_DSA_LEVEL2 = 0x7db37aeb, /* 2.16.840.1.101.3.4.3.17 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x12 */ + CTC_ML_DSA_LEVEL3 = 0x7db37ae8, /* 2.16.840.1.101.3.4.3.18 */ + /* 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x13 */ + CTC_ML_DSA_LEVEL5 = 0x7db37ae9, /* 2.16.840.1.101.3.4.3.19 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x04 */ + CTC_SPHINCS_FAST_LEVEL1 = 0x06f0ca2c, /* 1.3.9999.6.7.4 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x03 */ + CTC_SPHINCS_FAST_LEVEL3 = 0x06f0cd23, /* 1.3.9999.6.8.3 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x03 */ + CTC_SPHINCS_FAST_LEVEL5 = 0x06f0cd22, /* 1.3.9999.6.9.3 */ + /* 0x2b,0xce,0x0f,0x06,0x07,0x0a */ + CTC_SPHINCS_SMALL_LEVEL1 = 0x06f0c42c, /* 1.3.9999.6.7.10 */ + /* 0x2b,0xce,0x0f,0x06,0x08,0x07 */ + CTC_SPHINCS_SMALL_LEVEL3 = 0x06f0c923, /* 1.3.9999.6.8.7 */ + /* 0x2b,0xce,0x0f,0x06,0x09,0x07 */ + CTC_SPHINCS_SMALL_LEVEL5 = 0x06f0c922 /* 1.3.9999.6.9.7 */ +#endif +}; + +enum PKCS7_TYPES { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07 */ + PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01 */ + DATA = 651, /* 1.2.840.113549.1.7.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02 */ + SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x03 */ + ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x04 */ + SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x05 */ + DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x01,0x09 */ + COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x06 */ + ENCRYPTED_DATA = 656, /* 1.2.840.113549.1.7.6 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x01,0x10 */ + FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x01,0x17 */ + AUTH_ENVELOPED_DATA = 692, /* 1.2.840.113549.1.9.16.1.23 */ + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x02,0x4E,0x02 */ + ENCRYPTED_KEY_PACKAGE = 489 /* 2.16.840.1.101.2.1.2.78.2 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07 */ + PKCS7_MSG = 0x01498bdd, /* 1.2.840.113549.1.7 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01 */ + DATA = 0x7eb67423, /* 1.2.840.113549.1.7.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x02 */ + SIGNED_DATA = 0x7eb67420, /* 1.2.840.113549.1.7.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x03 */ + ENVELOPED_DATA = 0x7eb67421, /* 1.2.840.113549.1.7.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x04 */ + SIGNED_AND_ENVELOPED_DATA = 0x7eb67426, /* 1.2.840.113549.1.7.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x05 */ + DIGESTED_DATA = 0x7eb67427, /* 1.2.840.113549.1.7.5 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x01,0x09 */ + COMPRESSED_DATA = 0x70bf8a32, /* 1.2.840.113549.1.9.16.1.9 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x06 */ + ENCRYPTED_DATA = 0x7eb67424, /* 1.2.840.113549.1.7.6 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x01,0x10 */ + FIRMWARE_PKG_DATA = 0x70a68a32, /* 1.2.840.113549.1.9.16.1.16 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x10,0x01,0x17 */ + AUTH_ENVELOPED_DATA = 0x70a18a32, /* 1.2.840.113549.1.9.16.1.23 */ + /* 0x60,0x86,0x48,0x01,0x65,0x02,0x01,0x02,0x4E,0x02 */ + ENCRYPTED_KEY_PACKAGE = 0x034986B4 /* 2.16.840.1.101.2.1.2.78.2 */ +#endif +}; + +enum PKCS12_TYPES { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x01 */ + WC_PKCS12_KeyBag = 667, /* 1.2.840.113549.1.12.10.1.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02 */ + WC_PKCS12_ShroudedKeyBag = 668, /* 1.2.840.113549.1.12.10.1.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x03 */ + WC_PKCS12_CertBag = 669, /* 1.2.840.113549.1.12.10.1.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x16,0x01 */ + WC_PKCS12_CertBag_Type1 = 675, /* 1.2.840.113549.1.9.22.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x04 */ + WC_PKCS12_CrlBag = 670, /* 1.2.840.113549.1.12.10.1.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x05 */ + WC_PKCS12_SecretBag = 671, /* 1.2.840.113549.1.12.10.1.5 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x06 */ + WC_PKCS12_SafeContentsBag = 672, /* 1.2.840.113549.1.12.10.1.6 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01 */ + WC_PKCS12_DATA = 651, /* 1.2.840.113549.1.7.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x06 */ + WC_PKCS12_ENCRYPTED_DATA = 656 /* 1.2.840.113549.1.7.6 */ +#else + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x01 */ + WC_PKCS12_KeyBag = 0x75b78a28, /* 1.2.840.113549.1.12.10.1.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x02 */ + WC_PKCS12_ShroudedKeyBag = 0x75b48a28, /* 1.2.840.113549.1.12.10.1.2 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x03 */ + WC_PKCS12_CertBag = 0x75b58a28, /* 1.2.840.113549.1.12.10.1.3 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x16,0x01 */ + WC_PKCS12_CertBag_Type1 = 0x0f498a34, /* 1.2.840.113549.1.9.22.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x04 */ + WC_PKCS12_CrlBag = 0x75b28a28, /* 1.2.840.113549.1.12.10.1.4 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x05 */ + WC_PKCS12_SecretBag = 0x75b38a28, /* 1.2.840.113549.1.12.10.1.5 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x0c,0x0a,0x01,0x06 */ + WC_PKCS12_SafeContentsBag = 0x75b08a28, /* 1.2.840.113549.1.12.10.1.6 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x01 */ + WC_PKCS12_DATA = 0x7eb67423, /* 1.2.840.113549.1.7.1 */ + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x07,0x06 */ + WC_PKCS12_ENCRYPTED_DATA = 0x7eb67424 /* 1.2.840.113549.1.7.6 */ +#endif +}; + +enum CertName_Sum { +#ifdef WOLFSSL_OLD_OID_SUM + /* 0x55,0x04,0x03 */ + /* 2.5.4.3 */ + WC_NAME_COMMON_NAME_OID = 92, + /* 0x55,0x04,0x04 */ + /* 2.5.4.4 */ + WC_NAME_SURNAME_OID = 93, + /* 0x55,0x04,0x05 */ + /* 2.5.4.5 */ + WC_NAME_SERIAL_NUMBER_OID = 94, + /* 0x55,0x04,0x06 */ + /* 2.5.4.6 */ + WC_NAME_COUNTRY_NAME_OID = 95, + /* 0x55,0x04,0x07 */ + /* 2.5.4.7 */ + WC_NAME_LOCALITY_NAME_OID = 96, + /* 0x55,0x04,0x08 */ + /* 2.5.4.8 */ + WC_NAME_STATE_NAME_OID = 97, + /* 0x55,0x04,0x09 */ + /* 2.5.4.9 */ + WC_NAME_STREET_ADDRESS_OID = 98, + /* 0x55,0x04,0x0a */ + /* 2.5.4.10 */ + WC_NAME_ORGANIZATION_NAME_OID = 99, + /* 0x55,0x04,0x0b */ + /* 2.5.4.11 */ + WC_NAME_ORGANIZATION_UNIT_NAME_OID = 100, + /* 0x55,0x04,0x09,0x0c */ + /* 2.5.4.9.12 */ + WC_NAME_TITLE_OID = 110, + /* 0x55,0x04,0x0d */ + /* 2.5.4.13 */ + WC_NAME_DESCRIPTION_OID = 102, + /* 0x55,0x04,0x0f */ + /* 2.5.4.15 */ + WC_NAME_BUSINESS_CATEGORY_OID = 104, + /* 0x55,0x04,0x11 */ + /* 2.5.4.17 */ + WC_NAME_POSTAL_CODE_OID = 106, + /* 0x55,0x04,0x29 */ + /* 2.5.4.41 */ + WC_NAME_NAME_OID = 130, + /* 0x55,0x04,0x2a */ + /* 2.5.4.42 */ + WC_NAME_GIVEN_NAME_OID = 131, + /* 0x55,0x04,0x2b */ + /* 2.5.4.43 */ + WC_NAME_INITIALIS_OID = 132, + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01 */ + /* 1.2.840.113549.1.9.1 */ + WC_NAME_EMAIL_ADDRESS_OID = 653, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x01 */ + /* 0.9.2342.19200300.100.1.1 */ + WC_NAME_USER_ID_OID = 865, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x03 */ + /* 0.9.2342.19200300.100.1.3 */ + WC_NAME_RFC822_MAILBOX_OID = 867, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x05 */ + /* 0.9.2342.19200300.100.1.5 */ + WC_NAME_FAVOURITE_DRINK_OID = 869, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x19 */ + /* 0.9.2342.19200300.100.1.25 */ + WC_NAME_DOMAIN_COMPONENT_OID = 889, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x3c,0x02,0x01,0x02 */ + /* 1.3.6.1.4.1.311.60.2.1.2 */ + WC_NAME_JURIS_STATE_PROV_OID = 305, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x3c,0x02,0x01,0x03 */ + /* 1.3.6.1.4.1.311.60.2.1.3 */ + WC_NAME_JURIS_COUNTRY_OID = 306 +#else + /* 0x55,0x04,0x03 */ + /* 2.5.4.3 */ + WC_NAME_COMMON_NAME_OID = 0x7ffc04aa, + /* 0x55,0x04,0x04 */ + /* 2.5.4.4 */ + WC_NAME_SURNAME_OID = 0x7ffb04aa, + /* 0x55,0x04,0x05 */ + /* 2.5.4.5 */ + WC_NAME_SERIAL_NUMBER_OID = 0x7ffa04aa, + /* 0x55,0x04,0x06 */ + /* 2.5.4.6 */ + WC_NAME_COUNTRY_NAME_OID = 0x7ff904aa, + /* 0x55,0x04,0x07 */ + /* 2.5.4.7 */ + WC_NAME_LOCALITY_NAME_OID = 0x7ff804aa, + /* 0x55,0x04,0x08 */ + /* 2.5.4.8 */ + WC_NAME_STATE_NAME_OID = 0x7ff704aa, + /* 0x55,0x04,0x09 */ + /* 2.5.4.9 */ + WC_NAME_STREET_ADDRESS_OID = 0x7ff604aa, + /* 0x55,0x04,0x0a */ + /* 2.5.4.10 */ + WC_NAME_ORGANIZATION_NAME_OID = 0x7ff504aa, + /* 0x55,0x04,0x0b */ + /* 2.5.4.11 */ + WC_NAME_ORGANIZATION_UNIT_NAME_OID = 0x7ff404aa, + /* 0x55,0x04,0x09,0x0c */ + /* 2.5.4.9.12 */ + WC_NAME_TITLE_OID = 0x0cf604aa, + /* 0x55,0x04,0x0d */ + /* 2.5.4.13 */ + WC_NAME_DESCRIPTION_OID = 0x7ff204aa, + /* 0x55,0x04,0x0f */ + /* 2.5.4.15 */ + WC_NAME_BUSINESS_CATEGORY_OID = 0x7ff004aa, + /* 0x55,0x04,0x11 */ + /* 2.5.4.17 */ + WC_NAME_POSTAL_CODE_OID = 0x7fee04aa, + /* 0x55,0x04,0x29 */ + /* 2.5.4.41 */ + WC_NAME_NAME_OID = 0x7fd604aa, + /* 0x55,0x04,0x2a */ + /* 2.5.4.42 */ + WC_NAME_GIVEN_NAME_OID = 0x7fd504aa, + /* 0x55,0x04,0x2b */ + /* 2.5.4.43 */ + WC_NAME_INITIALIS_OID = 0x7fd404aa, + /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01 */ + /* 1.2.840.113549.1.9.1 */ + WC_NAME_EMAIL_ADDRESS_OID = 0x70b67423, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x01 */ + /* 0.9.2342.19200300.100.1.1 */ + WC_NAME_USER_ID_OID = 0x6d0a6164, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x03 */ + /* 0.9.2342.19200300.100.1.3 */ + WC_NAME_RFC822_MAILBOX_OID = 0x6d0a6364, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x05 */ + /* 0.9.2342.19200300.100.1.5 */ + WC_NAME_FAVOURITE_DRINK_OID = 0x6d0a6564, + /* 0x09,0x92,0x26,0x89,0x93,0xf2,0x2c,0x64,0x01,0x19 */ + /* 0.9.2342.19200300.100.1.25 */ + WC_NAME_DOMAIN_COMPONENT_OID = 0x6d0a7964, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x3c,0x02,0x01,0x02 */ + /* 1.3.6.1.4.1.311.60.2.1.2 */ + WC_NAME_JURIS_STATE_PROV_OID = 0x47cb85d7, + /* 0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x3c,0x02,0x01,0x03 */ + /* 1.3.6.1.4.1.311.60.2.1.3 */ + WC_NAME_JURIS_COUNTRY_OID = 0x47ca85d7 +#endif +}; + +#endif /* !WOLF_CRYPT_OID_SUM_H */ diff --git a/src/wolfssl/wolfcrypt/pkcs11.h b/src/wolfssl/wolfcrypt/pkcs11.h index 36cfd9c..4d36e36 100644 --- a/src/wolfssl/wolfcrypt/pkcs11.h +++ b/src/wolfssl/wolfcrypt/pkcs11.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/pkcs12.h b/src/wolfssl/wolfcrypt/pkcs12.h index 6dc6e9d..ce22c40 100644 --- a/src/wolfssl/wolfcrypt/pkcs12.h +++ b/src/wolfssl/wolfcrypt/pkcs12.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/pkcs7.h b/src/wolfssl/wolfcrypt/pkcs7.h index efce67c..011fec9 100644 --- a/src/wolfssl/wolfcrypt/pkcs7.h +++ b/src/wolfssl/wolfcrypt/pkcs7.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -81,22 +81,6 @@ #define WOLFSSL_SIGNING_TIME_ATTRIBUTE 0x4 #define WOLFSSL_MESSAGE_DIGEST_ATTRIBUTE 0x8 -/* PKCS#7 content types, ref RFC 2315 (Section 14) */ -enum PKCS7_TYPES { - PKCS7_MSG = 650, /* 1.2.840.113549.1.7 */ - DATA = 651, /* 1.2.840.113549.1.7.1 */ - SIGNED_DATA = 652, /* 1.2.840.113549.1.7.2 */ - ENVELOPED_DATA = 653, /* 1.2.840.113549.1.7.3 */ - SIGNED_AND_ENVELOPED_DATA = 654, /* 1.2.840.113549.1.7.4 */ - DIGESTED_DATA = 655, /* 1.2.840.113549.1.7.5 */ - ENCRYPTED_DATA = 656, /* 1.2.840.113549.1.7.6 */ -#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) - COMPRESSED_DATA = 678, /* 1.2.840.113549.1.9.16.1.9, RFC 3274 */ -#endif - FIRMWARE_PKG_DATA = 685, /* 1.2.840.113549.1.9.16.1.16, RFC 4108 */ - AUTH_ENVELOPED_DATA = 692 /* 1.2.840.113549.1.9.16.1.23, RFC 5083 */ -}; - enum PKCS7_STATE { WC_PKCS7_START = 0, @@ -546,6 +530,10 @@ WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7, WOLFSSL_API int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx); #endif /* NO_PKCS7_ENCRYPTED_DATA */ +/* CMS/PKCS#7 EncryptedKeyPackage */ +WOLFSSL_API int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, + byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz); + /* stream and certs */ WOLFSSL_LOCAL int wc_PKCS7_WriteOut(wc_PKCS7* pkcs7, byte* output, const byte* input, word32 inputSz); diff --git a/src/wolfssl/wolfcrypt/poly1305.h b/src/wolfssl/wolfcrypt/poly1305.h index c6adb0e..c27fd44 100644 --- a/src/wolfssl/wolfcrypt/poly1305.h +++ b/src/wolfssl/wolfcrypt/poly1305.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h index 4ae38a9..829e9b1 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index ac48d97..15c27bd 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index cc8f48f..ee746a1 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -90,6 +90,16 @@ extern "C" { #define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *) #include +#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \ + defined( WOLFSSL_DEBUG_CERT_BUNDLE) + /* Default WOLFSSL_MAX_ERROR_SZ assigned in settings.h or user_settings.h */ + extern char last_esp_crt_bundle_error[WOLFSSL_MAX_ERROR_SZ]; + #define SHOW_WOLFSSL_BUNDLE_ERROR(THIS_ERR) \ + { \ + wc_ErrorString(THIS_ERR, last_esp_crt_bundle_error); \ + ESP_LOGE(TAG,"%s", last_esp_crt_bundle_error); \ + } +#endif typedef struct wolfssl_ssl_config wolfssl_ssl_config; struct wolfssl_ssl_config diff --git a/src/wolfssl/wolfcrypt/port/atmel/atmel.h b/src/wolfssl/wolfcrypt/port/atmel/atmel.h index d5c9458..515c5f4 100644 --- a/src/wolfssl/wolfcrypt/port/atmel/atmel.h +++ b/src/wolfssl/wolfcrypt/port/atmel/atmel.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/pwdbased.h b/src/wolfssl/wolfcrypt/pwdbased.h index 9013401..efce730 100644 --- a/src/wolfssl/wolfcrypt/pwdbased.h +++ b/src/wolfssl/wolfcrypt/pwdbased.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/random.h b/src/wolfssl/wolfcrypt/random.h index 3b4533e..b7759ae 100644 --- a/src/wolfssl/wolfcrypt/random.h +++ b/src/wolfssl/wolfcrypt/random.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -133,6 +133,12 @@ #else typedef unsigned long ProviderHandle; #endif + + #ifdef WIN_REUSE_CRYPT_HANDLE + /* called from wolfCrypt_Init() and wolfCrypt_Cleanup() */ + WOLFSSL_LOCAL int wc_WinCryptHandleInit(void); + WOLFSSL_LOCAL void wc_WinCryptHandleCleanup(void); + #endif #endif #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ @@ -158,7 +164,11 @@ struct OS_Seed { #ifdef HAVE_HASHDRBG struct DRBG_internal { + #ifdef WORD64_AVAILABLE + word64 reseedCtr; + #else word32 reseedCtr; + #endif byte V[DRBG_SEED_LEN]; byte C[DRBG_SEED_LEN]; void* heap; @@ -183,6 +193,9 @@ struct WC_RNG { #endif byte status; #endif +#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) + pid_t pid; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif diff --git a/src/wolfssl/wolfcrypt/rc2.h b/src/wolfssl/wolfcrypt/rc2.h index 22eb581..ab5cdbb 100644 --- a/src/wolfssl/wolfcrypt/rc2.h +++ b/src/wolfssl/wolfcrypt/rc2.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/ripemd.h b/src/wolfssl/wolfcrypt/ripemd.h index 54ede0d..bb2db34 100644 --- a/src/wolfssl/wolfcrypt/ripemd.h +++ b/src/wolfssl/wolfcrypt/ripemd.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/rsa.h b/src/wolfssl/wolfcrypt/rsa.h index a01e18d..ff959d6 100644 --- a/src/wolfssl/wolfcrypt/rsa.h +++ b/src/wolfssl/wolfcrypt/rsa.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sakke.h b/src/wolfssl/wolfcrypt/sakke.h index 3ba7968..37db5a1 100644 --- a/src/wolfssl/wolfcrypt/sakke.h +++ b/src/wolfssl/wolfcrypt/sakke.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/selftest.h b/src/wolfssl/wolfcrypt/selftest.h index 08b8884..11758e3 100644 --- a/src/wolfssl/wolfcrypt/selftest.h +++ b/src/wolfssl/wolfcrypt/selftest.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/settings.h b/src/wolfssl/wolfcrypt/settings.h index 9008976..fc08d66 100644 --- a/src/wolfssl/wolfcrypt/settings.h +++ b/src/wolfssl/wolfcrypt/settings.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -455,6 +455,10 @@ #endif #endif +/* Important build-time configuration messages may be saved. + * Enable DEBUG_WOLFSSL and see wolfSSL_Init() for display. */ +#define LIBWOLFSSL_CMAKE_OUTPUT "" + /* --------------------------------------------------------------------------- * Dual Algorithm Certificate Required Features. * --------------------------------------------------------------------------- @@ -1270,11 +1274,11 @@ #define TIME_OVERRIDES #ifndef XTIME #error "Must define XTIME externally see porting guide" - #error "https://www.wolfssl.com/docs/porting-guide/" + /* https://www.wolfssl.com/docs/porting-guide/ */ #endif #ifndef XGMTIME #error "Must define XGMTIME externally see porting guide" - #error "https://www.wolfssl.com/docs/porting-guide/" + /* https://www.wolfssl.com/docs/porting-guide/ */ #endif #endif @@ -1897,21 +1901,6 @@ extern void uITRON4_free(void *p) ; #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT - #undef HAVE_ECC - #ifndef WOLFCRYPT_FIPS_RAND - #define HAVE_ECC - #endif - #ifndef NO_AES - #undef HAVE_AESCCM - #define HAVE_AESCCM - #undef HAVE_AESGCM - #define HAVE_AESGCM - #undef WOLFSSL_AES_COUNTER - #define WOLFSSL_AES_COUNTER - #undef WOLFSSL_AES_DIRECT - #define WOLFSSL_AES_DIRECT - #endif - #ifdef FREESCALE_KSDK_1_3 #include "fsl_device_registers.h" #elif !defined(FREESCALE_MQX) @@ -2106,7 +2095,8 @@ extern void uITRON4_free(void *p) ; defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \ defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \ defined(WOLFSSL_STM32G4) || defined(WOLFSSL_STM32MP13) || \ - defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32WBA) + defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32WBA) || \ + defined(WOLFSSL_STM32N6) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -2170,6 +2160,8 @@ extern void uITRON4_free(void *p) ; #include "stm32u5xx_hal.h" #elif defined(WOLFSSL_STM32H5) #include "stm32h5xx_hal.h" + #elif defined(WOLFSSL_STM32N6) + #include "stm32n6xx_hal.h" #elif defined(WOLFSSL_STM32MP13) /* HAL headers error on our ASM files */ #ifndef __ASSEMBLER__ @@ -2795,14 +2787,15 @@ extern void uITRON4_free(void *p) ; #endif #if defined(__mips) || defined(__mips64) || \ - defined(WOLFSSL_SP_MIPS64) || defined(WOLFSSL_SP_MIPS) - #undef WOLFSSL_SP_INT_DIGIT_ALIGN - #define WOLFSSL_SP_INT_DIGIT_ALIGN -#endif -#if defined(__sparc) + defined(WOLFSSL_SP_MIPS64) || defined(WOLFSSL_SP_MIPS) || \ + defined(__sparc) || defined(__arm__) || defined(__aarch64__) + /* This setting currently only affects big endian targets, currently + * only in sp_read_unsigned_bin(). + */ #undef WOLFSSL_SP_INT_DIGIT_ALIGN #define WOLFSSL_SP_INT_DIGIT_ALIGN #endif + #if defined(__APPLE__) || defined(WOLF_C89) #define WOLFSSL_SP_NO_DYN_STACK #endif @@ -2896,7 +2889,7 @@ extern void uITRON4_free(void *p) ; /* Determine when mp_read_radix with a radix of 10 is required. */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ - !defined(NO_DSA) || defined(OPENSSL_EXTRA) + !defined(NO_DSA) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_PUBLIC_MP) #define WOLFSSL_SP_READ_RADIX_16 #endif @@ -2909,7 +2902,7 @@ extern void uITRON4_free(void *p) ; /* Determine when mp_invmod is required. */ #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(OPENSSL_EXTRA) #define WOLFSSL_SP_INVMOD #endif @@ -3119,6 +3112,29 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ED448 */ + +/* RFC 5958 (Asymmetric Key Packages) */ +#if !defined(WC_ENABLE_ASYM_KEY_EXPORT) && \ + ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)) || \ + (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT)) || \ + defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \ + defined(HAVE_SPHINCS) || defined(HAVE_LIBOQS)) + #define WC_ENABLE_ASYM_KEY_EXPORT +#endif + +#if !defined(WC_ENABLE_ASYM_KEY_IMPORT) && \ + ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) || \ + (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) || \ + (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) || \ + defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || \ + defined(HAVE_SPHINCS) || defined(HAVE_LIBOQS)) + #define WC_ENABLE_ASYM_KEY_IMPORT +#endif + + /* FIPS does not support CFB1 or CFB8 */ #if !defined(WOLFSSL_NO_AES_CFB_1_8) && \ (defined(HAVE_SELFTEST) || \ @@ -3584,6 +3600,13 @@ extern void uITRON4_free(void *p) ; #endif #endif +#ifdef WOLFSSL_PYTHON + /* Need to use old OID sum algorithm until OSP patches, in particular to + * tests, for all versions reflect the new OID sum value. */ + #undef WOLFSSL_OLD_OID_SUM + #define WOLFSSL_OLD_OID_SUM +#endif + /* Linux Kernel Module */ #ifdef WOLFSSL_LINUXKM @@ -3640,6 +3663,9 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_HAVE_MAX #undef WOLFSSL_HAVE_ASSERT_H #define WOLFSSL_NO_ASSERT_H + #ifndef WOLFSSL_NO_GETPID + #define WOLFSSL_NO_GETPID + #endif /* WOLFSSL_NO_GETPID */ #ifndef SIZEOF_LONG #define SIZEOF_LONG 8 #endif @@ -3653,8 +3679,13 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_SP_DIV_WORD_HALF #define WOLFSSL_SP_DIV_WORD_HALF #endif - #ifdef __PIE__ + + #ifdef HAVE_LINUXKM_PIE_SUPPORT #define WC_NO_INTERNAL_FUNCTION_POINTERS + #define WOLFSSL_ECC_CURVE_STATIC + #define WOLFSSL_NAMES_STATIC + #define WOLFSSL_NO_PUBLIC_FFDHE + #undef HAVE_PUBLIC_FFDHE #endif #ifndef NO_OLD_WC_NAMES @@ -3677,7 +3708,7 @@ extern void uITRON4_free(void *p) ; #if defined(LINUXKM_LKCAPI_REGISTER) && !defined(WOLFSSL_ASN_INT_LEAD_0_ANY) /* kernel 5.10 crypto manager tests key(s) that fail unless leading - * bytes are tolerated in GetASN_Integer(). + * zero bytes are tolerated in GetASN_Integer(). */ #define WOLFSSL_ASN_INT_LEAD_0_ANY #endif @@ -3690,6 +3721,14 @@ extern void uITRON4_free(void *p) ; #define WC_SANITIZE_ENABLE() kasan_enable_current() #endif #endif + + #if !defined(WC_RESEED_INTERVAL) && defined(LINUXKM_LKCAPI_REGISTER) + /* If installing handlers, use the maximum reseed interval allowed by + * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG + * generation. + */ + #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL) + #endif #endif @@ -3793,6 +3832,14 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_ALERT_COUNT_MAX 5 #endif +/* Enable blinding by default for C-only, non-small curve25519 implementation */ +#if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \ + !defined(FREESCALE_LTC_ECC) && !defined(WOLFSSL_ARMASM) && \ + (!defined(USE_INTEL_SPEEDUP) || defined(NO_CURVED25519_X64)) && \ + !defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING) + #define WOLFSSL_CURVE25519_BLINDING +#endif + /* warning for not using harden build options (default with ./configure) */ /* do not warn if big integer support is disabled */ #if !defined(WC_NO_HARDEN) && !defined(NO_BIG_INT) @@ -3867,7 +3914,7 @@ extern void uITRON4_free(void *p) ; /* Parts of the openssl compatibility layer require peer certs */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(HAVE_LIGHTY)) && !defined(NO_CERTS) + defined(HAVE_LIGHTY)) && !defined(NO_CERTS) && !defined(NO_KEEP_PEER_CERT) #undef KEEP_PEER_CERT #define KEEP_PEER_CERT #endif @@ -3940,12 +3987,6 @@ extern void uITRON4_free(void *p) ; #undef HAVE_XCHACHA #endif -#if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \ - !defined(WOLFSSL_SHA3) - #undef WOLFSSL_NO_WORD64_OPS - #define WOLFSSL_NO_WORD64_OPS -#endif - #if !defined(WOLFCRYPT_ONLY) && \ (!defined(WOLFSSL_NO_TLS12) || defined(HAVE_KEYING_MATERIAL)) #undef WOLFSSL_HAVE_PRF @@ -4038,7 +4079,6 @@ extern void uITRON4_free(void *p) ; #if defined(__IAR_SYSTEMS_ICC__) && defined(__ROPI__) #define WOLFSSL_ECC_CURVE_STATIC #define WOLFSSL_NAMES_STATIC - #define WOLFSSL_NO_CONSTCHARCONST #endif /* FIPS v1 does not support TLS v1.3 (requires RSA PSS and HKDF) */ @@ -4089,6 +4129,32 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_DH_EXTRA #endif +/* FIPS 140-3 does not have this definition in wolfCrypt dh.h, but OpenSSL dh.h depends on it. + * Define it here as well if needed, as we want to avoid modifying dh.h in FIPS. */ +#ifndef DH_MAX_SIZE + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define DH_MAX_SIZE (FP_MAX_BITS / 2) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192 + #error "MySQL needs FP_MAX_BITS at least at 16384" + #endif + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define DH_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192 + #error "MySQL needs SP_INT_BITS at least at 8192" + #endif + #else + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* Integer maths is dynamic but we only go up to 8192 bits. */ + #define DH_MAX_SIZE 8192 + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define DH_MAX_SIZE 4096 + #endif + #endif +#endif + /* wc_Sha512.devId isn't available before FIPS 5.1 */ #if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,1) #define NO_SHA2_CRYPTO_CB @@ -4186,6 +4252,12 @@ extern void uITRON4_free(void *p) ; #error Please do not define HAVE_PQC yourself. #endif +/* If no malloc then make sure the valid Dilithium settings are used */ +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_NO_MALLOC) + #undef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + #define WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC +#endif + #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \ !defined(WOLFSSL_DTLS_CH_FRAG) #warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \ @@ -4339,14 +4411,17 @@ extern void uITRON4_free(void *p) ; #ifdef WOLFSSL_HARDEN_TLS #if defined(HAVE_TRUNCATED_HMAC) && !defined(WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC) - #error "Truncated HMAC Extension not allowed https://www.rfc-editor.org/rfc/rfc9325#section-4.6" + #error "Truncated HMAC Extension not allowed" + /* https://www.rfc-editor.org/rfc/rfc9325#section-4.6 */ #endif #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS) - #error "TLS < 1.2 protocol versions not allowed https://www.rfc-editor.org/rfc/rfc9325#section-3.1.1" + #error "TLS < 1.2 protocol versions not allowed" + /* https://www.rfc-editor.org/rfc/rfc9325#section-3.1.1 */ #endif #if !defined(WOLFSSL_NO_TLS12) && !defined(HAVE_SECURE_RENEGOTIATION) && \ !defined(HAVE_SERVER_RENEGOTIATION_INFO) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) - #error "TLS 1.2 requires at least HAVE_SERVER_RENEGOTIATION_INFO to send the secure renegotiation extension https://www.rfc-editor.org/rfc/rfc9325#section-3.5" + #error "TLS 1.2 requires at least HAVE_SERVER_RENEGOTIATION_INFO to send the secure renegotiation extension" + /* https://www.rfc-editor.org/rfc/rfc9325#section-3.5 */ #endif #if !defined(WOLFSSL_EXTRA_ALERTS) || !defined(WOLFSSL_CHECK_ALERT_ON_ERR) #error "RFC9325 requires some additional alerts to be sent" diff --git a/src/wolfssl/wolfcrypt/sha.h b/src/wolfssl/wolfcrypt/sha.h index 54b0833..9a42e87 100644 --- a/src/wolfssl/wolfcrypt/sha.h +++ b/src/wolfssl/wolfcrypt/sha.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sha256.h b/src/wolfssl/wolfcrypt/sha256.h index 7a064a0..f203dad 100644 --- a/src/wolfssl/wolfcrypt/sha256.h +++ b/src/wolfssl/wolfcrypt/sha256.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sha3.h b/src/wolfssl/wolfcrypt/sha3.h index 724719a..1c0348c 100644 --- a/src/wolfssl/wolfcrypt/sha3.h +++ b/src/wolfssl/wolfcrypt/sha3.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -220,21 +220,25 @@ WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags); #endif -#ifdef USE_INTEL_SPEEDUP -WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n, - word64 c); -WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); -WOLFSSL_LOCAL void sha3_block_avx2(word64* s); -WOLFSSL_LOCAL void sha3_blocksx4_avx2(word64* s); WOLFSSL_LOCAL void BlockSha3(word64 *s); + +#ifdef WC_SHA3_NO_ASM + /* asm speedups disabled */ + #if defined(USE_INTEL_SPEEDUP) && !defined(WC_MLKEM_NO_ASM) + /* native ML-KEM uses this directly. */ + WOLFSSL_LOCAL void sha3_blocksx4_avx2(word64* s); + #endif +#elif defined(USE_INTEL_SPEEDUP) + WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n, + word64 c); + WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); + WOLFSSL_LOCAL void sha3_block_avx2(word64* s); + WOLFSSL_LOCAL void sha3_blocksx4_avx2(word64* s); #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 -WOLFSSL_LOCAL void BlockSha3_crypto(word64 *s); -#endif -WOLFSSL_LOCAL void BlockSha3_base(word64 *s); -WOLFSSL_LOCAL void BlockSha3(word64 *s); -#elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) -WOLFSSL_LOCAL void BlockSha3(word64 *s); + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + WOLFSSL_LOCAL void BlockSha3_crypto(word64 *s); + #endif + WOLFSSL_LOCAL void BlockSha3_base(word64 *s); #endif #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/sha512.h b/src/wolfssl/wolfcrypt/sha512.h index 593177e..b90e2b2 100644 --- a/src/wolfssl/wolfcrypt/sha512.h +++ b/src/wolfssl/wolfcrypt/sha512.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/signature.h b/src/wolfssl/wolfcrypt/signature.h index 7d9a1d4..a78e627 100644 --- a/src/wolfssl/wolfcrypt/signature.h +++ b/src/wolfssl/wolfcrypt/signature.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/siphash.h b/src/wolfssl/wolfcrypt/siphash.h index 26cd821..db2d954 100644 --- a/src/wolfssl/wolfcrypt/siphash.h +++ b/src/wolfssl/wolfcrypt/siphash.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sm2.h b/src/wolfssl/wolfcrypt/sm2.h index fb90aaa..e4f0307 100644 --- a/src/wolfssl/wolfcrypt/sm2.h +++ b/src/wolfssl/wolfcrypt/sm2.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sm3.h b/src/wolfssl/wolfcrypt/sm3.h index e7e8b0e..bbd24ff 100644 --- a/src/wolfssl/wolfcrypt/sm3.h +++ b/src/wolfssl/wolfcrypt/sm3.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sm4.h b/src/wolfssl/wolfcrypt/sm4.h index 3cebb79..96d091e 100644 --- a/src/wolfssl/wolfcrypt/sm4.h +++ b/src/wolfssl/wolfcrypt/sm4.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sp.h b/src/wolfssl/wolfcrypt/sp.h index 9e7a9c9..c116cb0 100644 --- a/src/wolfssl/wolfcrypt/sp.h +++ b/src/wolfssl/wolfcrypt/sp.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/sp_int.h b/src/wolfssl/wolfcrypt/sp_int.h index 7385e68..eb42d80 100644 --- a/src/wolfssl/wolfcrypt/sp_int.h +++ b/src/wolfssl/wolfcrypt/sp_int.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -260,9 +260,6 @@ extern "C" { #endif #endif -/* Number of bytes in each word. */ -#define SP_WORD_SIZEOF (SP_WORD_SIZE / 8) - /* Define the types used. */ #if defined(HAVE___UINT128_T) && !defined(NO_INT128) #ifdef __SIZEOF_INT128__ @@ -285,6 +282,8 @@ extern "C" { #endif #if SP_WORD_SIZE == 8 + #define SP_WORD_SIZEOF 1 + typedef sp_uint8 sp_int_digit; typedef sp_int8 sp_int_sdigit; typedef sp_uint16 sp_int_word; @@ -292,6 +291,8 @@ extern "C" { #define SP_MASK 0xffU #elif SP_WORD_SIZE == 16 + #define SP_WORD_SIZEOF 2 + typedef sp_uint16 sp_int_digit; typedef sp_int16 sp_int_sdigit; typedef sp_uint32 sp_int_word; @@ -299,6 +300,8 @@ extern "C" { #define SP_MASK 0xffffU #elif SP_WORD_SIZE == 32 + #define SP_WORD_SIZEOF 4 + typedef sp_uint32 sp_int_digit; typedef sp_int32 sp_int_sdigit; typedef sp_uint64 sp_int_word; @@ -306,6 +309,8 @@ extern "C" { #define SP_MASK 0xffffffffU #elif SP_WORD_SIZE == 64 + #define SP_WORD_SIZEOF 8 + typedef sp_uint64 sp_int_digit; typedef sp_int64 sp_int_sdigit; #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ @@ -788,11 +793,19 @@ typedef struct sp_ecc_ctx { #define MP_INT_NEXT(t, cnt) \ (sp_int*)(((byte*)(t)) + MP_INT_SIZEOF(cnt)) +#define MP_INT_SIZEOF_DIGITS(cnt) (MP_INT_SIZEOF(cnt) / sizeof(sp_int_digit)) /* Calculate the number of words required to support a number of bits. */ #define MP_BITS_CNT(bits) \ ((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1))) +#if !defined(WOLFSSL_SP_NO_DYN_STACK) && defined(__STDC_VERSION__) && \ + (__STDC_VERSION__ >= 199901L) && \ + (defined(WOLFSSL_SP_NO_MALLOC) || \ + !(defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC))) + #define WOLFSSL_SP_DYN_STACK +#endif + #ifdef WOLFSSL_SMALL_STACK /* * Dynamic memory allocation of mp_int. @@ -823,26 +836,25 @@ while (0) /* * Static allocation of mp_int. */ -#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(WOLFSSL_SP_NO_DYN_STACK) +#ifdef WOLFSSL_SP_DYN_STACK /* Declare a dynamically allocated mp_int. */ -#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ - unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(bits))]; \ +#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ + sp_int_digit name##d[MP_INT_SIZEOF_DIGITS(MP_BITS_CNT(bits))]; \ sp_int* (name) = (sp_int*)name##d #elif defined(__cplusplus) /* C++ doesn't tolerate parentheses around "name" (-Wparentheses) */ -#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ - unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(max))]; \ +#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ + sp_int_digit name##d[MP_INT_SIZEOF_DIGITS(MP_BITS_CNT(max))]; \ sp_int* name = (sp_int*)name##d #else /* Declare a dynamically allocated mp_int. */ -#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ - unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(max))]; \ +#define DECL_MP_INT_SIZE_DYN(name, bits, max) \ + sp_int_digit name##d[MP_INT_SIZEOF_DIGITS(MP_BITS_CNT(max))]; \ sp_int* (name) = (sp_int*)name##d #endif /* Declare a statically allocated mp_int. */ -#define DECL_MP_INT_SIZE(name, bits) \ - unsigned char name##d[MP_INT_SIZEOF(MP_BITS_CNT(bits))]; \ +#define DECL_MP_INT_SIZE(name, bits) \ + sp_int_digit name##d[MP_INT_SIZEOF_DIGITS(MP_BITS_CNT(bits))]; \ sp_int* (name) = (sp_int*)name##d /* Zero out mp_int of minimal size. */ #define NEW_MP_INT_SIZE(name, bits, heap, type) \ @@ -910,7 +922,7 @@ typedef struct sp_int { struct WC_BIGINT raw; #endif /** Data of number. */ - sp_int_digit dp[SP_INT_DIGITS]; + XALIGNED(SP_WORD_SIZEOF) sp_int_digit dp[SP_INT_DIGITS]; } sp_int; typedef struct sp_int_minimal { @@ -920,16 +932,22 @@ typedef struct sp_int_minimal { sp_size_t size; #ifdef WOLFSSL_SP_INT_NEGATIVE /** Indicates whether number is 0/positive or negative. */ - sp_uint8 sign; + sp_sign_t sign; #endif #ifdef HAVE_WOLF_BIGINT /** Unsigned binary (big endian) representation of number. */ struct WC_BIGINT raw; #endif /** First digit of number. */ - sp_int_digit dp[1]; + XALIGNED(SP_WORD_SIZEOF) sp_int_digit dp[1]; } sp_int_minimal; +/* MP_INT_SIZEOF_DIGITS() requires that sizeof(sp_int) is a multiple of + * sizeof(sp_int_digit). + */ +wc_static_assert(sizeof(struct sp_int) % sizeof(sp_int_digit) == 0); +wc_static_assert(sizeof(struct sp_int_minimal) % sizeof(sp_int_digit) == 0); + /* Multi-precision integer type is SP integer type. */ typedef sp_int mp_int; /* Multi-precision integer digit type is SP integer digit type. diff --git a/src/wolfssl/wolfcrypt/sphincs.h b/src/wolfssl/wolfcrypt/sphincs.h index f1487dd..06928aa 100644 --- a/src/wolfssl/wolfcrypt/sphincs.h +++ b/src/wolfssl/wolfcrypt/sphincs.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/srp.h b/src/wolfssl/wolfcrypt/srp.h index 7607765..b83933b 100644 --- a/src/wolfssl/wolfcrypt/srp.h +++ b/src/wolfssl/wolfcrypt/srp.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/tfm.h b/src/wolfssl/wolfcrypt/tfm.h index 718077c..d439250 100644 --- a/src/wolfssl/wolfcrypt/tfm.h +++ b/src/wolfssl/wolfcrypt/tfm.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -725,6 +725,7 @@ int fp_leading_bit(fp_int *a); int fp_unsigned_bin_size(const fp_int *a); int fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c); int fp_to_unsigned_bin(fp_int *a, unsigned char *b); +int fp_to_unsigned_bin_len_ct(fp_int *a, unsigned char *out, int outSz); int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c); int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b); @@ -847,7 +848,7 @@ MP_API int mp_unsigned_bin_size(const mp_int * a); MP_API int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c); MP_API int mp_to_unsigned_bin_at_pos(int x, mp_int *t, unsigned char *b); MP_API int mp_to_unsigned_bin (mp_int * a, unsigned char *b); -#define mp_to_unsigned_bin_len_ct mp_to_unsigned_bin_len +MP_API int mp_to_unsigned_bin_len_ct(mp_int * a, unsigned char *b, int c); MP_API int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c); MP_API int mp_sub_d(fp_int *a, fp_digit b, fp_int *c); diff --git a/src/wolfssl/wolfcrypt/types.h b/src/wolfssl/wolfcrypt/types.h index 3ff9ec5..01ca1b7 100644 --- a/src/wolfssl/wolfcrypt/types.h +++ b/src/wolfssl/wolfcrypt/types.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -31,277 +31,280 @@ decouple library dependencies with standard string, memory and so on. #ifndef WOLF_CRYPT_TYPES_H #define WOLF_CRYPT_TYPES_H - #include - #include +#include +#include +#include - #if defined(EXTERNAL_OPTS_OPENVPN) && defined(BUILDING_WOLFSSL) - #error EXTERNAL_OPTS_OPENVPN should not be defined in compiled wolfssl library files. - #endif +#if defined(EXTERNAL_OPTS_OPENVPN) && defined(BUILDING_WOLFSSL) + #error EXTERNAL_OPTS_OPENVPN should not be defined in compiled wolfssl \ +library files. +#endif - #ifdef __APPLE__ - #include - #endif +#ifdef __APPLE__ + #include +#endif - #ifdef __cplusplus - extern "C" { - #endif +#ifdef __cplusplus + extern "C" { +#endif - /* - * This struct is used multiple time by other structs and - * needs to be defined somewhere that all structs can import - * (with minimal dependencies). - */ - #ifdef HAVE_EX_DATA +/* + * This struct is used multiple time by other structs and + * needs to be defined somewhere that all structs can import + * (with minimal dependencies). + */ +#ifdef HAVE_EX_DATA + #ifdef HAVE_EX_DATA_CLEANUP_HOOKS + typedef void (*wolfSSL_ex_data_cleanup_routine_t)(void *data); + #endif + typedef struct WOLFSSL_CRYPTO_EX_DATA { + void* ex_data[MAX_EX_DATA]; #ifdef HAVE_EX_DATA_CLEANUP_HOOKS - typedef void (*wolfSSL_ex_data_cleanup_routine_t)(void *data); + wolfSSL_ex_data_cleanup_routine_t + ex_data_cleanup_routines[MAX_EX_DATA]; #endif - typedef struct WOLFSSL_CRYPTO_EX_DATA { - void* ex_data[MAX_EX_DATA]; - #ifdef HAVE_EX_DATA_CLEANUP_HOOKS - wolfSSL_ex_data_cleanup_routine_t - ex_data_cleanup_routines[MAX_EX_DATA]; - #endif - } WOLFSSL_CRYPTO_EX_DATA; - typedef void (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr, - WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); - typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out, - const WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, - long argV, void* arg); - typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr, - WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); - #endif + } WOLFSSL_CRYPTO_EX_DATA; + typedef void (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr, + WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); + typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out, + const WOLFSSL_CRYPTO_EX_DATA* in, void* inPtr, int idx, + long argV, void* arg); + typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr, + WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); +#endif - #if defined(WORDS_BIGENDIAN) - #define BIG_ENDIAN_ORDER - #endif +#if defined(WORDS_BIGENDIAN) + #define BIG_ENDIAN_ORDER +#endif - #ifndef BIG_ENDIAN_ORDER - #define LITTLE_ENDIAN_ORDER - #endif +#ifndef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER +#endif - #ifndef WOLFSSL_TYPES - #define WOLFSSL_TYPES - #ifndef byte - /* If using C++ C17 or later and getting: - * "error: reference to 'byte' is ambiguous", this is caused by - * cstddef conflict with "std::byte" in - * "enum class byte : unsigned char {};". - * This can occur if the user application is using "std" as the - * default namespace before including wolfSSL headers. - * Workarounds: https://github.com/wolfSSL/wolfssl/issues/5400 - */ - typedef unsigned char byte; - #endif - typedef signed char sword8; - typedef unsigned char word8; - #ifdef WC_16BIT_CPU - typedef int sword16; - typedef unsigned int word16; - typedef long sword32; - typedef unsigned long word32; - #else - typedef short sword16; - typedef unsigned short word16; - typedef int sword32; - typedef unsigned int word32; - #endif - typedef byte word24[3]; +#ifndef WOLFSSL_TYPES + #define WOLFSSL_TYPES + #ifndef byte + /* If using C++ C17 or later and getting: + * "error: reference to 'byte' is ambiguous", this is caused by + * cstddef conflict with "std::byte" in + * "enum class byte : unsigned char {};". + * This can occur if the user application is using "std" as the + * default namespace before including wolfSSL headers. + * Workarounds: https://github.com/wolfSSL/wolfssl/issues/5400 + */ + typedef unsigned char byte; + #endif + typedef signed char sword8; + typedef unsigned char word8; + #ifdef WC_16BIT_CPU + typedef int sword16; + typedef unsigned int word16; + typedef long sword32; + typedef unsigned long word32; + #else + typedef short sword16; + typedef unsigned short word16; + typedef int sword32; + typedef unsigned int word32; #endif + typedef byte word24[3]; +#endif +typedef const char wcchar[]; - /* constant pointer to a constant char */ - #ifdef WOLFSSL_NO_CONSTCHARCONST - typedef const char* wcchar; +#ifndef WC_BITFIELD + #ifdef WOLF_C89 + #define WC_BITFIELD unsigned #else - typedef const char* const wcchar; - #endif - - #ifndef WC_BITFIELD - #ifdef WOLF_C89 - #define WC_BITFIELD unsigned - #else - #define WC_BITFIELD byte - #endif + #define WC_BITFIELD byte #endif +#endif - #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES - /* if a version is available, pivot on the version, otherwise guess it's - * disallowed, subject to override. - */ - #if !defined(WOLF_C89) && (!defined(__STDC__) \ - || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \ - || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \ - || (defined(__cplusplus) && (__cplusplus >= 201103L))) - #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 - #endif - #elif ~(~HAVE_ANONYMOUS_INLINE_AGGREGATES + 1) == 1 - /* forced on with empty value -- remap to 1 */ - #undef HAVE_ANONYMOUS_INLINE_AGGREGATES +#ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES + /* if a version is available, pivot on the version, otherwise guess it's + * disallowed, subject to override. + */ + #if !defined(WOLF_C89) && (!defined(__STDC__) \ + || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \ + || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \ + || (defined(__cplusplus) && (__cplusplus >= 201103L))) #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 - #elif HAVE_ANONYMOUS_INLINE_AGGREGATES - /* forced on with explicit nonzero value -- leave as-is. */ - #else - /* forced off with explicit zero value -- remap to undef. */ - #undef HAVE_ANONYMOUS_INLINE_AGGREGATES #endif +#elif ~(~HAVE_ANONYMOUS_INLINE_AGGREGATES + 1) == 1 + /* forced on with empty value -- remap to 1 */ + #undef HAVE_ANONYMOUS_INLINE_AGGREGATES + #define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 +#elif HAVE_ANONYMOUS_INLINE_AGGREGATES + /* forced on with explicit nonzero value -- leave as-is. */ +#else + /* forced off with explicit zero value -- remap to undef. */ + #undef HAVE_ANONYMOUS_INLINE_AGGREGATES +#endif - #ifndef HAVE_EMPTY_AGGREGATES - /* The C standards don't define empty aggregates, but gcc and clang do. - * We need to accommodate them for one of the same reasons C++ does -- - * conditionally empty aggregates, e.g. in hash.h. - * - * Nonetheless, in C++, empty aggregates wind up with size 1. If we use - * the [0] construct and the header is compiled by clang++, it warns - * "struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]", despite - * the extern "C" wrapper. We sidestep this warning by recognizing - * here that C++ doesn't support truly empty aggregates. LLVM, for its part, - * deprecates compilation of C code as C++ using clang++. - */ - #if !defined(WOLF_C89) && defined(__GNUC__) && \ - !defined(__STRICT_ANSI__) && \ - !defined(__cplusplus) && \ - defined(HAVE_ANONYMOUS_INLINE_AGGREGATES) - #define HAVE_EMPTY_AGGREGATES 1 - #endif - #elif ~(~HAVE_EMPTY_AGGREGATES + 1) == 1 - /* forced on with empty value -- remap to 1 */ - #undef HAVE_EMPTY_AGGREGATES +#ifndef HAVE_EMPTY_AGGREGATES + /* The C standards don't define empty aggregates, but gcc and clang do. + * We need to accommodate them for one of the same reasons C++ does -- + * conditionally empty aggregates, e.g. in hash.h. + * + * Nonetheless, in C++, empty aggregates wind up with size 1. If we use + * the [0] construct and the header is compiled by clang++, it warns + * "struct has size 0 in C, size 1 in C++ [-Wextern-c-compat]", despite + * the extern "C" wrapper. We sidestep this warning by recognizing + * here that C++ doesn't support truly empty aggregates. LLVM, for its + * part, deprecates compilation of C code as C++ using clang++. + */ + #if !defined(WOLF_C89) && defined(__GNUC__) && \ + !defined(__STRICT_ANSI__) && \ + !defined(__cplusplus) && \ + defined(HAVE_ANONYMOUS_INLINE_AGGREGATES) #define HAVE_EMPTY_AGGREGATES 1 - #elif HAVE_EMPTY_AGGREGATES - /* forced on with explicit nonzero value -- leave as-is. */ - #else - /* forced off with explicit zero value -- remap to undef. */ - #undef HAVE_EMPTY_AGGREGATES #endif +#elif ~(~HAVE_EMPTY_AGGREGATES + 1) == 1 + /* forced on with empty value -- remap to 1 */ + #undef HAVE_EMPTY_AGGREGATES + #define HAVE_EMPTY_AGGREGATES 1 +#elif HAVE_EMPTY_AGGREGATES + /* forced on with explicit nonzero value -- leave as-is. */ +#else + /* forced off with explicit zero value -- remap to undef. */ + #undef HAVE_EMPTY_AGGREGATES +#endif - #define _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) a ## b ## c - #define _WOLF_AGG_DUMMY_MEMBER_HELPER(a, b, c) _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) - #ifdef HAVE_EMPTY_AGGREGATES - /* swallow the semicolon with a zero-sized array (language extension - * specific to gcc/clang). - */ - #define WOLF_AGG_DUMMY_MEMBER \ - struct { \ - PRAGMA_GCC_DIAG_PUSH \ - PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"") \ - PRAGMA_CLANG_DIAG_PUSH \ - PRAGMA_CLANG("clang diagnostic ignored \"-Wzero-length-array\"") \ - byte _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member)[0]; \ - PRAGMA_CLANG_DIAG_POP \ - PRAGMA_GCC_DIAG_POP \ - } - #else - /* Use a single byte with a constructed name as a dummy member -- these - * are the standard semantics of an empty structure in C++. - */ - #define WOLF_AGG_DUMMY_MEMBER char _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, _agg_dummy_member) - #endif +#define _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) a ## b ## c +#define _WOLF_AGG_DUMMY_MEMBER_HELPER(a, b, c) \ + _WOLF_AGG_DUMMY_MEMBER_HELPER2(a, b, c) +#ifdef HAVE_EMPTY_AGGREGATES + /* swallow the semicolon with a zero-sized array (language extension + * specific to gcc/clang). + */ + #define WOLF_AGG_DUMMY_MEMBER \ + struct { \ + PRAGMA_GCC_DIAG_PUSH \ + PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"") \ + PRAGMA_CLANG_DIAG_PUSH \ + PRAGMA_CLANG("clang diagnostic ignored \"-Wzero-length-array\"") \ + byte _WOLF_AGG_DUMMY_MEMBER_HELPER(_wolf_L, __LINE__, \ + _agg_dummy_member)[0]; \ + PRAGMA_CLANG_DIAG_POP \ + PRAGMA_GCC_DIAG_POP \ + } +#else + /* Use a single byte with a constructed name as a dummy member -- these + * are the standard semantics of an empty structure in C++. + */ + #define WOLF_AGG_DUMMY_MEMBER char _WOLF_AGG_DUMMY_MEMBER_HELPER( \ + _wolf_L, __LINE__, _agg_dummy_member) +#endif - /* helpers for stringifying the expanded value of a macro argument rather - * than its literal text: - */ - #define _WC_STRINGIFY_L2(str) #str - #define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str) - - /* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall - * -Wextra -pedantic), a trailing comma on the last value in an enum - * definition is a syntax error. We use this macro to accommodate that - * without disrupting clean flow/syntax when some enum values are - * preprocessor-gated. - */ - #if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS) - #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) a ## b ## c ## d ## e - #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(a, b, c, d, e) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) - #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(_wolf_, prefix, _L, __LINE__, _enum_dummy_last_element) - #else - #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */ - #endif +/* helpers for stringifying the expanded value of a macro argument rather + * than its literal text: + */ +#define _WC_STRINGIFY_L2(str) #str +#define WC_STRINGIFY(str) _WC_STRINGIFY_L2(str) + +/* With a true C89-dialect compiler (simulate with gcc -std=c89 -Wall + * -Wextra -pedantic), a trailing comma on the last value in an enum + * definition is a syntax error. We use this macro to accommodate that + * without disrupting clean flow/syntax when some enum values are + * preprocessor-gated. + */ +#if defined(WOLF_C89) || defined(WOLF_NO_TRAILING_ENUM_COMMAS) + #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) \ + a ## b ## c ## d ## e + #define _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(a, b, c, d, e) \ + _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER2(a, b, c, d, e) + #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) \ + _WOLF_ENUM_DUMMY_LAST_ELEMENT_HELPER(_wolf_, prefix, _L, __LINE__, \ + _enum_dummy_last_element) +#else + #define WOLF_ENUM_DUMMY_LAST_ELEMENT(prefix) /* null expansion */ +#endif - /* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ - #if defined(_WIN32) || defined(HAVE_LIMITS_H) - #include - /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, - * otherwise causes issues with CTC_SETTINGS */ - #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG) - #if !defined(SIZEOF_LONG) && defined(ULONG_MAX) && \ - (ULONG_MAX == 0xffffffffUL) - #define SIZEOF_LONG 4 - #endif - #if !defined(SIZEOF_LONG_LONG) && defined(ULLONG_MAX) && \ - (ULLONG_MAX == 0xffffffffffffffffULL) - #define SIZEOF_LONG_LONG 8 - #endif +/* try to set SIZEOF_LONG or SIZEOF_LONG_LONG if user didn't */ +#if defined(_WIN32) || defined(HAVE_LIMITS_H) + #include + /* make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set, + * otherwise causes issues with CTC_SETTINGS */ + #if !defined(SIZEOF_LONG_LONG) || !defined(SIZEOF_LONG) + #if !defined(SIZEOF_LONG) && defined(ULONG_MAX) && \ + (ULONG_MAX == 0xffffffffUL) + #define SIZEOF_LONG 4 #endif - #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) - #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) - #if (defined(__alpha__) || defined(__ia64__) || \ - defined(_ARCH_PPC64) || defined(__ppc64__) || \ - defined(__x86_64__) || defined(__s390x__ ) || \ - ((defined(sun) || defined(__sun)) && \ - (defined(LP64) || defined(_LP64))) || \ - (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \ - defined(__aarch64__) || defined(__mips64) || \ - (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))) - /* long should be 64bit */ - #define SIZEOF_LONG 8 - #elif defined(__i386__) || defined(__CORTEX_M3__) || defined(__ppc__) - /* long long should be 64bit */ - #define SIZEOF_LONG_LONG 8 - #endif - #endif - #endif - - #if (defined(_MSC_VER) && (_MSC_VER == 1200)) || /* MSVC6 */ \ - (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ - defined(__BCPLUSPLUS__) || \ - (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) - /* windows types */ - #define WORD64_AVAILABLE - #define W64LIT(x) x##ui64 - #define SW64LIT(x) x##i64 - typedef __int64 sword64; - typedef unsigned __int64 word64; - #elif defined(__EMSCRIPTEN__) - #define WORD64_AVAILABLE - #define W64LIT(x) x##ull - #define SW64LIT(x) x##ll - typedef long long sword64; - typedef unsigned long long word64; - #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 - #define WORD64_AVAILABLE - #ifdef WOLF_C89 - #define W64LIT(x) x##UL - #define SW64LIT(x) x##L - #else - #define W64LIT(x) x##ULL - #define SW64LIT(x) x##LL + #if !defined(SIZEOF_LONG_LONG) && defined(ULLONG_MAX) && \ + (ULLONG_MAX == 0xffffffffffffffffULL) + #define SIZEOF_LONG_LONG 8 #endif - typedef long sword64; - typedef unsigned long word64; - #elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 - #define WORD64_AVAILABLE - #ifdef WOLF_C89 - #define W64LIT(x) x##UL - #define SW64LIT(x) x##L - #else - #define W64LIT(x) x##ULL - #define SW64LIT(x) x##LL + #endif +#elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) + #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) + #if (defined(__alpha__) || defined(__ia64__) || \ + defined(_ARCH_PPC64) || defined(__ppc64__) || \ + defined(__x86_64__) || defined(__s390x__ ) || \ + ((defined(sun) || defined(__sun)) && \ + (defined(LP64) || defined(_LP64))) || \ + (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \ + defined(__aarch64__) || defined(__mips64) || \ + (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))) + /* long should be 64bit */ + #define SIZEOF_LONG 8 + #elif defined(__i386__) || defined(__CORTEX_M3__) || defined(__ppc__) + /* long long should be 64bit */ + #define SIZEOF_LONG_LONG 8 #endif - typedef long long sword64; - typedef unsigned long long word64; - #elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 - #define WORD64_AVAILABLE - #ifdef WOLF_C89 - #define W64LIT(x) x##UL - #define SW64LIT(x) x##L - #else - #define W64LIT(x) x##ULL - #define SW64LIT(x) x##LL #endif - typedef long long sword64; - typedef unsigned long long word64; +#endif + +#if (defined(_MSC_VER) && (_MSC_VER == 1200)) || /* MSVC6 */ \ + (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + defined(__BCPLUSPLUS__) || \ + (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) + /* windows types */ + #define WORD64_AVAILABLE + #define W64LIT(x) x##ui64 + #define SW64LIT(x) x##i64 + typedef __int64 sword64; + typedef unsigned __int64 word64; +#elif defined(__EMSCRIPTEN__) + #define WORD64_AVAILABLE + #define W64LIT(x) x##ull + #define SW64LIT(x) x##ll + typedef long long sword64; + typedef unsigned long long word64; +#elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 + #define WORD64_AVAILABLE + #ifdef WOLF_C89 + #define W64LIT(x) x##UL + #define SW64LIT(x) x##L + #else + #define W64LIT(x) x##ULL + #define SW64LIT(x) x##LL + #endif + typedef long sword64; + typedef unsigned long word64; +#elif defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 + #define WORD64_AVAILABLE + #ifdef WOLF_C89 + #define W64LIT(x) x##UL + #define SW64LIT(x) x##L + #else + #define W64LIT(x) x##ULL + #define SW64LIT(x) x##LL + #endif + typedef long long sword64; + typedef unsigned long long word64; +#elif defined(__SIZEOF_LONG_LONG__) && __SIZEOF_LONG_LONG__ == 8 + #define WORD64_AVAILABLE + #ifdef WOLF_C89 + #define W64LIT(x) x##UL + #define SW64LIT(x) x##L + #else + #define W64LIT(x) x##ULL + #define SW64LIT(x) x##LL #endif + typedef long long sword64; + typedef unsigned long long word64; +#endif #if defined(WORD64_AVAILABLE) && !defined(WC_16BIT_CPU) /* These platforms have 64-bit CPU registers. */ @@ -347,17 +350,17 @@ decouple library dependencies with standard string, memory and so on. #ifndef MICROCHIP_PIC24 #undef WORD64_AVAILABLE #endif - typedef word16 wolfssl_word; - #define WOLFSSL_WORD_SIZE_LOG2 1 - #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ - * mp_digit, no 64 bit type so make mp_digit 16 bit */ + typedef word16 wolfssl_word; + #define WOLFSSL_WORD_SIZE_LOG2 1 + #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ + * mp_digit, no 64 bit type so make mp_digit 16 bit */ #else #undef WORD64_AVAILABLE typedef word32 wolfssl_word; #define WOLFSSL_WORD_SIZE_LOG2 2 #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as \ - * mp_digit, no 64 bit type so make mp_digit 16 bit */ + * mp_digit, no 64 bit type so make mp_digit 16 bit */ #endif typedef struct w64wrapper { @@ -378,396 +381,439 @@ typedef struct w64wrapper { typedef size_t wc_ptr_t; #endif - enum { - WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), - WOLFSSL_BIT_SIZE = 8, - WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE - }; +enum { + WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), + WOLFSSL_BIT_SIZE = 8, + WOLFSSL_WORD_BITS = WOLFSSL_WORD_SIZE * WOLFSSL_BIT_SIZE +}; - #define WOLFSSL_MAX_8BIT 0xffU - #define WOLFSSL_MAX_16BIT 0xffffU - #define WOLFSSL_MAX_32BIT 0xffffffffU - - #ifndef WC_DO_NOTHING - #define WC_DO_NOTHING do {} while (0) - #ifdef _MSC_VER - /* disable buggy MSC warning around while(0), - *"warning C4127: conditional expression is constant" - */ - #pragma warning(disable: 4127) - #endif +#define WOLFSSL_MAX_8BIT 0xffU +#define WOLFSSL_MAX_16BIT 0xffffU +#define WOLFSSL_MAX_32BIT 0xffffffffU + +#ifndef WC_DO_NOTHING + #define WC_DO_NOTHING do {} while (0) + #ifdef _MSC_VER + /* disable buggy MSC warning around while(0), + *"warning C4127: conditional expression is constant" + */ + #pragma warning(disable: 4127) #endif +#endif - #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) - #define INLINE WC_INLINE +#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + #define INLINE WC_INLINE +#endif + +/* set up rotate style */ +#if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ + defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && \ + !defined(INTIME_RTOS) + #define INTEL_INTRINSICS + #define FAST_ROTATE +#elif defined(__MWERKS__) && TARGET_CPU_PPC + #define PPC_INTRINSICS + #define FAST_ROTATE +#elif defined(__CCRX__) + #define FAST_ROTATE +#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) + /* GCC does peephole optimizations which should result in using rotate + instructions */ + #define FAST_ROTATE +#endif + +/* set up thread local storage if available */ +#ifdef HAVE_THREAD_LS + #if defined(_MSC_VER) || defined(__WATCOMC__) + #define THREAD_LS_T __declspec(thread) + /* Thread local storage only in FreeRTOS v8.2.1 and higher */ + #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \ + defined(WOLFSSL_ZEPHYR) + #define THREAD_LS_T + #else + #define THREAD_LS_T __thread #endif +#else + #define THREAD_LS_T +#endif - /* set up rotate style */ - #if ((defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ - defined(__BCPLUSPLUS__)) && !defined(WOLFSSL_SGX) && !defined(INTIME_RTOS) - #define INTEL_INTRINSICS - #define FAST_ROTATE - #elif defined(__MWERKS__) && TARGET_CPU_PPC - #define PPC_INTRINSICS - #define FAST_ROTATE - #elif defined(__CCRX__) - #define FAST_ROTATE - #elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) - /* GCC does peephole optimizations which should result in using rotate - instructions */ - #define FAST_ROTATE +#ifndef FALL_THROUGH + /* GCC 7 has new switch() fall-through detection */ + #if defined(__GNUC__) + #if defined(fallthrough) + #define FALL_THROUGH fallthrough + #elif ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) + #define FALL_THROUGH ; __attribute__ ((fallthrough)) + #elif defined(__clang__) && defined(__clang_major__) && \ + (__clang_major__ >= 12) + #define FALL_THROUGH ; __attribute__ ((fallthrough)) + #endif #endif +#endif /* FALL_THROUGH */ +#if !defined(FALL_THROUGH) || defined(__XC32) + /* use stub for fall through by default or for Microchip compiler */ + #undef FALL_THROUGH + #define FALL_THROUGH +#endif - /* set up thread local storage if available */ - #ifdef HAVE_THREAD_LS - #if defined(_MSC_VER) || defined(__WATCOMC__) - #define THREAD_LS_T __declspec(thread) - /* Thread local storage only in FreeRTOS v8.2.1 and higher */ - #elif defined(FREERTOS) || defined(FREERTOS_TCP) || \ - defined(WOLFSSL_ZEPHYR) - #define THREAD_LS_T +#define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */ + +#define XELEM_CNT(x) (sizeof((x))/sizeof(*(x))) + +#define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \ + ((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0)) + +#if defined(HAVE_IO_POOL) + WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); + WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); + WOLFSSL_API void XFREE(void *p, void* heap, int type); +#elif (defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)) || \ + defined(HAVE_INTEL_QA_SYNC) + #ifndef HAVE_INTEL_QA_SYNC + #include + #undef USE_WOLFSSL_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) \ + IntelQaMalloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) \ + IntelQaFree((p), (h), (t), __func__, __LINE__) + #define XREALLOC(p, n, h, t) \ + IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) #else - #define THREAD_LS_T __thread - #endif + #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t)) + #define XFREE(p, h, t) IntelQaFree((p), (h), (t)) + #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ #else - #define THREAD_LS_T + #include + #undef USE_WOLFSSL_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) \ + wc_CryptoCb_IntelQaMalloc((s), (h), (t), __func__, __LINE__) + #define XFREE(p, h, t) \ + wc_CryptoCb_IntelQaFree((p), (h), (t), __func__, __LINE__) + #define XREALLOC(p, n, h, t) \ + wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t), __func__, \ + __LINE__) + #else + #define XMALLOC(s, h, t) \ + wc_CryptoCb_IntelQaMalloc((s), (h), (t)) + #define XFREE(p, h, t) \ + wc_CryptoCb_IntelQaFree((p), (h), (t)) + #define XREALLOC(p, n, h, t) \ + wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ + #endif +#elif defined(XMALLOC_USER) + /* prototypes for user heap override functions */ + #include /* for size_t */ + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); +#elif defined(WOLFSSL_MEMORY_LOG) + #define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__) + #define XREALLOC(p, n, h, t) \ + xrealloc(p, n, h, t, __func__, __FILE__, __LINE__) + #define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__) + + /* prototypes for user heap override functions */ + #include /* for size_t */ + #include + WOLFSSL_API void *xmalloc(size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + WOLFSSL_API void *xrealloc(void *p, size_t n, void* heap, int type, + const char* func, const char* file, unsigned int line); + WOLFSSL_API void xfree(void *p, void* heap, int type, const char* func, + const char* file, unsigned int line); +#elif defined(XMALLOC_OVERRIDE) + /* override the XMALLOC, XFREE and XREALLOC macros */ +#elif defined(WOLFSSL_TELIT_M2MB) + /* Telit M2MB SDK requires use m2mb_os API's, not std malloc/free */ + /* Use of malloc/free will cause CPU reboot */ + #define XMALLOC(s, h, t) ((void)(h), (void)(t), \ + m2mb_os_malloc((s))) + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) m2mb_os_free(xp) + #else + #define XFREE(p, h, t) do { void* xp = (p); if (xp) \ + m2mb_os_free(xp); } while (0) #endif + #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) - #ifndef FALL_THROUGH - /* GCC 7 has new switch() fall-through detection */ - #if defined(__GNUC__) - #if defined(fallthrough) - #define FALL_THROUGH fallthrough - #elif ((__GNUC__ > 7) || ((__GNUC__ == 7) && (__GNUC_MINOR__ >= 1))) - #define FALL_THROUGH ; __attribute__ ((fallthrough)) - #elif defined(__clang__) && defined(__clang_major__) && \ - (__clang_major__ >= 12) - #define FALL_THROUGH ; __attribute__ ((fallthrough)) - #endif +#elif defined(NO_WOLFSSL_MEMORY) + #ifdef WOLFSSL_NO_MALLOC + /* this platform does not support heap use */ + #ifdef WOLFSSL_SMALL_STACK + #error WOLFSSL_SMALL_STACK requires a heap implementation. #endif - #endif /* FALL_THROUGH */ - #if !defined(FALL_THROUGH) || defined(__XC32) - /* use stub for fall through by default or for Microchip compiler */ - #undef FALL_THROUGH - #define FALL_THROUGH - #endif - - #define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */ - - #define XELEM_CNT(x) (sizeof((x))/sizeof(*(x))) - - #define WC_SAFE_SUM_WORD32(in1, in2, out) ((in2) <= 0xffffffffU - (in1) ? \ - ((out) = (in1) + (in2), 1) : ((out) = 0xffffffffU, 0)) - - #if defined(HAVE_IO_POOL) - WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); - WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); - WOLFSSL_API void XFREE(void *p, void* heap, int type); - #elif (defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_INTEL_QA)) || \ - defined(HAVE_INTEL_QA_SYNC) - #ifndef HAVE_INTEL_QA_SYNC - #include - #undef USE_WOLFSSL_MEMORY - #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) IntelQaFree((p), (h), (t), __func__, __LINE__) - #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) - #else - #define XMALLOC(s, h, t) IntelQaMalloc((s), (h), (t)) - #define XFREE(p, h, t) IntelQaFree((p), (h), (t)) - #define XREALLOC(p, n, h, t) IntelQaRealloc((p), (n), (h), (t)) - #endif /* WOLFSSL_DEBUG_MEMORY */ + #ifndef WC_NO_CONSTRUCTORS + #define WC_NO_CONSTRUCTORS + #endif + #ifdef WOLFSSL_MALLOC_CHECK + #ifndef NO_STDIO_FILESYSTEM + #include + #endif + static inline void* malloc_check(size_t sz) { + fprintf(stderr, "wolfSSL_malloc failed"); + return NULL; + }; + #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) + #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) #else - #include - #undef USE_WOLFSSL_MEMORY - #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) wc_CryptoCb_IntelQaMalloc((s), (h), (t), __func__, __LINE__) - #define XFREE(p, h, t) wc_CryptoCb_IntelQaFree((p), (h), (t), __func__, __LINE__) - #define XREALLOC(p, n, h, t) wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t), __func__, __LINE__) - #else - #define XMALLOC(s, h, t) wc_CryptoCb_IntelQaMalloc((s), (h), (t)) - #define XFREE(p, h, t) wc_CryptoCb_IntelQaFree((p), (h), (t)) - #define XREALLOC(p, n, h, t) wc_CryptoCb_IntelQaRealloc((p), (n), (h), (t)) - #endif /* WOLFSSL_DEBUG_MEMORY */ + #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) + #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) + #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) #endif - #elif defined(XMALLOC_USER) - /* prototypes for user heap override functions */ - #include /* for size_t */ - extern void *XMALLOC(size_t n, void* heap, int type); - extern void *XREALLOC(void *p, size_t n, void* heap, int type); - extern void XFREE(void *p, void* heap, int type); - #elif defined(WOLFSSL_MEMORY_LOG) - #define XMALLOC(n, h, t) xmalloc(n, h, t, __func__, __FILE__, __LINE__) - #define XREALLOC(p, n, h, t) xrealloc(p, n, h, t, __func__, __FILE__, __LINE__) - #define XFREE(p, h, t) xfree(p, h, t, __func__, __FILE__, __LINE__) - - /* prototypes for user heap override functions */ - #include /* for size_t */ + #else + /* just use plain C stdlib stuff if desired */ #include - WOLFSSL_API void *xmalloc(size_t n, void* heap, int type, - const char* func, const char* file, unsigned int line); - WOLFSSL_API void *xrealloc(void *p, size_t n, void* heap, int type, - const char* func, const char* file, unsigned int line); - WOLFSSL_API void xfree(void *p, void* heap, int type, const char* func, - const char* file, unsigned int line); - #elif defined(XMALLOC_OVERRIDE) - /* override the XMALLOC, XFREE and XREALLOC macros */ - #elif defined(WOLFSSL_TELIT_M2MB) - /* Telit M2MB SDK requires use m2mb_os API's, not std malloc/free */ - /* Use of malloc/free will cause CPU reboot */ - #define XMALLOC(s, h, t) ((void)(h), (void)(t), m2mb_os_malloc((s))) + #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) /* native heap */ #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) m2mb_os_free(xp) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) /* native heap */ #else - #define XFREE(p, h, t) do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0) + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) /* native heap */ #endif - #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) + #define XREALLOC(p, n, h, t) \ + ((void)(h), (void)(t), realloc((p), (size_t)(n))) /* native heap */ + #endif + +#elif defined(WOLFSSL_LINUXKM) + + /* definitions are in linuxkm/linuxkm_wc_port.h */ - #elif defined(NO_WOLFSSL_MEMORY) - #ifdef WOLFSSL_NO_MALLOC - /* this platform does not support heap use */ - #ifdef WOLFSSL_SMALL_STACK - #error WOLFSSL_SMALL_STACK requires a heap implementation. +#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ + && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ + && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ + && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4) + /* default C runtime, can install different routines at runtime via cbs */ + #ifndef WOLFSSL_MEMORY_H + #include + #endif + #ifdef WOLFSSL_STATIC_MEMORY + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) \ + wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) \ + wolfSSL_Free(xp, h, t, __func__, __LINE__) + #else + #define XFREE(p, h, t) do { void* xp = (p); if (xp) \ + wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) #endif - #ifndef WC_NO_CONSTRUCTORS - #define WC_NO_CONSTRUCTORS + #define XREALLOC(p, n, h, t) \ + wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) + #else + #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) + #else + #define XFREE(p, h, t) do { void* xp = (p); if (xp) \ + wolfSSL_Free(xp, h, t); } while (0) #endif - #ifdef WOLFSSL_MALLOC_CHECK - #ifndef NO_STDIO_FILESYSTEM - #include - #endif - static inline void* malloc_check(size_t sz) { - fprintf(stderr, "wolfSSL_malloc failed"); - return NULL; - }; - #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) - #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) + #endif /* WOLFSSL_DEBUG_MEMORY */ + #elif defined(WOLFSSL_EMBOS) && !defined(XMALLOC_USER) \ + && !defined(NO_WOLFSSL_MEMORY) \ + && !defined(WOLFSSL_STATIC_MEMORY) + /* settings.h solve this case already. Avoid redefinition. */ + #elif (!defined(FREERTOS) && !defined(FREERTOS_TCP)) || \ + defined(WOLFSSL_TRACK_MEMORY) + #ifdef WOLFSSL_DEBUG_MEMORY + #define XMALLOC(s, h, t) ((void)(h), (void)(t), \ + wolfSSL_Malloc((s), __func__, __LINE__)) + #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK + #define XFREE(p, h, t) do { (void)(h); (void)(t); \ + wolfSSL_Free(xp, __func__, __LINE__); } while (0) #else - #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) - #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) - #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); \ + (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); \ + } while (0) #endif + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), \ + wolfSSL_Realloc((p), (n), __func__, __LINE__)) #else - /* just use plain C stdlib stuff if desired */ - #include - #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) /* native heap */ + #define XMALLOC(s, h, t) ((void)(h), (void)(t), \ + wolfSSL_Malloc((s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) /* native heap */ + #define XFREE(p, h, t) do { (void)(h); (void)(t); \ + wolfSSL_Free(p); } while (0) #else - #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) /* native heap */ + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); \ + (void)(t); if (xp) wolfSSL_Free(xp); } while (0) #endif - #define XREALLOC(p, n, h, t) \ - ((void)(h), (void)(t), realloc((p), (size_t)(n))) /* native heap */ - #endif - - #elif defined(WOLFSSL_LINUXKM) - - /* definitions are in linuxkm/linuxkm_wc_port.h */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), \ + wolfSSL_Realloc((p), (n))) + #endif /* WOLFSSL_DEBUG_MEMORY */ + #endif /* WOLFSSL_STATIC_MEMORY */ +#endif - #elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) \ - && !defined(WOLFSSL_SAFERTOS) && !defined(FREESCALE_MQX) \ - && !defined(FREESCALE_KSDK_MQX) && !defined(FREESCALE_FREE_RTOS) \ - && !defined(WOLFSSL_LEANPSK) && !defined(WOLFSSL_uITRON4) - /* default C runtime, can install different routines at runtime via cbs */ - #ifndef WOLFSSL_MEMORY_H - #include - #endif - #ifdef WOLFSSL_STATIC_MEMORY - #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t), __func__, __LINE__) - #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) - #else - #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) - #endif - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) - #else - #define XMALLOC(s, h, t) wolfSSL_Malloc((s), (h), (t)) - #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) - #else - #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0) - #endif - #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) - #endif /* WOLFSSL_DEBUG_MEMORY */ - #elif defined(WOLFSSL_EMBOS) && !defined(XMALLOC_USER) \ - && !defined(NO_WOLFSSL_MEMORY) \ - && !defined(WOLFSSL_STATIC_MEMORY) - /* settings.h solve this case already. Avoid redefinition. */ - #elif (!defined(FREERTOS) && !defined(FREERTOS_TCP)) || defined(WOLFSSL_TRACK_MEMORY) - #ifdef WOLFSSL_DEBUG_MEMORY - #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) - #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0) - #else - #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0) - #endif - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__)) - #else - #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) - #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0) - #else - #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0) - #endif - #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n))) - #endif /* WOLFSSL_DEBUG_MEMORY */ - #endif /* WOLFSSL_STATIC_MEMORY */ - #endif +#if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS) + #error WOLFSSL_SMALL_STACK requires constructors. +#endif - #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS) - #error WOLFSSL_SMALL_STACK requires constructors. - #endif +#include - #include +/* declare/free variable handling for async and smallstack */ +#ifndef WC_ALLOC_DO_ON_FAILURE + #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING +#endif - /* declare/free variable handling for async and smallstack */ - #ifndef WC_ALLOC_DO_ON_FAILURE - #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING - #endif +#define WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + VAR_TYPE* VAR_NAME[VAR_ITEMS] = { NULL, }; \ + int idx##VAR_NAME = 0, inner_idx_##VAR_NAME +#define WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ + VAR_TYPE* VAR_NAME[VAR_ITEMS] +#define WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \ + (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), \ + DYNAMIC_TYPE_TMP_BUFFER); \ + if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \ + for (inner_idx_##VAR_NAME = 0; \ + inner_idx_##VAR_NAME < idx##VAR_NAME; \ + inner_idx_##VAR_NAME++) { \ + XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), \ + DYNAMIC_TYPE_TMP_BUFFER); \ + (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \ + } \ + for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; \ + inner_idx_##VAR_NAME < (VAR_ITEMS); \ + inner_idx_##VAR_NAME++) { \ + (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \ + } \ + idx##VAR_NAME = 0; \ + WC_ALLOC_DO_ON_FAILURE(); \ + break; \ + } \ + } +#define WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + do { \ + WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP); \ + if (idx##VAR_NAME != 0) { \ + for (idx##VAR_NAME=0; \ + idx##VAR_NAME<(VAR_ITEMS); \ + idx##VAR_NAME++) { \ + XMEMSET((VAR_NAME)[idx##VAR_NAME], 0, VAR_SIZE); \ + } \ + } \ + } while (0) +#define WC_HEAP_ARRAY_OK(VAR_NAME) (idx##VAR_NAME != 0) +#define WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \ + if (WC_HEAP_ARRAY_OK(VAR_NAME)) { \ + for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \ + XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \ + } \ + idx##VAR_NAME = 0; \ + } + +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK) + #define WC_DECLARE_VAR_IS_HEAP_ALLOC + #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + VAR_TYPE* VAR_NAME = NULL + #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + do { \ + (VAR_NAME) = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), \ + (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \ + if ((VAR_NAME) == NULL) { \ + WC_ALLOC_DO_ON_FAILURE(); \ + } \ + } while (0) + #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + do { \ + WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP); \ + XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE) * (VAR_SIZE)); \ + } while (0) + #define WC_FREE_VAR(VAR_NAME, HEAP) \ + XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT) + #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) + #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ + WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) + #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) + #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) + #define WC_ARRAY_OK(VAR_NAME) WC_HEAP_ARRAY_OK(VAR_NAME) + #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \ + WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) +#else + #undef WC_DECLARE_VAR_IS_HEAP_ALLOC + #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + VAR_TYPE VAR_NAME[VAR_SIZE] + #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) WC_DO_NOTHING + #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ + XMEMSET(VAR_NAME, 0, sizeof(var)) + #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING \ + /* nothing to free, its stack */ + #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */ + #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ + VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */ + #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + WC_DO_NOTHING + #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ + XMEMSET(VAR_NAME, 0, sizeof(VAR_NAME)) + #define WC_ARRAY_OK(VAR_NAME) 1 + #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) WC_DO_NOTHING \ + /* nothing to free, its stack */ +#endif - #define WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - VAR_TYPE* VAR_NAME[VAR_ITEMS] = { NULL, }; \ - int idx##VAR_NAME = 0, inner_idx_##VAR_NAME - #define WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ - VAR_TYPE* VAR_NAME[VAR_ITEMS] - #define WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \ - (VAR_NAME)[idx##VAR_NAME] = (VAR_TYPE*)XMALLOC(VAR_SIZE, (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \ - if ((VAR_NAME)[idx##VAR_NAME] == NULL) { \ - for (inner_idx_##VAR_NAME = 0; inner_idx_##VAR_NAME < idx##VAR_NAME; inner_idx_##VAR_NAME++) { \ - XFREE((VAR_NAME)[inner_idx_##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \ - (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \ - } \ - for (inner_idx_##VAR_NAME = idx##VAR_NAME + 1; inner_idx_##VAR_NAME < (VAR_ITEMS); inner_idx_##VAR_NAME++) { \ - (VAR_NAME)[inner_idx_##VAR_NAME] = NULL; \ - } \ - idx##VAR_NAME = 0; \ - WC_ALLOC_DO_ON_FAILURE(); \ - break; \ - } \ - } - #define WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - do { \ - WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP); \ - if (idx##VAR_NAME != 0) { \ - for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \ - XMEMSET((VAR_NAME)[idx##VAR_NAME], 0, VAR_SIZE); \ - } \ - } \ - } while (0) - #define WC_HEAP_ARRAY_OK(VAR_NAME) (idx##VAR_NAME != 0) - #define WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \ - if (WC_HEAP_ARRAY_OK(VAR_NAME)) { \ - for (idx##VAR_NAME=0; idx##VAR_NAME<(VAR_ITEMS); idx##VAR_NAME++) { \ - XFREE((VAR_NAME)[idx##VAR_NAME], (HEAP), DYNAMIC_TYPE_TMP_BUFFER); \ - } \ - idx##VAR_NAME = 0; \ - } +#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + /* These are here for the FIPS code that can't be changed. + * New definitions don't need to be added here. */ + #define DECLARE_VAR WC_DECLARE_VAR + #define DECLARE_ARRAY WC_DECLARE_ARRAY + #define FREE_VAR WC_FREE_VAR + #define FREE_ARRAY WC_FREE_ARRAY + #define DECLARE_ARRAY_DYNAMIC_DEC WC_DECLARE_HEAP_ARRAY + #define DECLARE_ARRAY_DYNAMIC_EXE WC_ALLOC_HEAP_ARRAY + #define FREE_ARRAY_DYNAMIC WC_FREE_HEAP_ARRAY +#endif /* HAVE_FIPS */ + +#if !defined(USE_WOLF_STRTOK) && \ + ((defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)) || \ + defined(WOLFSSL_TIRTOS) || defined(WOLF_C99)) + #define USE_WOLF_STRTOK +#endif +#if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C89) || defined(WOLF_C99)) + #define USE_WOLF_STRSEP +#endif +#if !defined(XSTRLCPY) && !defined(USE_WOLF_STRLCPY) + #define USE_WOLF_STRLCPY +#endif +#if !defined(XSTRLCAT) && !defined(USE_WOLF_STRLCAT) + #define USE_WOLF_STRLCAT +#endif - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_SMALL_STACK) - #define WC_DECLARE_VAR_IS_HEAP_ALLOC - #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - VAR_TYPE* VAR_NAME = NULL - #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - do { \ - (VAR_NAME) = (VAR_TYPE*)XMALLOC(sizeof(VAR_TYPE) * (VAR_SIZE), (HEAP), DYNAMIC_TYPE_WOLF_BIGINT); \ - if ((VAR_NAME) == NULL) { \ - WC_ALLOC_DO_ON_FAILURE(); \ - } \ - } while (0) - #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - do { \ - WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP); \ - XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE) * (VAR_SIZE)); \ - } while (0) - #define WC_FREE_VAR(VAR_NAME, HEAP) \ - XFREE(VAR_NAME, (HEAP), DYNAMIC_TYPE_WOLF_BIGINT) - #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - WC_DECLARE_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) - #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ - WC_HEAP_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) - #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - WC_ALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) - #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - WC_CALLOC_HEAP_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) - #define WC_ARRAY_OK(VAR_NAME) WC_HEAP_ARRAY_OK(VAR_NAME) - #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) \ - WC_FREE_HEAP_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) +#ifndef STRING_USER + #if defined(WOLFSSL_LINUXKM) + #include #else - #undef WC_DECLARE_VAR_IS_HEAP_ALLOC - #define WC_DECLARE_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - VAR_TYPE VAR_NAME[VAR_SIZE] - #define WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) WC_DO_NOTHING - #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - XMEMSET(VAR_NAME, 0, sizeof(var)) - #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING /* nothing to free, its stack */ - #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \ - VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */ - #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \ - VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */ - #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) WC_DO_NOTHING - #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) XMEMSET(VAR_NAME, 0, sizeof(VAR_NAME)) - #define WC_ARRAY_OK(VAR_NAME) 1 - #define WC_FREE_ARRAY(VAR_NAME, VAR_ITEMS, HEAP) WC_DO_NOTHING /* nothing to free, its stack */ + #include #endif - #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) - /* These are here for the FIPS code that can't be changed. New definitions don't need to be added here. */ - #define DECLARE_VAR WC_DECLARE_VAR - #define DECLARE_ARRAY WC_DECLARE_ARRAY - #define FREE_VAR WC_FREE_VAR - #define FREE_ARRAY WC_FREE_ARRAY - #define DECLARE_ARRAY_DYNAMIC_DEC WC_DECLARE_HEAP_ARRAY - #define DECLARE_ARRAY_DYNAMIC_EXE WC_ALLOC_HEAP_ARRAY - #define FREE_ARRAY_DYNAMIC WC_FREE_HEAP_ARRAY - #endif /* HAVE_FIPS */ - - #if !defined(USE_WOLF_STRTOK) && \ - ((defined(__MINGW32__) && !defined(__MINGW64_VERSION_MAJOR)) || \ - defined(WOLFSSL_TIRTOS) || defined(WOLF_C99)) - #define USE_WOLF_STRTOK - #endif - #if !defined(USE_WOLF_STRSEP) && (defined(WOLF_C89) || defined(WOLF_C99)) - #define USE_WOLF_STRSEP - #endif - #if !defined(XSTRLCPY) && !defined(USE_WOLF_STRLCPY) - #define USE_WOLF_STRLCPY - #endif - #if !defined(XSTRLCAT) && !defined(USE_WOLF_STRLCAT) - #define USE_WOLF_STRLCAT - #endif + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) - #ifndef STRING_USER - #if defined(WOLFSSL_LINUXKM) - #include - #else - #include - #endif + #define XSTRLEN(s1) strlen((s1)) + #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) + /* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper, + * not required for wolfCrypt only */ + #define XSTRSTR(s1,s2) strstr((s1),(s2)) + #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) + #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRCMP(s1,s2) strcmp((s1),(s2)) + #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) - - #define XSTRLEN(s1) strlen((s1)) - #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) - /* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper, - * not required for wolfCrypt only */ - #define XSTRSTR(s1,s2) strstr((s1),(s2)) - #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) - #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) - #define XSTRCMP(s1,s2) strcmp((s1),(s2)) - #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) - - #ifdef USE_WOLF_STRSEP - #define XSTRSEP(s1,d) wc_strsep((s1),(d)) - #else - #define XSTRSEP(s1,d) strsep((s1),(d)) - #endif + #ifdef USE_WOLF_STRSEP + #define XSTRSEP(s1,d) wc_strsep((s1),(d)) + #else + #define XSTRSEP(s1,d) strsep((s1),(d)) + #endif - #ifndef XSTRCASECMP + #ifndef XSTRCASECMP #if (defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32)) && \ (__XC32_VERSION >= 1000) && (__XC32_VERSION < 4000) /* XC32 supports str[n]casecmp in version >= 1.0 through 4.0. */ @@ -799,9 +845,9 @@ typedef struct w64wrapper { #undef XSTRCASECMP #define XSTRCASECMP(s1,s2) wc_strcasecmp((s1), (s2)) #endif - #endif /* !XSTRCASECMP */ + #endif /* !XSTRCASECMP */ - #ifndef XSTRNCASECMP + #ifndef XSTRNCASECMP #if (defined(MICROCHIP_MPLAB_HARMONY) || defined(MICROCHIP_PIC32)) && \ (__XC32_VERSION >= 1000) /* XC32 supports str[n]casecmp in version >= 1.0. */ @@ -833,39 +879,39 @@ typedef struct w64wrapper { #undef XSTRNCASECMP #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n)) #endif - #endif /* !XSTRNCASECMP */ + #endif /* !XSTRNCASECMP */ - /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when - debugging is turned on */ - #ifndef XSNPRINTF + /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when + * debugging is turned on */ + #ifndef XSNPRINTF #ifndef USE_WINDOWS_API #if defined(WOLFSSL_ESPIDF) && \ (!defined(NO_ASN_TIME) && defined(HAVE_PKCS7)) - #include - /* later gcc than 7.1 introduces -Wformat-truncation */ - /* In cases when truncation is expected the caller needs*/ - /* to check the return value from the function so that */ - /* compiler doesn't complain. */ - /* xtensa-esp32-elf v8.2.0 warns truncation at */ - /* GetAsnTimeString() */ - static WC_INLINE - int _xsnprintf_(char *s, size_t n, const char *format, ...) - { - va_list ap; - int ret; - - if ((int)n <= 0) return -1; - - va_start(ap, format); - - ret = XVSNPRINTF(s, n, format, ap); - if (ret < 0) - ret = -1; - - va_end(ap); - - return ret; - } + #include + /* later gcc than 7.1 introduces -Wformat-truncation */ + /* In cases when truncation is expected the caller needs*/ + /* to check the return value from the function so that */ + /* compiler doesn't complain. */ + /* xtensa-esp32-elf v8.2.0 warns truncation at */ + /* GetAsnTimeString() */ + static WC_INLINE + int _xsnprintf_(char *s, size_t n, const char *format, ...) + { + va_list ap; + int ret; + + if ((int)n <= 0) return -1; + + va_start(ap, format); + + ret = XVSNPRINTF(s, n, format, ap); + if (ret < 0) + ret = -1; + + va_end(ap); + + return ret; + } #define XSNPRINTF _xsnprintf_ #elif defined(FREESCALE_MQX) /* see wc_port.h for fio.h and nio.h includes. MQX does not @@ -878,7 +924,8 @@ typedef struct w64wrapper { #define XSPRINTF sprintf /* snprintf not available for C89, so remap using macro */ #ifdef WOLF_NO_VARIADIC_MACROS - #error WOLF_NO_VARIADIC_MACROS requires user-supplied binding for XSNPRINTF + #error WOLF_NO_VARIADIC_MACROS requires user-supplied \ +binding for XSNPRINTF #else #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__) #endif @@ -924,408 +971,408 @@ typedef struct w64wrapper { #define XSNPRINTF snprintf #endif /* _MSC_VER */ #endif /* USE_WINDOWS_API */ - #endif /* !XSNPRINTF */ - - #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \ - defined(WOLFSSL_ASN_PARSE_KEYUSAGE) - /* use only Thread Safe version of strtok */ - #if defined(USE_WOLF_STRTOK) + #endif /* !XSNPRINTF */ + + #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \ + defined(WOLFSSL_ASN_PARSE_KEYUSAGE) + /* use only Thread Safe version of strtok */ + #if defined(USE_WOLF_STRTOK) + #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) + #elif defined(__WATCOMC__) + #if __WATCOMC__ < 1300 + #define USE_WOLF_STRTOK #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) - #elif defined(__WATCOMC__) - #if __WATCOMC__ < 1300 - #define USE_WOLF_STRTOK - #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) - #else - #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) - #endif - #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS) - #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr)) #else #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) #endif + #elif defined(USE_WINDOWS_API) || defined(INTIME_RTOS) + #define XSTRTOK(s1,d,ptr) strtok_s((s1),(d),(ptr)) + #else + #define XSTRTOK(s1,d,ptr) strtok_r((s1),(d),(ptr)) #endif + #endif - #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_OCSP) || \ - defined(HAVE_CRL_IO) || defined(HAVE_HTTP_CLIENT) || \ - !defined(NO_CRYPT_BENCHMARK) || defined(OPENSSL_EXTRA) + #if defined(WOLFSSL_CERT_EXT) || defined(HAVE_OCSP) || \ + defined(HAVE_CRL_IO) || defined(HAVE_HTTP_CLIENT) || \ + !defined(NO_CRYPT_BENCHMARK) || defined(OPENSSL_EXTRA) - #ifndef XATOI /* if custom XATOI is not already defined */ - #include - #define XATOI(s) atoi((s)) - #endif + #ifndef XATOI /* if custom XATOI is not already defined */ + #include + #define XATOI(s) atoi((s)) #endif #endif +#endif /* STRING_USER */ - #ifdef USE_WOLF_STRTOK - WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp); - #endif - #ifdef USE_WOLF_STRSEP - WOLFSSL_API char* wc_strsep(char **stringp, const char *delim); - #endif - - #ifdef USE_WOLF_STRLCPY - WOLFSSL_API size_t wc_strlcpy(char *dst, const char *src, size_t dstSize); - #define XSTRLCPY(s1,s2,n) wc_strlcpy((s1),(s2),(n)) - #endif - #ifdef USE_WOLF_STRLCAT - WOLFSSL_API size_t wc_strlcat(char *dst, const char *src, size_t dstSize); - #define XSTRLCAT(s1,s2,n) wc_strlcat((s1),(s2),(n)) - #endif - #ifdef USE_WOLF_STRCASECMP - WOLFSSL_API int wc_strcasecmp(const char *s1, const char *s2); - #endif - #ifdef USE_WOLF_STRNCASECMP - WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); - #endif +#ifdef USE_WOLF_STRTOK + WOLFSSL_API char* wc_strtok(char *str, const char *delim, char **nextp); +#endif +#ifdef USE_WOLF_STRSEP + WOLFSSL_API char* wc_strsep(char **stringp, const char *delim); +#endif - #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) - #define USE_WOLF_STRDUP - #endif - #ifdef USE_WOLF_STRDUP - WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType); - #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER) - #define XSTRDUP(src) wc_strdup(src) - #endif +#ifdef USE_WOLF_STRLCPY + WOLFSSL_API size_t wc_strlcpy(char *dst, const char *src, size_t dstSize); + #define XSTRLCPY(s1,s2,n) wc_strlcpy((s1),(s2),(n)) +#endif +#ifdef USE_WOLF_STRLCAT + WOLFSSL_API size_t wc_strlcat(char *dst, const char *src, size_t dstSize); + #define XSTRLCAT(s1,s2,n) wc_strlcat((s1),(s2),(n)) +#endif +#ifdef USE_WOLF_STRCASECMP + WOLFSSL_API int wc_strcasecmp(const char *s1, const char *s2); +#endif +#ifdef USE_WOLF_STRNCASECMP + WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); +#endif - #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - #ifndef XGETENV - #ifdef NO_GETENV - #define XGETENV(x) (NULL) - #else - #include - #define XGETENV getenv - #endif - #endif - #endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ +#if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) + #define USE_WOLF_STRDUP +#endif +#ifdef USE_WOLF_STRDUP + WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType); + #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER) + #define XSTRDUP(src) wc_strdup(src) +#endif - #ifndef CTYPE_USER - #ifndef WOLFSSL_LINUXKM - #include - #endif - #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ - defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \ - defined(OPENSSL_EXTRA) - #define XTOUPPER(c) toupper((c)) - #endif - #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - #define XISALNUM(c) isalnum((c)) - #if !defined(HAVE_ISASCII) || defined(NO_STDLIB_ISASCII) - #define XISASCII(c) (((c) >= 0 && (c) <= 127) ? 1 : 0) +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + #ifndef XGETENV + #ifdef NO_GETENV + #define XGETENV(x) (NULL) #else - #define XISASCII(c) isascii((c)) - #endif - #define XISSPACE(c) isspace((c)) + #include + #define XGETENV getenv #endif - /* needed by wolfSSL_check_domain_name() */ - #define XTOLOWER(c) tolower((c)) #endif +#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ - #ifndef WC_OFFSETOF - #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4)) - #define WC_OFFSETOF(type, field) __builtin_offsetof(type, field) - #elif defined(__WATCOMC__) - #include - #define WC_OFFSETOF offsetof - #else - #define WC_OFFSETOF(type, field) ((size_t)&(((type *)0)->field)) - #endif +#ifndef CTYPE_USER + #ifndef WOLFSSL_LINUXKM + #include #endif - - - /* memory allocation types for user hints */ - enum { - DYNAMIC_TYPE_CA = 1, - DYNAMIC_TYPE_CERT = 2, - DYNAMIC_TYPE_KEY = 3, - DYNAMIC_TYPE_FILE = 4, - DYNAMIC_TYPE_SUBJECT_CN = 5, - DYNAMIC_TYPE_PUBLIC_KEY = 6, - DYNAMIC_TYPE_SIGNER = 7, - DYNAMIC_TYPE_NONE = 8, - DYNAMIC_TYPE_BIGINT = 9, - DYNAMIC_TYPE_RSA = 10, - DYNAMIC_TYPE_METHOD = 11, - DYNAMIC_TYPE_OUT_BUFFER = 12, - DYNAMIC_TYPE_IN_BUFFER = 13, - DYNAMIC_TYPE_INFO = 14, - DYNAMIC_TYPE_DH = 15, - DYNAMIC_TYPE_DOMAIN = 16, - DYNAMIC_TYPE_SSL = 17, - DYNAMIC_TYPE_CTX = 18, - DYNAMIC_TYPE_WRITEV = 19, - DYNAMIC_TYPE_OPENSSL = 20, - DYNAMIC_TYPE_DSA = 21, - DYNAMIC_TYPE_CRL = 22, - DYNAMIC_TYPE_REVOKED = 23, - DYNAMIC_TYPE_CRL_ENTRY = 24, - DYNAMIC_TYPE_CERT_MANAGER = 25, - DYNAMIC_TYPE_CRL_MONITOR = 26, - DYNAMIC_TYPE_OCSP_STATUS = 27, - DYNAMIC_TYPE_OCSP_ENTRY = 28, - DYNAMIC_TYPE_ALTNAME = 29, - DYNAMIC_TYPE_SUITES = 30, - DYNAMIC_TYPE_CIPHER = 31, - DYNAMIC_TYPE_RNG = 32, - DYNAMIC_TYPE_ARRAYS = 33, - DYNAMIC_TYPE_DTLS_POOL = 34, - DYNAMIC_TYPE_SOCKADDR = 35, - DYNAMIC_TYPE_LIBZ = 36, - DYNAMIC_TYPE_ECC = 37, - DYNAMIC_TYPE_TMP_BUFFER = 38, - DYNAMIC_TYPE_DTLS_MSG = 39, - DYNAMIC_TYPE_X509 = 40, - DYNAMIC_TYPE_TLSX = 41, - DYNAMIC_TYPE_OCSP = 42, - DYNAMIC_TYPE_SIGNATURE = 43, - DYNAMIC_TYPE_HASHES = 44, - DYNAMIC_TYPE_SRP = 45, - DYNAMIC_TYPE_COOKIE_PWD = 46, - DYNAMIC_TYPE_USER_CRYPTO = 47, - DYNAMIC_TYPE_OCSP_REQUEST = 48, - DYNAMIC_TYPE_X509_EXT = 49, - DYNAMIC_TYPE_X509_STORE = 50, - DYNAMIC_TYPE_X509_CTX = 51, - DYNAMIC_TYPE_URL = 52, - DYNAMIC_TYPE_DTLS_FRAG = 53, - DYNAMIC_TYPE_DTLS_BUFFER = 54, - DYNAMIC_TYPE_SESSION_TICK = 55, - DYNAMIC_TYPE_PKCS = 56, - DYNAMIC_TYPE_MUTEX = 57, - DYNAMIC_TYPE_PKCS7 = 58, - DYNAMIC_TYPE_AES_BUFFER = 59, - DYNAMIC_TYPE_WOLF_BIGINT = 60, - DYNAMIC_TYPE_ASN1 = 61, - DYNAMIC_TYPE_LOG = 62, - DYNAMIC_TYPE_WRITEDUP = 63, - DYNAMIC_TYPE_PRIVATE_KEY = 64, - DYNAMIC_TYPE_HMAC = 65, - DYNAMIC_TYPE_ASYNC = 66, - DYNAMIC_TYPE_ASYNC_NUMA = 67, - DYNAMIC_TYPE_ASYNC_NUMA64 = 68, - DYNAMIC_TYPE_CURVE25519 = 69, - DYNAMIC_TYPE_ED25519 = 70, - DYNAMIC_TYPE_SECRET = 71, - DYNAMIC_TYPE_DIGEST = 72, - DYNAMIC_TYPE_RSA_BUFFER = 73, - DYNAMIC_TYPE_DCERT = 74, - DYNAMIC_TYPE_STRING = 75, - DYNAMIC_TYPE_PEM = 76, - DYNAMIC_TYPE_DER = 77, - DYNAMIC_TYPE_CERT_EXT = 78, - DYNAMIC_TYPE_ALPN = 79, - DYNAMIC_TYPE_ENCRYPTEDINFO= 80, - DYNAMIC_TYPE_DIRCTX = 81, - DYNAMIC_TYPE_HASHCTX = 82, - DYNAMIC_TYPE_SEED = 83, - DYNAMIC_TYPE_SYMMETRIC_KEY= 84, - DYNAMIC_TYPE_ECC_BUFFER = 85, - DYNAMIC_TYPE_SALT = 87, - DYNAMIC_TYPE_HASH_TMP = 88, - DYNAMIC_TYPE_BLOB = 89, - DYNAMIC_TYPE_NAME_ENTRY = 90, - DYNAMIC_TYPE_CURVE448 = 91, - DYNAMIC_TYPE_ED448 = 92, - DYNAMIC_TYPE_AES = 93, - DYNAMIC_TYPE_CMAC = 94, - DYNAMIC_TYPE_FALCON = 95, - DYNAMIC_TYPE_SESSION = 96, - DYNAMIC_TYPE_DILITHIUM = 97, - DYNAMIC_TYPE_SPHINCS = 98, - DYNAMIC_TYPE_SM4_BUFFER = 99, - DYNAMIC_TYPE_DEBUG_TAG = 100, - DYNAMIC_TYPE_LMS = 101, - DYNAMIC_TYPE_BIO = 102, - DYNAMIC_TYPE_X509_ACERT = 103, - DYNAMIC_TYPE_OS_BUF = 104, - DYNAMIC_TYPE_ASCON = 105, - DYNAMIC_TYPE_SNIFFER_SERVER = 1000, - DYNAMIC_TYPE_SNIFFER_SESSION = 1001, - DYNAMIC_TYPE_SNIFFER_PB = 1002, - DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, - DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, - DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, - DYNAMIC_TYPE_SNIFFER_KEY = 1006, - DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, - DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008, - DYNAMIC_TYPE_AES_EAX = 1009 - }; - - /* max error buffer string size */ - #ifndef WOLFSSL_MAX_ERROR_SZ - #define WOLFSSL_MAX_ERROR_SZ 80 + #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ + defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \ + defined(OPENSSL_EXTRA) + #define XTOUPPER(c) toupper((c)) #endif + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #define XISALNUM(c) isalnum((c)) + #if !defined(HAVE_ISASCII) || defined(NO_STDLIB_ISASCII) + #define XISASCII(c) (((c) >= 0 && (c) <= 127) ? 1 : 0) + #else + #define XISASCII(c) isascii((c)) + #endif + #define XISSPACE(c) isspace((c)) + #endif + /* needed by wolfSSL_check_domain_name() */ + #define XTOLOWER(c) tolower((c)) +#endif - /* stack protection */ - enum { - MIN_STACK_BUFFER = 8 - }; - +#ifndef WC_OFFSETOF + #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4)) + #define WC_OFFSETOF(type, field) __builtin_offsetof(type, field) + #elif defined(__WATCOMC__) + #include + #define WC_OFFSETOF offsetof + #else + #define WC_OFFSETOF(type, field) ((size_t)&(((type *)0)->field)) + #endif +#endif - /* Algorithm Types */ - enum wc_AlgoType { - WC_ALGO_TYPE_NONE = 0, - WC_ALGO_TYPE_HASH = 1, - WC_ALGO_TYPE_CIPHER = 2, - WC_ALGO_TYPE_PK = 3, - WC_ALGO_TYPE_RNG = 4, - WC_ALGO_TYPE_SEED = 5, - WC_ALGO_TYPE_HMAC = 6, - WC_ALGO_TYPE_CMAC = 7, - WC_ALGO_TYPE_CERT = 8, - WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CERT - }; +/* memory allocation types for user hints */ +enum { + DYNAMIC_TYPE_CA = 1, + DYNAMIC_TYPE_CERT = 2, + DYNAMIC_TYPE_KEY = 3, + DYNAMIC_TYPE_FILE = 4, + DYNAMIC_TYPE_SUBJECT_CN = 5, + DYNAMIC_TYPE_PUBLIC_KEY = 6, + DYNAMIC_TYPE_SIGNER = 7, + DYNAMIC_TYPE_NONE = 8, + DYNAMIC_TYPE_BIGINT = 9, + DYNAMIC_TYPE_RSA = 10, + DYNAMIC_TYPE_METHOD = 11, + DYNAMIC_TYPE_OUT_BUFFER = 12, + DYNAMIC_TYPE_IN_BUFFER = 13, + DYNAMIC_TYPE_INFO = 14, + DYNAMIC_TYPE_DH = 15, + DYNAMIC_TYPE_DOMAIN = 16, + DYNAMIC_TYPE_SSL = 17, + DYNAMIC_TYPE_CTX = 18, + DYNAMIC_TYPE_WRITEV = 19, + DYNAMIC_TYPE_OPENSSL = 20, + DYNAMIC_TYPE_DSA = 21, + DYNAMIC_TYPE_CRL = 22, + DYNAMIC_TYPE_REVOKED = 23, + DYNAMIC_TYPE_CRL_ENTRY = 24, + DYNAMIC_TYPE_CERT_MANAGER = 25, + DYNAMIC_TYPE_CRL_MONITOR = 26, + DYNAMIC_TYPE_OCSP_STATUS = 27, + DYNAMIC_TYPE_OCSP_ENTRY = 28, + DYNAMIC_TYPE_ALTNAME = 29, + DYNAMIC_TYPE_SUITES = 30, + DYNAMIC_TYPE_CIPHER = 31, + DYNAMIC_TYPE_RNG = 32, + DYNAMIC_TYPE_ARRAYS = 33, + DYNAMIC_TYPE_DTLS_POOL = 34, + DYNAMIC_TYPE_SOCKADDR = 35, + DYNAMIC_TYPE_LIBZ = 36, + DYNAMIC_TYPE_ECC = 37, + DYNAMIC_TYPE_TMP_BUFFER = 38, + DYNAMIC_TYPE_DTLS_MSG = 39, + DYNAMIC_TYPE_X509 = 40, + DYNAMIC_TYPE_TLSX = 41, + DYNAMIC_TYPE_OCSP = 42, + DYNAMIC_TYPE_SIGNATURE = 43, + DYNAMIC_TYPE_HASHES = 44, + DYNAMIC_TYPE_SRP = 45, + DYNAMIC_TYPE_COOKIE_PWD = 46, + DYNAMIC_TYPE_USER_CRYPTO = 47, + DYNAMIC_TYPE_OCSP_REQUEST = 48, + DYNAMIC_TYPE_X509_EXT = 49, + DYNAMIC_TYPE_X509_STORE = 50, + DYNAMIC_TYPE_X509_CTX = 51, + DYNAMIC_TYPE_URL = 52, + DYNAMIC_TYPE_DTLS_FRAG = 53, + DYNAMIC_TYPE_DTLS_BUFFER = 54, + DYNAMIC_TYPE_SESSION_TICK = 55, + DYNAMIC_TYPE_PKCS = 56, + DYNAMIC_TYPE_MUTEX = 57, + DYNAMIC_TYPE_PKCS7 = 58, + DYNAMIC_TYPE_AES_BUFFER = 59, + DYNAMIC_TYPE_WOLF_BIGINT = 60, + DYNAMIC_TYPE_ASN1 = 61, + DYNAMIC_TYPE_LOG = 62, + DYNAMIC_TYPE_WRITEDUP = 63, + DYNAMIC_TYPE_PRIVATE_KEY = 64, + DYNAMIC_TYPE_HMAC = 65, + DYNAMIC_TYPE_ASYNC = 66, + DYNAMIC_TYPE_ASYNC_NUMA = 67, + DYNAMIC_TYPE_ASYNC_NUMA64 = 68, + DYNAMIC_TYPE_CURVE25519 = 69, + DYNAMIC_TYPE_ED25519 = 70, + DYNAMIC_TYPE_SECRET = 71, + DYNAMIC_TYPE_DIGEST = 72, + DYNAMIC_TYPE_RSA_BUFFER = 73, + DYNAMIC_TYPE_DCERT = 74, + DYNAMIC_TYPE_STRING = 75, + DYNAMIC_TYPE_PEM = 76, + DYNAMIC_TYPE_DER = 77, + DYNAMIC_TYPE_CERT_EXT = 78, + DYNAMIC_TYPE_ALPN = 79, + DYNAMIC_TYPE_ENCRYPTEDINFO= 80, + DYNAMIC_TYPE_DIRCTX = 81, + DYNAMIC_TYPE_HASHCTX = 82, + DYNAMIC_TYPE_SEED = 83, + DYNAMIC_TYPE_SYMMETRIC_KEY= 84, + DYNAMIC_TYPE_ECC_BUFFER = 85, + DYNAMIC_TYPE_SALT = 87, + DYNAMIC_TYPE_HASH_TMP = 88, + DYNAMIC_TYPE_BLOB = 89, + DYNAMIC_TYPE_NAME_ENTRY = 90, + DYNAMIC_TYPE_CURVE448 = 91, + DYNAMIC_TYPE_ED448 = 92, + DYNAMIC_TYPE_AES = 93, + DYNAMIC_TYPE_CMAC = 94, + DYNAMIC_TYPE_FALCON = 95, + DYNAMIC_TYPE_SESSION = 96, + DYNAMIC_TYPE_DILITHIUM = 97, + DYNAMIC_TYPE_SPHINCS = 98, + DYNAMIC_TYPE_SM4_BUFFER = 99, + DYNAMIC_TYPE_DEBUG_TAG = 100, + DYNAMIC_TYPE_LMS = 101, + DYNAMIC_TYPE_BIO = 102, + DYNAMIC_TYPE_X509_ACERT = 103, + DYNAMIC_TYPE_OS_BUF = 104, + DYNAMIC_TYPE_ASCON = 105, + DYNAMIC_TYPE_SNIFFER_SERVER = 1000, + DYNAMIC_TYPE_SNIFFER_SESSION = 1001, + DYNAMIC_TYPE_SNIFFER_PB = 1002, + DYNAMIC_TYPE_SNIFFER_PB_BUFFER = 1003, + DYNAMIC_TYPE_SNIFFER_TICKET_ID = 1004, + DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, + DYNAMIC_TYPE_SNIFFER_KEY = 1006, + DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, + DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER = 1008, + DYNAMIC_TYPE_AES_EAX = 1009 +}; + +/* max error buffer string size */ +#ifndef WOLFSSL_MAX_ERROR_SZ + #define WOLFSSL_MAX_ERROR_SZ 80 +#endif - /* hash types */ - enum wc_HashType { - #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ - ((! defined(HAVE_FIPS_VERSION)) || \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))) - /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types. - * Values here are based on old selftest hmac.h enum, with additions. - * These values are fixed for backwards FIPS compatibility */ - WC_HASH_TYPE_NONE = 15, - WC_HASH_TYPE_MD2 = 16, - WC_HASH_TYPE_MD4 = 17, - WC_HASH_TYPE_MD5 = 0, - WC_HASH_TYPE_SHA = 1, /* SHA-1 (not old SHA-0) */ - WC_HASH_TYPE_SHA224 = 8, - WC_HASH_TYPE_SHA256 = 2, - WC_HASH_TYPE_SHA384 = 5, - WC_HASH_TYPE_SHA512 = 4, - WC_HASH_TYPE_MD5_SHA = 18, - WC_HASH_TYPE_SHA3_224 = 10, - WC_HASH_TYPE_SHA3_256 = 11, - WC_HASH_TYPE_SHA3_384 = 12, - WC_HASH_TYPE_SHA3_512 = 13, - WC_HASH_TYPE_BLAKE2B = 14, - WC_HASH_TYPE_BLAKE2S = 19, - WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S, - #ifndef WOLFSSL_NOSHA512_224 - #define WOLFSSL_NOSHA512_224 - #endif - #ifndef WOLFSSL_NOSHA512_256 - #define WOLFSSL_NOSHA512_256 - #endif - #else - WC_HASH_TYPE_NONE = 0, - WC_HASH_TYPE_MD2 = 1, - WC_HASH_TYPE_MD4 = 2, - WC_HASH_TYPE_MD5 = 3, - WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ - WC_HASH_TYPE_SHA224 = 5, - WC_HASH_TYPE_SHA256 = 6, - WC_HASH_TYPE_SHA384 = 7, - WC_HASH_TYPE_SHA512 = 8, - WC_HASH_TYPE_MD5_SHA = 9, - WC_HASH_TYPE_SHA3_224 = 10, - WC_HASH_TYPE_SHA3_256 = 11, - WC_HASH_TYPE_SHA3_384 = 12, - WC_HASH_TYPE_SHA3_512 = 13, - WC_HASH_TYPE_BLAKE2B = 14, - WC_HASH_TYPE_BLAKE2S = 15, - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S - #ifndef WOLFSSL_NOSHA512_224 - WC_HASH_TYPE_SHA512_224 = 16, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 - #endif - #ifndef WOLFSSL_NOSHA512_256 - WC_HASH_TYPE_SHA512_256 = 17, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 - #endif - #ifdef WOLFSSL_SHAKE128 - WC_HASH_TYPE_SHAKE128 = 18, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE128 - #endif - #ifdef WOLFSSL_SHAKE256 - WC_HASH_TYPE_SHAKE256 = 19, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 - #endif - #ifdef WOLFSSL_SM3 - WC_HASH_TYPE_SM3 = 20, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SM3 - #endif - WC_HASH_TYPE_MAX = _WC_HASH_TYPE_MAX +/* stack protection */ +enum { + MIN_STACK_BUFFER = 8 +}; + + +/* Algorithm Types */ +enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + WC_ALGO_TYPE_RNG = 4, + WC_ALGO_TYPE_SEED = 5, + WC_ALGO_TYPE_HMAC = 6, + WC_ALGO_TYPE_CMAC = 7, + WC_ALGO_TYPE_CERT = 8, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CERT +}; + +/* hash types */ +enum wc_HashType { +#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ + ((! defined(HAVE_FIPS_VERSION)) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))) + /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types. + * Values here are based on old selftest hmac.h enum, with additions. + * These values are fixed for backwards FIPS compatibility */ + WC_HASH_TYPE_NONE = 15, + WC_HASH_TYPE_MD2 = 16, + WC_HASH_TYPE_MD4 = 17, + WC_HASH_TYPE_MD5 = 0, + WC_HASH_TYPE_SHA = 1, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 8, + WC_HASH_TYPE_SHA256 = 2, + WC_HASH_TYPE_SHA384 = 5, + WC_HASH_TYPE_SHA512 = 4, + WC_HASH_TYPE_MD5_SHA = 18, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + WC_HASH_TYPE_BLAKE2S = 19, + WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S, + #ifndef WOLFSSL_NOSHA512_224 + #define WOLFSSL_NOSHA512_224 + #endif + #ifndef WOLFSSL_NOSHA512_256 + #define WOLFSSL_NOSHA512_256 + #endif +#else + WC_HASH_TYPE_NONE = 0, + WC_HASH_TYPE_MD2 = 1, + WC_HASH_TYPE_MD4 = 2, + WC_HASH_TYPE_MD5 = 3, + WC_HASH_TYPE_SHA = 4, /* SHA-1 (not old SHA-0) */ + WC_HASH_TYPE_SHA224 = 5, + WC_HASH_TYPE_SHA256 = 6, + WC_HASH_TYPE_SHA384 = 7, + WC_HASH_TYPE_SHA512 = 8, + WC_HASH_TYPE_MD5_SHA = 9, + WC_HASH_TYPE_SHA3_224 = 10, + WC_HASH_TYPE_SHA3_256 = 11, + WC_HASH_TYPE_SHA3_384 = 12, + WC_HASH_TYPE_SHA3_512 = 13, + WC_HASH_TYPE_BLAKE2B = 14, + WC_HASH_TYPE_BLAKE2S = 15, + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S + #ifndef WOLFSSL_NOSHA512_224 + WC_HASH_TYPE_SHA512_224 = 16, #undef _WC_HASH_TYPE_MAX - - #endif /* HAVE_SELFTEST */ - }; - - enum wc_HashFlags { - WC_HASH_FLAG_NONE = 0x00000000, - WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */ - WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */ - #ifdef WOLFSSL_SHA3 - WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */ + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 #endif - WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) - }; - - /* cipher types */ - enum wc_CipherType { - WC_CIPHER_NONE = 0, - WC_CIPHER_AES = 1, - WC_CIPHER_AES_CBC = 2, - WC_CIPHER_AES_GCM = 3, - WC_CIPHER_AES_CTR = 4, - WC_CIPHER_AES_XTS = 5, - WC_CIPHER_AES_CFB = 6, - WC_CIPHER_AES_CCM = 12, - WC_CIPHER_AES_ECB = 13, - WC_CIPHER_DES3 = 7, - WC_CIPHER_DES = 8, - WC_CIPHER_CHACHA = 9, - - WC_CIPHER_MAX = WC_CIPHER_AES_CCM - }; - - /* PK=public key (asymmetric) based algorithms */ - enum wc_PkType { - WC_PK_TYPE_NONE = 0, - WC_PK_TYPE_RSA = 1, - WC_PK_TYPE_DH = 2, - WC_PK_TYPE_ECDH = 3, - WC_PK_TYPE_ECDSA_SIGN = 4, - WC_PK_TYPE_ECDSA_VERIFY = 5, - WC_PK_TYPE_ED25519_SIGN = 6, - WC_PK_TYPE_CURVE25519 = 7, - WC_PK_TYPE_RSA_KEYGEN = 8, - WC_PK_TYPE_EC_KEYGEN = 9, - WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10, - WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11, - WC_PK_TYPE_ED448 = 12, - WC_PK_TYPE_CURVE448 = 13, - WC_PK_TYPE_ED25519_VERIFY = 14, - WC_PK_TYPE_ED25519_KEYGEN = 15, - WC_PK_TYPE_CURVE25519_KEYGEN = 16, - WC_PK_TYPE_RSA_GET_SIZE = 17, - #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE - #if defined(WOLFSSL_HAVE_MLKEM) - WC_PK_TYPE_PQC_KEM_KEYGEN = 18, - WC_PK_TYPE_PQC_KEM_ENCAPS = 19, - WC_PK_TYPE_PQC_KEM_DECAPS = 20, - #undef _WC_PK_TYPE_MAX - #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS + #ifndef WOLFSSL_NOSHA512_256 + WC_HASH_TYPE_SHA512_256 = 17, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 #endif - #if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) - WC_PK_TYPE_PQC_SIG_KEYGEN = 21, - WC_PK_TYPE_PQC_SIG_SIGN = 22, - WC_PK_TYPE_PQC_SIG_VERIFY = 23, - WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY = 24, - #undef _WC_PK_TYPE_MAX - #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY + #ifdef WOLFSSL_SHAKE128 + WC_HASH_TYPE_SHAKE128 = 18, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE128 #endif - WC_PK_TYPE_RSA_PKCS = 25, - WC_PK_TYPE_RSA_PSS = 26, - WC_PK_TYPE_RSA_OAEP = 27, - WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX - }; + #ifdef WOLFSSL_SHAKE256 + WC_HASH_TYPE_SHAKE256 = 19, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 + #endif + #ifdef WOLFSSL_SM3 + WC_HASH_TYPE_SM3 = 20, + #undef _WC_HASH_TYPE_MAX + #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SM3 + #endif + WC_HASH_TYPE_MAX = _WC_HASH_TYPE_MAX + #undef _WC_HASH_TYPE_MAX + +#endif /* HAVE_SELFTEST */ +}; + +enum wc_HashFlags { + WC_HASH_FLAG_NONE = 0x00000000, + WC_HASH_FLAG_WILLCOPY = 0x00000001, /* flag to indicate hash will be copied */ + WC_HASH_FLAG_ISCOPY = 0x00000002, /* hash is copy */ +#ifdef WOLFSSL_SHA3 + WC_HASH_SHA3_KECCAK256 =0x00010000, /* Older KECCAK256 */ +#endif + WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) +}; + +/* cipher types */ +enum wc_CipherType { + WC_CIPHER_NONE = 0, + WC_CIPHER_AES = 1, + WC_CIPHER_AES_CBC = 2, + WC_CIPHER_AES_GCM = 3, + WC_CIPHER_AES_CTR = 4, + WC_CIPHER_AES_XTS = 5, + WC_CIPHER_AES_CFB = 6, + WC_CIPHER_AES_CCM = 12, + WC_CIPHER_AES_ECB = 13, + WC_CIPHER_DES3 = 7, + WC_CIPHER_DES = 8, + WC_CIPHER_CHACHA = 9, + + WC_CIPHER_MAX = WC_CIPHER_AES_CCM +}; + +/* PK=public key (asymmetric) based algorithms */ +enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519_SIGN = 6, + WC_PK_TYPE_CURVE25519 = 7, + WC_PK_TYPE_RSA_KEYGEN = 8, + WC_PK_TYPE_EC_KEYGEN = 9, + WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10, + WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11, + WC_PK_TYPE_ED448 = 12, + WC_PK_TYPE_CURVE448 = 13, + WC_PK_TYPE_ED25519_VERIFY = 14, + WC_PK_TYPE_ED25519_KEYGEN = 15, + WC_PK_TYPE_CURVE25519_KEYGEN = 16, + WC_PK_TYPE_RSA_GET_SIZE = 17, + #define _WC_PK_TYPE_MAX WC_PK_TYPE_RSA_GET_SIZE +#if defined(WOLFSSL_HAVE_MLKEM) + WC_PK_TYPE_PQC_KEM_KEYGEN = 18, + WC_PK_TYPE_PQC_KEM_ENCAPS = 19, + WC_PK_TYPE_PQC_KEM_DECAPS = 20, + #undef _WC_PK_TYPE_MAX + #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_KEM_DECAPS +#endif +#if defined(HAVE_DILITHIUM) || defined(HAVE_FALCON) + WC_PK_TYPE_PQC_SIG_KEYGEN = 21, + WC_PK_TYPE_PQC_SIG_SIGN = 22, + WC_PK_TYPE_PQC_SIG_VERIFY = 23, + WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY = 24, + #undef _WC_PK_TYPE_MAX + #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY +#endif + WC_PK_TYPE_RSA_PKCS = 25, + WC_PK_TYPE_RSA_PSS = 26, + WC_PK_TYPE_RSA_OAEP = 27, + WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX +}; #if defined(WOLFSSL_HAVE_MLKEM) /* Post quantum KEM algorithms */ @@ -1360,253 +1407,171 @@ typedef struct w64wrapper { }; #endif - /* settings detection for compile vs runtime math incompatibilities */ - enum { - #if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) - CTC_SETTINGS = 0x0 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) - CTC_SETTINGS = 0x1 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) - CTC_SETTINGS = 0x2 - #elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) - CTC_SETTINGS = 0x4 - #elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) - CTC_SETTINGS = 0x8 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) - CTC_SETTINGS = 0x10 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) - CTC_SETTINGS = 0x20 - #elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) - CTC_SETTINGS = 0x40 - #else - #error "bad math long / long long settings" - #endif - }; +/* settings detection for compile vs runtime math incompatibilities */ +enum { +#if !defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x0 +#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x1 +#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x2 +#elif !defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x4 +#elif defined(USE_FAST_MATH) && !defined(SIZEOF_LONG) && !defined(SIZEOF_LONG_LONG) + CTC_SETTINGS = 0x8 +#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG) && (SIZEOF_LONG == 8) + CTC_SETTINGS = 0x10 +#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 8) + CTC_SETTINGS = 0x20 +#elif defined(USE_FAST_MATH) && defined(SIZEOF_LONG_LONG) && (SIZEOF_LONG_LONG == 4) + CTC_SETTINGS = 0x40 +#else + #error "bad math long / long long settings" +#endif +}; - WOLFSSL_API word32 CheckRunTimeSettings(void); - /* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long - types need to match at compile time and run time, CheckCtcSettings will - return 1 if a match otherwise 0 */ - #define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) +WOLFSSL_API word32 CheckRunTimeSettings(void); - /* invalid device id */ - #define INVALID_DEVID (-2) +/* If user uses RSA, DH, DSA, or ECC math lib directly then fast math and long + * types need to match at compile time and run time, CheckCtcSettings will + * return 1 if a match otherwise 0 */ +#define CheckCtcSettings() (CTC_SETTINGS == CheckRunTimeSettings()) - #if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) - #ifdef XASM_LINK - #error User-supplied XASM_LINK is not compatible with this FIPS version. - #else - /* use version in FIPS <=5.2 aes.c */ - #endif - #elif defined(XASM_LINK) - /* keep user-supplied definition */ - #elif defined(WOLFSSL_NO_ASM) - #define XASM_LINK(f) /* null expansion */ - #elif defined(_MSC_VER) - #define XASM_LINK(f) /* null expansion */ - #elif defined(__APPLE__) - #define XASM_LINK(f) asm("_" f) - #elif defined(__GNUC__) - /* use alternate keyword for compatibility with -std=c99 */ - #define XASM_LINK(f) __asm__(f) +/* invalid device id */ +#define INVALID_DEVID (-2) + +#if defined(HAVE_FIPS) && FIPS_VERSION_LT(5,3) + #ifdef XASM_LINK + #error User-supplied XASM_LINK is not compatible with this FIPS version. #else - #define XASM_LINK(f) asm(f) - #endif + /* use version in FIPS <=5.2 aes.c */ + #endif +#elif defined(XASM_LINK) + /* keep user-supplied definition */ +#elif defined(WOLFSSL_NO_ASM) + #define XASM_LINK(f) /* null expansion */ +#elif defined(_MSC_VER) + #define XASM_LINK(f) /* null expansion */ +#elif defined(__APPLE__) + #define XASM_LINK(f) asm("_" f) +#elif defined(__GNUC__) + /* use alternate keyword for compatibility with -std=c99 */ + #define XASM_LINK(f) __asm__(f) +#else + #define XASM_LINK(f) asm(f) +#endif - /* AESNI requires alignment and ARMASM gains some performance from it. - * Xilinx RSA operations require alignment. - */ - #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ - defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) || \ - defined(WOLFSSL_XILINX) - #ifndef WOLFSSL_USE_ALIGN - #define WOLFSSL_USE_ALIGN - #endif - #endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || \ - * WOLFSSL_AFALG_XILINX */ - - /* Helpers for memory alignment */ - #ifndef XALIGNED - #if defined(__GNUC__) || defined(__llvm__) || \ - defined(__IAR_SYSTEMS_ICC__) - #define XALIGNED(x) __attribute__ ( (aligned (x))) - #elif defined(__KEIL__) - #define XALIGNED(x) __align(x) - #elif defined(_MSC_VER) - /* disable align warning, we want alignment ! */ - #pragma warning(disable: 4324) - #define XALIGNED(x) __declspec (align (x)) - #else - #define XALIGNED(x) /* null expansion */ +/* AESNI requires alignment and ARMASM gains some performance from it. + * Xilinx RSA operations require alignment. + */ +#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \ + defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_AFALG_XILINX) || \ + defined(WOLFSSL_XILINX) + #ifndef WOLFSSL_USE_ALIGN + #define WOLFSSL_USE_ALIGN #endif +#endif /* WOLFSSL_AESNI || WOLFSSL_ARMASM || USE_INTEL_SPEEDUP || \ + * WOLFSSL_AFALG_XILINX */ + +/* Helpers for memory alignment */ +#ifndef XALIGNED + #if defined(__GNUC__) || defined(__llvm__) || \ + defined(__IAR_SYSTEMS_ICC__) + #define XALIGNED(x) __attribute__ ( (aligned (x))) + #elif defined(__KEIL__) + #define XALIGNED(x) __align(x) + #elif defined(_MSC_VER) + /* disable align warning, we want alignment ! */ + #pragma warning(disable: 4324) + #define XALIGNED(x) __declspec (align (x)) + #else + #define XALIGNED(x) /* null expansion */ #endif +#endif - /* Only use alignment in wolfSSL/wolfCrypt if WOLFSSL_USE_ALIGN is set */ - #ifdef WOLFSSL_USE_ALIGN - /* For IAR ARM the maximum variable alignment on stack is 8-bytes. - * Variables declared outside stack (like static globals) can have - * higher alignment. */ - #if defined(__ICCARM__) - #define WOLFSSL_ALIGN(x) XALIGNED(8) - #else - #define WOLFSSL_ALIGN(x) XALIGNED(x) - #endif +/* Only use alignment in wolfSSL/wolfCrypt if WOLFSSL_USE_ALIGN is set */ +#ifdef WOLFSSL_USE_ALIGN + /* For IAR ARM the maximum variable alignment on stack is 8-bytes. + * Variables declared outside stack (like static globals) can have + * higher alignment. */ + #if defined(__ICCARM__) + #define WOLFSSL_ALIGN(x) XALIGNED(8) #else - #define WOLFSSL_ALIGN(x) /* null expansion */ + #define WOLFSSL_ALIGN(x) XALIGNED(x) #endif +#else + #define WOLFSSL_ALIGN(x) /* null expansion */ +#endif - #ifndef ALIGN8 - #define ALIGN8 WOLFSSL_ALIGN(8) - #endif - #ifndef ALIGN16 - #define ALIGN16 WOLFSSL_ALIGN(16) - #endif - #ifndef ALIGN32 - #define ALIGN32 WOLFSSL_ALIGN(32) - #endif - #ifndef ALIGN64 - #define ALIGN64 WOLFSSL_ALIGN(64) - #endif - #ifndef ALIGN128 - #define ALIGN128 WOLFSSL_ALIGN(128) - #endif - #ifndef ALIGN256 - #define ALIGN256 WOLFSSL_ALIGN(256) - #endif +#ifndef ALIGN8 + #define ALIGN8 WOLFSSL_ALIGN(8) +#endif +#ifndef ALIGN16 + #define ALIGN16 WOLFSSL_ALIGN(16) +#endif +#ifndef ALIGN32 + #define ALIGN32 WOLFSSL_ALIGN(32) +#endif +#ifndef ALIGN64 + #define ALIGN64 WOLFSSL_ALIGN(64) +#endif +#ifndef ALIGN128 + #define ALIGN128 WOLFSSL_ALIGN(128) +#endif +#ifndef ALIGN256 + #define ALIGN256 WOLFSSL_ALIGN(256) +#endif - #if !defined(PEDANTIC_EXTENSION) - #if defined(__GNUC__) - #define PEDANTIC_EXTENSION __extension__ - #else - #define PEDANTIC_EXTENSION - #endif - #endif /* !PEDANTIC_EXTENSION */ +#if !defined(PEDANTIC_EXTENSION) + #if defined(__GNUC__) + #define PEDANTIC_EXTENSION __extension__ + #else + #define PEDANTIC_EXTENSION + #endif +#endif /* !PEDANTIC_EXTENSION */ - #ifndef TRUE - #define TRUE 1 - #endif - #ifndef FALSE - #define FALSE 0 - #endif +#ifndef TRUE + #define TRUE 1 +#endif +#ifndef FALSE + #define FALSE 0 +#endif - #ifdef SINGLE_THREADED - #if defined(WC_32BIT_CPU) || defined(HAVE_STACK_SIZE) - typedef void* THREAD_RETURN; - #else - typedef unsigned int THREAD_RETURN; - #endif - typedef void* THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_USER_THREADING) - /* User can define user specific threading types - * THREAD_RETURN - * TREAD_TYPE - * WOLFSSL_THREAD - * e.g. - * typedef unsigned int THREAD_RETURN; - * typedef size_t THREAD_TYPE; - * #define WOLFSSL_THREAD void - * - * User can also implement their own wolfSSL_NewThread(), - * wolfSSL_JoinThread() and wolfSSL_Cond signaling if they want. - * Otherwise, those functions are omitted. - */ - #elif defined(__WATCOMC__) - #if __WATCOMC__ < 1300 - #define _WCCALLBACK - #endif - #if defined(__NT__) - typedef unsigned THREAD_RETURN; - typedef uintptr_t THREAD_TYPE; - typedef struct COND_TYPE { - wolfSSL_Mutex mutex; - HANDLE cond; - } COND_TYPE; - #define WOLFSSL_COND - #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE)) - #define WOLFSSL_THREAD __stdcall - #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK - #elif defined(__OS2__) - #define WOLFSSL_THREAD_VOID_RETURN - typedef void THREAD_RETURN; - typedef TID THREAD_TYPE; - typedef struct COND_TYPE { - wolfSSL_Mutex mutex; - LHANDLE cond; - } COND_TYPE; - #define WOLFSSL_COND - #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1)) - #define WOLFSSL_THREAD _WCCALLBACK - #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK - #elif defined(__LINUX__) - #include - typedef struct COND_TYPE { - pthread_mutex_t mutex; - pthread_cond_t cond; - } COND_TYPE; - typedef void* THREAD_RETURN; - typedef pthread_t THREAD_TYPE; - #define WOLFSSL_COND - #define WOLFSSL_THREAD - #ifndef HAVE_SELFTEST - #define WOLFSSL_THREAD_NO_JOIN - #endif - #endif - #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \ - defined(FREESCALE_MQX) - typedef unsigned int THREAD_RETURN; - typedef int THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_NUCLEUS) - typedef unsigned int THREAD_RETURN; - typedef intptr_t THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_TIRTOS) - typedef void THREAD_RETURN; - #define WOLFSSL_THREAD_VOID_RETURN - typedef Task_Handle THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_ZEPHYR) - typedef void THREAD_RETURN; - #define WOLFSSL_THREAD_VOID_RETURN - typedef struct { - /* Zephyr k_thread can be large, > 128 bytes. */ - struct k_thread* tid; - k_thread_stack_t* threadStack; - } THREAD_TYPE; - #define WOLFSSL_THREAD - extern void* wolfsslThreadHeapHint; - #elif defined(NETOS) - typedef UINT THREAD_RETURN; - typedef struct { - TX_THREAD tid; - void* threadStack; - } THREAD_TYPE; - #define WOLFSSL_THREAD - #define INFINITE TX_WAIT_FOREVER - #define WAIT_OBJECT_0 TX_NO_WAIT - #elif defined(WOLFSSL_LINUXKM) - typedef unsigned int THREAD_RETURN; - typedef size_t THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(WOLFSSL_PTHREADS) - #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \ - && !defined(__ppc__) - #include - typedef struct COND_TYPE { - wolfSSL_Mutex mutex; - dispatch_semaphore_t cond; - } COND_TYPE; - #else - #include - typedef struct COND_TYPE { - pthread_mutex_t mutex; - pthread_cond_t cond; - } COND_TYPE; - #endif +#ifdef SINGLE_THREADED + #if defined(WC_32BIT_CPU) || defined(HAVE_STACK_SIZE) + typedef void* THREAD_RETURN; + #else + typedef unsigned int THREAD_RETURN; + #endif + typedef void* THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(WOLFSSL_USER_THREADING) + /* User can define user specific threading types + * THREAD_RETURN + * TREAD_TYPE + * WOLFSSL_THREAD + * e.g. + * typedef unsigned int THREAD_RETURN; + * typedef size_t THREAD_TYPE; + * #define WOLFSSL_THREAD void + * + * User can also implement their own wolfSSL_NewThread(), + * wolfSSL_JoinThread() and wolfSSL_Cond signaling if they want. + * Otherwise, those functions are omitted. + */ +#elif defined(__WATCOMC__) + #if __WATCOMC__ < 1300 + #define _WCCALLBACK + #endif + #if defined(__MACH__) + #include + #include + typedef struct COND_TYPE { + dispatch_semaphore_t cond; + } COND_TYPE; typedef void* THREAD_RETURN; typedef pthread_t THREAD_TYPE; #define WOLFSSL_COND @@ -1614,15 +1579,7 @@ typedef struct w64wrapper { #ifndef HAVE_SELFTEST #define WOLFSSL_THREAD_NO_JOIN #endif - #elif defined(FREERTOS) && defined(WOLFSSL_ESPIDF) - typedef void* THREAD_RETURN; - typedef pthread_t THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(FREERTOS) - typedef unsigned int THREAD_RETURN; - typedef TaskHandle_t THREAD_TYPE; - #define WOLFSSL_THREAD - #elif defined(USE_WINDOWS_API) + #elif defined(__NT__) typedef unsigned THREAD_RETURN; typedef uintptr_t THREAD_TYPE; typedef struct COND_TYPE { @@ -1632,302 +1589,555 @@ typedef struct w64wrapper { #define WOLFSSL_COND #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE)) #define WOLFSSL_THREAD __stdcall - #if !defined(__MINGW32__) - #define WOLFSSL_THREAD_NO_JOIN __cdecl - #endif - #elif defined(THREADX) - typedef unsigned int THREAD_RETURN; - typedef TX_THREAD THREAD_TYPE; + #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK + #elif defined(__OS2__) + #define WOLFSSL_THREAD_VOID_RETURN + typedef void THREAD_RETURN; + typedef TID THREAD_TYPE; + typedef struct COND_TYPE { + wolfSSL_Mutex mutex; + LHANDLE cond; + } COND_TYPE; + #define WOLFSSL_COND + #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1)) + #define WOLFSSL_THREAD _WCCALLBACK + #define WOLFSSL_THREAD_NO_JOIN _WCCALLBACK + #elif defined(__LINUX__) + #include + typedef struct COND_TYPE { + pthread_mutex_t mutex; + pthread_cond_t cond; + } COND_TYPE; + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define WOLFSSL_COND #define WOLFSSL_THREAD + #ifndef HAVE_SELFTEST + #define WOLFSSL_THREAD_NO_JOIN + #endif + #endif +#elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) || \ + defined(FREESCALE_MQX) + typedef unsigned int THREAD_RETURN; + typedef int THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(WOLFSSL_NUCLEUS) + typedef unsigned int THREAD_RETURN; + typedef intptr_t THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(WOLFSSL_TIRTOS) + typedef void THREAD_RETURN; + #define WOLFSSL_THREAD_VOID_RETURN + typedef Task_Handle THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(WOLFSSL_ZEPHYR) + typedef void THREAD_RETURN; + #define WOLFSSL_THREAD_VOID_RETURN + typedef struct { + /* Zephyr k_thread can be large, > 128 bytes. */ + struct k_thread* tid; + k_thread_stack_t* threadStack; + } THREAD_TYPE; + #define WOLFSSL_THREAD + extern void* wolfsslThreadHeapHint; +#elif defined(NETOS) + typedef UINT THREAD_RETURN; + typedef struct { + TX_THREAD tid; + void* threadStack; + } THREAD_TYPE; + #define WOLFSSL_THREAD + #define INFINITE TX_WAIT_FOREVER + #define WAIT_OBJECT_0 TX_NO_WAIT +#elif defined(WOLFSSL_LINUXKM) + typedef unsigned int THREAD_RETURN; + typedef size_t THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(WOLFSSL_PTHREADS) + #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \ + && !defined(__ppc__) + #include + typedef struct COND_TYPE { + wolfSSL_Mutex mutex; + dispatch_semaphore_t cond; + } COND_TYPE; #else - typedef unsigned int THREAD_RETURN; - typedef size_t THREAD_TYPE; - #define WOLFSSL_THREAD __stdcall + #include + typedef struct COND_TYPE { + pthread_mutex_t mutex; + pthread_cond_t cond; + } COND_TYPE; #endif + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define WOLFSSL_COND + #define WOLFSSL_THREAD + #ifndef HAVE_SELFTEST + #define WOLFSSL_THREAD_NO_JOIN + #endif +#elif defined(FREERTOS) && defined(WOLFSSL_ESPIDF) + typedef void* THREAD_RETURN; + typedef pthread_t THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(FREERTOS) + typedef unsigned int THREAD_RETURN; + typedef TaskHandle_t THREAD_TYPE; + #define WOLFSSL_THREAD +#elif defined(_WIN32_WCE) + typedef unsigned THREAD_RETURN; + typedef size_t THREAD_TYPE; + typedef struct COND_TYPE { + wolfSSL_Mutex mutex; + HANDLE cond; + } COND_TYPE; + #define WOLFSSL_COND + #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE)) + #define WOLFSSL_THREAD __stdcall + #define WOLFSSL_THREAD_NO_JOIN __cdecl +#elif defined(USE_WINDOWS_API) + typedef unsigned THREAD_RETURN; + typedef uintptr_t THREAD_TYPE; + typedef struct COND_TYPE { + wolfSSL_Mutex mutex; + HANDLE cond; + } COND_TYPE; + #define WOLFSSL_COND + #define INVALID_THREAD_VAL ((THREAD_TYPE)(INVALID_HANDLE_VALUE)) + #define WOLFSSL_THREAD __stdcall + #if !defined(__MINGW32__) + #define WOLFSSL_THREAD_NO_JOIN __cdecl + #endif +#elif defined(THREADX) + typedef unsigned int THREAD_RETURN; + typedef TX_THREAD THREAD_TYPE; + #define WOLFSSL_THREAD +#else + typedef unsigned int THREAD_RETURN; + typedef size_t THREAD_TYPE; + #define WOLFSSL_THREAD __stdcall +#endif - #ifndef SINGLE_THREADED - /* Necessary headers should already be included. */ - - #ifndef INVALID_THREAD_VAL - #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1)) - #endif - - #ifndef WOLFSSL_THREAD_VOID_RETURN - #define WOLFSSL_RETURN_FROM_THREAD(x) return (THREAD_RETURN)(x) - #else - #define WOLFSSL_RETURN_FROM_THREAD(x) \ - do { (void)(x); return; } while(0) - #endif - - /* List of defines/types and what they mean: - * THREAD_RETURN - return type of a thread callback - * THREAD_TYPE - type that should be passed into thread handling API - * INVALID_THREAD_VAL - a value that THREAD_TYPE can be checked against - * to check if the value is an invalid thread - * WOLFSSL_THREAD - attribute that should be used to declare thread - * callbacks - * WOLFSSL_COND - defined if this system supports signaling - * COND_TYPE - type that should be passed into the signaling API - * WOLFSSL_THREAD_VOID_RETURN - defined if the thread callback has a - * void return - * WOLFSSL_RETURN_FROM_THREAD - define used to correctly return from a - * thread callback - * THREAD_CB - thread callback type for regular threading API - * - * WOLFSSL_THREAD_NO_JOIN - attribute used to declare thread callbacks - * that do not require cleanup - * THREAD_CB_NOJOIN - thread callback type for thread APIs that do not - * require cleanup - * THREAD_RETURN_NOJOIN - return type used to declare thread callbacks - * that do not require cleanup - * RETURN_FROM_THREAD_NOJOIN - define used to correctly return from - * a thread callback that do not require - * cleanup - * - * Other defines/types are specific for the threading implementation - */ - - /* Internal wolfSSL threading interface. It does NOT need to be ported - * during initial porting efforts. This is a very basic interface. Some - * areas don't use this interface on purpose as they need more control - * over threads. - * - * It is currently used for: - * - CRL monitor - * - Testing - * - Entropy generation */ - - /* We don't support returns from threads */ - typedef THREAD_RETURN (WOLFSSL_THREAD *THREAD_CB)(void* arg); - WOLFSSL_API int wolfSSL_NewThread(THREAD_TYPE* thread, - THREAD_CB cb, void* arg); - #ifdef WOLFSSL_THREAD_NO_JOIN - /* Create a thread that will be automatically cleaned up. We can't - * return a handle/pointer to the new thread because there are no - * guarantees for how long it will be valid. */ - #if defined(WOLFSSL_PTHREADS) - #define THREAD_CB_NOJOIN THREAD_CB - #define THREAD_RETURN_NOJOIN THREAD_RETURN - #define RETURN_FROM_THREAD_NOJOIN(x) \ - WOLFSSL_RETURN_FROM_THREAD(x) - #else - #define THREAD_RETURN_NOJOIN void - typedef THREAD_RETURN_NOJOIN - (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)(void* arg); - #define RETURN_FROM_THREAD_NOJOIN(x) return - #endif - WOLFSSL_API int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, - void* arg); - #endif - WOLFSSL_API int wolfSSL_JoinThread(THREAD_TYPE thread); - - #ifdef WOLFSSL_COND - WOLFSSL_API int wolfSSL_CondInit(COND_TYPE* cond); - WOLFSSL_API int wolfSSL_CondFree(COND_TYPE* cond); - WOLFSSL_API int wolfSSL_CondSignal(COND_TYPE* cond); - WOLFSSL_API int wolfSSL_CondWait(COND_TYPE* cond); - WOLFSSL_API int wolfSSL_CondStart(COND_TYPE* cond); - WOLFSSL_API int wolfSSL_CondEnd(COND_TYPE* cond); - #endif - #else - #define WOLFSSL_RETURN_FROM_THREAD(x) return (THREAD_RETURN)(x) - #endif /* SINGLE_THREADED */ +#ifndef SINGLE_THREADED + /* Necessary headers should already be included. */ - #if defined(HAVE_STACK_SIZE) - #define EXIT_TEST(ret) return (THREAD_RETURN)((size_t)(ret)) - #else - #define EXIT_TEST(ret) return ret + #ifndef INVALID_THREAD_VAL + #define INVALID_THREAD_VAL ((THREAD_TYPE)(-1)) #endif - - #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \ - defined(__GNUC__) - #define WOLFSSL_PACK __attribute__ ((packed)) + #ifndef WOLFSSL_THREAD_VOID_RETURN + #define WOLFSSL_RETURN_FROM_THREAD(x) return (THREAD_RETURN)(x) #else - #define WOLFSSL_PACK - #endif + #define WOLFSSL_RETURN_FROM_THREAD(x) \ + do { (void)(x); return; } while(0) + #endif + + /* List of defines/types and what they mean: + * THREAD_RETURN - return type of a thread callback + * THREAD_TYPE - type that should be passed into thread handling API + * INVALID_THREAD_VAL - a value that THREAD_TYPE can be checked against + * to check if the value is an invalid thread + * WOLFSSL_THREAD - attribute that should be used to declare thread + * callbacks + * WOLFSSL_COND - defined if this system supports signaling + * COND_TYPE - type that should be passed into the signaling API + * WOLFSSL_THREAD_VOID_RETURN - defined if the thread callback has a + * void return + * WOLFSSL_RETURN_FROM_THREAD - define used to correctly return from a + * thread callback + * THREAD_CB - thread callback type for regular threading API + * + * WOLFSSL_THREAD_NO_JOIN - attribute used to declare thread callbacks + * that do not require cleanup + * THREAD_CB_NOJOIN - thread callback type for thread APIs that do not + * require cleanup + * THREAD_RETURN_NOJOIN - return type used to declare thread callbacks + * that do not require cleanup + * RETURN_FROM_THREAD_NOJOIN - define used to correctly return from + * a thread callback that do not require + * cleanup + * + * Other defines/types are specific for the threading implementation + */ - #ifndef __GNUC_PREREQ - #if defined(__GNUC__) && defined(__GNUC_MINOR__) - #define __GNUC_PREREQ(maj, min) \ - ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) + /* Internal wolfSSL threading interface. It does NOT need to be ported + * during initial porting efforts. This is a very basic interface. Some + * areas don't use this interface on purpose as they need more control + * over threads. + * + * It is currently used for: + * - CRL monitor + * - Testing + * - Entropy generation */ + + /* We don't support returns from threads */ + typedef THREAD_RETURN (WOLFSSL_THREAD *THREAD_CB)(void* arg); + WOLFSSL_API int wolfSSL_NewThread(THREAD_TYPE* thread, + THREAD_CB cb, void* arg); + #ifdef WOLFSSL_THREAD_NO_JOIN + /* Create a thread that will be automatically cleaned up. We can't + * return a handle/pointer to the new thread because there are no + * guarantees for how long it will be valid. */ + #if defined(WOLFSSL_PTHREADS) + #define THREAD_CB_NOJOIN THREAD_CB + #define THREAD_RETURN_NOJOIN THREAD_RETURN + #define RETURN_FROM_THREAD_NOJOIN(x) \ + WOLFSSL_RETURN_FROM_THREAD(x) #else - #define __GNUC_PREREQ(maj, min) (0) /* not GNUC */ + #define THREAD_RETURN_NOJOIN void + typedef THREAD_RETURN_NOJOIN + (WOLFSSL_THREAD_NO_JOIN *THREAD_CB_NOJOIN)(void* arg); + #define RETURN_FROM_THREAD_NOJOIN(x) return #endif + WOLFSSL_API int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, + void* arg); #endif + WOLFSSL_API int wolfSSL_JoinThread(THREAD_TYPE thread); - #if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) - #define WC_NORETURN __attribute__((noreturn)) - #else - #define WC_NORETURN + #ifdef WOLFSSL_COND + WOLFSSL_API int wolfSSL_CondInit(COND_TYPE* cond); + WOLFSSL_API int wolfSSL_CondFree(COND_TYPE* cond); + WOLFSSL_API int wolfSSL_CondSignal(COND_TYPE* cond); + WOLFSSL_API int wolfSSL_CondWait(COND_TYPE* cond); + WOLFSSL_API int wolfSSL_CondStart(COND_TYPE* cond); + WOLFSSL_API int wolfSSL_CondEnd(COND_TYPE* cond); #endif +#else + #define WOLFSSL_RETURN_FROM_THREAD(x) return (THREAD_RETURN)(x) +#endif /* SINGLE_THREADED */ - #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ - defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \ - defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \ - (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) - #undef WC_MP_TO_RADIX - #define WC_MP_TO_RADIX - #endif +#if defined(HAVE_STACK_SIZE) + #define EXIT_TEST(ret) return (THREAD_RETURN)((size_t)(ret)) +#else + #define EXIT_TEST(ret) return ret +#endif - #if defined(__GNUC__) && __GNUC__ > 5 - #define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push") - #define PRAGMA_GCC(str) _Pragma(str) - #define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop") - #define PRAGMA_DIAG_PUSH PRAGMA_GCC_DIAG_PUSH - #define PRAGMA(str) PRAGMA_GCC(str) - #define PRAGMA_DIAG_POP PRAGMA_GCC_DIAG_POP - #else - #define PRAGMA_GCC_DIAG_PUSH /* null expansion */ - #define PRAGMA_GCC(str) /* null expansion */ - #define PRAGMA_GCC_DIAG_POP /* null expansion */ - #endif - #ifdef __clang__ - #define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push") - #define PRAGMA_CLANG(str) _Pragma(str) - #define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop") - #define PRAGMA_DIAG_PUSH PRAGMA_CLANG_DIAG_PUSH - #define PRAGMA(str) PRAGMA_CLANG(str) - #define PRAGMA_DIAG_POP PRAGMA_CLANG_DIAG_POP +#if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \ + defined(__GNUC__) + #define WOLFSSL_PACK __attribute__ ((packed)) +#else + #define WOLFSSL_PACK +#endif + +#ifndef __GNUC_PREREQ + #if defined(__GNUC__) && defined(__GNUC_MINOR__) + #define __GNUC_PREREQ(maj, min) \ + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) #else - #define PRAGMA_CLANG_DIAG_PUSH /* null expansion */ - #define PRAGMA_CLANG(str) /* null expansion */ - #define PRAGMA_CLANG_DIAG_POP /* null expansion */ + #define __GNUC_PREREQ(maj, min) (0) /* not GNUC */ #endif +#endif - #ifndef PRAGMA_DIAG_PUSH - #define PRAGMA_DIAG_PUSH /* null expansion */ - #endif - #ifndef PRAGMA - #define PRAGMA(str) /* null expansion */ - #endif - #ifndef PRAGMA_DIAG_POP - #define PRAGMA_DIAG_POP /* null expansion */ - #endif +#if defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) + #define WC_NORETURN __attribute__((noreturn)) +#else + #define WC_NORETURN +#endif - #define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d - #define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d) - #if defined(WC_NO_STATIC_ASSERT) - #define wc_static_assert(expr) struct wc_static_assert_dummy_struct - #define wc_static_assert2(expr, msg) wc_static_assert(expr) - #elif !defined(wc_static_assert) - #if defined(WOLFSSL_HAVE_ASSERT_H) && !defined(WOLFSSL_NO_ASSERT_H) - #include +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ + defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \ + defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \ + (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) + #undef WC_MP_TO_RADIX + #define WC_MP_TO_RADIX +#endif + +#if defined(__GNUC__) && __GNUC__ > 5 + #define PRAGMA_GCC_DIAG_PUSH _Pragma("GCC diagnostic push") + #define PRAGMA_GCC(str) _Pragma(str) + #define PRAGMA_GCC_DIAG_POP _Pragma("GCC diagnostic pop") + #define PRAGMA_DIAG_PUSH PRAGMA_GCC_DIAG_PUSH + #define PRAGMA(str) PRAGMA_GCC(str) + #define PRAGMA_DIAG_POP PRAGMA_GCC_DIAG_POP +#else + #define PRAGMA_GCC_DIAG_PUSH /* null expansion */ + #define PRAGMA_GCC(str) /* null expansion */ + #define PRAGMA_GCC_DIAG_POP /* null expansion */ +#endif + +#ifdef __clang__ + #define PRAGMA_CLANG_DIAG_PUSH _Pragma("clang diagnostic push") + #define PRAGMA_CLANG(str) _Pragma(str) + #define PRAGMA_CLANG_DIAG_POP _Pragma("clang diagnostic pop") + #define PRAGMA_DIAG_PUSH PRAGMA_CLANG_DIAG_PUSH + #define PRAGMA(str) PRAGMA_CLANG(str) + #define PRAGMA_DIAG_POP PRAGMA_CLANG_DIAG_POP +#else + #define PRAGMA_CLANG_DIAG_PUSH /* null expansion */ + #define PRAGMA_CLANG(str) /* null expansion */ + #define PRAGMA_CLANG_DIAG_POP /* null expansion */ +#endif + +#ifndef PRAGMA_DIAG_PUSH + #define PRAGMA_DIAG_PUSH /* null expansion */ +#endif +#ifndef PRAGMA + #define PRAGMA(str) /* null expansion */ +#endif +#ifndef PRAGMA_DIAG_POP + #define PRAGMA_DIAG_POP /* null expansion */ +#endif + +#define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d +#define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d) +#if defined(WC_NO_STATIC_ASSERT) + #define wc_static_assert(expr) struct wc_static_assert_dummy_struct + #define wc_static_assert2(expr, msg) wc_static_assert(expr) +#elif !defined(wc_static_assert) + #if defined(WOLFSSL_HAVE_ASSERT_H) && !defined(WOLFSSL_NO_ASSERT_H) + #include + #endif + #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ + (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ + (defined(_MSVC_LANG) && (__cpp_static_assert >= 201411L)) + /* native variadic static_assert() */ + #define wc_static_assert static_assert + #ifndef wc_static_assert2 + #define wc_static_assert2 static_assert #endif - #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ - (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ - (defined(_MSVC_LANG) && (__cpp_static_assert >= 201411L)) - /* native variadic static_assert() */ - #define wc_static_assert static_assert - #ifndef wc_static_assert2 - #define wc_static_assert2 static_assert - #endif - #elif (defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L)) || \ - (defined(_MSVC_LANG) && (__cpp_static_assert >= 200410L)) - /* native 2-argument static_assert() */ - #define wc_static_assert(expr) static_assert(expr, #expr) - #ifndef wc_static_assert2 - #define wc_static_assert2(expr, msg) static_assert(expr, msg) - #endif - #elif !defined(__cplusplus) && \ - !defined(__STRICT_ANSI__) && \ - !defined(WOLF_C89) && \ - defined(__STDC_VERSION__) && \ - (__STDC_VERSION__ >= 201112L) && \ - ((defined(__GNUC__) && \ - (__GNUC__ >= 5)) || \ - defined(__clang__)) - /* native 2-argument _Static_assert() */ - #define wc_static_assert(expr) _Static_assert(expr, #expr) - #ifndef wc_static_assert2 - #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) - #endif + #elif (defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L)) || \ + (defined(_MSVC_LANG) && (__cpp_static_assert >= 200410L)) + /* native 2-argument static_assert() */ + #define wc_static_assert(expr) static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) static_assert(expr, msg) + #endif + #elif !defined(__cplusplus) && \ + !defined(__STRICT_ANSI__) && \ + !defined(WOLF_C89) && \ + defined(__STDC_VERSION__) && \ + (__STDC_VERSION__ >= 201112L) && \ + ((defined(__GNUC__) && \ + (__GNUC__ >= 5)) || \ + defined(__clang__)) + /* native 2-argument _Static_assert() */ + #define wc_static_assert(expr) _Static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) + #endif + #else + #ifdef __COUNTER__ + #define wc_static_assert(expr) \ + struct WC_CPP_CAT4(wc_static_assert_dummy_struct_L, \ + __LINE__, _, __COUNTER__) { \ + char t[(expr) ? 1 : -1]; \ + } #else - #ifdef __COUNTER__ - #define wc_static_assert(expr) \ - struct WC_CPP_CAT4(wc_static_assert_dummy_struct_L, \ - __LINE__, _, __COUNTER__) { \ - char t[(expr) ? 1 : -1]; \ - } - #else - #define wc_static_assert(expr) \ - struct wc_static_assert_dummy_struct - #endif - #ifndef wc_static_assert2 - #define wc_static_assert2(expr, msg) wc_static_assert(expr) - #endif + #define wc_static_assert(expr) \ + struct wc_static_assert_dummy_struct + #endif + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif - #elif !defined(wc_static_assert2) - #define wc_static_assert2(expr, msg) wc_static_assert(expr) #endif +#elif !defined(wc_static_assert2) + #define wc_static_assert2(expr, msg) wc_static_assert(expr) +#endif - #ifndef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING - #endif - #ifndef SAVE_VECTOR_REGISTERS2 - #define SAVE_VECTOR_REGISTERS2() 0 - #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING - #endif - #ifndef CAN_SAVE_VECTOR_REGISTERS - #define CAN_SAVE_VECTOR_REGISTERS() 1 - #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE - #endif - #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL - #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING - #endif - #ifndef ASSERT_SAVED_VECTOR_REGISTERS - #define ASSERT_SAVED_VECTOR_REGISTERS() WC_DO_NOTHING - #endif - #ifndef ASSERT_RESTORED_VECTOR_REGISTERS - #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING +#ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING +#endif +#ifndef SAVE_VECTOR_REGISTERS2 + #define SAVE_VECTOR_REGISTERS2() 0 + #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING +#endif +#ifndef CAN_SAVE_VECTOR_REGISTERS + #define CAN_SAVE_VECTOR_REGISTERS() 1 + #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE +#endif +#ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL + #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING +#endif +#ifndef ASSERT_SAVED_VECTOR_REGISTERS + #define ASSERT_SAVED_VECTOR_REGISTERS() WC_DO_NOTHING +#endif +#ifndef ASSERT_RESTORED_VECTOR_REGISTERS + #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING +#endif +#ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING +#endif +#ifdef WOLFSSL_NO_ASM + /* We define fallback no-op definitions for these only if asm is disabled, + * otherwise the using code must detect that these macros are undefined and + * provide its own non-vector implementation paths. + * + * Currently these macros are only used in WOLFSSL_LINUXKM code paths, which + * are always compiled either with substantive definitions from + * linuxkm_wc_port.h, or with WOLFSSL_NO_ASM defined. + */ + #ifndef DISABLE_VECTOR_REGISTERS + #define DISABLE_VECTOR_REGISTERS() 0 #endif - #ifndef RESTORE_VECTOR_REGISTERS - #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING + #ifndef REENABLE_VECTOR_REGISTERS + #define REENABLE_VECTOR_REGISTERS() WC_DO_NOTHING #endif +#endif - #ifndef WC_SANITIZE_DISABLE - #define WC_SANITIZE_DISABLE() WC_DO_NOTHING - #endif - #ifndef WC_SANITIZE_ENABLE - #define WC_SANITIZE_ENABLE() WC_DO_NOTHING - #endif +#ifndef WC_SANITIZE_DISABLE + #define WC_SANITIZE_DISABLE() WC_DO_NOTHING +#endif +#ifndef WC_SANITIZE_ENABLE + #define WC_SANITIZE_ENABLE() WC_DO_NOTHING +#endif - #if FIPS_VERSION_GE(5,1) - #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y)) - #define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL) - #define PRIVATE_KEY_UNLOCK() WC_SPKRE_F(1,WC_KEYTYPE_ALL) - #else - #define PRIVATE_KEY_LOCK() WC_DO_NOTHING - #define PRIVATE_KEY_UNLOCK() WC_DO_NOTHING - #endif +#if FIPS_VERSION_GE(5,1) + #define WC_SPKRE_F(x,y) wolfCrypt_SetPrivateKeyReadEnable_fips((x),(y)) + #define PRIVATE_KEY_LOCK() WC_SPKRE_F(0,WC_KEYTYPE_ALL) + #define PRIVATE_KEY_UNLOCK() WC_SPKRE_F(1,WC_KEYTYPE_ALL) +#else + #define PRIVATE_KEY_LOCK() WC_DO_NOTHING + #define PRIVATE_KEY_UNLOCK() WC_DO_NOTHING +#endif - #ifdef _MSC_VER - /* disable buggy MSC warning (incompatible with clang-tidy - * readability-avoid-const-params-in-decls) - * "warning C4028: formal parameter x different from declaration" - */ - #pragma warning(disable: 4028) - #endif +#ifdef _MSC_VER + /* disable buggy MSC warning (incompatible with clang-tidy + * readability-avoid-const-params-in-decls) + * "warning C4028: formal parameter x different from declaration" + */ + #pragma warning(disable: 4028) +#endif + + +/* opaque math variable type */ +#if defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int +#elif defined(USE_INTEGER_HEAP_MATH) + struct mp_int; + #define MATH_INT_T struct mp_int +#else + struct sp_int; + #define MATH_INT_T struct sp_int +#endif + + +/* Maximum ASN sizes */ +#ifndef WOLFSSL_ASN_MAX_LENGTH_SZ + #define WOLFSSL_ASN_MAX_LENGTH_SZ 5 /* 1 byte length + 4 bytes of number */ +#endif + +enum Max_ASN { + DSA_PUB_INTS = 4, /* DSA ints in public key */ + DSA_INTS = 5, /* DSA ints in private key */ + MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ + MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ +#ifdef HAVE_SPHINCS + MAX_ENCODED_SIG_SZ = 51200, +#elif defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) + MAX_ENCODED_SIG_SZ = 5120, +#elif !defined(NO_RSA) +#if defined(USE_FAST_MATH) && defined(FP_MAX_BITS) + MAX_ENCODED_SIG_SZ = FP_MAX_BITS / 8, +#elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \ + defined(SP_INT_BITS) + MAX_ENCODED_SIG_SZ = (SP_INT_BITS + 7) / 8, +#elif defined(WOLFSSL_HAPROXY) + MAX_ENCODED_SIG_SZ = 1024, /* Supports 8192 bit keys */ +#else + MAX_ENCODED_SIG_SZ = 512, /* Supports 4096 bit keys */ +#endif +#elif defined(HAVE_ECC) + MAX_ENCODED_SIG_SZ = 140, +#elif defined(HAVE_CURVE448) + MAX_ENCODED_SIG_SZ = 114, +#else + MAX_ENCODED_SIG_SZ = 64, +#endif + MAX_SIG_SZ = 256, + MAX_ALGO_SZ = 20, + MAX_LENGTH_SZ = WOLFSSL_ASN_MAX_LENGTH_SZ, /* Max length size for DER encoding */ + MAX_SHORT_SZ = (1 + 1 + 5), /* asn int + byte len + 5 byte length */ + MAX_SEQ_SZ = (1 + MAX_LENGTH_SZ), /* enum(seq | con) + length(5) */ + MAX_SET_SZ = (1 + MAX_LENGTH_SZ), /* enum(set | con) + length(5) */ + MAX_OCTET_STR_SZ = (1 + MAX_LENGTH_SZ), /* enum(set | con) + length(5) */ + MAX_EXP_SZ = (1 + MAX_LENGTH_SZ), /* enum(contextspec|con|exp) + length(5) */ + MAX_PRSTR_SZ = (1 + MAX_LENGTH_SZ), /* enum(prstr) + length(5) */ + MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ + MAX_ENCODED_DIG_ASN_SZ = (5 + MAX_LENGTH_SZ), /* enum(bit or octet) + length(5) */ + MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ + MAX_RSA_INT_SZ = (512 + 1 + MAX_LENGTH_SZ), /* RSA raw sz 4096 for bits + tag + len(5) */ + MAX_DSA_INT_SZ = (384 + 1 + MAX_LENGTH_SZ), /* DSA raw sz 3072 for bits + tag + len(5) */ + MAX_DSA_PUBKEY_SZ = (DSA_PUB_INTS * MAX_DSA_INT_SZ) + (2 * MAX_SEQ_SZ) + + 2 + MAX_LENGTH_SZ, /* Maximum size of a DSA public + key taken from wc_SetDsaPublicKey. */ + MAX_DSA_PRIVKEY_SZ = (DSA_INTS * MAX_DSA_INT_SZ) + MAX_SEQ_SZ + + MAX_VERSION_SZ, /* Maximum size of a DSA Private + key taken from DsaKeyIntsToDer. */ +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) + MAX_PQC_PUBLIC_KEY_SZ = 2592, /* Maximum size of a Dilithium public key. */ +#endif + MAX_RSA_E_SZ = 16, /* Max RSA public e size */ + MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ + MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ + MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, + /* Maximum DER digest size */ + MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, + /* Maximum DER digest ASN header size */ + /* Max X509 header length indicates the + * max length + 2 ('\n', '\0') */ +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) + MAX_X509_HEADER_SZ = (48 + 2), /* Maximum PEM Header/Footer Size */ +#else + MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */ +#endif + +#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) + MAX_PUBLIC_KEY_SZ = MAX_PQC_PUBLIC_KEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, +#else + MAX_PUBLIC_KEY_SZ = MAX_DSA_PUBKEY_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, +#endif +#ifdef WOLFSSL_ENCRYPTED_KEYS + HEADER_ENCRYPTED_KEY_SIZE = 88 /* Extra header size for encrypted key */ +#else + HEADER_ENCRYPTED_KEY_SIZE = 0 +#endif +}; +#ifndef WC_MAX_DIGEST_SIZE +#define WC_MAX_DIGEST_SIZE 64 +#endif +#ifndef WC_MAX_BLOCK_SIZE +#define WC_MAX_BLOCK_SIZE 128 +#endif + +#ifdef WOLFSSL_CERT_GEN + /* Used in asn.c MakeSignature for ECC and RSA non-blocking/async */ + enum CertSignState { + CERTSIGN_STATE_BEGIN, + CERTSIGN_STATE_DIGEST, + CERTSIGN_STATE_ENCODE, + CERTSIGN_STATE_DO + }; - /* opaque math variable type */ - #if defined(USE_FAST_MATH) - struct fp_int; - #define MATH_INT_T struct fp_int - #elif defined(USE_INTEGER_HEAP_MATH) - struct mp_int; - #define MATH_INT_T struct mp_int + typedef struct CertSignCtx { + #ifdef WOLFSSL_NO_MALLOC + byte sig[MAX_ENCODED_SIG_SZ]; + byte digest[WC_MAX_DIGEST_SIZE]; + #ifndef NO_RSA + byte encSig[MAX_DER_DIGEST_SZ]; + #endif #else - struct sp_int; - #define MATH_INT_T struct sp_int + byte* sig; + byte* digest; + #ifndef NO_RSA + byte* encSig; + #endif #endif + #ifndef NO_RSA + int encSigSz; + #endif + int state; /* enum CertSignState */ + } CertSignCtx; - #ifdef __cplusplus - } /* extern "C" */ - #endif +#endif /* WOLFSSL_CERT_GEN */ + + +#ifdef __cplusplus + } /* extern "C" */ +#endif #endif /* WOLF_CRYPT_TYPES_H */ diff --git a/src/wolfssl/wolfcrypt/visibility.h b/src/wolfssl/wolfcrypt/visibility.h index fc7e485..b8499bd 100644 --- a/src/wolfssl/wolfcrypt/visibility.h +++ b/src/wolfssl/wolfcrypt/visibility.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/wc_encrypt.h b/src/wolfssl/wolfcrypt/wc_encrypt.h index 4dfc84c..00175e2 100644 --- a/src/wolfssl/wolfcrypt/wc_encrypt.h +++ b/src/wolfssl/wolfcrypt/wc_encrypt.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/wc_lms.h b/src/wolfssl/wolfcrypt/wc_lms.h index a4880a9..5c3e4a2 100644 --- a/src/wolfssl/wolfcrypt/wc_lms.h +++ b/src/wolfssl/wolfcrypt/wc_lms.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -384,7 +384,11 @@ typedef struct wc_LmsParamsMap { /* Identifier of parameters. */ enum wc_LmsParm id; /* String representation of identifier of parameters. */ +#ifdef WOLFSSL_NAMES_STATIC + const char str[32]; /* large enough for largest string in wc_lms_map[] */ +#else const char* str; +#endif /* LMS parameter set. */ LmsParams params; } wc_LmsParamsMap; diff --git a/src/wolfssl/wolfcrypt/wc_mlkem.h b/src/wolfssl/wolfcrypt/wc_mlkem.h index f79e188..649a73d 100644 --- a/src/wolfssl/wolfcrypt/wc_mlkem.h +++ b/src/wolfssl/wolfcrypt/wc_mlkem.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -146,9 +146,6 @@ struct MlKemKey { extern "C" { #endif -/* For backward compatibility */ -typedef struct MlKemKey KyberKey; - WOLFSSL_LOCAL void mlkem_init(void); diff --git a/src/wolfssl/wolfcrypt/wc_pkcs11.h b/src/wolfssl/wolfcrypt/wc_pkcs11.h index fdc51e0..803a1a6 100644 --- a/src/wolfssl/wolfcrypt/wc_pkcs11.h +++ b/src/wolfssl/wolfcrypt/wc_pkcs11.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/wc_port.h b/src/wolfssl/wolfcrypt/wc_port.h index a33fbf4..c0fd47f 100644 --- a/src/wolfssl/wolfcrypt/wc_port.h +++ b/src/wolfssl/wolfcrypt/wc_port.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -138,6 +138,15 @@ #endif #endif +#ifndef WC_OMIT_FRAME_POINTER + #if defined(__GNUC__) + #define WC_OMIT_FRAME_POINTER \ + __attribute__((optimize("-fomit-frame-pointer"))) + #else + #define WC_OMIT_FRAME_POINTER + #endif +#endif + /* THREADING/MUTEX SECTION */ #if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM) /* No system headers required for build. */ @@ -268,6 +277,9 @@ #if !defined(CONFIG_PTHREAD_IPC) && !defined(CONFIG_POSIX_THREADS) #error "Threading needs CONFIG_PTHREAD_IPC / CONFIG_POSIX_THREADS" #endif + #ifdef max + #undef max + #endif #if KERNEL_VERSION_NUMBER >= 0x30100 #include #include @@ -277,6 +289,7 @@ #include #include #endif + #define max MAX #endif #elif defined(WOLFSSL_TELIT_M2MB) @@ -1520,7 +1533,8 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifndef WOLFSSL_NO_FENCE #ifdef XFENCE /* use user-supplied XFENCE definition. */ - #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L) + #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L) && \ + !defined(__STDC_NO_ATOMICS__) #include #define XFENCE() atomic_thread_fence(memory_order_seq_cst) #elif defined(__GNUC__) && (__GNUC__ == 4) && \ @@ -1532,8 +1546,24 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XFENCE() WC_DO_NOTHING #elif defined (__i386__) || defined(__x86_64__) #define XFENCE() XASM_VOLATILE("lfence") - #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__) + #elif defined (__arm__) && (__ARM_ARCH > 6) #define XFENCE() XASM_VOLATILE("isb") + #elif defined(__aarch64__) + /* Change ".inst 0xd50330ff" to "sb" when compilers support it. */ + #ifdef WOLFSSL_ARMASM_BARRIER_SB + #define XFENCE() XASM_VOLATILE(".inst 0xd50330ff") + #elif defined(WOLFSSL_ARMASM_BARRIER_DETECT) + extern int aarch64_use_sb; + #define XFENCE() \ + do { \ + if (aarch64_use_sb) \ + XASM_VOLATILE(".inst 0xd50330ff"); \ + else \ + XASM_VOLATILE("isb"); \ + } while (0) + #else + #define XFENCE() XASM_VOLATILE("isb") + #endif #elif defined(__riscv) #define XFENCE() XASM_VOLATILE("fence") #elif defined(__PPC__) || defined(__POWERPC__) diff --git a/src/wolfssl/wolfcrypt/wc_xmss.h b/src/wolfssl/wolfcrypt/wc_xmss.h index e59df61..68cedaf 100644 --- a/src/wolfssl/wolfcrypt/wc_xmss.h +++ b/src/wolfssl/wolfcrypt/wc_xmss.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/wolfevent.h b/src/wolfssl/wolfcrypt/wolfevent.h index d6731d1..04dbceb 100644 --- a/src/wolfssl/wolfcrypt/wolfevent.h +++ b/src/wolfssl/wolfcrypt/wolfevent.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfcrypt/wolfmath.h b/src/wolfssl/wolfcrypt/wolfmath.h index e2e8545..638a0b9 100644 --- a/src/wolfssl/wolfcrypt/wolfmath.h +++ b/src/wolfssl/wolfcrypt/wolfmath.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -83,11 +83,17 @@ This library provides big integer math functions. #if !defined(NO_BIG_INT) /* common math functions */ -MP_API int get_digit_count(const mp_int* a); -MP_API mp_digit get_digit(const mp_int* a, int n); -MP_API int get_rand_digit(WC_RNG* rng, mp_digit* d); +MP_API int mp_get_digit_count(const mp_int* a); +MP_API mp_digit mp_get_digit(const mp_int* a, int n); +MP_API int mp_get_rand_digit(WC_RNG* rng, mp_digit* d); WOLFSSL_LOCAL void mp_reverse(unsigned char *s, int len); +#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) +#define get_digit_count mp_get_digit_count +#define get_digit mp_get_digit +#define get_rand_digit mp_get_rand_digit +#endif + WOLFSSL_API int mp_cond_copy(mp_int* a, int copy, mp_int* b); WOLFSSL_API int mp_rand(mp_int* a, int digits, WC_RNG* rng); #endif diff --git a/src/wolfssl/wolfcrypt/xmss.h b/src/wolfssl/wolfcrypt/xmss.h index 9944862..2f7d7a8 100644 --- a/src/wolfssl/wolfcrypt/xmss.h +++ b/src/wolfssl/wolfcrypt/xmss.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/src/wolfssl/wolfio.h b/src/wolfssl/wolfio.h index de45a18..0673b88 100644 --- a/src/wolfssl/wolfio.h +++ b/src/wolfssl/wolfio.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, From e2c842881124a8feb315f4e88e00cfedab174434 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Fri, 15 Aug 2025 14:12:24 -0700 Subject: [PATCH 5/8] Improve Arduino Examples --- .github/SECURITY.md | 12 ++ .github/workflows/arduino.yml | 307 ++++++++++++++++++++++++++++++++++ .gitignore | 23 +-- 3 files changed, 331 insertions(+), 11 deletions(-) create mode 100644 .github/SECURITY.md create mode 100644 .github/workflows/arduino.yml diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..2bab9b6 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,12 @@ +# Security Policy + +## Reporting a Vulnerability + +If you discover a vulnerability, please report it to support@wolfssl.com + + 1. Include a detailed description + 2. Include method to reproduce and/or method of discovery + 3. We will evaluate the report promptly and respond to you with findings. + 4. We will credit you with the report if you would like. + +**Please keep the vulnerability private** until a fix has been released. diff --git a/.github/workflows/arduino.yml b/.github/workflows/arduino.yml new file mode 100644 index 0000000..1f1b669 --- /dev/null +++ b/.github/workflows/arduino.yml @@ -0,0 +1,307 @@ +name: Arduino CI Build (4 of 4) Arduino-wolfSSL + +# +# Test local Arduino examples with LATEST github master branch wolfssl +# +# These 4 workflows across 3 repos are interdependent for the current $REPO_OWNER: +# +# Arduino CI Build 1: https://github.com/$REPO_OWNER/wolfssl # /.github/workflows/arduino.yml +# - Builds Arduino library from local clone of wolfssl master branch +# - Fetches examples from https://github.com/$REPO_OWNER/wolfssl-examples +# +# Arduino CI Build 2: https://github.com/$REPO_OWNER/wolfssl-examples # /.github/workflows/arduino-release.yml +# - Tests examples based on latest published release of Arduino library, NOT latest on wolfssl github. +# - Should be identical to Arduino CI Build 3 in every way but wolfssl install. +# - Copies only compile script from wolfssl-examples +# - Builds local examples +# - No other repos used +# +# Arduino CI Build 3: https://github.com/$REPO_OWNER/wolfssl-examples # /.github/workflows/arduino.yml +# - Fetches current wolfSSL from https://github.com/$REPO_OWNER/wolfssl +# - Creates an updated Arduino library +# - Compiles local examples +# - Contains the source of `compile-all-examples.sh` and respective board-list.txt +# +# THIS Arduino CI Build 4: https://github.com/$REPO_OWNER/Arduino-wolfssl # /.github/workflows/arduino.yml +# - Assembles and installs an updated Arduino wolfssl library from LOCAL Arduino-wolfSSL repo master (main) source +# - Copies only compile script and board list from wolfssl-examples (no examples copied) +# - Builds local examples +# - No other repos used +# +# +# ** NOTE TO MAINTAINERS ** +# +# Consider using winmerge or similar tool to keep the 4 arduino[-release].yml files in relative sync. +# Although there are some specific differences, most of the contents are otherwise identical. +# +# See https://github.com/wolfSSL/Arduino-wolfSSL +# +# To test locally: +# cd [your WOLFSSL_ROOT], e.g. cd /mnt/c/workspace/wolfssl-$USER +# [optional checkout] e.g. git checkout tags/v5.8.2-stable +# pushd ./IDE/ARDUINO +# export ARDUINO_ROOT="$HOME/Arduino/libraries" +# ./wolfssl-arduino.sh INSTALL +# cd [your WOLFSSL_EXAMPLES_ROOT] e.g. /mnt/c/workspace/wolfssl-examples-$USER +# + +# START OF COMMON SECTION +on: + push: + branches: [ '**', 'master', 'main', 'release/**' ] + + pull_request: + branches: [ '**' ] + + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build: + # if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + env: + REPO_OWNER: ${{ github.repository_owner }} + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Install Arduino CLI + run: | + # Script to fetch and run install.sh from arduino/arduino-cli + + # The install script will test to see if the recently installed apps in in the path + # So set it up in advance: + mkdir -p "${PWD}/bin" + echo "${PWD}/bin" >> $GITHUB_PATH + + # Sets the install directory to a consistent path at the repo root. + ROOT_BIN="$GITHUB_WORKSPACE/bin" + + # Ensures that BINDIR exists before the installer runs + mkdir -p "$ROOT_BIN" + + # Save as a lobal environment variable + echo "$ROOT_BIN" >> "$GITHUB_PATH" + + # Download and run install script from Arduino: + # -S show errors; -L follow redirects; -v Verbose + set +e # don't abort on error + set -o pipefail + + curl -vSL --retry 5 --retry-delay 10 \ + https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh \ + | sh -x + rc=$? + c_rc=${PIPESTATUS[0]} # curl's exit code + s_rc=${PIPESTATUS[1]} # sh's exit code + + set -e # restore default abort-on-error + + # If there was a curl error, we have our own local copy that is more reliable and can add our own debugging + if [ "$rc" -ne 0 ]; then + echo "Primary install failed: curl=$c_rc, sh=$s_rc. Falling back..." >&2 + echo "Using local copy of arduino_install.sh" + pushd ./Arduino/sketches + chmod +x ./arduino_install.sh + + # Mimic curl install, does not use current directory: + BINDIR="$ROOT_BIN" sh -x ./arduino_install.sh + popd + else + echo "Alternative install script not needed." + fi + + - name: Confirm Arduino CLI install + run: arduino-cli version + + - name: Setup Arduino CLI + run: | + arduino-cli config init + arduino-cli core update-index + arduino-cli config add board_manager.additional_urls https://www.pjrc.com/teensy/package_teensy_index.json + arduino-cli core update-index + arduino-cli config add board_manager.additional_urls https://arduino.esp8266.com/stable/package_esp8266com_index.json + arduino-cli core update-index + arduino-cli core install esp32:esp32 # ESP32 + arduino-cli core install arduino:avr # Arduino Uno, Mega, Nano + arduino-cli core install arduino:sam # Arduino Due + arduino-cli core install arduino:samd # Arduino Zero + arduino-cli core install teensy:avr # PJRC Teensy + arduino-cli core install esp8266:esp8266 # ESP8266 + arduino-cli core install arduino:mbed_nano # nanorp2040connect + arduino-cli core install arduino:mbed_portenta # portenta_h7_m7 + arduino-cli core install arduino:mbed_edge + # sudo "/home/$USER/.arduino15/packages/arduino/hardware/mbed_nano/4.2.4/post_install.sh" + arduino-cli core install arduino:renesas_uno + arduino-cli lib install "ArduinoJson" # Example dependency + arduino-cli lib install "WiFiNINA" # ARDUINO_SAMD_NANO_33_IOT + arduino-cli lib install "Ethernet" # Install Ethernet library + arduino-cli lib install "Bridge" # Pseudo-network for things like arduino:samd:tian + + - name: Set job environment variables + run: | + # Script to assign some common environment variables after everything is installed + + ICON_OK=$(printf "\xE2\x9C\x85") + ICON_FAIL=$(printf "\xE2\x9D\x8C") + + echo "GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..")" >> "$GITHUB_ENV" + echo "ARDUINO_ROOT=$(realpath "$HOME/Arduino/libraries")" >> "$GITHUB_ENV" + + # Show predefined summary: + echo "GITHUB_WORKSPACE = $GITHUB_WORKSPACE" + + # Show assigned build:env values (e.g. "wolfssl", "gojimmpi" or other owners): + echo "REPO_OWNER = $REPO_OWNER" + + echo "GITHUB_ENV=$GITHUB_ENV" + + # Show our custom values: + echo "GITHUB_WORK = $GITHUB_WORK" + echo "ARDUINO_ROOT = $ARDUINO_ROOT" + + # WOLFSSL_EXAMPLES_ROOT is the report root, not example location + # echo "WOLFSSL_EXAMPLES_ROOT = $WOLFSSL_EXAMPLES_ROOT" + + # - name: Show wolfssl-examples + # (not used, as wolfssl source is already here in ARduino-wolfSSL) + + # end Show wolfssl-examples + + # - name: Shallow clone wolfssl + # (not used, as wolfssl source is already here in Arduino-wolfSSL) + # + + # ** END ** Set job environment variables + + - name: Get wolfssl-examples + run: | + # The wolfSSL examples should already be installed in this Arduino-wolfssl/examples directory + + echo "Current pwd for wolfssl-examples clone fetch: $(pwd)" + echo "Examples found:" + find ./examples -type f | sort + + # ** END ** Get wolfssl-examples + + - name: Install wolfSSL Arduino library + run: | + # Script for installing wolfssl from this Arduino-wolfssl library repository + # + # Steps are equivalent of: + # + # arduino-cli lib install "wolfSSL" + # + # But using the current repo as the source: + mkdir -p "$ARDUINO_ROOT/wolfssl" + + # Methods of installing Arduino library: + # 1) arduino-cli lib install "wolfSSL" + # 2) manual copy of files (typical of the Arduino-wolfssl repo) + # 3) run ./wolfssl-arduino.sh INSTALL (typical of the wolfssl repo) + + # Copy all file in current directory as root of the wolfssl library + echo "cp [root files] \"$ARDUINO_ROOT/wolfssl/src\"" + for f in ./*; do + if [ -f "$f" ]; then + cp "$f" "$ARDUINO_ROOT/wolfssl/" + fi + done + + # Only 2 directories are needed in the Arduino library: `src` and [optional] `examples`: + echo "cp -r \"./src\" \"$ARDUINO_ROOT/wolfssl/src\"" + cp -r ./src "$ARDUINO_ROOT/wolfssl/src" + + echo "cp -r \"./examples\" \"$ARDUINO_ROOT/wolfssl/examples\"" + cp -r ./examples "$ARDUINO_ROOT/wolfssl/examples" + + # ** END ** Install wolfSSL Arduino library + + - name: List installed Arduino libraries + run: arduino-cli lib list + + - name: Get compile-all-examples.sh + run: | + # Fetch compile script FROM THE CURRENT OWNER. + # This repo is Arduino-wolfssl; we'll fetch the script from the wolfssl-examples for the same repository owner. + echo "Respository owner: $REPO_OWNER" + echo "Current directory: $PWD" + echo "Current pwd for wolfssl-examples clone fetch: $PWD" + WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples" + echo "WOLFSSL_EXAMPLES_DIRECTORY=$WOLFSSL_EXAMPLES_DIRECTORY" + + # Fetch script and board list into WOLFSSL_EXAMPLES_DIRECTORY + # TODO edit PR branch path: + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/examples_dev/Arduino/sketches/board_list_v5.8.2.txt" -o "$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" + + # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. + FILE="$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" + + # Ensure the file exists + if [[ ! -f "$FILE" ]]; then + echo "File not found: $FILE" + exit 1 + fi + + # Check if the first line is "404: Not Found" + if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then + echo "The first line is '404: Not Found'" + exit 1 + fi + + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/examples_dev/Arduino/sketches/compile-all-examples.sh" -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" + + # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. + FILE="$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" + + # Ensure the file exists + if [[ ! -f "$FILE" ]]; then + echo "File not found: $FILE" + exit 1 + fi + + # Check if the first line is "404: Not Found" + if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then + echo "The first line is '404: Not Found'" + exit 1 + fi + + pushd "$WOLFSSL_EXAMPLES_DIRECTORY" + echo "Current directory: $PWD" + + echo "Current directory $PWD" + echo "Contents:" + ls -al + find ./ -type f | sort + + # ensure we can execute the script here (permissions lost during curl fetch) + chmod +x ./compile-all-examples.sh + echo "Found compile script: $(ls -al ./compile-all-examples.sh)" + popd + + # ** END ** Get compile-all-examples.sh + + # This will fail with Arduino published wolfSSL v5.7.6 and older + # as the examples moved. See https://github.com/wolfSSL/wolfssl/pull/8514 + # + - name: Compile Arduino Sketches for Various Boards + run: | + # Call the compile-all-examples.sh script to compile all the examples for each of the fqbn names in the local copy of board_list.txt + + echo "Current directory: $PWD" + echo "ARDUINO_ROOT: $ARDUINO_ROOT" + WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples" + echo "WOLFSSL_EXAMPLES_DIRECTORY: $WOLFSSL_EXAMPLES_DIRECTORY" + + echo "Change directory to Arduino examples..." + pushd "$WOLFSSL_EXAMPLES_DIRECTORY" + echo "Current directory: $PWD" + echo "Calling ./compile-all-examples.sh" + bash ./compile-all-examples.sh + popd + # End Compile Arduino Sketches for Various Boards diff --git a/.gitignore b/.gitignore index 436e3ed..1c295c7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,12 @@ -################################################################################ -# This .gitignore file was automatically created by Microsoft(R) Visual Studio. -################################################################################ - -/.vs -/src/wolfcrypt/src/fips.c -/src/wolfcrypt/src/fips_test.c -/src/wolfcrypt/src/selftest.c -/src/wolfcrypt/src/wolfcrypt_first.c -/src/wolfcrypt/src/wolfcrypt_last.c -/src/wolfssl/wolfcrypt/fips.h +################################################################################ +# This .gitignore file was automatically created by Microsoft(R) Visual Studio. +################################################################################ + +/.vs +/src/wolfcrypt/src/fips.c +/src/wolfcrypt/src/fips_test.c +/src/wolfcrypt/src/selftest.c +/src/wolfcrypt/src/wolfcrypt_first.c +/src/wolfcrypt/src/wolfcrypt_last.c +/src/wolfssl/wolfcrypt/fips.h +/**/*.bak From 5e9321d8663cab5c71c46070e63dfec891908fa5 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Wed, 3 Sep 2025 07:54:35 -0700 Subject: [PATCH 6/8] Correct wolfssl-examples script fetch branch --- .github/workflows/arduino.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/arduino.yml b/.github/workflows/arduino.yml index 1f1b669..9df1a40 100644 --- a/.github/workflows/arduino.yml +++ b/.github/workflows/arduino.yml @@ -237,7 +237,7 @@ jobs: # Fetch script and board list into WOLFSSL_EXAMPLES_DIRECTORY # TODO edit PR branch path: - curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/examples_dev/Arduino/sketches/board_list_v5.8.2.txt" -o "$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/board_list_v5.8.2.txt" -o "$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. FILE="$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" @@ -254,7 +254,7 @@ jobs: exit 1 fi - curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/examples_dev/Arduino/sketches/compile-all-examples.sh" -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/compile-all-examples.sh" -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. FILE="$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" From 05ab92c46f3b571dec64f810c13f6bf147926e68 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 17 Nov 2025 09:17:12 -0800 Subject: [PATCH 7/8] Update Arduino workflow with parameterized matrix --- .github/workflows/arduino.yml | 160 ++++++++++++++++++++++++++++------ 1 file changed, 131 insertions(+), 29 deletions(-) diff --git a/.github/workflows/arduino.yml b/.github/workflows/arduino.yml index 9df1a40..982814a 100644 --- a/.github/workflows/arduino.yml +++ b/.github/workflows/arduino.yml @@ -38,7 +38,7 @@ name: Arduino CI Build (4 of 4) Arduino-wolfSSL # # To test locally: # cd [your WOLFSSL_ROOT], e.g. cd /mnt/c/workspace/wolfssl-$USER -# [optional checkout] e.g. git checkout tags/v5.8.2-stable +# [optional checkout] e.g. git checkout tags/v5.8.4-stable # pushd ./IDE/ARDUINO # export ARDUINO_ROOT="$HOME/Arduino/libraries" # ./wolfssl-arduino.sh INSTALL @@ -56,16 +56,63 @@ on: workflow_dispatch: concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + # Same branch push cancels other jobs. Other PR branches untouched + + group: ${{ github.workflow }}-${{ github.ref_name }} cancel-in-progress: true + # END OF COMMON SECTION jobs: build: + name: Compile (${{ matrix.fqbn }}) + # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # if: github.repository_owner == 'wolfssl' + # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + fqbn: + # When editing this list, be sure to also edit file: board_list.txt + # The compile-all-examples.sh optionally takes a FQBN parameter to + # optionally compile all examples ONLY for the respective fully qualified board name. + # See https://github.com/wolfSSL/wolfssl-examples/blob/master/Arduino/sketches/board_list.txt + + - arduino:avr:ethernet + - arduino:avr:leonardoeth + - arduino:avr:mega + - arduino:avr:nano + - arduino:avr:uno + - arduino:avr:yun + - arduino:samd:mkrwifi1010 + - arduino:samd:mkr1000 + - arduino:samd:mkrfox1200 + - arduino:mbed_edge:edge_control + - arduino:mbed_nano:nanorp2040connect + - arduino:mbed_portenta:envie_m7 + - arduino:mbed_portenta:portenta_x8 + - arduino:renesas_uno:unor4wifi + - arduino:sam:arduino_due_x + - arduino:samd:arduino_zero_native + - arduino:samd:tian + - esp32:esp32:esp32 + - esp32:esp32:esp32s2 + - esp32:esp32:esp32s3 + - esp32:esp32:esp32c3 + - esp32:esp32:esp32c6 + - esp32:esp32:esp32h2 + - esp8266:esp8266:generic + - teensy:avr:teensy40 + + # Not yet supported, not in standard library + # - esp32:esp32:nano_nora + + # End strategy matrix env: REPO_OWNER: ${{ github.repository_owner }} + steps: - name: Checkout Repository uses: actions/checkout@v4 @@ -74,7 +121,7 @@ jobs: run: | # Script to fetch and run install.sh from arduino/arduino-cli - # The install script will test to see if the recently installed apps in in the path + # The install script will test to see if the recently installed apps in the path # So set it up in advance: mkdir -p "${PWD}/bin" echo "${PWD}/bin" >> $GITHUB_PATH @@ -85,7 +132,7 @@ jobs: # Ensures that BINDIR exists before the installer runs mkdir -p "$ROOT_BIN" - # Save as a lobal environment variable + # Save as a global environment variable echo "$ROOT_BIN" >> "$GITHUB_PATH" # Download and run install script from Arduino: @@ -116,34 +163,53 @@ jobs: echo "Alternative install script not needed." fi - - name: Confirm Arduino CLI install + - name: Confirm Arduino CLI Install run: arduino-cli version + - name: Derive CORE_ID (vendor:arch from FQBN) + run: | + CORE_ID="$(echo '${{ matrix.fqbn }}' | cut -d: -f1-2)" + echo "CORE_ID=$CORE_ID" >> "$GITHUB_ENV" + - name: Setup Arduino CLI run: | arduino-cli config init - arduino-cli core update-index + + # wait 10 minutes for big downloads (or use 0 for no limit) + arduino-cli config set network.connection_timeout 600s + arduino-cli config add board_manager.additional_urls https://www.pjrc.com/teensy/package_teensy_index.json - arduino-cli core update-index arduino-cli config add board_manager.additional_urls https://arduino.esp8266.com/stable/package_esp8266com_index.json arduino-cli core update-index - arduino-cli core install esp32:esp32 # ESP32 - arduino-cli core install arduino:avr # Arduino Uno, Mega, Nano - arduino-cli core install arduino:sam # Arduino Due - arduino-cli core install arduino:samd # Arduino Zero - arduino-cli core install teensy:avr # PJRC Teensy - arduino-cli core install esp8266:esp8266 # ESP8266 - arduino-cli core install arduino:mbed_nano # nanorp2040connect - arduino-cli core install arduino:mbed_portenta # portenta_h7_m7 - arduino-cli core install arduino:mbed_edge + + echo "CORE_ID: $CORE_ID" + arduino-cli core install "$CORE_ID" + + # The above is instead of: + # arduino-cli core install esp32:esp32 # ESP32 + # arduino-cli core install arduino:avr # Arduino Uno, Mega, Nano + # arduino-cli core install arduino:sam # Arduino Due + # arduino-cli core install arduino:samd # Arduino Zero + # arduino-cli core install teensy:avr # PJRC Teensy + # arduino-cli core install esp8266:esp8266 # ESP8266 + # arduino-cli core install arduino:mbed_nano # nanorp2040connect + # arduino-cli core install arduino:mbed_portenta # portenta_h7_m7 + # arduino-cli core install arduino:mbed_edge + # arduino-cli core install arduino:renesas_uno + + # For reference: + + # mbed nano not yet tested # sudo "/home/$USER/.arduino15/packages/arduino/hardware/mbed_nano/4.2.4/post_install.sh" - arduino-cli core install arduino:renesas_uno + + # Always install networking (not part of FQBN matrix) + # The first one also creates directory: /home/runner/Arduino/libraries arduino-cli lib install "ArduinoJson" # Example dependency arduino-cli lib install "WiFiNINA" # ARDUINO_SAMD_NANO_33_IOT arduino-cli lib install "Ethernet" # Install Ethernet library arduino-cli lib install "Bridge" # Pseudo-network for things like arduino:samd:tian - - name: Set job environment variables + - name: Set Job Environment Variables run: | # Script to assign some common environment variables after everything is installed @@ -166,10 +232,42 @@ jobs: echo "ARDUINO_ROOT = $ARDUINO_ROOT" # WOLFSSL_EXAMPLES_ROOT is the report root, not example location - # echo "WOLFSSL_EXAMPLES_ROOT = $WOLFSSL_EXAMPLES_ROOT" + echo "WOLFSSL_EXAMPLES_ROOT = $WOLFSSL_EXAMPLES_ROOT" + + - name: Compute cache key parts + id: parts + shell: bash + run: | + # From FQBN "vendor:arch:board" get "vendor:arch" + CORE_ID="$(echo "${{ matrix.fqbn }}" | awk -F: '{print $1 ":" $2}')" + echo "CORE_ID=$CORE_ID" >> "$GITHUB_OUTPUT" + + # Also expose vendor only for broad fallbacks + VENDOR="$(echo "$CORE_ID" | cut -d: -f1)" + echo "VENDOR=$VENDOR" >> "$GITHUB_OUTPUT" + + - name: Cache Arduino packages + uses: actions/cache@v4 + with: + path: | + ~/.arduino15 + ~/.cache/arduino + ~/.arduino15/staging + + # Arduino libraries + # Specific to Arduino CI Build (2 of 4) Arduinbo Release wolfSSL for Local Examples + # Include all libraries, as the latest Arduino-wolfSSL will only change upon release. + ~/Arduino/libraries + # Ensure wolfssl is not cached, we're always using the latest. See separate cache. + !~/Arduino/libraries/wolfssl + key: arduino-${{ runner.os }}-${{ env.CORE_ID }}-${{ hashFiles('Arduino/sketches/board_list.txt') }} + + restore-keys: | + arduino-${{ runner.os }}-${{ env.CORE_ID }}- + arduino-${{ runner.os }}- # - name: Show wolfssl-examples - # (not used, as wolfssl source is already here in ARduino-wolfSSL) + # (not used, as wolfssl source is already here in Arduino-wolfSSL) # end Show wolfssl-examples @@ -177,7 +275,7 @@ jobs: # (not used, as wolfssl source is already here in Arduino-wolfSSL) # - # ** END ** Set job environment variables + # ** END ** Shallow clone wolfssl - name: Get wolfssl-examples run: | @@ -197,7 +295,8 @@ jobs: # # arduino-cli lib install "wolfSSL" # - # But using the current repo as the source: + # But using the current repo as the source (delete for matrix cache): + rm -rf "$ARDUINO_ROOT/wolfssl" mkdir -p "$ARDUINO_ROOT/wolfssl" # Methods of installing Arduino library: @@ -236,25 +335,26 @@ jobs: echo "WOLFSSL_EXAMPLES_DIRECTORY=$WOLFSSL_EXAMPLES_DIRECTORY" # Fetch script and board list into WOLFSSL_EXAMPLES_DIRECTORY - # TODO edit PR branch path: - curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/board_list_v5.8.2.txt" -o "$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" + # TODO edit board list name upon release and publish of wolfSSL 5.8.4 in Arduino-wolfSSL: + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/board_list_v5.8.2.txt" \ + -o "$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" - # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. FILE="$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt" - # Ensure the file exists + # Ensure the board list file exists if [[ ! -f "$FILE" ]]; then echo "File not found: $FILE" exit 1 fi - # Check if the first line is "404: Not Found" + # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then echo "The first line is '404: Not Found'" exit 1 fi - curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/compile-all-examples.sh" -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" + curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/compile-all-examples.sh" \ + -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad. FILE="$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh" @@ -297,11 +397,13 @@ jobs: echo "ARDUINO_ROOT: $ARDUINO_ROOT" WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples" echo "WOLFSSL_EXAMPLES_DIRECTORY: $WOLFSSL_EXAMPLES_DIRECTORY" + echo "FQBN = ${{ matrix.fqbn }}" echo "Change directory to Arduino examples..." pushd "$WOLFSSL_EXAMPLES_DIRECTORY" echo "Current directory: $PWD" + ls -al echo "Calling ./compile-all-examples.sh" - bash ./compile-all-examples.sh + bash ./compile-all-examples.sh ./board_list.txt "${{ matrix.fqbn }}" popd # End Compile Arduino Sketches for Various Boards From 66cf9f46a9594ec5af7bb9f6d6a5610c87a4a99c Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Sat, 22 Nov 2025 08:45:20 -0800 Subject: [PATCH 8/8] wolfssl 5.8.4 Release for Arduino --- ChangeLog.md | 84 +- LICENSING | 25 +- README | 259 +- README.md | 340 +- examples/template/template.ino | 9 +- examples/template/wolfssl_helper.c | 36 +- examples/template/wolfssl_helper.h | 2 +- examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino | 25 +- examples/wolfssl_client/wolfssl_client.ino | 92 +- examples/wolfssl_client_dtls/README.md | 28 + .../wolfssl_client_dtls.ino | 950 +++ examples/wolfssl_server/wolfssl_server.ino | 88 +- examples/wolfssl_server_dtls/README.md | 140 + .../wolfssl_server_dtls.ino | 984 ++++ examples/wolfssl_version/wolfssl_version.ino | 9 +- library.properties | 2 +- src/src/bio.c | 20 +- src/src/crl.c | 129 +- src/src/dtls.c | 12 +- src/src/dtls13.c | 4 +- src/src/internal.c | 3486 +++++------ src/src/keys.c | 66 +- src/src/ocsp.c | 107 +- src/src/pk.c | 327 +- src/src/quic.c | 9 +- src/src/sniffer.c | 125 +- src/src/ssl.c | 2556 +++------ src/src/ssl_asn1.c | 22 +- src/src/ssl_bn.c | 43 +- src/src/ssl_certman.c | 173 +- src/src/ssl_crypto.c | 152 +- src/src/ssl_load.c | 267 +- src/src/ssl_misc.c | 10 + src/src/ssl_p7p12.c | 32 +- src/src/ssl_sess.c | 18 +- src/src/ssl_sk.c | 1251 ++++ src/src/tls.c | 725 +-- src/src/tls13.c | 423 +- src/src/wolfio.c | 210 +- src/src/x509.c | 1248 ++-- src/src/x509_str.c | 148 +- src/user_settings.h | 164 +- src/wolfcrypt/src/aes.c | 2132 +++++-- src/wolfcrypt/src/asn.c | 1618 +++--- src/wolfcrypt/src/bio.c | 20 +- src/wolfcrypt/src/blake2b.c | 12 +- src/wolfcrypt/src/blake2s.c | 12 +- src/wolfcrypt/src/camellia.c | 12 +- src/wolfcrypt/src/chacha.c | 69 +- src/wolfcrypt/src/chacha20_poly1305.c | 38 +- src/wolfcrypt/src/cmac.c | 12 +- src/wolfcrypt/src/coding.c | 16 +- src/wolfcrypt/src/cpuid.c | 247 +- src/wolfcrypt/src/cryptocb.c | 249 +- src/wolfcrypt/src/curve25519.c | 6 +- src/wolfcrypt/src/des3.c | 4 +- src/wolfcrypt/src/dh.c | 15 +- src/wolfcrypt/src/dilithium.c | 2710 ++++++++- src/wolfcrypt/src/dsa.c | 6 +- src/wolfcrypt/src/ecc.c | 364 +- src/wolfcrypt/src/eccsi.c | 6 +- src/wolfcrypt/src/ed25519.c | 16 +- src/wolfcrypt/src/ed448.c | 20 +- src/wolfcrypt/src/error.c | 6 + src/wolfcrypt/src/evp.c | 131 +- src/wolfcrypt/src/fe_448.c | 581 +- src/wolfcrypt/src/fe_operations.c | 221 +- src/wolfcrypt/src/ge_448.c | 1592 ++--- src/wolfcrypt/src/ge_operations.c | 87 +- src/wolfcrypt/src/hash.c | 249 +- src/wolfcrypt/src/hmac.c | 79 +- src/wolfcrypt/src/hpke.c | 179 +- src/wolfcrypt/src/integer.c | 103 +- src/wolfcrypt/src/kdf.c | 389 +- src/wolfcrypt/src/logging.c | 316 +- src/wolfcrypt/src/md2.c | 17 +- src/wolfcrypt/src/memory.c | 57 +- src/wolfcrypt/src/misc.c | 55 +- src/wolfcrypt/src/pkcs12.c | 10 +- src/wolfcrypt/src/pkcs7.c | 1037 ++-- src/wolfcrypt/src/poly1305.c | 93 +- src/wolfcrypt/src/port/Espressif/esp32_mp.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_sha.c | 28 +- src/wolfcrypt/src/port/Espressif/esp32_util.c | 5 + .../src/port/Espressif/esp_sdk_mem_lib.c | 119 +- src/wolfcrypt/src/pwdbased.c | 70 +- src/wolfcrypt/src/random.c | 145 +- src/wolfcrypt/src/rsa.c | 149 +- src/wolfcrypt/src/sakke.c | 6 +- src/wolfcrypt/src/sha.c | 74 +- src/wolfcrypt/src/sha256.c | 285 +- src/wolfcrypt/src/sha3.c | 484 +- src/wolfcrypt/src/sha512.c | 430 +- src/wolfcrypt/src/sp_arm32.c | 3318 +++-------- src/wolfcrypt/src/sp_arm64.c | 3131 +++------- src/wolfcrypt/src/sp_armthumb.c | 2946 ++-------- src/wolfcrypt/src/sp_c32.c | 4681 +++------------ src/wolfcrypt/src/sp_c64.c | 5107 +++-------------- src/wolfcrypt/src/sp_cortexm.c | 3295 +++-------- src/wolfcrypt/src/sp_int.c | 66 +- src/wolfcrypt/src/sp_x86_64.c | 3611 +++--------- src/wolfcrypt/src/srp.c | 30 +- src/wolfcrypt/src/tfm.c | 821 +-- src/wolfcrypt/src/wc_encrypt.c | 140 +- src/wolfcrypt/src/wc_lms.c | 84 +- src/wolfcrypt/src/wc_lms_impl.c | 115 +- src/wolfcrypt/src/wc_mlkem.c | 90 + src/wolfcrypt/src/wc_mlkem_poly.c | 88 +- src/wolfcrypt/src/wc_pkcs11.c | 228 +- src/wolfcrypt/src/wc_port.c | 426 +- src/wolfcrypt/src/wc_xmss.c | 70 +- src/wolfcrypt/src/wc_xmss_impl.c | 12 +- src/wolfcrypt/src/wolfmath.c | 49 +- src/wolfssl/bio.c | 20 +- src/wolfssl/certs_test.h | 1062 ++-- src/wolfssl/certs_test_sm.h | 2913 ++++++++++ src/wolfssl/error-ssl.h | 2 +- src/wolfssl/evp.c | 131 +- src/wolfssl/internal.h | 233 +- src/wolfssl/ocsp.h | 8 + src/wolfssl/openssl/ec.h | 3 + src/wolfssl/openssl/evp.h | 2 +- src/wolfssl/openssl/opensslv.h | 10 +- src/wolfssl/openssl/ssl.h | 16 +- src/wolfssl/quic.h | 4 +- src/wolfssl/ssl.h | 185 +- src/wolfssl/test.h | 156 +- src/wolfssl/version.h | 4 +- src/wolfssl/wolfcrypt/aes.h | 227 +- src/wolfssl/wolfcrypt/ascon.h | 4 +- src/wolfssl/wolfcrypt/asn.h | 81 +- src/wolfssl/wolfcrypt/asn_public.h | 6 +- src/wolfssl/wolfcrypt/blake2.h | 14 +- src/wolfssl/wolfcrypt/chacha.h | 21 +- src/wolfssl/wolfcrypt/coding.h | 16 +- src/wolfssl/wolfcrypt/cpuid.h | 90 +- src/wolfssl/wolfcrypt/cryptocb.h | 84 +- src/wolfssl/wolfcrypt/dh.h | 22 +- src/wolfssl/wolfcrypt/dilithium.h | 84 + src/wolfssl/wolfcrypt/ecc.h | 9 + src/wolfssl/wolfcrypt/ed25519.h | 16 +- src/wolfssl/wolfcrypt/ed448.h | 16 +- src/wolfssl/wolfcrypt/error-crypt.h | 33 +- src/wolfssl/wolfcrypt/ext_xmss.h | 2 +- src/wolfssl/wolfcrypt/fe_operations.h | 19 +- src/wolfssl/wolfcrypt/ge_operations.h | 14 +- src/wolfssl/wolfcrypt/hash.h | 3 + src/wolfssl/wolfcrypt/hmac.h | 10 +- src/wolfssl/wolfcrypt/integer.h | 14 +- src/wolfssl/wolfcrypt/kdf.h | 18 + src/wolfssl/wolfcrypt/logging.h | 259 +- src/wolfssl/wolfcrypt/md5.h | 7 +- src/wolfssl/wolfcrypt/mem_track.h | 173 +- src/wolfssl/wolfcrypt/memory.h | 6 +- src/wolfssl/wolfcrypt/misc.h | 4 +- src/wolfssl/wolfcrypt/mlkem.h | 3 + src/wolfssl/wolfcrypt/oid_sum.h | 4 + src/wolfssl/wolfcrypt/pkcs11.h | 1 + src/wolfssl/wolfcrypt/pkcs7.h | 19 +- src/wolfssl/wolfcrypt/poly1305.h | 31 +- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 15 + src/wolfssl/wolfcrypt/pwdbased.h | 12 +- src/wolfssl/wolfcrypt/random.h | 23 +- src/wolfssl/wolfcrypt/rsa.h | 25 +- src/wolfssl/wolfcrypt/settings.h | 345 +- src/wolfssl/wolfcrypt/sha.h | 14 +- src/wolfssl/wolfcrypt/sha256.h | 23 +- src/wolfssl/wolfcrypt/sha3.h | 24 + src/wolfssl/wolfcrypt/sha512.h | 28 +- src/wolfssl/wolfcrypt/sp.h | 2 +- src/wolfssl/wolfcrypt/sp_int.h | 150 +- src/wolfssl/wolfcrypt/tfm.h | 11 +- src/wolfssl/wolfcrypt/types.h | 314 +- src/wolfssl/wolfcrypt/wc_mlkem.h | 5 - src/wolfssl/wolfcrypt/wc_port.h | 299 +- src/wolfssl/wolfcrypt/wolfmath.h | 9 + src/wolfssl/wolfio.h | 86 +- 177 files changed, 30966 insertions(+), 34169 deletions(-) create mode 100644 examples/wolfssl_client_dtls/README.md create mode 100644 examples/wolfssl_client_dtls/wolfssl_client_dtls.ino create mode 100644 examples/wolfssl_server_dtls/README.md create mode 100644 examples/wolfssl_server_dtls/wolfssl_server_dtls.ino create mode 100644 src/src/ssl_sk.c create mode 100644 src/wolfssl/certs_test_sm.h diff --git a/ChangeLog.md b/ChangeLog.md index 09728ee..ed7c9a8 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,76 @@ +# wolfSSL Release 5.8.4 (Nov. 20, 2025) + +Release 5.8.4 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is deprecated + * MD5 is now disabled by default + +PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. + +## Vulnerabilities +* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275. + + +* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak through multiple KeyShareEntry with the same group in malicious TLS 1.3 ClientHello messages. This affects users who are running wolfSSL on the server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9117. + +* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello that has a key share extension and the server responds with a ServerHello that does not have a key share extension the connection would previously continue on without using PFS. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9112. + +* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256 during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9113. + + +* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension parsing. Previously duplicate CKS extensions were not rejected leading to a potential memory leak when processing a ClientHello. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9132. + + +* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. + +* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. + +* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9395 + +## New Features +* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049) +* Initial wolfCrypt FreeBSD kernel module support (PR 9392) +* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage / OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7 builds with AES keywrap unset. (PR 9018, 9029, 9032) +* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free operations. (PR 9002, 9309) +* Add support for certificate_authorities extension in ClientHello and certificate manager CA-type selection/unloading. (PR 9209, 9046) +* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha, hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328, 9368, 9389, 9357, 9433) +* Rust: support optional heap and dev_id parameters and enable conditional compilation based on C build options. (PR 9407, 9433) +* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware acceleration additions. (PR 9228, 9256, 9185) +* STM32U5 added support for SAES and DHUK. (PR 9087) +* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR 9174) + +## Improvements / Optimizations +* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples, libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096, 9141, 9091, 9122, 9388) +* Improved test ordering and CI test stability (random tests run order changes, FIPS test fixes). (PR 9204, 9257) +* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and example certificate renewals. (PR 9131, 9293, 9262, 9429) +* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add Fetchmail and OpenVPN). (PR 9398, 9413) +* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements. (PR 8902, 9055) +* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family digest selection) and improved crypto-only build cases. (PR 9070, 9252, 9271, 9100, 9194) +* AES & HW offload improvements including AES-CTR support in PKCS11 driver and AES ECB offload sizing fix. (PR 9277, 9364) +* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR 8987, 9225, 9264) +* Renesas FSP / RA examples updated and security-module TLS context improvements. (PR 9047, 9010, 9158, 9150) +* Broad configure/CMake/Autotools workflow improvements (Apple options tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037, 9167, 9161, 9264) +* New assembly introspection / performance helpers for RISC-V and PPC32; benchmarking enhancements (cycle counts). (PR 9101, 9317) +* Update to SGX build for using assembly optimizations. (PR 8463, 9138) +* Testing with Fil-C compiler version to 0.674 (PR 9396) +* Refactors and compressing of small stack code (PR 9153) + +## Bug Fixes +* Removed the test feature using popen when defining the macro WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with having the macro HAVE_HTTP_CLIENT set. There was the potential for vulnerable behavior with the use of popen when the API wolfSSL_BIO_new_connect() was called with this specific build. This exact build configuration is only intended for testing with QEMU and is not enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the report. (PR 9038) +* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw public key import when using the API Ed25519ImportPublic.This was a broken API with the C# wrapper that would crash on use. Thanks to Luigino Camastra from Aisle Research for the bug report. (PR 9291) +* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324) +* TLS 1.2/DTLS improvements: client message order checks, DTLS cookie/exchange and replay protections, better DTLS early-data handling. (PR 9387, 9253, 9205, 9367) +* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints, restore inner server name for ECH, retrying cert candidate chains. (PR 8890, 9234, 8692) +* Sniffer robustness: fix infinite recursion, better handling of OOO appData and partial overlaps, and improved retransmission detection. (PR 9051, 9106, 9140, 9094) +* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067, 9111, 9121) +* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439) +* Avoid uninitialized-variable and GCC warnings; several fixes for undefined-shift/overflow issues. (PR 9020, 9372, 9195) +* Memory & leak fixes in X509 verification and various struct sizing fixes for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036) +* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031, 9263) + + # wolfSSL Release 5.8.2 (July 17, 2025) Release 5.8.2 has been developed according to wolfSSL's development and QA @@ -9,7 +82,7 @@ NOTE: * wolfSSL is now GPLv3 instead of GPLv2 * MD5 is now disabled by default -PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. ## Vulnerabilities @@ -68,7 +141,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 * Implemented distro fix for the Linux Kernel Module. (PR #8994) * Fixed page-flags-h in the Linux Kernel Module. (PR #9001) * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) -* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms + +### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) * Backward compatibility has been implemented for ML_KEM IDs (PR #8827) * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) @@ -207,7 +281,7 @@ https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assur NOTE: * --enable-heapmath is deprecated -PR stands for Pull Request, and PR references a GitHub pull request +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. @@ -423,7 +497,7 @@ NOTE: user_settings.h. -PR stands for Pull Request, and PR references a GitHub pull request +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. @@ -543,7 +617,7 @@ https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assur NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -PR stands for Pull Request, and PR references a GitHub pull request +PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added. diff --git a/LICENSING b/LICENSING index cf1d098..14b0801 100644 --- a/LICENSING +++ b/LICENSING @@ -1,9 +1,24 @@ +The wolfSSL, Inc. software (“wolfSSL Software”) to which this text is appended +is made available under the GNU General Public License version 3 (“GPLv3”) with +the following exception: When this wolfSSL Software is combined with the +software listed below (“Exception Software”), licensee may elect to license +this wolfSSL Software under the GNU General Public License version 2 (“GPLv2”) +instead of GPLv3. -wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use -under the GPLv3 (or at your option any later version) or a standard commercial -license. For our users who cannot use wolfSSL under GPLv3 -(or any later version), a commercial license to wolfSSL and wolfCrypt is -available. +Exception Software: + +MariaDB Server + +MariaDB Client Libraries + +OpenVPN-NL + +Fetchmail + +OpenVPN + +For our users who cannot use wolfSSL under GPLv3, a commercial license to +wolfSSL and wolfCrypt is available. Please contact wolfSSL Inc. directly at: diff --git a/README b/README index a8e5f76..6a0e29a 100644 --- a/README +++ b/README @@ -29,24 +29,29 @@ of the wolfSSL manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/) *** Notes, Please read *** Note 1) -wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer -supports static key cipher suites with PSK, RSA, or ECDH. This means if you -plan to use TLS cipher suites you must enable DH (DH is on by default), or -enable ECC (ECC is on by default), or you must enable static key cipher suites -with - - WOLFSSL_STATIC_DH - WOLFSSL_STATIC_RSA - or - WOLFSSL_STATIC_PSK - -though static key cipher suites are deprecated and will be removed from future -versions of TLS. They also lower your security by removing PFS. - -When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher +wolfSSL as of 3.6.6 no longer enables SSLv3 by default. By default, wolfSSL +disables static key cipher suites that use PSK, RSA, or ECDH without ephemeral +key exchange. Instead, wolfSSL enables cipher suites that provide perfect +forward secrecy (PFS) using ephemeral Diffie-Hellman (DH) or Elliptic Curve +(ECC) key exchange, both of which are enabled by default. + +If you need to support legacy systems that require static key cipher suites, +you can enable them using one or more of these defines: + +WOLFSSL_STATIC_DH +WOLFSSL_STATIC_RSA +WOLFSSL_STATIC_PSK + +Important: Static key cipher suites reduce security by eliminating perfect +forward secrecy. These cipher suites reuse the same long-term private key for +all session key exchanges. In contrast, PFS-enabled cipher suites (the wolfSSL +default) generate a new ephemeral key for each session, ensuring that +compromising a long-term key cannot decrypt past sessions. + +When compiling `ssl.c`, wolfSSL will now issue a compiler error if no cipher suites are available. You can remove this error by defining -WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not -using TLS cipher suites. +`WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're +not using TLS cipher suites. Note 2) wolfSSL takes a different approach to certificate verification than OpenSSL @@ -70,205 +75,77 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.8.2 (July 17, 2025) +# wolfSSL Release 5.8.4 (Nov. 20, 2025) -Release 5.8.2 has been developed according to wolfSSL's development and QA +Release 5.8.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * wolfSSL is now GPLv3 instead of GPLv2 - * --enable-heapmath is deprecated +NOTE: * --enable-heapmath is deprecated * MD5 is now disabled by default - PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities +* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275. -* [Low] There is the potential for a fault injection attack on ECC and Ed25519 verify operations. In versions of wolfSSL 5.7.6 and later the --enable-faultharden option is available to help mitigate against potential fault injection attacks. The mitigation added in wolfSSL version 5.7.6 is to help harden applications relying on the results of the verify operations, such as when used with wolfBoot. If doing ECC or Ed25519 verify operations on a device at risk for fault injection attacks then --enable-faultharden could be used to help mitigate it. Thanks to Kevin from Fraunhofer AISEC for the report. -Hardening option added in PR https://github.com/wolfSSL/wolfssl/pull/8289 +* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak through multiple KeyShareEntry with the same group in malicious TLS 1.3 ClientHello messages. This affects users who are running wolfSSL on the server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9117. +* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello that has a key share extension and the server responds with a ServerHello that does not have a key share extension the connection would previously continue on without using PFS. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9112. -* [High CVE-2025-7395] When using WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION on an Apple platform, the native trust store verification routine overrides errors produced elsewhere in the wolfSSL certificate verification process including failures due to hostname matching/SNI, OCSP, CRL, etc. This allows any trusted cert chain to override other errors detected during chain verification that should have resulted in termination of the TLS connection. If building wolfSSL on versions after 5.7.6 and before 5.8.2 with use of the system CA support and the apple native cert validation feature enabled on Apple devices (on by default for non-macOS Apple targets when using autotools or CMake) we recommend updating to the latest version of wolfSSL. Thanks to Thomas Leong from ExpressVPN for the report. +* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256 during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9113. -Fixed in PR https://github.com/wolfSSL/wolfssl/pull/8833 +* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension parsing. Previously duplicate CKS extensions were not rejected leading to a potential memory leak when processing a ClientHello. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9132. -* [Med. CVE-2025-7394] In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. -Fixed in the following PR’s -https://github.com/wolfSSL/wolfssl/pull/8849 -https://github.com/wolfSSL/wolfssl/pull/8867 -https://github.com/wolfSSL/wolfssl/pull/8898 +* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. +* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. - -* [Low CVE-2025-7396] In wolfSSL 5.8.0 the option of hardening the C implementation of Curve25519 private key operations was added with the addition of blinding support (https://www.wolfssl.com/curve25519-blinding-support-added-in-wolfssl-5-8-0/). In wolfSSL release 5.8.2 that blinding support is turned on by default in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the attack would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation. Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris for the report. - -Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 - +* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9395 ## New Features -* Multiple sessions are now supported in the sniffer due to the removal of a cached check. (PR #8723) -* New API ssl_RemoveSession() has been implemented for sniffer cleanup operations. (PR #8768) -* The new ASN X509 API, `wc_GetSubjectPubKeyInfoDerFromCert`, has been introduced for retrieving public key information from certificates. (PR #8758) -* `wc_PKCS12_create()` has been enhanced to support PBE_AES(256|128)_CBC key and certificate encryptions. (PR #8782, PR #8822, PR #8859) -* `wc_PKCS7_DecodeEncryptedKeyPackage()` has been added for decoding encrypted key packages. (PR #8976) -* All AES, SHA, and HMAC functionality has been implemented within the Linux Kernel Module. (PR #8998) -* Additions to the compatibility layer have been introduced for X.509 extensions and RSA PSS. Adding the API i2d_PrivateKey_bio, BN_ucmp and X509v3_get_ext_by_NID. (PR #8897) -* Added support for STM32N6. (PR #8914) -* Implemented SHA-256 for PPC 32 assembly. (PR #8894) +* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049) +* Initial wolfCrypt FreeBSD kernel module support (PR 9392) +* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage / OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7 builds with AES keywrap unset. (PR 9018, 9029, 9032) +* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free operations. (PR 9002, 9309) +* Add support for certificate_authorities extension in ClientHello and certificate manager CA-type selection/unloading. (PR 9209, 9046) +* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha, hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328, 9368, 9389, 9357, 9433) +* Rust: support optional heap and dev_id parameters and enable conditional compilation based on C build options. (PR 9407, 9433) +* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware acceleration additions. (PR 9228, 9256, 9185) +* STM32U5 added support for SAES and DHUK. (PR 9087) +* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR 9174) ## Improvements / Optimizations - -### Linux Kernel Module (LinuxKM) Enhancements -* Registered DH and FFDHE for the Linux Kernel Module. (PR #8707) -* Implemented fixes for standard RNG in the Linux Kernel Module. (PR #8718) -* Added an ECDSA workaround for the Linux Kernel Module. (PR #8727) -* Added more PKCS1 pad SHA variants for RSA in the Linux Kernel Module. (PR #8730) -* Set default priority to 100000 for LKCAPI in the Linux Kernel Module. (PR #8740) -* Ensured ECDH never has FIPS enabled in the Linux Kernel Module. (PR #8751) -* Implemented further Linux Kernel Module and SP tweaks. (PR #8773) -* Added sig_alg support for Linux 6.13 RSA in the Linux Kernel Module. (PR #8796) -* Optimized wc_linuxkm_fpu_state_assoc. (PR #8828) -* Ensured DRBG is multithread-round-1 in the Linux Kernel Module. (PR #8840) -* Prevented toggling of fips_enabled in the Linux Kernel Module. (PR #8873) -* Refactored drbg_ctx clear in the Linux Kernel Module. (PR #8876) -* Set sig_alg max_size and digest_size callbacks for RSA in the Linux Kernel Module. (PR #8915) -* Added get_random_bytes for the Linux Kernel Module. (PR #8943) -* Implemented distro fix for the Linux Kernel Module. (PR #8994) -* Fixed page-flags-h in the Linux Kernel Module. (PR #9001) -* Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) -* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms -* Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) -* Backward compatibility has been implemented for ML_KEM IDs (PR #8827) -* ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) -* Building LMS with verify-only has been fixed (PR #8913) -* Parameters for LMS SHA-256_192 have been corrected (PR #8912) -* State can now be saved with the private key for LMS (PR #8836) -* Support for OpenSSL format has been added for ML-DSA/Dilithium (PR #8947) -* `dilithium_coeff_eta2[]` has been explicitly declared as signed (PR #8955) - -### Build System & Portability -* Prepared for the inclusion of v5.8.0 in the Ada Alire index. (PR #8714) -* Introduced a new build option to allow reuse of the Windows crypt provider handle. (PR #8706) -* Introduced general fixes for various build configurations. (PR #8763) -* Made improvements for portability using older GCC 4.8.2. (PR #8753) -* Macro guards updated to allow tests to build with opensslall and no server. (PR #8776) -* Added a check for STDC_NO_ATOMICS macro before use of atomics. (PR #8885) -* Introduced CMakePresets.json and CMakeSettings.json. (PR #8905) -* Added an option to not use constant time code with min/max. (PR #8830) -* Implemented proper MacOS dispatch for conditional signal/wait. (PR #8928) -* Disabled MD5 by default for both general and CMake builds. (PR #8895, PR #8948) -* Improved to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. (PR #8926) -* Added introspection for Intel and ARM assembly speedups. (PR #8954) -* Fixed cURL config to set HAVE_EX_DATA and HAVE_ALPN. (PR #8973) -* Moved FREESCALE forced algorithm HAVE_ECC to IDE/MQX/user_settings.h. (PR #8977) - -### Testing & Debugging -* Fixed the exit status for testwolfcrypt. (PR #8762) -* Added WOLFSSL_DEBUG_PRINTF and WOLFSSL_DEBUG_CERTIFICATE_LOADS for improved debugging output. (PR #8769, PR #8770) -* Guarded some benchmark tests with NO_SW_BENCH. (PR #8760) -* Added an additional unit test for wolfcrypt PKCS12 file to improve code coverage. (PR #8831) -* Added an additional unit test for increased DH code coverage. (PR #8837) -* Adjusted for warnings with NO_TLS build and added GitHub actions test. (PR #8851) -* Added additional compatibility layer RAND tests. (PR #8852) -* Added an API unit test for checking domain name. (PR #8863) -* Added bind v9.18.33 testing. (PR #8888) -* Fixed issue with benchmark help options and descriptions not lining up. (PR #8957) - -### Certificates & ASN.1 -* Changed the algorithm for sum in ASN.1 OIDs. (PR #8655) -* Updated PKCS7 to use X509 STORE for internal verification. (PR #8748) -* Improved handling of temporary buffer size for X509 extension printing. (PR #8710) -* Marked IP address as WOLFSSL_V_ASN1_OCTET_STRING for ALT_NAMES_OID. (PR #8842) -* Fixed printing empty names in certificates. (PR #8880) -* Allowed CA:FALSE on wolftpm. (PR #8925) -* Fixed several inconsistent function prototype parameter names in wc/asn. (PR #8949) -* Accounted for custom extensions when creating a Cert from a WOLFSSL_X509. (PR #8960) - -### TLS/DTLS & Handshake -* Checked group correctness outside of TLS 1.3 too for TLSX_UseSupportedCurve. (PR #8785) -* Dropped records that span datagrams in DTLS. (PR #8642) -* Implemented WC_NID_netscape_cert_type. (PR #8800) -* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) -* Correctly set the current peer in dtlsProcessPendingPeer. (PR #8848) -* Fixed set_groups for TLS. (PR #8824) -* Allowed trusted_ca_keys with TLSv1.3. (PR #8860) -* Moved Dtls13NewEpoch into DeriveTls13Keys. (PR #8858) -* Cleared tls1_3 on downgrade. (PR #8861) -* Always sent ACKs on detected retransmission for DTLS1.3. (PR #8882) -* Removed DTLS from echo examples. (PR #8889) -* Recalculated suites at SSL initialization. (PR #8757) -* No longer using BIO for ALPN. (PR #8969) -* Fixed wolfSSL_BIO_new_connect's handling of IPV6 addresses. (PR #8815) -* Memory Management & Optimizations -* Performed small stack refactors, improved stack size with mlkem and dilithium, and added additional tests. (PR #8779) -* Implemented FREE_MP_INT_SIZE in heap math. (PR #8881) -* Detected correct MAX_ENCODED_SIG_SZ based on max support in math lib. (PR #8931) -* Fixed improper access of sp_int_minimal using sp_int. (PR #8985) - -### Cryptography & Hash Functions -* Implemented WC_SIPHASH_NO_ASM for not using assembly optimizations with siphash. (PR #8789, PR #8791) -* Added missing DH_MAX_SIZE define for FIPS and corrected wolfssl.rc FILETYPE to VFT_DLL. (PR #8794) -* Implemented WC_SHA3_NO_ASM for not using assembly with SHA3. (PR #8817) -* Improved Aarch64 XFENCE. (PR #8832) -* Omitted frame pointer for ARM32/Thumb2/RISC-V 64 assembly. (PR #8893) -* Fixed branch instruction in ARMv7a ASM. (PR #8933) -* Enabled EVP HMAC to work with WOLFSSL_HMAC_COPY_HASH. (PR #8944) -* Platform-Specific & Hardware Integration -* Added HAVE_HKDF for wolfssl_test and explicit support for ESP32P4. (PR #8742) -* Corrected Espressif default time setting. (PR #8829) -* Made wc_tsip_* APIs public. (PR #8717) -* Improved PlatformIO Certificate Bundle Support. (PR #8847) -* Fixed the TSIP TLS example program. (PR #8857) -* Added crypto callback functions for TROPIC01 secure element. (PR #8812) -* Added Renesas RX TSIP AES CTR support. (PR #8854) -* Fixed TSIP port using crypto callback. (PR #8937) - -### General Improvements & Refactoring -* Attempted wolfssl_read_bio_file in read_bio even when XFSEEK is available. (PR #8703) -* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) -* Updated libspdm from 3.3.0 to 3.7.0. (PR #8906) -* Fixed missing dashes on the end of header and footer for Falcon PEM key. (PR #8904) -* Fixed minor code typos for macos signal and types.h max block size. (PR #8934) -* Make the API wolfSSL_X509_STORE_CTX_get_error accessible to more build configurations for ease of getting the "store" error code and depth with certificate failure callback implementations. (PR #8903) +* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples, libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096, 9141, 9091, 9122, 9388) +* Improved test ordering and CI test stability (random tests run order changes, FIPS test fixes). (PR 9204, 9257) +* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and example certificate renewals. (PR 9131, 9293, 9262, 9429) +* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add Fetchmail and OpenVPN). (PR 9398, 9413) +* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements. (PR 8902, 9055) +* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family digest selection) and improved crypto-only build cases. (PR 9070, 9252, 9271, 9100, 9194) +* AES & HW offload improvements including AES-CTR support in PKCS11 driver and AES ECB offload sizing fix. (PR 9277, 9364) +* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR 8987, 9225, 9264) +* Renesas FSP / RA examples updated and security-module TLS context improvements. (PR 9047, 9010, 9158, 9150) +* Broad configure/CMake/Autotools workflow improvements (Apple options tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037, 9167, 9161, 9264) +* New assembly introspection / performance helpers for RISC-V and PPC32; benchmarking enhancements (cycle counts). (PR 9101, 9317) +* Update to SGX build for using assembly optimizations. (PR 8463, 9138) +* Testing with Fil-C compiler version to 0.674 (PR 9396) +* Refactors and compressing of small stack code (PR 9153) ## Bug Fixes -* Fixed issues to support _WIN32_WCE (VS 2008 with WinCE 6.0/7.0). (PR #8709) -* Fixed STM32 Hash with IRQ enabled. (PR #8705) -* Fixed raw hash when using crypto instructions on RISC-V 64-bit. (PR #8733) -* Fixed ECDH decode secret in the Linux Kernel Module. (PR #8729) -* Passed in the correct hash type to wolfSSL_RSA_verify_ex. (PR #8726) -* Fixed issues for Intel QuickAssist latest driver (4.28). (PR #8728) -* Speculative fix for CodeSonar overflow issue in ssl_certman.c. (PR #8715) -* Fixed Arduino progmem print and AVR WOLFSSL_USER_IO. (PR #8668) -* Correctly advanced the index in wc_HKDF_Expand_ex. (PR #8737) -* Fixed STM32 hash status check logic, including NO_AES_192 and NO_AES_256. (PR #8732) -* Added missing call to wolfSSL_RefFree in FreeCRL to prevent memory leaks. (PR #8750) -* Fixed sanity check on --group with unit test app and null sanity check with des decrypt. (PR #8711) -* Fixed Curve25519 and static ephemeral issue with blinding. (PR #8766) -* Fixed edge case issue with STM32 AES GCM auth padding. (PR #8745) -* Removed redefinition of MlKemKey and fixed build issue in benchmark. (PR #8755) -* Used proper heap hint when freeing CRL in error case. (PR #8713) -* Added support for no malloc with wc_CheckCertSigPubKey. (PR #8725) -* Fixed C# wrapper Release build. (PR #8802) -* Handled malformed CCS and CCS before CH in TLS1.3. (PR #8788) -* Fixed ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. (PR #8798) -* Fixed AesGcmCrypt_1 no-stream in the Linux Kernel Module. (PR #8814) -* Fixed return value usage for crypto_sig_sign in the Linux Kernel Module. (PR #8816) -* Fixed issue with CSharp and Windows CE with conversion of ASCII and Unicode. (PR #8799) -* Fixed Renesas SCE on RA6M4. (PR #8838) -* Fixed tests for different configs for ML-DSA. (PR #8865) -* Fixed bug in ParseCRL_Extensions around the size of a CRL number handled and CRL number OID. (PR #8587) -* Fixed uninitialized wc_FreeRng in prime_test. (PR #8886) -* Fixed ECC configuration issues with ECC verify only and no RNG. (PR #8901) -* Fixed issues with max size, openssl.test netcat, and clang-tidy. (PR #8909) -* Fixed for casting down and uninit issues in Dilithium/ML-DSA. (PR #8868) -* Fixed memory allocation failure testing and related unit test cases. (PR #8945, PR #8952) -* Fixed build issue with ML-DSA 44 only. (PR #8981) -* Fixed possible memory leak with X509 reference counter when using x509small. (PR #8982) +* Removed the test feature using popen when defining the macro WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with having the macro HAVE_HTTP_CLIENT set. There was the potential for vulnerable behavior with the use of popen when the API wolfSSL_BIO_new_connect() was called with this specific build. This exact build configuration is only intended for testing with QEMU and is not enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the report. (PR 9038) +* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw public key import when using the API Ed25519ImportPublic.This was a broken API with the C# wrapper that would crash on use. Thanks to Luigino Camastra from Aisle Research for the bug report. (PR 9291) +* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324) +* TLS 1.2/DTLS improvements: client message order checks, DTLS cookie/exchange and replay protections, better DTLS early-data handling. (PR 9387, 9253, 9205, 9367) +* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints, restore inner server name for ECH, retrying cert candidate chains. (PR 8890, 9234, 8692) +* Sniffer robustness: fix infinite recursion, better handling of OOO appData and partial overlaps, and improved retransmission detection. (PR 9051, 9106, 9140, 9094) +* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067, 9111, 9121) +* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439) +* Avoid uninitialized-variable and GCC warnings; several fixes for undefined-shift/overflow issues. (PR 9020, 9372, 9195) +* Memory & leak fixes in X509 verification and various struct sizing fixes for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036) +* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031, 9263) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/README.md b/README.md index 13265b3..905411a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Arduino wolfSSL Library -This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.8.2 for the Arduino platform. +This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.8.4 for the Arduino platform. The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json). @@ -40,13 +40,10 @@ Additional wolfSSL examples can be found at: ## Arduino Releases -This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable). - See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases). -The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. - The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. + # wolfSSL Embedded SSL/TLS Library The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) @@ -82,19 +79,24 @@ of the wolfSSL manual. ## Notes, Please Read ### Note 1 -wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer -supports static key cipher suites with PSK, RSA, or ECDH. This means if you -plan to use TLS cipher suites you must enable DH (DH is on by default), or -enable ECC (ECC is on by default), or you must enable static key cipher suites -with one or more of the following defines: +wolfSSL as of 3.6.6 no longer enables SSLv3 by default. By default, wolfSSL +disables static key cipher suites that use PSK, RSA, or ECDH without ephemeral +key exchange. Instead, wolfSSL enables cipher suites that provide perfect +forward secrecy (PFS) using ephemeral Diffie-Hellman (DH) or Elliptic Curve +(ECC) key exchange, both of which are enabled by default. -``` -WOLFSSL_STATIC_DH -WOLFSSL_STATIC_RSA -WOLFSSL_STATIC_PSK -``` -Though static key cipher suites are deprecated and will be removed from future -versions of TLS. They also lower your security by removing PFS. +If you need to support legacy systems that require static key cipher suites, +you can enable them using one or more of these defines: + +* `WOLFSSL_STATIC_DH` +* `WOLFSSL_STATIC_RSA` +* `WOLFSSL_STATIC_PSK` + +**Important:** Static key cipher suites reduce security by eliminating perfect +forward secrecy. These cipher suites reuse the same long-term private key for +all session key exchanges. In contrast, PFS-enabled cipher suites (the wolfSSL +default) generate a new ephemeral key for each session, ensuring that +compromising a long-term key cannot decrypt past sessions. When compiling `ssl.c`, wolfSSL will now issue a compiler error if no cipher suites are available. You can remove this error by defining @@ -124,205 +126,77 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.8.2 (July 17, 2025) +# wolfSSL Release 5.8.4 (Nov. 20, 2025) -Release 5.8.2 has been developed according to wolfSSL's development and QA +Release 5.8.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * wolfSSL is now GPLv3 instead of GPLv2 - * --enable-heapmath is deprecated +NOTE: * --enable-heapmath is deprecated * MD5 is now disabled by default - PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities +* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275. -* [Low] There is the potential for a fault injection attack on ECC and Ed25519 verify operations. In versions of wolfSSL 5.7.6 and later the --enable-faultharden option is available to help mitigate against potential fault injection attacks. The mitigation added in wolfSSL version 5.7.6 is to help harden applications relying on the results of the verify operations, such as when used with wolfBoot. If doing ECC or Ed25519 verify operations on a device at risk for fault injection attacks then --enable-faultharden could be used to help mitigate it. Thanks to Kevin from Fraunhofer AISEC for the report. - -Hardening option added in PR https://github.com/wolfSSL/wolfssl/pull/8289 +* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak through multiple KeyShareEntry with the same group in malicious TLS 1.3 ClientHello messages. This affects users who are running wolfSSL on the server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9117. -* [High CVE-2025-7395] When using WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION on an Apple platform, the native trust store verification routine overrides errors produced elsewhere in the wolfSSL certificate verification process including failures due to hostname matching/SNI, OCSP, CRL, etc. This allows any trusted cert chain to override other errors detected during chain verification that should have resulted in termination of the TLS connection. If building wolfSSL on versions after 5.7.6 and before 5.8.2 with use of the system CA support and the apple native cert validation feature enabled on Apple devices (on by default for non-macOS Apple targets when using autotools or CMake) we recommend updating to the latest version of wolfSSL. Thanks to Thomas Leong from ExpressVPN for the report. +* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello that has a key share extension and the server responds with a ServerHello that does not have a key share extension the connection would previously continue on without using PFS. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9112. -Fixed in PR https://github.com/wolfSSL/wolfssl/pull/8833 +* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256 during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9113. -* [Med. CVE-2025-7394] In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. +* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension parsing. Previously duplicate CKS extensions were not rejected leading to a potential memory leak when processing a ClientHello. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9132. -Fixed in the following PR’s -https://github.com/wolfSSL/wolfssl/pull/8849 -https://github.com/wolfSSL/wolfssl/pull/8867 -https://github.com/wolfSSL/wolfssl/pull/8898 +* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. +* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. -* [Low CVE-2025-7396] In wolfSSL 5.8.0 the option of hardening the C implementation of Curve25519 private key operations was added with the addition of blinding support (https://www.wolfssl.com/curve25519-blinding-support-added-in-wolfssl-5-8-0/). In wolfSSL release 5.8.2 that blinding support is turned on by default in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the attack would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation. Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris for the report. - -Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736 - +* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9395 ## New Features -* Multiple sessions are now supported in the sniffer due to the removal of a cached check. (PR #8723) -* New API ssl_RemoveSession() has been implemented for sniffer cleanup operations. (PR #8768) -* The new ASN X509 API, `wc_GetSubjectPubKeyInfoDerFromCert`, has been introduced for retrieving public key information from certificates. (PR #8758) -* `wc_PKCS12_create()` has been enhanced to support PBE_AES(256|128)_CBC key and certificate encryptions. (PR #8782, PR #8822, PR #8859) -* `wc_PKCS7_DecodeEncryptedKeyPackage()` has been added for decoding encrypted key packages. (PR #8976) -* All AES, SHA, and HMAC functionality has been implemented within the Linux Kernel Module. (PR #8998) -* Additions to the compatibility layer have been introduced for X.509 extensions and RSA PSS. Adding the API i2d_PrivateKey_bio, BN_ucmp and X509v3_get_ext_by_NID. (PR #8897) -* Added support for STM32N6. (PR #8914) -* Implemented SHA-256 for PPC 32 assembly. (PR #8894) +* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049) +* Initial wolfCrypt FreeBSD kernel module support (PR 9392) +* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage / OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7 builds with AES keywrap unset. (PR 9018, 9029, 9032) +* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free operations. (PR 9002, 9309) +* Add support for certificate_authorities extension in ClientHello and certificate manager CA-type selection/unloading. (PR 9209, 9046) +* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha, hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328, 9368, 9389, 9357, 9433) +* Rust: support optional heap and dev_id parameters and enable conditional compilation based on C build options. (PR 9407, 9433) +* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware acceleration additions. (PR 9228, 9256, 9185) +* STM32U5 added support for SAES and DHUK. (PR 9087) +* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR 9174) ## Improvements / Optimizations - -### Linux Kernel Module (LinuxKM) Enhancements -* Registered DH and FFDHE for the Linux Kernel Module. (PR #8707) -* Implemented fixes for standard RNG in the Linux Kernel Module. (PR #8718) -* Added an ECDSA workaround for the Linux Kernel Module. (PR #8727) -* Added more PKCS1 pad SHA variants for RSA in the Linux Kernel Module. (PR #8730) -* Set default priority to 100000 for LKCAPI in the Linux Kernel Module. (PR #8740) -* Ensured ECDH never has FIPS enabled in the Linux Kernel Module. (PR #8751) -* Implemented further Linux Kernel Module and SP tweaks. (PR #8773) -* Added sig_alg support for Linux 6.13 RSA in the Linux Kernel Module. (PR #8796) -* Optimized wc_linuxkm_fpu_state_assoc. (PR #8828) -* Ensured DRBG is multithread-round-1 in the Linux Kernel Module. (PR #8840) -* Prevented toggling of fips_enabled in the Linux Kernel Module. (PR #8873) -* Refactored drbg_ctx clear in the Linux Kernel Module. (PR #8876) -* Set sig_alg max_size and digest_size callbacks for RSA in the Linux Kernel Module. (PR #8915) -* Added get_random_bytes for the Linux Kernel Module. (PR #8943) -* Implemented distro fix for the Linux Kernel Module. (PR #8994) -* Fixed page-flags-h in the Linux Kernel Module. (PR #9001) -* Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005) -* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms -* Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781) -* Backward compatibility has been implemented for ML_KEM IDs (PR #8827) -* ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884) -* Building LMS with verify-only has been fixed (PR #8913) -* Parameters for LMS SHA-256_192 have been corrected (PR #8912) -* State can now be saved with the private key for LMS (PR #8836) -* Support for OpenSSL format has been added for ML-DSA/Dilithium (PR #8947) -* `dilithium_coeff_eta2[]` has been explicitly declared as signed (PR #8955) - -### Build System & Portability -* Prepared for the inclusion of v5.8.0 in the Ada Alire index. (PR #8714) -* Introduced a new build option to allow reuse of the Windows crypt provider handle. (PR #8706) -* Introduced general fixes for various build configurations. (PR #8763) -* Made improvements for portability using older GCC 4.8.2. (PR #8753) -* Macro guards updated to allow tests to build with opensslall and no server. (PR #8776) -* Added a check for STDC_NO_ATOMICS macro before use of atomics. (PR #8885) -* Introduced CMakePresets.json and CMakeSettings.json. (PR #8905) -* Added an option to not use constant time code with min/max. (PR #8830) -* Implemented proper MacOS dispatch for conditional signal/wait. (PR #8928) -* Disabled MD5 by default for both general and CMake builds. (PR #8895, PR #8948) -* Improved to allow building OPENSSL_EXTRA without KEEP_PEER_CERT. (PR #8926) -* Added introspection for Intel and ARM assembly speedups. (PR #8954) -* Fixed cURL config to set HAVE_EX_DATA and HAVE_ALPN. (PR #8973) -* Moved FREESCALE forced algorithm HAVE_ECC to IDE/MQX/user_settings.h. (PR #8977) - -### Testing & Debugging -* Fixed the exit status for testwolfcrypt. (PR #8762) -* Added WOLFSSL_DEBUG_PRINTF and WOLFSSL_DEBUG_CERTIFICATE_LOADS for improved debugging output. (PR #8769, PR #8770) -* Guarded some benchmark tests with NO_SW_BENCH. (PR #8760) -* Added an additional unit test for wolfcrypt PKCS12 file to improve code coverage. (PR #8831) -* Added an additional unit test for increased DH code coverage. (PR #8837) -* Adjusted for warnings with NO_TLS build and added GitHub actions test. (PR #8851) -* Added additional compatibility layer RAND tests. (PR #8852) -* Added an API unit test for checking domain name. (PR #8863) -* Added bind v9.18.33 testing. (PR #8888) -* Fixed issue with benchmark help options and descriptions not lining up. (PR #8957) - -### Certificates & ASN.1 -* Changed the algorithm for sum in ASN.1 OIDs. (PR #8655) -* Updated PKCS7 to use X509 STORE for internal verification. (PR #8748) -* Improved handling of temporary buffer size for X509 extension printing. (PR #8710) -* Marked IP address as WOLFSSL_V_ASN1_OCTET_STRING for ALT_NAMES_OID. (PR #8842) -* Fixed printing empty names in certificates. (PR #8880) -* Allowed CA:FALSE on wolftpm. (PR #8925) -* Fixed several inconsistent function prototype parameter names in wc/asn. (PR #8949) -* Accounted for custom extensions when creating a Cert from a WOLFSSL_X509. (PR #8960) - -### TLS/DTLS & Handshake -* Checked group correctness outside of TLS 1.3 too for TLSX_UseSupportedCurve. (PR #8785) -* Dropped records that span datagrams in DTLS. (PR #8642) -* Implemented WC_NID_netscape_cert_type. (PR #8800) -* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) -* Correctly set the current peer in dtlsProcessPendingPeer. (PR #8848) -* Fixed set_groups for TLS. (PR #8824) -* Allowed trusted_ca_keys with TLSv1.3. (PR #8860) -* Moved Dtls13NewEpoch into DeriveTls13Keys. (PR #8858) -* Cleared tls1_3 on downgrade. (PR #8861) -* Always sent ACKs on detected retransmission for DTLS1.3. (PR #8882) -* Removed DTLS from echo examples. (PR #8889) -* Recalculated suites at SSL initialization. (PR #8757) -* No longer using BIO for ALPN. (PR #8969) -* Fixed wolfSSL_BIO_new_connect's handling of IPV6 addresses. (PR #8815) -* Memory Management & Optimizations -* Performed small stack refactors, improved stack size with mlkem and dilithium, and added additional tests. (PR #8779) -* Implemented FREE_MP_INT_SIZE in heap math. (PR #8881) -* Detected correct MAX_ENCODED_SIG_SZ based on max support in math lib. (PR #8931) -* Fixed improper access of sp_int_minimal using sp_int. (PR #8985) - -### Cryptography & Hash Functions -* Implemented WC_SIPHASH_NO_ASM for not using assembly optimizations with siphash. (PR #8789, PR #8791) -* Added missing DH_MAX_SIZE define for FIPS and corrected wolfssl.rc FILETYPE to VFT_DLL. (PR #8794) -* Implemented WC_SHA3_NO_ASM for not using assembly with SHA3. (PR #8817) -* Improved Aarch64 XFENCE. (PR #8832) -* Omitted frame pointer for ARM32/Thumb2/RISC-V 64 assembly. (PR #8893) -* Fixed branch instruction in ARMv7a ASM. (PR #8933) -* Enabled EVP HMAC to work with WOLFSSL_HMAC_COPY_HASH. (PR #8944) -* Platform-Specific & Hardware Integration -* Added HAVE_HKDF for wolfssl_test and explicit support for ESP32P4. (PR #8742) -* Corrected Espressif default time setting. (PR #8829) -* Made wc_tsip_* APIs public. (PR #8717) -* Improved PlatformIO Certificate Bundle Support. (PR #8847) -* Fixed the TSIP TLS example program. (PR #8857) -* Added crypto callback functions for TROPIC01 secure element. (PR #8812) -* Added Renesas RX TSIP AES CTR support. (PR #8854) -* Fixed TSIP port using crypto callback. (PR #8937) - -### General Improvements & Refactoring -* Attempted wolfssl_read_bio_file in read_bio even when XFSEEK is available. (PR #8703) -* Refactored GetHandshakeHeader/GetHandShakeHeader into one function. (PR #8787) -* Updated libspdm from 3.3.0 to 3.7.0. (PR #8906) -* Fixed missing dashes on the end of header and footer for Falcon PEM key. (PR #8904) -* Fixed minor code typos for macos signal and types.h max block size. (PR #8934) -* Make the API wolfSSL_X509_STORE_CTX_get_error accessible to more build configurations for ease of getting the "store" error code and depth with certificate failure callback implementations. (PR #8903) +* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples, libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096, 9141, 9091, 9122, 9388) +* Improved test ordering and CI test stability (random tests run order changes, FIPS test fixes). (PR 9204, 9257) +* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and example certificate renewals. (PR 9131, 9293, 9262, 9429) +* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add Fetchmail and OpenVPN). (PR 9398, 9413) +* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements. (PR 8902, 9055) +* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family digest selection) and improved crypto-only build cases. (PR 9070, 9252, 9271, 9100, 9194) +* AES & HW offload improvements including AES-CTR support in PKCS11 driver and AES ECB offload sizing fix. (PR 9277, 9364) +* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR 8987, 9225, 9264) +* Renesas FSP / RA examples updated and security-module TLS context improvements. (PR 9047, 9010, 9158, 9150) +* Broad configure/CMake/Autotools workflow improvements (Apple options tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037, 9167, 9161, 9264) +* New assembly introspection / performance helpers for RISC-V and PPC32; benchmarking enhancements (cycle counts). (PR 9101, 9317) +* Update to SGX build for using assembly optimizations. (PR 8463, 9138) +* Testing with Fil-C compiler version to 0.674 (PR 9396) +* Refactors and compressing of small stack code (PR 9153) ## Bug Fixes -* Fixed issues to support _WIN32_WCE (VS 2008 with WinCE 6.0/7.0). (PR #8709) -* Fixed STM32 Hash with IRQ enabled. (PR #8705) -* Fixed raw hash when using crypto instructions on RISC-V 64-bit. (PR #8733) -* Fixed ECDH decode secret in the Linux Kernel Module. (PR #8729) -* Passed in the correct hash type to wolfSSL_RSA_verify_ex. (PR #8726) -* Fixed issues for Intel QuickAssist latest driver (4.28). (PR #8728) -* Speculative fix for CodeSonar overflow issue in ssl_certman.c. (PR #8715) -* Fixed Arduino progmem print and AVR WOLFSSL_USER_IO. (PR #8668) -* Correctly advanced the index in wc_HKDF_Expand_ex. (PR #8737) -* Fixed STM32 hash status check logic, including NO_AES_192 and NO_AES_256. (PR #8732) -* Added missing call to wolfSSL_RefFree in FreeCRL to prevent memory leaks. (PR #8750) -* Fixed sanity check on --group with unit test app and null sanity check with des decrypt. (PR #8711) -* Fixed Curve25519 and static ephemeral issue with blinding. (PR #8766) -* Fixed edge case issue with STM32 AES GCM auth padding. (PR #8745) -* Removed redefinition of MlKemKey and fixed build issue in benchmark. (PR #8755) -* Used proper heap hint when freeing CRL in error case. (PR #8713) -* Added support for no malloc with wc_CheckCertSigPubKey. (PR #8725) -* Fixed C# wrapper Release build. (PR #8802) -* Handled malformed CCS and CCS before CH in TLS1.3. (PR #8788) -* Fixed ML-DSA with WOLFSSL_DILITHIUM_NO_SIGN. (PR #8798) -* Fixed AesGcmCrypt_1 no-stream in the Linux Kernel Module. (PR #8814) -* Fixed return value usage for crypto_sig_sign in the Linux Kernel Module. (PR #8816) -* Fixed issue with CSharp and Windows CE with conversion of ASCII and Unicode. (PR #8799) -* Fixed Renesas SCE on RA6M4. (PR #8838) -* Fixed tests for different configs for ML-DSA. (PR #8865) -* Fixed bug in ParseCRL_Extensions around the size of a CRL number handled and CRL number OID. (PR #8587) -* Fixed uninitialized wc_FreeRng in prime_test. (PR #8886) -* Fixed ECC configuration issues with ECC verify only and no RNG. (PR #8901) -* Fixed issues with max size, openssl.test netcat, and clang-tidy. (PR #8909) -* Fixed for casting down and uninit issues in Dilithium/ML-DSA. (PR #8868) -* Fixed memory allocation failure testing and related unit test cases. (PR #8945, PR #8952) -* Fixed build issue with ML-DSA 44 only. (PR #8981) -* Fixed possible memory leak with X509 reference counter when using x509small. (PR #8982) +* Removed the test feature using popen when defining the macro WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with having the macro HAVE_HTTP_CLIENT set. There was the potential for vulnerable behavior with the use of popen when the API wolfSSL_BIO_new_connect() was called with this specific build. This exact build configuration is only intended for testing with QEMU and is not enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the report. (PR 9038) +* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw public key import when using the API Ed25519ImportPublic.This was a broken API with the C# wrapper that would crash on use. Thanks to Luigino Camastra from Aisle Research for the bug report. (PR 9291) +* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324) +* TLS 1.2/DTLS improvements: client message order checks, DTLS cookie/exchange and replay protections, better DTLS early-data handling. (PR 9387, 9253, 9205, 9367) +* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints, restore inner server name for ECH, retrying cert candidate chains. (PR 8890, 9234, 8692) +* Sniffer robustness: fix infinite recursion, better handling of OOO appData and partial overlaps, and improved retransmission detection. (PR 9051, 9106, 9140, 9094) +* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067, 9111, 9121) +* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439) +* Avoid uninitialized-variable and GCC warnings; several fixes for undefined-shift/overflow issues. (PR 9020, 9372, 9195) +* Memory & leak fixes in X509 verification and various struct sizing fixes for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036) +* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031, 9263) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ @@ -356,46 +230,46 @@ More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html ``` -├── certs [Certificates used in tests and examples] -├── cmake [Cmake build utilities] -├── debian [Debian packaging files] -├── doc [Documentation for wolfSSL (Doxygen)] -├── Docker [Prebuilt Docker environments] -├── examples [wolfSSL examples] -│   ├── asn1 [ASN.1 printing example] -│   ├── async [Asynchronous Cryptography example] -│   ├── benchmark [TLS benchmark example] -│   ├── client [Client example] -│   ├── configs [Example build configurations] -│   ├── echoclient [Echoclient example] -│   ├── echoserver [Echoserver example] -│   ├── pem [Example for convert between PEM and DER] -│   ├── sctp [Servers and clients that demonstrate wolfSSL's DTLS-SCTP support] -│   └── server [Server example] -├── IDE [Contains example projects for various development environments] -├── linuxkm [Linux Kernel Module implementation] -├── m4 [Autotools utilities] -├── mcapi [wolfSSL MPLAB X Project Files] -├── mplabx [wolfSSL MPLAB X Project Files] -├── mqx [wolfSSL Freescale CodeWarrior Project Files] -├── rpm [RPM packaging metadata] -├── RTOS -│   └── nuttx [Port of wolfSSL for NuttX] -├── scripts [Testing scripts] -├── src [wolfSSL source code] -├── sslSniffer [wolfSSL sniffer can be used to passively sniff SSL traffic] -├── support [Contains the pkg-config file] -├── tests [Unit and configuration testing] -├── testsuite [Test application that orchestrates tests] -├── tirtos [Port of wolfSSL for TI RTOS] -├── wolfcrypt [The wolfCrypt component] -│   ├── benchmark [Cryptography benchmarking application] -│   ├── src [wolfCrypt source code] -│   │   └── port [Supported hardware acceleration ports] -│   └── test [Cryptography testing application] -├── wolfssl [Header files] -│   ├── openssl [Compatibility layer headers] -│   └── wolfcrypt [Header files] -├── wrapper [wolfSSL language wrappers] -└── zephyr [Port of wolfSSL for Zephyr RTOS] +├── certs [Certificates used in tests and examples] +├── cmake [Cmake build utilities] +├── debian [Debian packaging files] +├── doc [Documentation for wolfSSL (Doxygen)] +├── Docker [Prebuilt Docker environments] +├── examples [wolfSSL examples] +│   ├── asn1 [ASN.1 printing example] +│   ├── async [Asynchronous Cryptography example] +│   ├── benchmark [TLS benchmark example] +│   ├── client [Client example] +│   ├── configs [Example build configurations] +│   ├── echoclient [Echoclient example] +│   ├── echoserver [Echoserver example] +│   ├── pem [Example for convert between PEM and DER] +│   ├── sctp [Servers and clients that demonstrate wolfSSL's DTLS-SCTP support] +│   └── server [Server example] +├── IDE [Contains example projects for various development environments] +├── linuxkm [Linux Kernel Module implementation] +├── m4 [Autotools utilities] +├── mcapi [wolfSSL MPLAB X Project Files] +├── mplabx [wolfSSL MPLAB X Project Files] +├── mqx [wolfSSL Freescale CodeWarrior Project Files] +├── rpm [RPM packaging metadata] +├── RTOS +│   └── nuttx [Port of wolfSSL for NuttX] +├── scripts [Testing scripts] +├── src [wolfSSL source code] +├── sslSniffer [wolfSSL sniffer can be used to passively sniff SSL traffic] +├── support [Contains the pkg-config file] +├── tests [Unit and configuration testing] +├── testsuite [Test application that orchestrates tests] +├── tirtos [Port of wolfSSL for TI RTOS] +├── wolfcrypt [The wolfCrypt component] +│   ├── benchmark [Cryptography benchmarking application] +│   ├── src [wolfCrypt source code] +│   │   └── port [Supported hardware acceleration ports] +│   └── test [Cryptography testing application] +├── wolfssl [Header files] +│   ├── openssl [Compatibility layer headers] +│   └── wolfcrypt [Header files] +├── wrapper [wolfSSL language wrappers] +└── zephyr [Port of wolfSSL for Zephyr RTOS] ``` diff --git a/examples/template/template.ino b/examples/template/template.ino index 8998976..0d0f8d8 100644 --- a/examples/template/template.ino +++ b/examples/template/template.ino @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -21,6 +21,13 @@ #include +#if defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include +#endif + /* wolfSSL user_settings.h must be included from settings.h * Make all configurations changes in user_settings.h * Do not edit wolfSSL `settings.h` or `config.h` files. diff --git a/examples/template/wolfssl_helper.c b/examples/template/wolfssl_helper.c index f4eeb57..c6dcd39 100644 --- a/examples/template/wolfssl_helper.c +++ b/examples/template/wolfssl_helper.c @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -26,10 +26,36 @@ * Be sure to include these files in all libraries that reference * wolfssl in this order: */ -#include -/* settings.h is typically included in wolfssl.h, but here as a reminder: */ -#include -#include +#if defined(ARDUINO_PORTENTA_X8) + /* This file is purposely a c and not .cpp file for testing. + * On Portenta X8 the core headers assume C++, and things like A6, + * PIN_SPI_MOSI, etc. - rely on C++-only constructs. + * So don't include Arduino.h here for Portenta. */ + + #include + #include /* The ssl.h usually included by wolfssl.h */ + + #ifdef __cplusplus + extern "C" { + #endif + + /* Sample source code is C, but Arduino is compiling with C++ + * Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */ + int wolfSSL_Arduino_Serial_Print(const char* const s); + + #ifdef __cplusplus + } + #endif +#else + /* Assume all other target boards would want to include Arduino.h in a + * helper such as this one. Not needed in this wolfssl_helper.c example. */ + #include + + /* settings.h is typically included in wolfssl.h, but here as a reminder: */ + #include + #include /* The wolfssl core Arduino library file */ +#endif + #include "wolfssl_helper.h" diff --git a/examples/template/wolfssl_helper.h b/examples/template/wolfssl_helper.h index 844f022..1291dbe 100644 --- a/examples/template/wolfssl_helper.h +++ b/examples/template/wolfssl_helper.h @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff --git a/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino b/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino index 31ef797..a47d096 100644 --- a/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino +++ b/examples/wolfssl_AES_CTR/wolfssl_AES_CTR.ino @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -19,6 +19,15 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include + +#if defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include +#endif + /* The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. @@ -50,7 +59,21 @@ Teensy 4.1 (ARM Cortex M7) */ #define WOLFSSL_AES_CTR_EXAMPLE +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ #include + + /* settings.h is included from Arduino `wolfssl.h`, but a good practice to + * include before any other wolfssl headers. As a reminder here: */ +#include + #include #if defined(NO_AES) or !defined(WOLFSSL_AES_COUNTER) or !defined(WOLFSSL_AES_128) diff --git a/examples/wolfssl_client/wolfssl_client.ino b/examples/wolfssl_client/wolfssl_client.ino index 8af1eaf..c56de7f 100644 --- a/examples/wolfssl_client/wolfssl_client.ino +++ b/examples/wolfssl_client/wolfssl_client.ino @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -39,6 +39,18 @@ Tested with: /* If you have a private include, define it here, otherwise edit WiFi params */ /* #define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" */ +#if defined(ARDUINO) && defined(ESP8266) + #warning "This example is not yet supported on Arduino ESP8266" +#endif + +#if defined(DEBUG_WOLFSSL) + /* Optionally enabled verbose wolfSSL debugging */ + #define DEBUG_WOLFSSL_MESSAGES_ON +#else + /* DEBUG_WOLFSSL needs to be enabled */ + #undef DEBUG_WOLFSSL_MESSAGES_ON +#endif + /* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ #define REPEAT_CONNECTION 0 @@ -68,12 +80,12 @@ Tested with: /* the /workspace directory may contain a private config * excluded from GitHub with items such as WiFi passwords */ #include MY_PRIVATE_CONFIG - static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; - static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; + static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; + static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; #else /* when using WiFi capable boards: */ - static const char ssid[] PROGMEM = "your_SSID"; - static const char password[] PROGMEM = "your_PASSWORD"; + static const char ssid[] PROGMEM = "your_SSID"; + static const char password[] PROGMEM = "your_PASSWORD"; #endif #define BROADCAST_ADDRESS "255.255.255.255" @@ -132,6 +144,10 @@ Tested with: #elif defined(ESP8266) #define USING_WIFI #include + /* Ensure the F() flash macro is defined */ + #ifndef F + #define F + #endif WiFiClient client; #elif defined(ARDUINO_SAM_DUE) @@ -140,7 +156,10 @@ Tested with: /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */ #include EthernetClient client; - +#elif defined(ARDUINO_AVR_ETHERNET) || defined(ARDUINO_AVR_LEONARDO_ETH) + /* Boards such as arduino:avr:ethernet and arduino:avr:leonardoeth */ + #include + EthernetClient client; #elif defined(ARDUINO_SAMD_NANO_33_IOT) #define USING_WIFI #include @@ -153,6 +172,36 @@ Tested with: #include WiFiClient client; +#elif defined(ARDUINO_SAMD_TIAN) + #include + #include + HttpClient client; + /* Arduino Tian does not support network shields like the standard Ethernet or Wi-Fi shields. */ + #error "HttpClient cannot be used for this example" +#elif defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include + + /* ----No - network placeholders(compile - only) ---- */ + #include + struct X8NoNetClient { + int write(const uint8_t*, size_t) { return -1; } + int available() { return 0; } + int read() { return -1; } + void stop() {} + bool connected() { return false; } + IPAddress remoteIP() { return IPAddress(0, 0, 0, 0); } + }; + struct X8NoNetServer { + explicit X8NoNetServer(uint16_t) {} + void begin() {} + X8NoNetClient available() { return X8NoNetClient(); } + }; + + X8NoNetClient client; + X8NoNetServer server(WOLFSSL_PORT); #elif defined(USING_WIFI) #define USING_WIFI #include @@ -205,7 +254,10 @@ static char errBuf[80]; static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx); static int reconnect = RECONNECT_ATTEMPTS; +#if 0 +/* optional showPeerEx, currently disabled */ static int lng_index PROGMEM = 0; /* 0 = English */ +#endif #if defined(__arm__) #include @@ -462,7 +514,8 @@ int setup_network(void) { /*****************************************************************************/ /* Arduino setup_wolfssl() */ /*****************************************************************************/ -int setup_wolfssl(void) { +int setup_wolfssl(void) +{ int ret = 0; WOLFSSL_METHOD* method; @@ -482,8 +535,14 @@ int setup_wolfssl(void) { #endif #if defined(DEBUG_WOLFSSL) - wolfSSL_Debugging_ON(); - Serial.println(F("wolfSSL Debugging is On!")); + Serial.println(F("wolfSSL Debugging is available! (DEBUG_WOLFSSL)")); + #if defined(DEBUG_WOLFSSL_MESSAGES_ON) + Serial.println(F("Enabling verbose messages wolfSSL_Debugging_ON")); + wolfSSL_Debugging_ON(); + #else + Serial.println(F("Enable verbose messages with wolfSSL_Debugging_ON")); + Serial.println(F("or define DEBUG_WOLFSSL_MESSAGES_ON")); + #endif #else Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)")); #endif @@ -509,6 +568,7 @@ int setup_wolfssl(void) { * It is best on embedded devices to choose a TLS session cache size. */ #endif + /* Initialize wolfSSL before assigning ctx */ ret = wolfSSL_Init(); if (ret == WOLFSSL_SUCCESS) { Serial.println("Successfully called wolfSSL_Init"); @@ -543,7 +603,8 @@ int setup_wolfssl(void) { /*****************************************************************************/ /* Arduino setup_certificates() */ /*****************************************************************************/ -int setup_certificates(void) { +int setup_certificates(void) +{ int ret = 0; Serial.println(F("Initializing certificates...")); @@ -609,7 +670,8 @@ int setup_certificates(void) { /* Arduino setup() */ /*****************************************************************************/ /*****************************************************************************/ -void setup(void) { +void setup(void) +{ int i = 0; Serial.begin(SERIAL_BAUD); while (!Serial && (i < 10)) { @@ -650,13 +712,17 @@ void setup(void) { wolfSSL_SetIOSend(ctx, EthernetSend); wolfSSL_SetIORecv(ctx, EthernetReceive); +#if defined THIS_USER_SETTINGS_VERSION + Serial.print(F("This user_settings.h version:")) + Serial.println(THIS_USER_SETTINGS_VERSION) +#endif + Serial.println(F("Completed Arduino setup!")); /* See companion wolfssl_server.ino code; server begins listening here * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server * Any other server will work. See also: * https://github.com/wolfSSL/wolfssl/tree/master/examples/client */ - /* See companion wolfssl_server.ino code */ return; } /* Arduino setup */ @@ -731,7 +797,7 @@ int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, } return err; -} +} /* error_check_ssl */ /*****************************************************************************/ /*****************************************************************************/ diff --git a/examples/wolfssl_client_dtls/README.md b/examples/wolfssl_client_dtls/README.md new file mode 100644 index 0000000..924225b --- /dev/null +++ b/examples/wolfssl_client_dtls/README.md @@ -0,0 +1,28 @@ +# Arduino Basic DTLS Listening Client + +Open the [wolfssl_client_dtls.ino](./wolfssl_client_dtls.ino) file in the Arduino IDE. + +If using WiFi, be sure to set `ssid` and `password` values. + +May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1. + +See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address. + +Other IDE products are also supported, such as: + +- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html) +- [VisualGDB](https://visualgdb.com/tutorials/arduino/) +- [VisualMicro](https://www.visualmicro.com/) + +For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE). +Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). + + +### Troubleshooting + +When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino +cache directories. For Windows, that's typically in: + +```text +C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches +``` diff --git a/examples/wolfssl_client_dtls/wolfssl_client_dtls.ino b/examples/wolfssl_client_dtls/wolfssl_client_dtls.ino new file mode 100644 index 0000000..e4e8fec --- /dev/null +++ b/examples/wolfssl_client_dtls/wolfssl_client_dtls.ino @@ -0,0 +1,950 @@ +/* + * client-dtls13.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + *============================================================================= + * + * Bare-bones example of a DTLS 1.3 client for instructional/learning purposes. + * This example uses blocking sockets for simplicity. + * + * Define USE_DTLS12 to use DTLS 1.2 instead of DTLS 1.3 +/* +Tested with: + +1) Intel Galileo acting as the Client, with a laptop acting as a server using + the server example provided in examples/server. + Legacy Arduino v1.86 was used to compile and program the Galileo + +2) Espressif ESP32 WiFi + +3) Arduino Due, Nano33 IoT, Nano RP-2040 +*/ + +/* + * Note to code editors: the Arduino client and server examples are edited in + * parallel for side-by-side comparison between examples. + */ + +/* If you have a private include, define it here, otherwise edit WiFi params */ +/* #define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" */ + +#if defined(ARDUINO) && defined(ESP8266) + #warning "This example is not yet supported on Arduino ESP8266" +#endif + +#if defined(DEBUG_WOLFSSL) + /* Optionally enabled verbose wolfSSL debugging */ + #define DEBUG_WOLFSSL_MESSAGES_ON +#else + /* DEBUG_WOLFSSL needs to be enabled */ + #undef DEBUG_WOLFSSL_MESSAGES_ON +#endif + +/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ +#define REPEAT_CONNECTION 0 + +/* Edit this with your other DTLS host server address to connect to: */ +#define WOLFSSL_DTLS_SERVER_HOST "192.168.1.107" + +/* wolfssl TLS examples communicate on port 11111 */ +#define WOLFSSL_PORT 11111 + +/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ +#define SERIAL_BAUD 115200 + +/* We'll wait up to 2000 milliseconds to properly shut down connection */ +#define SHUTDOWN_DELAY_MS 2000 + +/* Number of times to retry connection. */ +#define RECONNECT_ATTEMPTS 20 + +/* Number of DTLS messages to send. Use -1 for continual messages. */ +#define DTLS_MESSAGE_CT 42 + +/* Assume bad socket until proven otherwise */ +#define INVALID_SOCKET -1 + +/* Maximum size in bytes of buffer to send and receive */ +#define MAXLINE 128 + +/* Optional stress test. Define to consume memory until exhausted: */ +/* #define MEMORY_STRESS_TEST */ + +/* Choose client or server example, not both. */ +#define WOLFSSL_CLIENT_EXAMPLE +/* #define WOLFSSL_SERVER_EXAMPLE */ + +#if defined(MY_PRIVATE_CONFIG) + /* the /workspace directory may contain a private config + * excluded from GitHub with items such as WiFi passwords */ + #include MY_PRIVATE_CONFIG + static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; + static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; +#else + /* when using WiFi capable boards: */ + static const char ssid[] PROGMEM = "your_SSID"; + static const char password[] PROGMEM = "your_PASSWORD"; +#endif + +#define BROADCAST_ADDRESS "255.255.255.255" + +/* There's an optional 3rd party NTPClient library by Fabrice Weinberg. + * If it is installed, uncomment define USE_NTP_LIB here: */ +/* #define USE_NTP_LIB */ +#ifdef USE_NTP_LIB + #include +#endif + +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ +#include +/* Important: make sure settings.h appears before any other wolfSSL headers */ +#include +/* Reminder: settings.h includes user_settings.h + * For ALL project wolfSSL settings, see: + * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */ +#include +#include +#include + +#ifndef WOLFSSL_DTLS + /* Support for DTLS by default was added after wolfSSL v5.8.2 release */ + #error "This example requires WOLFSSL_DTLS. See user_settings.h in the Arduino wolfssl library" +#endif + +/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */ +#if defined(DEBUG_WOLFSSL) + #define PROGRESS_DOT F("") +#else + #define PROGRESS_DOT F(".") +#endif + +/* Convert a macro to a string */ +#define xstr(x) str(x) +#define str(x) #x + +/* optional board-specific networking includes */ +#if defined(ESP32) + #define USING_WIFI + #include + #include + #ifdef USE_NTP_LIB + WiFiUDP ntpUDP; + #endif + /* Ensure the F() flash macro is defined */ + #ifndef F + #define F + #endif + WiFiClient client; + +#elif defined(ESP8266) + #define USING_WIFI + #include + WiFiClient client; + +#elif defined(ARDUINO_SAM_DUE) + #include + /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield. + /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */ + #include + EthernetClient client; +#elif defined(ARDUINO_AVR_ETHERNET) || defined(ARDUINO_AVR_LEONARDO_ETH) + /* Boards such as arduino:avr:ethernet and arduino:avr:leonardoeth */ + #include + EthernetClient client; + +#elif defined(ARDUINO_SAMD_NANO_33_IOT) + #define USING_WIFI + #include + #include /* Needs Arduino WiFiNINA library installed manually */ + WiFiClient client; + +#elif defined(ARDUINO_ARCH_RP2040) + #define USING_WIFI + #include + #include + WiFiClient client; + +#elif defined(ARDUINO_SAMD_TIAN) + #include + #include + HttpClient client; + /* Arduino Tian does not support network shields like the standard Ethernet or Wi-Fi shields. */ + #error "HttpClient cannot be used for this example" +#elif defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include + + /* ----No - network placeholders(compile - only) ---- */ + #include + struct X8NoNetClient { + int write(const uint8_t*, size_t) { return -1; } + int available() { return 0; } + int read() { return -1; } + void stop() {} + bool connected() { return false; } + IPAddress remoteIP() { return IPAddress(0, 0, 0, 0); } + }; + struct X8NoNetServer { + explicit X8NoNetServer(uint16_t) {} + void begin() {} + X8NoNetClient available() { return X8NoNetClient(); } + }; + + X8NoNetClient client; + X8NoNetServer server(WOLFSSL_PORT); +#elif defined(USING_WIFI) + #define USING_WIFI + #include + #include + #ifdef USE_NTP_LIB + WiFiUDP ntpUDP; + #endif + WiFiClient client; + +/* TODO +#elif defined(OTHER_BOARD) +*/ +#else + /* assume all other boards using WiFi library. Edit as needed: */ + #include + #define USING_WIFI + WiFiClient client; +#endif + +/* Only for syntax highlighters to show interesting options enabled: */ +#if defined(HAVE_SNI) \ + || defined(HAVE_MAX_FRAGMENT) \ + || defined(HAVE_TRUSTED_CA) \ + || defined(HAVE_TRUNCATED_HMAC) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ + || defined(HAVE_SUPPORTED_CURVES) \ + || defined(HAVE_ALPN) \ + || defined(HAVE_SESSION_TICKET) \ + || defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SERVER_RENEGOTIATION_INFO) +#endif + +static const char host[] PROGMEM = WOLFSSL_DTLS_SERVER_HOST; /* server to connect to */ +static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */ + +static WOLFSSL_CTX* ctx = NULL; +static WOLFSSL* ssl = NULL; +static char* wc_error_message = (char*)malloc(80 + 1); +static char errBuf[80]; + +#if defined(MEMORY_STRESS_TEST) + #define MEMORY_STRESS_ITERATIONS 100 + #define MEMORY_STRESS_BLOCK_SIZE 1024 + #define MEMORY_STRESS_INITIAL (4*1024) + static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */ + static int mem_ctr = 0; +#endif + +static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); +static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx); +static int reconnect = RECONNECT_ATTEMPTS; +#if 0 +/* optional showPeerEx, currently disabled */ +static int lng_index PROGMEM = 0; /* 0 = English */ +#endif + +#if defined(__arm__) + #include + extern char _end; + extern "C" char *sbrk(int i); + static char *ramstart=(char *)0x20070000; + static char *ramend=(char *)0x20088000; +#endif + +/*****************************************************************************/ +/* fail_wait - in case of unrecoverable error */ +/*****************************************************************************/ +int fail_wait(void) { + show_memory(); + + Serial.println(F("Failed. Halt.")); + while (1) { + delay(1000); + } + return 0; +} + +/*****************************************************************************/ +/* show_memory() to optionally view during debugging. */ +/*****************************************************************************/ +int show_memory(void) +{ +#if defined(__arm__) + struct mallinfo mi = mallinfo(); + + char *heapend=sbrk(0); + register char * stack_ptr asm("sp"); + #if defined(DEBUG_WOLFSSL_VERBOSE) + Serial.print(" arena="); + Serial.println(mi.arena); + Serial.print(" ordblks="); + Serial.println(mi.ordblks); + Serial.print(" uordblks="); + Serial.println(mi.uordblks); + Serial.print(" fordblks="); + Serial.println(mi.fordblks); + Serial.print(" keepcost="); + Serial.println(mi.keepcost); + #endif + + #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST) + Serial.print("Estimated free memory: "); + Serial.print(stack_ptr - heapend + mi.fordblks); + Serial.println(F(" bytes")); + #endif + + #if (0) + /* Experimental: not supported on all devices: */ + Serial.print("RAM Start %lx\n", (unsigned long)ramstart); + Serial.print("Data/Bss end %lx\n", (unsigned long)&_end); + Serial.print("Heap End %lx\n", (unsigned long)heapend); + Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr); + Serial.print("RAM End %lx\n", (unsigned long)ramend); + + Serial.print("Heap RAM Used: ",mi.uordblks); + Serial.print("Program RAM Used ",&_end - ramstart); + Serial.print("Stack RAM Used ",ramend - stack_ptr); + + Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks); + #endif +#else + Serial.println(F("show_memory() not implemented for this platform")); +#endif + return 0; +} + +/*****************************************************************************/ +/* Arduino setup_hardware() */ +/*****************************************************************************/ +int setup_hardware(void) { + int ret = 0; + +#if defined(ARDUINO_SAMD_NANO_33_IOT) + Serial.println(F("Detected known tested and working Arduino Nano 33 IoT")); +#elif defined(ARDUINO_ARCH_RP2040) + Serial.println(F("Detected known tested and working Arduino RP-2040")); +#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG) + /* need to manually turn on random number generator on Arduino Due, etc. */ + pmc_enable_periph_clk(ID_TRNG); + trng_enable(TRNG); + Serial.println(F("Enabled ARM TRNG")); +#endif + + show_memory(); + randomSeed(analogRead(0)); + return ret; +} + +/*****************************************************************************/ +/* Arduino setup_datetime() */ +/* The device needs to have a valid date within the valid range of certs. */ +/*****************************************************************************/ +int setup_datetime(void) { + int ret = 0; + int ntp_tries = 20; + + /* we need a date in the range of cert expiration */ +#ifdef USE_NTP_LIB + #if defined(ESP32) + NTPClient timeClient(ntpUDP, "pool.ntp.org"); + + timeClient.begin(); + timeClient.update(); + delay(1000); + while (!timeClient.isTimeSet() && (ntp_tries > 0)) { + timeClient.forceUpdate(); + Serial.println(F("Waiting for NTP update")); + delay(2000); + ntp_tries--; + } + if (ntp_tries <= 0) { + Serial.println(F("Warning: gave up waiting on NTP")); + } + Serial.println(timeClient.getFormattedTime()); + Serial.println(timeClient.getEpochTime()); + #endif +#endif + +#if defined(ESP32) + /* see esp32-hal-time.c */ + ntp_tries = 5; + /* Replace "pool.ntp.org" with your preferred NTP server */ + configTime(0, 0, "pool.ntp.org"); + + /* Wait for time to be set */ + while ((time(nullptr) <= 100000) && ntp_tries > 0) { + Serial.println(F("Waiting for time to be set...")); + delay(2000); + ntp_tries--; + } +#endif + + return ret; +} /* setup_datetime */ + +/*****************************************************************************/ +/* Arduino setup_network() */ +/*****************************************************************************/ +int setup_network(void) { + int ret = 0; + +#if defined(USING_WIFI) + int status = WL_IDLE_STATUS; + + /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */ + #if defined(ESP8266) || defined(ESP32) + WiFi.mode(WIFI_STA); + #else + String fv; + if (WiFi.status() == WL_NO_MODULE) { + Serial.println("Communication with WiFi module failed!"); + /* don't continue if no network */ + while (true) ; + } + + fv = WiFi.firmwareVersion(); + if (fv < WIFI_FIRMWARE_LATEST_VERSION) { + Serial.println("Please upgrade the firmware"); + } + #endif + + Serial.print(F("Connecting to WiFi ")); + Serial.print(ssid); + status = WiFi.begin(ssid, password); + while (status != WL_CONNECTED) { + delay(1000); + Serial.print(F(".")); + Serial.print(status); + status = WiFi.status(); + } + + Serial.println(F(" Connected!")); +#else + /* Newer Ethernet shields have a + * MAC address printed on a sticker on the shield */ + byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; + IPAddress ip(192, 168, 1, 42); + IPAddress myDns(192, 168, 1, 1); + Ethernet.init(10); /* Most Arduino shields */ + /* Ethernet.init(5); * MKR ETH Shield */ + /* Ethernet.init(0); * Teensy 2.0 */ + /* Ethernet.init(20); * Teensy++ 2.0 */ + /* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */ + /* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */ + Serial.println(F("Initialize Ethernet with DHCP:")); + if (Ethernet.begin(mac) == 0) { + Serial.println(F("Failed to configure Ethernet using DHCP")); + /* Check for Ethernet hardware present */ + if (Ethernet.hardwareStatus() == EthernetNoHardware) { + Serial.println(F("Ethernet shield was not found.")); + while (true) { + delay(1); /* do nothing */ + } + } + if (Ethernet.linkStatus() == LinkOFF) { + Serial.println(F("Ethernet cable is not connected.")); + } + /* try to configure using IP address instead of DHCP : */ + Ethernet.begin(mac, ip, myDns); + } + else { + Serial.print(F(" DHCP assigned IP ")); + Serial.println(Ethernet.localIP()); + } + /* We'll assume the Ethernet connection is ready to go. */ +#endif + + Serial.println(F("********************************************************")); + Serial.print(F(" wolfSSL Example Client IP = ")); +#if defined(USING_WIFI) + Serial.println(WiFi.localIP()); +#else + Serial.println(Ethernet.localIP()); +#endif + Serial.print(F(" Configured Server Host to connect to: ")); + Serial.println(host); + Serial.println(F("********************************************************")); + Serial.println(F("Setup network complete.")); + + return ret; +} + +/*****************************************************************************/ +/* Arduino setup_wolfssl() */ +/*****************************************************************************/ +int setup_wolfssl(void) +{ + int ret = 0; + WOLFSSL_METHOD* method; + + /* Show a revision of wolfssl user_settings.h file in use when available: */ +#if defined(WOLFSSL_USER_SETTINGS_ID) + Serial.print(F("WOLFSSL_USER_SETTINGS_ID: ")); + Serial.println(F(WOLFSSL_USER_SETTINGS_ID)); +#else + Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found.")); +#endif + +#if defined(NO_WOLFSSL_SERVER) + Serial.println(F("wolfSSL server code disabled to save space.")); +#endif +#if defined(NO_WOLFSSL_CLIENT) + Serial.println(F("wolfSSL client code disabled to save space.")); +#endif + +#if defined(DEBUG_WOLFSSL) + Serial.println(F("wolfSSL Debugging is available! (DEBUG_WOLFSSL)")); + #if defined(DEBUG_WOLFSSL_MESSAGES_ON) + Serial.println(F("Enabling verbose messages wolfSSL_Debugging_ON")); + wolfSSL_Debugging_ON(); + #else + Serial.println(F("Enable verbose messages with wolfSSL_Debugging_ON")); + Serial.println(F("or define DEBUG_WOLFSSL_MESSAGES_ON")); + #endif +#else + Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)")); +#endif + + /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */ +#if defined(NO_SESSION_CACHE) + Serial.println(F("wolfSSL TLS NO_SESSION_CACHE")); +#elif defined(MICRO_SESSION_CACHEx) + Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE")); +#elif defined(SMALL_SESSION_CACHE) + Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE")); +#elif defined(MEDIUM_SESSION_CACHE) + Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE")); +#elif defined(BIG_SESSION_CACHE) + Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE")); +#elif defined(HUGE_SESSION_CACHE) + Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); +#elif defined(HUGE_SESSION_CACHE) + Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); +#else + Serial.println(F("WARNING: Unknown or no TLS session cache setting.")); + /* See wolfssl/src/ssl.c for amount of memory used. + * It is best on embedded devices to choose a TLS session cache size. */ +#endif + + /* Initialize wolfSSL before assigning ctx */ + ret = wolfSSL_Init(); + if (ret == WOLFSSL_SUCCESS) { + Serial.println("Successfully called wolfSSL_Init"); + } + else { + Serial.println("ERROR: wolfSSL_Init failed"); + } + + /* See companion server example with wolfSSLv23_server_method here. + * method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3. + * method = wolfTLSv1_2_client_method(); only TLS 1.2 + * method = wolfTLSv1_3_client_method(); only TLS 1.3 + * + * see Arduino\libraries\wolfssl\src\user_settings.h */ + + Serial.println("Here we go!"); + +#ifdef WOLFSSL_DTLS13 + Serial.println(F("Setting wolfDTLSv1_3_client_method")); + method = wolfDTLSv1_3_client_method(); +#else + Serial.println(F("Setting wolfDTLSv1_2_client_method")); + method = wolfDTLSv1_2_client_method(); +#endif + ctx = wolfSSL_CTX_new(method); + if (ctx == NULL) { + fail_wait(); + } + + if (method == NULL) { + Serial.println(F("Unable to get wolfssl client method")); + fail_wait(); + } + + ctx = wolfSSL_CTX_new(method); + if (ctx == NULL) { + Serial.println(F("unable to get ctx")); + fail_wait(); + } + + return ret; +} + +/*****************************************************************************/ +/* Arduino setup_certificates() */ +/*****************************************************************************/ +int setup_certificates(void) +{ + int ret = 0; + + /* See user_settings.h that should have included wolfssl/certs_test.h */ + + Serial.println(F("Initializing certificates...")); + show_memory(); + + /* Use built-in validation, No verification callback function: */ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + + /* Certificate */ + Serial.println("Initializing certificates..."); + ret = wolfSSL_CTX_use_certificate_buffer(ctx, + CTX_CLIENT_CERT, + CTX_CLIENT_CERT_SIZE, + CTX_CLIENT_CERT_TYPE); + if (ret == WOLFSSL_SUCCESS) { + Serial.print("Success: use certificate: "); + Serial.println(xstr(CTX_SERVER_CERT)); + } + else { + Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: ")); + wc_ErrorString(ret, wc_error_message); + Serial.println(wc_error_message); + fail_wait(); + } + + /* Setup private client key */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + CTX_CLIENT_KEY, + CTX_CLIENT_KEY_SIZE, + CTX_CLIENT_KEY_TYPE); + if (ret == WOLFSSL_SUCCESS) { + Serial.print("Success: use private key buffer: "); + Serial.println(xstr(CTX_SERVER_KEY)); + } + else { + Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ")); + wc_ErrorString(ret, wc_error_message); + Serial.println(wc_error_message); + fail_wait(); + } + + ret = wolfSSL_CTX_load_verify_buffer(ctx, + CTX_CA_CERT, + CTX_CA_CERT_SIZE, + CTX_CA_CERT_TYPE); + if (ret == WOLFSSL_SUCCESS) { + Serial.println(F("Success: load_verify CTX_CA_CERT")); + } + else { + Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: ")); + wc_ErrorString(ret, wc_error_message); + Serial.println(wc_error_message); + fail_wait(); + } + + return ret; +} /* Arduino setup */ + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino setup() */ +/*****************************************************************************/ +/*****************************************************************************/ +void setup(void) { + int i = 0; + Serial.begin(SERIAL_BAUD); + while (!Serial && (i < 10)) { + /* wait for serial port to connect. Needed for native USB port only */ + delay(1000); + i++; + } + Serial.println(F("")); + Serial.println(F("")); + Serial.println(F("wolfSSL DTLS Client Example Startup.")); + + /* Optionally pre-allocate a large block of memory for testing */ +#if defined(MEMORY_STRESS_TEST) + Serial.println(F("WARNING: Memory Stress Test Active!")); + Serial.print(F("Allocating extra memory: ")); + Serial.print(MEMORY_STRESS_INITIAL); + Serial.println(F(" bytes...")); + memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL); + show_memory(); +#endif + + setup_hardware(); + + setup_network(); + + setup_datetime(); + + setup_wolfssl(); + + setup_certificates(); + +#if defined THIS_USER_SETTINGS_VERSION + Serial.print(F("This user_settings.h version:")) + Serial.println(THIS_USER_SETTINGS_VERSION) +#endif + + Serial.println(F("Completed Arduino setup!")); + /* See companion wolfssl_server_dtls.ino code; server begins listening here + * https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_server_dtls + * Any other DTLS server will work. See also: + * https://github.com/wolfSSL/wolfssl/tree/master/examples/client + */ + return; +} /* Arduino setup */ + +/*****************************************************************************/ +/* wolfSSL error_check() */ +/*****************************************************************************/ +int error_check(int this_ret, bool halt_on_error, + const __FlashStringHelper* message) { + int ret = 0; + if (this_ret == WOLFSSL_SUCCESS) { + Serial.print(F("Success: ")); + Serial.println(message); + } + else { + Serial.print(F("ERROR: return = ")); + Serial.print(this_ret); + Serial.print(F(": ")); + Serial.println(message); + Serial.println(wc_GetErrorString(this_ret)); + if (halt_on_error) { + fail_wait(); + } + } + show_memory(); + + return ret; +} /* error_check */ + +/*****************************************************************************/ +/* wolfSSL error_check_ssl */ +/* Parameters: */ +/* ssl is the current WOLFSSL object pointer */ +/* halt_on_error set to true to suspend operations for critical error */ +/* message is expected to be a memory-efficient F("") macro string */ +/*****************************************************************************/ +int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, + const __FlashStringHelper* message) { + int err = 0; + + if (ssl == NULL) { + Serial.println(F("ssl is Null; Unable to allocate SSL object?")); +#ifndef DEBUG_WOLFSSL + Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more.")); +#else + Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes.")); +#endif + Serial.print(F("ERROR: ")); + Serial.println(message); + show_memory(); + if (halt_on_error) { + fail_wait(); + } + } + else { + err = wolfSSL_get_error(ssl, this_ret); + if (err == WOLFSSL_SUCCESS) { + Serial.print(F("Success m: ")); + Serial.println(message); + } + else { + if (err < 0) { + wolfSSL_ERR_error_string(err, errBuf); + Serial.print(F("WOLFSSL Error: ")); + Serial.print(err); + Serial.print(F("; ")); + Serial.println(errBuf); + } + else { + Serial.println(F("Success: ssl object.")); + } + } + } + + return err; +} /* error_check_ssl */ + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino loop() */ +/*****************************************************************************/ +/*****************************************************************************/ +void loop() +{ + /* standard variables used in a dtls client */ + char sendLine[MAXLINE] = "Hello DTLS wolfSSL!"; + char recvLine[MAXLINE - 1]; + struct sockaddr_in servAddr; + const char* cipherName; + int msg_ct = 0; + int n = 0; + int sockfd = INVALID_SOCKET; + int err; + int ret; + int exitVal = 1; + + /* Assign ssl variable */ + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + Serial.println(F("unable to get ssl object\n")); + goto cleanup; + } + + /* servAddr setup */ + memset(&servAddr, 0, sizeof(servAddr)); + servAddr.sin_family = AF_INET; + servAddr.sin_port = htons(WOLFSSL_PORT); + if (inet_pton(AF_INET, WOLFSSL_DTLS_SERVER_HOST, &servAddr.sin_addr) < 1) { + perror("inet_pton()"); + goto cleanup; + } + + if (wolfSSL_dtls_set_peer(ssl, &servAddr, sizeof(servAddr)) + != WOLFSSL_SUCCESS) { + Serial.println(F("wolfSSL_dtls_set_peer failed\n")); + goto cleanup; + } + + if ((sockfd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { + perror("socket()"); + goto cleanup; + } + + /* Set the file descriptor for ssl */ + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + Serial.println(F("cannot set socket file descriptor\n")); + goto cleanup; + } + + Serial.print(F("Connecting to wolfSSL DTLS Secure Server...")); + do { + reconnect--; + err = 0; /* reset error */ + Serial.println(F("wolfSSL_connect ...")); + ret = wolfSSL_connect(ssl); + if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) { + Serial.println(F("Failed connection, checking error.")); + err = error_check_ssl(ssl, ret, true, + F("Create WOLFSSL object from ctx")); + Serial.print("err ="); + Serial.println(err); + } + else { + Serial.print(PROGRESS_DOT); + } + } while ((err == WC_PENDING_E) && (reconnect > 0)); + + Serial.println(); + Serial.println(F("Connected!")); + Serial.print(F("SSL version is ")); + Serial.println(wolfSSL_get_version(ssl)); + + cipherName = wolfSSL_get_cipher(ssl); + Serial.print(F("SSL cipher suite is ")); + Serial.println(cipherName); + +/*****************************************************************************/ +/* Code for sending datagram to server */ +/*****************************************************************************/ + Serial.println(F("Begin DTLS Loop...")); + msg_ct = 0; + while (msg_ct < DTLS_MESSAGE_CT || (DTLS_MESSAGE_CT == -1)) { + msg_ct++; + + /* Send sendLine to the server */ + Serial.print(F("Sending Message #")); + Serial.print(msg_ct); + Serial.print(F(": \"")); + Serial.print(F(sendLine)); + Serial.println(F("\" ... ")); + if (wolfSSL_write(ssl, sendLine, strlen(sendLine)) != strlen(sendLine)) { + err = error_check_ssl(ssl, ret, true, + F("Create WOLFSSL object from ctx")); + Serial.print("err ="); + Serial.println(err); + goto cleanup; + } + + /* n is the # of bytes received */ + Serial.println(F("Reading Message...")); + n = wolfSSL_read(ssl, recvLine, sizeof(recvLine)-1); + + if (n > 0) { + /* Add a terminating character to the generic server message */ + recvLine[n] = '\0'; + Serial.println(F("Got Message...")); + printf("%s\n", recvLine); + } + else { + err = error_check_ssl(ssl, ret, true, + F("Create WOLFSSL object from ctx")); + Serial.print("err ="); + Serial.println(err); + goto cleanup; + } + + } /* (msg_ct > DTLS_MESSAGE_CT || (DTLS_MESSAGE_CT == -1)) */ + + exitVal = 0; +cleanup: + if (ssl != NULL) { + /* Attempt a full shutdown */ + ret = wolfSSL_shutdown(ssl); + if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + Serial.println("Not done... Try again wolfSSL_shutdown"); + ret = wolfSSL_shutdown(ssl); + } + + if (ret != WOLFSSL_SUCCESS) { + err = error_check_ssl(ssl, ret, true, + F("Create WOLFSSL object from ctx")); + Serial.print("err ="); + Serial.println(err); + Serial.println(F("wolfSSL_shutdown failed\n")); + } + wolfSSL_free(ssl); + } + if (sockfd != INVALID_SOCKET) { + close(sockfd); + } + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + } + wolfSSL_Cleanup(); + + Serial.print(F("Reset to start over.")); + Serial.print(F("Done!")); + + while (1) { + delay(1000); + } +} /* Arduino loop */ + diff --git a/examples/wolfssl_server/wolfssl_server.ino b/examples/wolfssl_server/wolfssl_server.ino index 1b9d4ed..7f75bcc 100644 --- a/examples/wolfssl_server/wolfssl_server.ino +++ b/examples/wolfssl_server/wolfssl_server.ino @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -39,6 +39,18 @@ Tested with: /* If you have a private include, define it here, otherwise edit WiFi params */ /* #define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" */ +#if defined(ARDUINO) && defined(ESP8266) + #warning "This example is not yet supported on Arduino ESP8266" +#endif + +#if defined(DEBUG_WOLFSSL) + /* Optionally enabled verbose wolfSSL debugging */ + #define DEBUG_WOLFSSL_MESSAGES_ON +#else + /* DEBUG_WOLFSSL needs to be enabled */ + #undef DEBUG_WOLFSSL_MESSAGES_ON +#endif + /* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ #define REPEAT_CONNECTION 1 @@ -68,12 +80,12 @@ Tested with: /* the /workspace directory may contain a private config * excluded from GitHub with items such as WiFi passwords */ #include MY_PRIVATE_CONFIG - static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; - static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; + static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; + static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; #else /* when using WiFi capable boards: */ - static const char ssid[] PROGMEM = "your_SSID"; - static const char password[] PROGMEM = "your_PASSWORD"; + static const char ssid[] PROGMEM = "your_SSID"; + static const char password[] PROGMEM = "your_PASSWORD"; #endif #define BROADCAST_ADDRESS "255.255.255.255" @@ -132,6 +144,10 @@ Tested with: #elif defined(ESP8266) #define USING_WIFI #include + /* Ensure the F() flash macro is defined */ + #ifndef F + #define F + #endif WiFiClient client; WiFiServer server(WOLFSSL_PORT); #elif defined(ARDUINO_SAM_DUE) @@ -140,7 +156,12 @@ Tested with: /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */ #include EthernetClient client; - EthernetClient server(WOLFSSL_PORT); + EthernetServer server(WOLFSSL_PORT); +#elif defined(ARDUINO_AVR_ETHERNET) || defined(ARDUINO_AVR_LEONARDO_ETH) + /* Boards such as arduino:avr:ethernet and arduino:avr:leonardoeth */ + #include + EthernetClient client; + EthernetServer server(WOLFSSL_PORT); #elif defined(ARDUINO_SAMD_NANO_33_IOT) #define USING_WIFI #include @@ -153,6 +174,36 @@ Tested with: #include WiFiClient client; WiFiServer server(WOLFSSL_PORT); +#elif defined(ARDUINO_SAMD_TIAN) + #include + #include + HttpClient client; + /* Arduino Tian does not support network shields like the standard Ethernet or Wi-Fi shields. */ + #error "HttpClient cannot be used for this example" +#elif defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include + + /* ----No - network placeholders(compile - only) ---- */ + #include + struct X8NoNetClient { + int write(const uint8_t*, size_t) { return -1; } + int available() { return 0; } + int read() { return -1; } + void stop() {} + bool connected() { return false; } + IPAddress remoteIP() { return IPAddress(0, 0, 0, 0); } + }; + struct X8NoNetServer { + explicit X8NoNetServer(uint16_t) {} + void begin() {} + X8NoNetClient available() { return X8NoNetClient(); } + }; + + X8NoNetClient client; + X8NoNetServer server(WOLFSSL_PORT); #elif defined(USING_WIFI) #define USING_WIFI #include @@ -206,7 +257,10 @@ static char errBuf[80]; static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx); static int reconnect = RECONNECT_ATTEMPTS; +#if 0 +/* optional showPeerEx, currently disabled */ static int lng_index PROGMEM = 0; /* 0 = English */ +#endif #if defined(__arm__) #include @@ -463,7 +517,8 @@ int setup_network(void) { /*****************************************************************************/ /* Arduino setup_wolfssl() */ /*****************************************************************************/ -int setup_wolfssl(void) { +int setup_wolfssl(void) +{ int ret = 0; WOLFSSL_METHOD* method; @@ -483,8 +538,14 @@ int setup_wolfssl(void) { #endif #if defined(DEBUG_WOLFSSL) - wolfSSL_Debugging_ON(); - Serial.println(F("wolfSSL Debugging is On!")); + Serial.println(F("wolfSSL Debugging is available! (DEBUG_WOLFSSL)")); + #if defined(DEBUG_WOLFSSL_MESSAGES_ON) + Serial.println(F("Enabling verbose messages wolfSSL_Debugging_ON")); + wolfSSL_Debugging_ON(); + #else + Serial.println(F("Enable verbose messages with wolfSSL_Debugging_ON")); + Serial.println(F("or define DEBUG_WOLFSSL_MESSAGES_ON")); + #endif #else Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)")); #endif @@ -510,6 +571,7 @@ int setup_wolfssl(void) { * It is best on embedded devices to choose a TLS session cache size. */ #endif + /* Initialize wolfSSL before assigning ctx */ ret = wolfSSL_Init(); if (ret == WOLFSSL_SUCCESS) { Serial.println("Successfully called wolfSSL_Init"); @@ -544,7 +606,8 @@ int setup_wolfssl(void) { /*****************************************************************************/ /* Arduino setup_certificates() */ /*****************************************************************************/ -int setup_certificates(void) { +int setup_certificates(void) +{ int ret = 0; Serial.println(F("Initializing certificates...")); @@ -594,7 +657,8 @@ int setup_certificates(void) { /* Arduino setup() */ /*****************************************************************************/ /*****************************************************************************/ -void setup(void) { +void setup(void) +{ int i = 0; Serial.begin(SERIAL_BAUD); while (!Serial && (i < 10)) { @@ -725,7 +789,7 @@ int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, } return err; -} +} /* error_check_ssl */ /*****************************************************************************/ /*****************************************************************************/ diff --git a/examples/wolfssl_server_dtls/README.md b/examples/wolfssl_server_dtls/README.md new file mode 100644 index 0000000..43deb7e --- /dev/null +++ b/examples/wolfssl_server_dtls/README.md @@ -0,0 +1,140 @@ +# Arduino Basic TLS Server + +Open the [wolfssl_server_dtls.ino](./wolfssl_server_dtls.ino) file in the Arduino IDE. + +If using WiFi, be sure to set `ssid` and `password` values. + +May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1. + +See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address. + +Other IDE products are also supported, such as: + +- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html) +- [VisualGDB](https://visualgdb.com/tutorials/arduino/) +- [VisualMicro](https://www.visualmicro.com/) + +For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE). +Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). + +## Connect with an Arduino Sketch + +See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client_dtls.ino). + +## Connect with Linux Client + +See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) +and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server). + +Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`, +connect with the `client` executable: + +``` +./examples/client/client -h 192.168.1.38 -p 11111 -v 3 +``` + +## wolfSSL Error -308 wolfSSL_connect error state on socket + +When using a wired Ethernet connection, and this error is encountered, simply +press the reset button or power cycle the Arduino before making a connection. + +Here's one possible script to test the server from a command-line client: + +```bash +#!/usr/bin/env bash +echo "client log " > client_log.txt +counter=1 +THIS_ERR=0 +while [ $THIS_ERR -eq 0 ]; do + ./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt + + THIS_ERR=$? + if [ $? -ne 0 ]; then + echo "Failed!" + exit 1 + fi + echo "Iteration $counter" + echo "Iteration $counter" >> client_log.txt + ((counter++)) +done +``` + +Output expected from the `client` command: + +``` +$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3 +Alternate cert chain used + issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + altname = example.com + altname = 127.0.0.1 + serial number:01 +SSL version is TLSv1.2 +SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256 +SSL curve name is SECP256R1 +--- +Server certificate +-----BEGIN CERTIFICATE----- +MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz +MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW +BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t +M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh +bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL +DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG +A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl +hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR +vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs +i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI +JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k +W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8 +DMa5hrjJBMNRN9JP +-----END CERTIFICATE----- +Session timeout set to 500 seconds +Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8 +SSL-Session: + Protocol : TLSv1.2 + Cipher : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31 + Session-ID-ctx: + Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F + TLS session ticket: NONE + Start Time: 1705533296 + Timeout : 500 (sec) + Extended master secret: no +I hear you fa shizzle! +``` + +### Troubleshooting + +When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this: + +```text +c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr' +collect2.exe: error: ld returned 1 exit status + +exit status 1 + +Compilation error: exit status 1 +``` + +Try cleaning the Arduino cache directories. For Windows, that's typically in: + +```text +C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches +``` + +Remove all other boards from other serial ports, leaving one the one being programmed. diff --git a/examples/wolfssl_server_dtls/wolfssl_server_dtls.ino b/examples/wolfssl_server_dtls/wolfssl_server_dtls.ino new file mode 100644 index 0000000..38e9148 --- /dev/null +++ b/examples/wolfssl_server_dtls/wolfssl_server_dtls.ino @@ -0,0 +1,984 @@ +/* server-dtls13.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + * + *============================================================================= + * + * Bare-bones example of a DTLS 1.3 server for instructional/learning purposes. + * This example can only accept one connection at a time. + * + * Define USE_DTLS12 to use DTLS 1.2 instead of DTLS 1.3 +/* +Tested with: + +1) Intel Galileo acting as the Client, with a laptop acting as a server using + the server example provided in examples/server. + Legacy Arduino v1.86 was used to compile and program the Galileo + +2) Espressif ESP32 WiFi + +3) Arduino Due, Nano33 IoT, Nano RP-2040 +*/ + +/* + * Note to code editors: the Arduino client and server examples are edited in + * parallel for side-by-side comparison between examples. + */ + +/* If you have a private include, define it here, otherwise edit WiFi params */ +/* #define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" */ + +#if defined(ARDUINO) && defined(ESP8266) + #warning "This example is not yet supported on Arduino ESP8266" +#endif + +#if defined(DEBUG_WOLFSSL) + /* Optionally enabled verbose wolfSSL debugging */ + #define DEBUG_WOLFSSL_MESSAGES_ON +#else + /* DEBUG_WOLFSSL needs to be enabled */ + #undef DEBUG_WOLFSSL_MESSAGES_ON +#endif + +/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ +#define REPEAT_CONNECTION 0 + +/* Edit this with your other TLS host server address to connect to: */ +/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.39" */ + +/* wolfssl TLS examples communicate on port 11111 */ +#define WOLFSSL_PORT 11111 + +/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ +#define SERIAL_BAUD 115200 + +/* We'll wait up to 2000 milliseconds to properly shut down connection */ +#define SHUTDOWN_DELAY_MS 2000 + +/* Number of times to retry connection. */ +#define RECONNECT_ATTEMPTS 20 + +/* Assume bad socket until proven otherwise */ +#define INVALID_SOCKET -1 + +/* Maximum size in bytes of buffer to send and receive */ +#define MAXLINE 128 + +/* Optional stress test. Define to consume memory until exhausted: */ +/* #define MEMORY_STRESS_TEST */ + +/* Choose client or server example, not both. */ +/* #define WOLFSSL_CLIENT_EXAMPLE */ +#define WOLFSSL_SERVER_EXAMPLE + +#if defined(MY_PRIVATE_CONFIG) + /* the /workspace directory may contain a private config + * excluded from GitHub with items such as WiFi passwords */ + #include MY_PRIVATE_CONFIG + static const char ssid[] PROGMEM = MY_ARDUINO_WIFI_SSID; + static const char password[] PROGMEM = MY_ARDUINO_WIFI_PASSWORD; +#else + /* when using WiFi capable boards: */ + static const char ssid[] PROGMEM = "your_SSID"; + static const char password[] PROGMEM = "your_PASSWORD"; +#endif + +#define BROADCAST_ADDRESS "255.255.255.255" + +/* There's an optional 3rd party NTPClient library by Fabrice Weinberg. + * If it is installed, uncomment define USE_NTP_LIB here: */ +/* #define USE_NTP_LIB */ +#ifdef USE_NTP_LIB + #include +#endif + +/* wolfSSL user_settings.h must be included from settings.h + * Make all configurations changes in user_settings.h + * Do not edit wolfSSL `settings.h` or `config.h` files. + * Do not explicitly include user_settings.h in any source code. + * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" + * C/C++ source files can use: #include + * The wolfSSL "settings.h" must be included in each source file using wolfSSL. + * The wolfSSL "settings.h" must appear before any other wolfSSL include. + */ +#include +/* Important: make sure settings.h appears before any other wolfSSL headers */ +#include +/* Reminder: settings.h includes user_settings.h + * For ALL project wolfSSL settings, see: + * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */ +#include +#include +#include + +#ifndef WOLFSSL_DTLS + /* Support for DTLS by default was added after wolfSSL v5.8.2 release */ + #error "This example requires WOLFSSL_DTLS. See user_settings.h in the Arduino wolfssl library" +#endif + +/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */ +#if defined(DEBUG_WOLFSSL) + #define PROGRESS_DOT F("") +#else + #define PROGRESS_DOT F(".") +#endif + +/* Convert a macro to a string */ +#define xstr(x) str(x) +#define str(x) #x + +/* optional board-specific networking includes */ +#if defined(ESP32) + #define USING_WIFI + #include + #include + #ifdef USE_NTP_LIB + WiFiUDP ntpUDP; + #endif + /* Ensure the F() flash macro is defined */ + #ifndef F + #define F + #endif + WiFiClient client; + WiFiServer server(WOLFSSL_PORT); +#elif defined(ESP8266) + #define USING_WIFI + #include + /* Ensure the F() flash macro is defined */ + #ifndef F + #define F + #endif + WiFiClient client; + WiFiServer server(WOLFSSL_PORT); +#elif defined(ARDUINO_SAM_DUE) + #include + /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield. + /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */ + #include + EthernetClient client; + EthernetClient server(WOLFSSL_PORT); +#elif defined(ARDUINO_AVR_ETHERNET) || defined(ARDUINO_AVR_LEONARDO_ETH) + /* Boards such as arduino:avr:ethernet and arduino:avr:leonardoeth */ + #include + EthernetClient client; + + EthernetClient server(WOLFSSL_PORT); +#elif defined(ARDUINO_SAMD_NANO_33_IOT) + #define USING_WIFI + #include + #include /* Needs Arduino WiFiNINA library installed manually */ + WiFiClient client; + WiFiServer server(WOLFSSL_PORT); +#elif defined(ARDUINO_ARCH_RP2040) + #define USING_WIFI + #include + #include + WiFiClient client; + WiFiServer server(WOLFSSL_PORT); +#elif defined(ARDUINO_SAMD_TIAN) + #include + #include + HttpClient client; + /* Arduino Tian does not support network shields like the standard Ethernet or Wi-Fi shields. */ + #error "HttpClient cannot be used for this example" +#elif defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include + + /* ----No - network placeholders(compile - only) ---- */ + #include + struct X8NoNetClient { + int write(const uint8_t*, size_t) { return -1; } + int available() { return 0; } + int read() { return -1; } + void stop() {} + bool connected() { return false; } + IPAddress remoteIP() { return IPAddress(0, 0, 0, 0); } + }; + struct X8NoNetServer { + explicit X8NoNetServer(uint16_t) {} + void begin() {} + X8NoNetClient available() { return X8NoNetClient(); } + }; + + X8NoNetClient client; + X8NoNetServer server(WOLFSSL_PORT); +#elif defined(USING_WIFI) + #define USING_WIFI + #include + #include + #ifdef USE_NTP_LIB + WiFiUDP ntpUDP; + #endif + WiFiClient client; + WiFiServer server(WOLFSSL_PORT); +/* TODO +#elif defined(OTHER_BOARD) +*/ +#else + /* assume all other boards using WiFi library. Edit as needed: */ + #include + #define USING_WIFI + WiFiClient client; + WiFiServer server(WOLFSSL_PORT); +#endif + +/* Only for syntax highlighters to show interesting options enabled: */ +#if defined(HAVE_SNI) \ + || defined(HAVE_MAX_FRAGMENT) \ + || defined(HAVE_TRUSTED_CA) \ + || defined(HAVE_TRUNCATED_HMAC) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ + || defined(HAVE_SUPPORTED_CURVES) \ + || defined(HAVE_ALPN) \ + || defined(HAVE_SESSION_TICKET) \ + || defined(HAVE_SECURE_RENEGOTIATION) \ + || defined(HAVE_SERVER_RENEGOTIATION_INFO) +#endif + +static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */ + +static WOLFSSL_CTX* ctx = NULL; +static WOLFSSL* ssl = NULL; +static char* wc_error_message = (char*)malloc(80 + 1); +static char errBuf[80]; + +#if defined(MEMORY_STRESS_TEST) + #define MEMORY_STRESS_ITERATIONS 100 + #define MEMORY_STRESS_BLOCK_SIZE 1024 + #define MEMORY_STRESS_INITIAL (4*1024) + static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */ + static int mem_ctr = 0; +#endif + +static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); +static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx); +static int reconnect = RECONNECT_ATTEMPTS; +#if 0 +/* optional showPeerEx, currently disabled */ +static int lng_index PROGMEM = 0; /* 0 = English */ +#endif +static int listenfd = INVALID_SOCKET; /* Initialize our socket */ + +#if defined(__arm__) + #include + extern char _end; + extern "C" char *sbrk(int i); + static char *ramstart=(char *)0x20070000; + static char *ramend=(char *)0x20088000; +#endif + +/*****************************************************************************/ +/* fail_wait - in case of unrecoverable error */ +/*****************************************************************************/ +int fail_wait(void) { + show_memory(); + + Serial.println(F("Failed. Halt.")); + while (1) { + delay(1000); + } + return 0; +} + +/*****************************************************************************/ +/* show_memory() to optionally view during debugging. */ +/*****************************************************************************/ +int show_memory(void) +{ +#if defined(__arm__) + struct mallinfo mi = mallinfo(); + + char *heapend=sbrk(0); + register char * stack_ptr asm("sp"); + #if defined(DEBUG_WOLFSSL_VERBOSE) + Serial.print(" arena="); + Serial.println(mi.arena); + Serial.print(" ordblks="); + Serial.println(mi.ordblks); + Serial.print(" uordblks="); + Serial.println(mi.uordblks); + Serial.print(" fordblks="); + Serial.println(mi.fordblks); + Serial.print(" keepcost="); + Serial.println(mi.keepcost); + #endif + + #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST) + Serial.print("Estimated free memory: "); + Serial.print(stack_ptr - heapend + mi.fordblks); + Serial.println(F(" bytes")); + #endif + + #if (0) + /* Experimental: not supported on all devices: */ + Serial.print("RAM Start %lx\n", (unsigned long)ramstart); + Serial.print("Data/Bss end %lx\n", (unsigned long)&_end); + Serial.print("Heap End %lx\n", (unsigned long)heapend); + Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr); + Serial.print("RAM End %lx\n", (unsigned long)ramend); + + Serial.print("Heap RAM Used: ",mi.uordblks); + Serial.print("Program RAM Used ",&_end - ramstart); + Serial.print("Stack RAM Used ",ramend - stack_ptr); + + Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks); + #endif +#else + Serial.println(F("show_memory() not implemented for this platform")); +#endif + return 0; +} + +/*****************************************************************************/ +/* Arduino setup_hardware() */ +/*****************************************************************************/ +int setup_hardware(void) { + int ret = 0; + +#if defined(ARDUINO_SAMD_NANO_33_IOT) + Serial.println(F("Detected known tested and working Arduino Nano 33 IoT")); +#elif defined(ARDUINO_ARCH_RP2040) + Serial.println(F("Detected known tested and working Arduino RP-2040")); +#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG) + /* need to manually turn on random number generator on Arduino Due, etc. */ + pmc_enable_periph_clk(ID_TRNG); + trng_enable(TRNG); + Serial.println(F("Enabled ARM TRNG")); +#endif + + show_memory(); + randomSeed(analogRead(0)); + return ret; +} + +/*****************************************************************************/ +/* Arduino setup_datetime() */ +/* The device needs to have a valid date within the valid range of certs. */ +/*****************************************************************************/ +int setup_datetime(void) { + int ret = 0; + int ntp_tries = 20; + + /* we need a date in the range of cert expiration */ +#ifdef USE_NTP_LIB + #if defined(ESP32) + NTPClient timeClient(ntpUDP, "pool.ntp.org"); + + timeClient.begin(); + timeClient.update(); + delay(1000); + while (!timeClient.isTimeSet() && (ntp_tries > 0)) { + timeClient.forceUpdate(); + Serial.println(F("Waiting for NTP update")); + delay(2000); + ntp_tries--; + } + if (ntp_tries <= 0) { + Serial.println(F("Warning: gave up waiting on NTP")); + } + Serial.println(timeClient.getFormattedTime()); + Serial.println(timeClient.getEpochTime()); + #endif +#endif + +#if defined(ESP32) + /* see esp32-hal-time.c */ + ntp_tries = 5; + /* Replace "pool.ntp.org" with your preferred NTP server */ + configTime(0, 0, "pool.ntp.org"); + + /* Wait for time to be set */ + while ((time(nullptr) <= 100000) && ntp_tries > 0) { + Serial.println(F("Waiting for time to be set...")); + delay(2000); + ntp_tries--; + } +#endif + + return ret; +} /* setup_datetime */ + +/*****************************************************************************/ +/* Arduino setup_network() */ +/*****************************************************************************/ +int setup_network(void) { + int ret = 0; + +#if defined(USING_WIFI) + int status = WL_IDLE_STATUS; + + /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */ + #if defined(ESP8266) || defined(ESP32) + WiFi.mode(WIFI_STA); + #else + String fv; + if (WiFi.status() == WL_NO_MODULE) { + Serial.println("Communication with WiFi module failed!"); + /* don't continue if no network */ + while (true) ; + } + + fv = WiFi.firmwareVersion(); + if (fv < WIFI_FIRMWARE_LATEST_VERSION) { + Serial.println("Please upgrade the firmware"); + } + #endif + + Serial.print(F("Connecting to WiFi ")); + Serial.print(ssid); + status = WiFi.begin(ssid, password); + while (status != WL_CONNECTED) { + delay(1000); + Serial.print(F(".")); + Serial.print(status); + status = WiFi.status(); + } + + Serial.println(F(" Connected!")); +#else + /* Newer Ethernet shields have a + * MAC address printed on a sticker on the shield */ + byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; + IPAddress ip(192, 168, 1, 42); + IPAddress myDns(192, 168, 1, 1); + Ethernet.init(10); /* Most Arduino shields */ + /* Ethernet.init(5); * MKR ETH Shield */ + /* Ethernet.init(0); * Teensy 2.0 */ + /* Ethernet.init(20); * Teensy++ 2.0 */ + /* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */ + /* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */ + Serial.println(F("Initialize Ethernet with DHCP:")); + if (Ethernet.begin(mac) == 0) { + Serial.println(F("Failed to configure Ethernet using DHCP")); + /* Check for Ethernet hardware present */ + if (Ethernet.hardwareStatus() == EthernetNoHardware) { + Serial.println(F("Ethernet shield was not found.")); + while (true) { + delay(1); /* do nothing */ + } + } + if (Ethernet.linkStatus() == LinkOFF) { + Serial.println(F("Ethernet cable is not connected.")); + } + /* try to configure using IP address instead of DHCP : */ + Ethernet.begin(mac, ip, myDns); + } + else { + Serial.print(F(" DHCP assigned IP ")); + Serial.println(Ethernet.localIP()); + } + /* We'll assume the Ethernet connection is ready to go. */ +#endif + + Serial.println(F("********************************************************")); + Serial.print(F(" wolfSSL Example Server IP = ")); +#if defined(USING_WIFI) + Serial.println(WiFi.localIP()); +#else + Serial.println(Ethernet.localIP()); +#endif + /* In server mode, there's no host definition. */ + /* See companion example: wolfssl_client.ino */ + Serial.println(F("********************************************************")); + Serial.println(F("Setup network complete.")); + + return ret; +} + +/*****************************************************************************/ +/* Arduino setup_wolfssl() */ +/*****************************************************************************/ +int setup_wolfssl(void) +{ + int ret = 0; + WOLFSSL_METHOD* method; + + /* Show a revision of wolfssl user_settings.h file in use when available: */ +#if defined(WOLFSSL_USER_SETTINGS_ID) + Serial.print(F("WOLFSSL_USER_SETTINGS_ID: ")); + Serial.println(F(WOLFSSL_USER_SETTINGS_ID)); +#else + Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found.")); +#endif + +#if defined(NO_WOLFSSL_SERVER) + Serial.println(F("wolfSSL server code disabled to save space.")); +#endif +#if defined(NO_WOLFSSL_CLIENT) + Serial.println(F("wolfSSL client code disabled to save space.")); +#endif + +#if defined(DEBUG_WOLFSSL) + Serial.println(F("wolfSSL Debugging is available! (DEBUG_WOLFSSL)")); + #if defined(DEBUG_WOLFSSL_MESSAGES_ON) + Serial.println(F("Enabling verbose messages wolfSSL_Debugging_ON")); + wolfSSL_Debugging_ON(); + #else + Serial.println(F("Enable verbose messages with wolfSSL_Debugging_ON")); + Serial.println(F("or define DEBUG_WOLFSSL_MESSAGES_ON")); + #endif +#else + Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)")); +#endif + + /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */ +#if defined(NO_SESSION_CACHE) + Serial.println(F("wolfSSL TLS NO_SESSION_CACHE")); +#elif defined(MICRO_SESSION_CACHEx) + Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE")); +#elif defined(SMALL_SESSION_CACHE) + Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE")); +#elif defined(MEDIUM_SESSION_CACHE) + Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE")); +#elif defined(BIG_SESSION_CACHE) + Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE")); +#elif defined(HUGE_SESSION_CACHE) + Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); +#elif defined(HUGE_SESSION_CACHE) + Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); +#else + Serial.println(F("WARNING: Unknown or no TLS session cache setting.")); + /* See wolfssl/src/ssl.c for amount of memory used. + * It is best on embedded devices to choose a TLS session cache size. */ +#endif + + /* Initialize wolfSSL before assigning ctx */ + ret = wolfSSL_Init(); + if (ret == WOLFSSL_SUCCESS) { + Serial.println("Successfully called wolfSSL_Init"); + } + else { + Serial.println("ERROR: wolfSSL_Init failed"); + } + + /* See companion server example with wolfSSLv23_server_method here. + * method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3. + * method = wolfTLSv1_2_client_method(); only TLS 1.2 + * method = wolfTLSv1_3_client_method(); only TLS 1.3 + * + * see Arduino\libraries\wolfssl\src\user_settings.h */ + + Serial.println("Here we go!"); + +#ifdef WOLFSSL_DTLS13 + Serial.println(F("Setting wolfDTLSv1_3_client_method")); + method = wolfDTLSv1_3_server_method(); +#else + Serial.println(F("Setting wolfDTLSv1_2_client_method")); + method = wolfDTLSv1_2_servert_method(); +#endif + ctx = wolfSSL_CTX_new(method); + if (ctx == NULL) { + fail_wait(); + } + + if (method == NULL) { + Serial.println(F("Unable to get wolfssl client method")); + fail_wait(); + } + + ctx = wolfSSL_CTX_new(method); + if (ctx == NULL) { + Serial.println(F("unable to get ctx")); + fail_wait(); + } + + return ret; +} + +/*****************************************************************************/ +/* Arduino setup_certificates() */ +/*****************************************************************************/ +int setup_certificates(void) +{ + int ret = 0; + +/* See user_settings.h that should have included wolfssl/certs_test.h */ + +Serial.println(F("Initializing certificates...")); +show_memory(); + + /* Load CA certificates */ + if (ret == WOLFSSL_SUCCESS) { + /* caCertLoc[] = "../certs/ca-cert.pem"; */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, + CTX_CA_CERT, + CTX_CA_CERT_SIZE, + CTX_SERVER_CERT_TYPE); + } + + /* If successful, Load server certificates */ + Serial.println("Initializing certificates..."); + ret = wolfSSL_CTX_use_certificate_buffer(ctx, + CTX_SERVER_CERT, + CTX_SERVER_CERT_SIZE, + CTX_CA_CERT_TYPE); + + if (ret == WOLFSSL_SUCCESS) { + Serial.print("Success: use certificate: "); + Serial.println(xstr(CTX_SERVER_CERT)); + } + else { + Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: "); + wc_ErrorString(ret, wc_error_message); + Serial.println(wc_error_message); + fail_wait(); + } + + /* Setup private server key */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + CTX_SERVER_KEY, + CTX_SERVER_KEY_SIZE, + CTX_SERVER_KEY_TYPE); + if (ret == WOLFSSL_SUCCESS) { + Serial.print("Success: use private key buffer: "); + Serial.println(xstr(CTX_SERVER_KEY)); + } + else { + Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "); + wc_ErrorString(ret, wc_error_message); + Serial.println(wc_error_message); + fail_wait(); + } + + /* Setup private server key */ + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, + CTX_SERVER_KEY, + CTX_SERVER_KEY_SIZE, + CTX_SERVER_KEY_TYPE); + + if (ret == WOLFSSL_SUCCESS) { + Serial.print("Success: use private key buffer: "); + Serial.println(xstr(CTX_SERVER_KEY)); + } + else { + Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "); + wc_ErrorString(ret, wc_error_message); + Serial.println(wc_error_message); + fail_wait(); + } + + return ret; +} /* Arduino setup */ + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino setup() */ +/*****************************************************************************/ +/*****************************************************************************/ +void setup(void) +{ + int i = 0; + Serial.begin(SERIAL_BAUD); + while (!Serial && (i < 10)) { + /* wait for serial port to connect. Needed for native USB port only */ + delay(1000); + i++; + } + + Serial.println(F("")); + Serial.println(F("")); + Serial.println(F("wolfSSL DTLS Server Example Startup.")); + + /* Optionally pre-allocate a large block of memory for testing */ +#if defined(MEMORY_STRESS_TEST) + Serial.println(F("WARNING: Memory Stress Test Active!")); + Serial.print(F("Allocating extra memory: ")); + Serial.print(MEMORY_STRESS_INITIAL); + Serial.println(F(" bytes...")); + memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL); + show_memory(); +#endif + + setup_hardware(); + + setup_network(); + + setup_datetime(); + + setup_wolfssl(); + + setup_certificates(); + +#if defined THIS_USER_SETTINGS_VERSION + Serial.print(F("This user_settings.h version:")) + Serial.println(THIS_USER_SETTINGS_VERSION) +#endif + + /* Start the server + * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/ + */ + + Serial.println(F("Completed Arduino setup()")); + + server.begin(); + Serial.println("Begin Server... (waiting for remote client to connect)"); + + /* See companion wolfssl_client.ino code */ + return; +} /* Arduino setup */ + +/*****************************************************************************/ +/* wolfSSL error_check() */ +/*****************************************************************************/ +int error_check(int this_ret, bool halt_on_error, + const __FlashStringHelper* message) { + int ret = 0; + if (this_ret == WOLFSSL_SUCCESS) { + Serial.print(F("Success: ")); + Serial.println(message); + } + else { + Serial.print(F("ERROR: return = ")); + Serial.print(this_ret); + Serial.print(F(": ")); + Serial.println(message); + Serial.println(wc_GetErrorString(this_ret)); + if (halt_on_error) { + fail_wait(); + } + } + show_memory(); + + return ret; +} /* error_check */ + +/*****************************************************************************/ +/* wolfSSL error_check_ssl */ +/* Parameters: */ +/* ssl is the current WOLFSSL object pointer */ +/* halt_on_error set to true to suspend operations for critical error */ +/* message is expected to be a memory-efficient F("") macro string */ +/*****************************************************************************/ +int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, + const __FlashStringHelper* message) { + int err = 0; + + if (ssl == NULL) { + Serial.println(F("ssl is Null; Unable to allocate SSL object?")); +#ifndef DEBUG_WOLFSSL + Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more.")); +#else + Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes.")); +#endif + Serial.print(F("ERROR: ")); + Serial.println(message); + show_memory(); + if (halt_on_error) { + fail_wait(); + } + } + else { + err = wolfSSL_get_error(ssl, this_ret); + if (err == WOLFSSL_SUCCESS) { + Serial.print(F("Success m: ")); + Serial.println(message); + } + else { + if (err < 0) { + wolfSSL_ERR_error_string(err, errBuf); + Serial.print(F("WOLFSSL Error: ")); + Serial.print(err); + Serial.print(F("; ")); + Serial.println(errBuf); + } + else { + Serial.println(F("Success: ssl object.")); + } + } + } + + return err; +} /* error_check_ssl */ + +static void sig_handler(const int sig); +static void free_resources(void); + +/*****************************************************************************/ +/*****************************************************************************/ +/* Arduino loop() */ +/*****************************************************************************/ +/*****************************************************************************/ +void loop() +{ + int exitVal = 1; + struct sockaddr_in servAddr; /* our server's address */ + struct sockaddr_in cliaddr; /* the client's address */ + int ret; + int err; + int recvLen = 0; /* length of message */ + socklen_t cliLen; + char buff[MAXLINE]; /* the incoming message */ + char ack[] = "I hear you fashizzle!\n"; + + /* Initialize wolfSSL before assigning ctx */ + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_Init error.\n"); + fail_wait(); + } + + /* No-op when debugging is not compiled in */ + wolfSSL_Debugging_ON(); + + + /* Create a UDP/IP socket */ + if ((listenfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0 ) { + perror("socket()"); + goto cleanup; + } + printf("Socket allocated\n"); + memset((char *)&servAddr, 0, sizeof(servAddr)); + /* host-to-network-long conversion (htonl) */ + /* host-to-network-short conversion (htons) */ + servAddr.sin_family = AF_INET; + servAddr.sin_addr.s_addr = htonl(INADDR_ANY); + servAddr.sin_port = htons(WOLFSSL_PORT); + + /* Bind Socket */ + if (bind(listenfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) < 0) { + perror("bind()"); + goto cleanup; + } + + // signal(SIGINT, sig_handler); + + while (1) { + printf("Awaiting client connection on port %d\n", WOLFSSL_PORT); + + cliLen = sizeof(cliaddr); + ret = (int)recvfrom(listenfd, (char *)&buff, sizeof(buff), MSG_PEEK, + (struct sockaddr*)&cliaddr, &cliLen); + + if (ret < 0) { + perror("recvfrom()"); + goto cleanup; + } + else if (ret == 0) { + fprintf(stderr, "recvfrom zero return\n"); + goto cleanup; + } + + /* Create the WOLFSSL Object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "wolfSSL_new error.\n"); + goto cleanup; + } + + if (wolfSSL_dtls_set_peer(ssl, &cliaddr, cliLen) != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_dtls_set_peer error.\n"); + goto cleanup; + } + + if (wolfSSL_set_fd(ssl, listenfd) != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_set_fd error.\n"); + break; + } + + if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_reason_error_string(err)); + fprintf(stderr, "SSL_accept failed.\n"); + goto cleanup; + } + + while (1) { + if ((recvLen = wolfSSL_read(ssl, buff, sizeof(buff)-1)) > 0) { + printf("heard %d bytes\n", recvLen); + + buff[recvLen] = '\0'; + printf("I heard this: \"%s\"\n", buff); + } + else if (recvLen <= 0) { + err = wolfSSL_get_error(ssl, 0); + if (err == WOLFSSL_ERROR_ZERO_RETURN) /* Received shutdown */ + break; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_reason_error_string(err)); + fprintf(stderr, "SSL_read failed.\n"); + goto cleanup; + } + printf("Sending reply.\n"); + if (wolfSSL_write(ssl, ack, sizeof(ack)) < 0) { + err = wolfSSL_get_error(ssl, 0); + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_reason_error_string(err)); + fprintf(stderr, "wolfSSL_write failed.\n"); + goto cleanup; + } + } + + printf("reply sent \"%s\"\n", ack); + + /* Attempt a full shutdown */ + ret = wolfSSL_shutdown(ssl); + if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) + ret = wolfSSL_shutdown(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + fprintf(stderr, "err = %d, %s\n", err, + wolfSSL_ERR_reason_error_string(err)); + fprintf(stderr, "wolfSSL_shutdown failed\n"); + } + wolfSSL_free(ssl); + ssl = NULL; + + printf("Awaiting new connection\n"); + } + + exitVal = 0; +cleanup: + free_resources(); + wolfSSL_Cleanup(); + + Serial.println(F("Done!")); + while (1) { + delay(1000); + } +} + + +static void sig_handler(const int sig) +{ + (void)sig; + free_resources(); + wolfSSL_Cleanup(); +} + +static void free_resources(void) +{ + if (ssl != NULL) { + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + ssl = NULL; + } + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + if (listenfd != INVALID_SOCKET) { + close(listenfd); + listenfd = INVALID_SOCKET; + } +} + diff --git a/examples/wolfssl_version/wolfssl_version.ino b/examples/wolfssl_version/wolfssl_version.ino index 12be948..ac34124 100644 --- a/examples/wolfssl_version/wolfssl_version.ino +++ b/examples/wolfssl_version/wolfssl_version.ino @@ -6,7 +6,7 @@ * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, @@ -21,6 +21,13 @@ #include +#if defined(ARDUINO_PORTENTA_X8) + /* The Portenta is a Linux device. See wolfSSL examples: + * https://github.com/wolfSSL/wolfssl/tree/master/examples + * By default Serial is disabled and mapped to ErrorSerial */ + #include +#endif + /* wolfSSL user_settings.h must be included from settings.h * Make all configurations changes in user_settings.h * Do not edit wolfSSL `settings.h` or `config.h` files. diff --git a/library.properties b/library.properties index bb59f54..05d11ef 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=wolfssl -version=5.8.2 +version=5.8.4 author=wolfSSL Inc. maintainer=wolfSSL inc sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. diff --git a/src/src/bio.c b/src/src/bio.c index ce74983..8321dab 100644 --- a/src/src/bio.c +++ b/src/src/bio.c @@ -1404,7 +1404,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) } #endif -WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) +long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg) { (void) bp; (void) cmd; @@ -2440,9 +2440,21 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) { WOLFSSL_BIO *bio; WOLFSSL_ENTER("wolfSSL_BIO_new_accept"); + + if (port == NULL) { + return NULL; + } + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); if (bio) { - bio->port = (word16)XATOI(port); + const char* portStr = port; +#ifdef WOLFSSL_IPV6 + const char* ipv6End = XSTRSTR(port, "]"); + if (ipv6End) { + portStr = XSTRSTR(ipv6End, ":"); + } +#endif + bio->port = (word16)XATOI(portStr); bio->type = WOLFSSL_BIO_SOCKET; } return bio; @@ -3327,7 +3339,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) /* In Visual Studio versions prior to Visual Studio 2013, the va_* symbols aren't defined. If using Visual Studio 2013 or later, define HAVE_VA_COPY. */ - #if !defined(_WIN32) || defined(HAVE_VA_COPY) + #if defined(XVSNPRINTF) && (!defined(_WIN32) || defined(HAVE_VA_COPY)) case WOLFSSL_BIO_SSL: { int count; @@ -3358,7 +3370,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) va_end(copy); } break; - #endif /* !_WIN32 || HAVE_VA_COPY */ + #endif /* XVSNPRINTF && (!_WIN32 || HAVE_VA_COPY) */ default: WOLFSSL_MSG("Unsupported WOLFSSL_BIO type for wolfSSL_BIO_printf"); diff --git a/src/src/crl.c b/src/src/crl.c index 4e4700f..9056bd1 100644 --- a/src/src/crl.c +++ b/src/src/crl.c @@ -39,8 +39,9 @@ CRL Options: #include #include +#include -#ifndef WOLFSSL_LINUXKM +#ifndef NO_STRING_H #include #endif @@ -209,20 +210,23 @@ static CRL_Entry* CRL_Entry_new(void* heap) /* Free all CRL Entry resources */ static void CRL_Entry_free(CRL_Entry* crle, void* heap) { -#ifdef CRL_STATIC_REVOKED_LIST - if (crle != NULL) { - XMEMSET(crle->certs, 0, CRL_MAX_REVOKED_CERTS*sizeof(RevokedCert)); + WOLFSSL_ENTER("CRL_Entry_free"); + if (crle == NULL) { + WOLFSSL_MSG("CRL Entry is null"); + return; } +#ifdef CRL_STATIC_REVOKED_LIST + XMEMSET(crle->certs, 0, CRL_MAX_REVOKED_CERTS*sizeof(RevokedCert)); #else - RevokedCert* tmp = crle->certs; - RevokedCert* next; + { + RevokedCert* tmp; + RevokedCert* next; - WOLFSSL_ENTER("FreeCRL_Entry"); + for (tmp = crle->certs; tmp != NULL; tmp = next) { + next = tmp->next; + XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); + } - while (tmp != NULL) { - next = tmp->next; - XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); - tmp = next; } #endif XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); @@ -753,11 +757,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, int ret = WOLFSSL_SUCCESS; const byte* myBuffer = buff; /* if DER ok, otherwise switch */ DerBuffer* der = NULL; -#ifdef WOLFSSL_SMALL_STACK - DecodedCRL* dcrl; -#else - DecodedCRL dcrl[1]; -#endif + WC_DECLARE_VAR(dcrl, DecodedCRL, 1, 0); WOLFSSL_ENTER("BufferLoadCRL"); @@ -791,10 +791,8 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, crl->currentEntry = CRL_Entry_new(crl->heap); if (crl->currentEntry == NULL) { - WOLFSSL_MSG("alloc CRL Entry failed"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif + WOLFSSL_MSG_CERT_LOG("alloc CRL Entry failed"); + WC_FREE_VAR_EX(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); FreeDer(&der); return MEMORY_E; } @@ -802,9 +800,11 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, InitDecodedCRL(dcrl, crl->heap); ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz, verify, crl->cm); + if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E) && verify == NO_VERIFY)) { - WOLFSSL_MSG("ParseCRL error"); + WOLFSSL_MSG_CERT_LOG("ParseCRL error"); + WOLFSSL_MSG_CERT_EX("ParseCRL verify = %d, ret = %d", verify, ret); CRL_Entry_free(crl->currentEntry, crl->heap); crl->currentEntry = NULL; } @@ -812,16 +812,14 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, ret = AddCRL(crl, dcrl, myBuffer, ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); if (ret != 0) { - WOLFSSL_MSG("AddCRL error"); + WOLFSSL_MSG_CERT_LOG("AddCRL error"); crl->currentEntry = NULL; } } FreeDecodedCRL(dcrl); -#ifdef WOLFSSL_SMALL_STACK - XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); FreeDer(&der); @@ -837,11 +835,7 @@ int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, const byte* myBuffer = buff; /* if DER ok, otherwise switch */ DerBuffer* der = NULL; CRL_Entry* crle = NULL; -#ifdef WOLFSSL_SMALL_STACK - DecodedCRL* dcrl; -#else - DecodedCRL dcrl[1]; -#endif + WC_DECLARE_VAR(dcrl, DecodedCRL, 1, 0); WOLFSSL_ENTER("GetCRLInfo"); @@ -877,9 +871,7 @@ int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, crle = CRL_Entry_new(crl->heap); if (crle == NULL) { WOLFSSL_MSG("alloc CRL Entry failed"); - #ifdef WOLFSSL_SMALL_STACK - XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif + WC_FREE_VAR_EX(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); FreeDer(&der); return MEMORY_E; } @@ -898,9 +890,7 @@ int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, FreeDecodedCRL(dcrl); -#ifdef WOLFSSL_SMALL_STACK - XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER); FreeDer(&der); CRL_Entry_free(crle, crl->heap); @@ -1248,23 +1238,14 @@ static int SwapLists(WOLFSSL_CRL* crl) { int ret; CRL_Entry* newList; -#ifdef WOLFSSL_SMALL_STACK - WOLFSSL_CRL* tmp; -#else - WOLFSSL_CRL tmp[1]; -#endif + WC_DECLARE_VAR(tmp, WOLFSSL_CRL, 1, 0); -#ifdef WOLFSSL_SMALL_STACK - tmp = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) - return MEMORY_E; -#endif + WC_ALLOC_VAR_EX(tmp, WOLFSSL_CRL, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); if (InitCRL(tmp, crl->cm) < 0) { WOLFSSL_MSG("Init tmp CRL failed"); -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FATAL_ERROR; } @@ -1273,9 +1254,7 @@ static int SwapLists(WOLFSSL_CRL* crl) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("PEM LoadCRL on dir change failed"); FreeCRL(tmp, 0); -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FATAL_ERROR; } } @@ -1285,9 +1264,7 @@ static int SwapLists(WOLFSSL_CRL* crl) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("DER LoadCRL on dir change failed"); FreeCRL(tmp, 0); -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FATAL_ERROR; } } @@ -1295,9 +1272,7 @@ static int SwapLists(WOLFSSL_CRL* crl) if (wc_LockRwLock_Wr(&crl->crlLock) != 0) { WOLFSSL_MSG("wc_LockRwLock_Wr failed"); FreeCRL(tmp, 0); -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FATAL_ERROR; } @@ -1311,9 +1286,7 @@ static int SwapLists(WOLFSSL_CRL* crl) FreeCRL(tmp, 0); -#ifdef WOLFSSL_SMALL_STACK - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); return 0; } @@ -1499,11 +1472,7 @@ static THREAD_RETURN WOLFSSL_THREAD DoMonitor(void* arg) int notifyFd; int wd = -1; WOLFSSL_CRL* crl = (WOLFSSL_CRL*)arg; -#ifdef WOLFSSL_SMALL_STACK - char* buff; -#else - char buff[8192]; -#endif + WC_DECLARE_VAR(buff, char, 8192, 0); WOLFSSL_ENTER("DoMonitor"); @@ -1608,9 +1577,7 @@ static THREAD_RETURN WOLFSSL_THREAD DoMonitor(void* arg) } } -#ifdef WOLFSSL_SMALL_STACK - XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (wd > 0) { if (inotify_rm_watch(notifyFd, wd) < 0) @@ -1636,7 +1603,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) #ifdef DEBUG_WOLFSSL #define SHOW_WINDOWS_ERROR() do { \ - LPVOID lpMsgBuf; \ + LPVOID lpMsgBuf = NULL; \ DWORD dw = GetLastError(); \ FormatMessageA( \ FORMAT_MESSAGE_ALLOCATE_BUFFER | \ @@ -1820,22 +1787,14 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) { int ret = WOLFSSL_SUCCESS; char* name = NULL; -#ifdef WOLFSSL_SMALL_STACK - ReadDirCtx* readCtx = NULL; -#else - ReadDirCtx readCtx[1]; -#endif + WC_DECLARE_VAR(readCtx, ReadDirCtx, 1, 0); WOLFSSL_ENTER("LoadCRL"); if (crl == NULL) return BAD_FUNC_ARG; -#ifdef WOLFSSL_SMALL_STACK - readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), crl->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (readCtx == NULL) - return MEMORY_E; -#endif + WC_ALLOC_VAR_EX(readCtx, ReadDirCtx, 1, crl->heap, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); /* try to load each regular file in path */ ret = wc_ReadDirFirst(readCtx, path, &name); @@ -1867,9 +1826,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("CRL file load failed"); wc_ReadDirClose(readCtx); - #ifdef WOLFSSL_SMALL_STACK - XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif + WC_FREE_VAR_EX(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } } @@ -1882,9 +1839,7 @@ int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor) /* load failures not reported, for backwards compat */ ret = WOLFSSL_SUCCESS; -#ifdef WOLFSSL_SMALL_STACK - XFREE(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif + WC_FREE_VAR_EX(readCtx, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (monitor & WOLFSSL_CRL_MONITOR) { #ifdef HAVE_CRL_MONITOR diff --git a/src/src/dtls.c b/src/src/dtls.c index d25f66b..dff1ffa 100644 --- a/src/src/dtls.c +++ b/src/src/dtls.c @@ -732,8 +732,13 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) /* Ask the user for the ciphersuite matching this identity */ if (TLSX_PreSharedKey_Parse_ClientHello(&parsedExts, - tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) + tlsx.elements, (word16)tlsx.size, ssl->heap) == 0) { + /* suites only needs to be refined when searching for a PSK. + * MatchSuite_ex handles refining internally. */ + refineSuites(WOLFSSL_SUITES(ssl), &suites, &suites, + ssl->options.useClientOrder); FindPskSuiteFromExt(ssl, parsedExts, &pskInfo, &suites); + } /* Revert to full handshake if PSK parsing failed */ if (pskInfo.isValid) { @@ -753,8 +758,9 @@ static int SendStatelessReplyDtls13(const WOLFSSL* ssl, WolfSSL_CH* ch) ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); doKE = 1; } - else if ((modes & (1 << PSK_KE)) == 0) { - ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); + else if ((modes & (1 << PSK_KE)) == 0 || + ssl->options.onlyPskDheKe) { + ERROR_OUT(PSK_KEY_ERROR, dtls13_cleanup); } usePSK = 1; } diff --git a/src/src/dtls13.c b/src/src/dtls13.c index c4e2b61..9c729fa 100644 --- a/src/src/dtls13.c +++ b/src/src/dtls13.c @@ -255,7 +255,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask, return BAD_STATE_E; #if !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \ - || defined(WOLFSSL_LINUXKM)) + || defined(WOLFSSL_KERNEL_MODE)) return wc_AesEncryptDirect(c->aes, mask, ciphertext); #else wc_AesEncryptDirect(c->aes, mask, ciphertext); @@ -1898,11 +1898,11 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, ret = DoTls13HandShakeMsgType(ssl, input, &idx, handshakeType, messageLength, size); + *processedSize = idx; if (ret != 0) return ret; Dtls13MsgWasProcessed(ssl, (enum HandShakeType)handshakeType); - *processedSize = idx; /* check if we have buffered some message */ if (Dtls13NextMessageComplete(ssl)) diff --git a/src/src/internal.c b/src/src/internal.c index c74bcf3..30c27fb 100644 --- a/src/src/internal.c +++ b/src/src/internal.c @@ -293,12 +293,32 @@ int wolfssl_priv_der_blind(WC_RNG* rng, DerBuffer* key, DerBuffer** mask) return ret; } -void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) +void wolfssl_priv_der_blind_toggle(DerBuffer* key, const DerBuffer* mask) { - if (key != NULL) { + if ((key != NULL) && (mask != NULL)) { xorbuf(key->buffer, mask->buffer, mask->length); } } + +DerBuffer *wolfssl_priv_der_unblind(const DerBuffer* key, const DerBuffer* mask) +{ + DerBuffer *ret; + if ((key == NULL) || (mask == NULL)) + return NULL; + if (mask->length > key->length) + return NULL; + if (AllocDer(&ret, key->length, key->type, key->heap) != 0) + return NULL; + xorbufout(ret->buffer, key->buffer, mask->buffer, mask->length); + return ret; +} + +void wolfssl_priv_der_unblind_free(DerBuffer* key) +{ + if (key != NULL) + FreeDer(&key); +} + #endif /* !NO_CERT && WOLFSSL_BLIND_PRIVATE_KEY */ @@ -315,69 +335,47 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) const unsigned char* secret, int secretSz, void* ctx); #endif - - /* Label string for client random. */ - #define SSC_CR "CLIENT_RANDOM" - /* * This function builds up string for key-logging then call user's - * key-log-callback to pass the string for TLS1.2 and older. + * key-log-callback to pass the string. * The user's key-logging callback has been set via * wolfSSL_CTX_set_keylog_callback function. The logging string format is: - * "CLIENT_RANDOM " + * "